Merged - PDF Auditing and Investigation

LEGAL AND PROFESSIONAL FRAMEWORK
XXXXXXX 1
UNIT Unit X, section X: XXXXXXX
Dear Student, you are warmly welcome to this module, ACC 411 Auditing
and Investigation. For most of you, this Unit may seem a revision of
previously-acquired knowledge in Auditing and Assurance Services.
However, it is absolutely essential that you acquaint yourself with the
material in this Unit as it forms the basis of most of the advanced topics we
will be covering in this course.
This Unit, like all the subsequent Units, has six sections.
Section 1 Regulatory Institutions of Audit Practice in Ghana
Section 2 Public Sector Auditing framework
Section 3 International Standards on Auditing
Section 4 Ethical Requirements for Auditors
Section 5 Auditor’s Civil and Criminal Liability
Section 6 Quality Control for Professional Auditing Firms
By the end of this unit, you should be able to:

 understand the structure of IFAC, its functions, What bodies such as
IAASB, IPSASB and IAESB do and How ICAG regulate the
accountancy profession in Ghana
 understand how Parliament, Ghana Audit Service and Internal Audit
Agency regulate and impact audit practice in Ghana.
 understand and outline the overarching International Standards on
Auditing.
 describe professional ethical requirements for auditors with reference to
Professional Appointment, Conflicts of interest, Second Opinions, Fees
and Other Types of Remuneration, Marketing Professional Services ,
Gifts and Hospitality , Custody of Client Assets and Objectivity.
 expose students to the types of an auditor’s liability, the criminal
offenses and some remedies available to companies that have suffered
damage as a result of the auditor’s negligent misrepresentations.
 understand the International Standards on Quality Control and the
elements of a system of Quality Control
We hope you will enjoy the journey through this Unit with us.
12 UEW/IEDE
AUDITING AND
This page is left blank for your notes INVESTIGATION
UEW/IEDE 13
REGULATORY INSTITUTIONS OF AUDIT PRACTICE IN
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
1
Unit 1, section
GHANA 1: Regulatory institutions of audit practice in Ghana
This section will introduce students to the regulatory bodies and authorities
of the audit practise. Institutions such as International Federation of
Accountants [IFAC], The Institute of Chartered Accountants –Ghana, The
Ghana Audit Service and The Internal Audit Agency help to regulate audit
practice and it is important every student gets the structures right from the
start.
At the end of this session, you should be able to understand

 the structure of IFAC, its functions
 what bodies such as IAASB, IPSASB and IAESB do and
 how ICAG regulate the accountancy profession in Ghana
International Federation of Accountants [IFAC]

The Organization
The International Federation of Accountants (IFAC) is the worldwide
organization for the accountancy profession. Founded in 1977, its mission is
to serve the public interest by continuing to strengthen the worldwide
accountancy profession and contribute to the development of strong
international economies by establishing and promoting adherence to high-
quality professional standards, furthering the international convergence of
such standards and speaking out on public interest issues where the
profession’s expertise is most relevant.
IFAC’s governing body, staff and volunteers are committed to the values of
integrity, transparency and expertise. IFAC also seeks to reinforce auditors’
adherence to these values, which are reflected in the IFAC Code of Ethics
for Auditors.
Primary Activities
Serving the Public Interest
IFAC provides leadership to the worldwide accountancy profession in
serving the public interest by:
 Developing, promoting and maintaining global professional standards
and a Code of Ethics for Auditors of a consistently high-quality;
 Actively encouraging convergence of professional standards,
particularly, auditing, assurance, ethics, education, and public and
private sector financial reporting standards;
 Seeking continuous improvements in the quality of auditing and
financial management;
 Promoting the values of the accountancy profession to ensure that it
continually attracts high calibre entrants;
 Promoting compliance with membership obligations; and
 Assisting developing and emerging economies, in cooperation with
regional accounting bodies and others, in establishing and maintaining a
14 UEW/IEDE
AUDITING AND
Unit 1, section 1: Regulatory institutions of audit practice in Ghana INVESTIGATION
profession committed to quality performance and in serving the public

interest.
Contributing to the Efficiency of the Global Economy

IFAC contributes to the efficient functioning of the international economy
by:
 Improving confidence in the quality and reliability of financial
reporting;
 Encouraging the provision of high-quality performance information
(financial and non-financial) within organizations;
 Promoting the provision of high-quality services by all members of the
worldwide accountancy profession; and
 Promoting the importance of adherence to the Code of Ethics for
Auditors by all members of the accountancy profession, including
members in industry, commerce, the public sector, the not-for-profit
sector, academia, and public practice.
Providing Leadership and Spokesmanship

IFAC is the primary spokesperson for the international accountancy
profession and speaks out on a wide range of public policy issues, especially
those where the profession’s expertise is most relevant, as well as on
regulatory issues related to auditing and financial reporting. This is
accomplished, in part, through outreach to numerous organizations that rely
on or have an interest in the activities of the international accountancy
profession.
Membership
IFAC is comprised of about 160 members and associates in over 120
countries worldwide representing more than 2.5 million accountants in
public practice, industry and commerce, the public sector, and education.
IFAC’s strengths derive not only from its international representation, but
also from the support and involvement of its individual member bodies,
dedicated to promoting integrity, transparency, and expertise in the
accountancy profession, as well as from the support of regional accountancy
bodies.
Standard-Setting Initiatives
IFAC has long recognized the need for a globally harmonized framework to
meet the increasingly international demands that are placed on the
accountancy profession, whether from the business, public sector or
education communities. Major components of this framework are the Code
of Ethics for Auditors, International Standards on Auditing (ISAs),
International Education Standards, and International Public Sector
Accounting Standards (IPSASs).
UEW/IEDE 15
AUDITING AND
INVESTIGATION Unit 1, section 1: Regulatory institutions of audit practice in Ghana
IFAC’s standard-setting boards follow a due process and actively support

convergence to ISAs and other standards. It supports the development of
high-quality standards in the public interest in a transparent, efficient, and
effective manner. These standard-setting boards all have Consultative
Advisory Groups, which provide public interest perspectives, and include
public members.
 Auditing and Assurance Services - The International Auditing and
Assurance Standards Board (IAASB) develops ISAs and International
Standards on Review Engagements. The IAASB also develops related
practice statements. These standards and statements serve as the
benchmark for high-quality auditing and assurance standards and
statements worldwide. In addition, the IAASB develops quality control
standards for firms and engagement teams in the practice areas of audit,
assurance and related services.
 Ethics -The Code of Ethics for Auditors, developed by IFAC’s
International Ethics Standards Board for Accountants (IESBA),
establishes ethical requirements for auditors and provides a conceptual
framework for all auditors to ensure compliance with the five
fundamental principles of professional ethics. These principles are
integrity, objectivity, professional competence and due care,
confidentiality, and professional behaviour.
Under the framework, all auditors are required to identify threats to

these fundamental principles and, if there are threats, apply safeguards to
ensure that the principles are not compromised. A member body of
IFAC or firm conducting an audit using ISAs may not apply less
stringent standards than those stated in the Code.
 Public Sector Accounting - IFAC’s International Public Sector

Accounting Standards Board (IPSASB) focuses on the development of
high-quality financial reporting standards for use by public sector
entities around the world. It has developed a comprehensive body of
IPSASs setting out the requirements for financial reporting by
governments and other public sector organizations, apart from
government business entities (GBEs). The IPSASs represent
international best practice in financial reporting for public sector entities.
In many jurisdictions, the application of the requirements of IPSASs will
enhance the accountability and transparency of the financial reports
prepared by governments and their agencies.
 Education - Working to advance accounting education programs
worldwide, IFAC’s International Accounting Education Standards
Board (IAESB) develops International Education Standards, setting the
benchmarks for the education of members of the accountancy
profession. All member bodies are required to comply with those
standards, which address the education process leading to qualification
as an auditor as well as the ongoing continuing professional
development of members of the profession. The IAESB also develops
16 UEW/IEDE
AUDITING AND
International Education Practice Statements and other guidance to assist

member bodies and accounting educators implement and achieve best
practice in accounting education.
 Small and Medium-Sized Practices - IFAC is also focused on providing

support for another growing constituency i.e. small and medium-sized
practices (SMPs). IFAC’s SMP Committee develops guidance on key
topics for SMPs and small- and medium-sized entities (SMEs). This
Committee also investigates ways in which IFAC, together with its
member bodies, can respond to the needs of accountants operating in
small and medium enterprises and practices and holds annual forums on
SMP/SME issues.
 Developing Nations - IFAC’s Developing Nations Committee supports

the development of the accountancy profession in all regions of the
world by representing and addressing the interests of developing nations
and by providing guidance to strengthen the accountancy profession
worldwide. The committee also seeks resources and development
assistance from the donor community on their behalf. In addition, the
committee holds annual forums on addressing the needs of developing
nations.
 IFAC Member Body Compliance Program - As part of the Member

Body Compliance Program, IFAC members and associates (mostly
national professional institutes) are required to demonstrate how they
have used best endeavours, subject to national laws and regulations, to
implement the standards issued by IFAC and the International
Accounting Standards Board. The program seeks to determine how
members and associates have met their obligations with respect to
quality assurance and investigation and disciplinary programs as set out
in IFAC’s Statements of Membership Obligations (SMOs). The SMOs
serve as the foundation of the Compliance Program and provide clear
benchmarks to current and potential member bodies to assist them in
ensuring high-quality performance by auditors.
IFAC Structure and Operations

Governance of IFAC rests with its Board and Council. The IFAC Council
comprises one representative from each member. The Board is a smaller
group responsible for policy setting. As representatives of the worldwide
accountancy profession, Board members take an oath of office to act with
integrity and in the public interest. The IFAC Nominating Committee makes
recommendations on the composition of IFAC boards and committees, the
IFAC Board, and candidates for the office of IFAC Deputy President. The
committee is guided in its work by the principle of choosing the best person
for the position. It also seeks to balance regional and professional
representation on the boards and committees as well as representation from
UEW/IEDE 17
AUDITING AND
countries with different levels of economic development. IFAC is

headquartered in New York City and is staffed by accounting and other
professionals from around the world.
The Institute of Chartered Accountants, Ghana (ICAG)

The Institute
The Institute of Chartered Accountants - Ghana was established by an Act
of Parliament, The Chartered Accountants Act, 1963 (Act 170). It is a body
corporate having perpetual succession and may sue and be sued in its
corporate name. It is the sole body charged with the regulation of the
accountancy profession in Ghana. Its members are the only persons
recognized under the Companies Code (Act 179) 1963, for the purpose of
audit of company accounts. Its mission is to produce professional
accountants of the highest quality, ready to provide cutting edge services to
their clients at all times and upholding the ethical values of the accountancy
profession.
Council of the Institute

The governing body of the Institute is the Council which consists of eleven
members all of whom are members of the Institute. Four Members of the
Council are appointed by the Minister responsible for higher education and
seven members, of whom not more than four are accountants in active
practice, are elected by members of the Institute at a general meeting. The
Council elects a President and Vice-President from among its members.
The duties of the Council of the Institute specified by Act 170 include the
following:
 To conduct or provide for the conduct of the qualifying examinations for
membership of the Institute or for registration as registered accountant
under the Act and to prescribe or approve courses of study for such
examinations;
 To supervise and regulate the engagement, training and transfer of
articled clerks;
 To specify the class of persons who shall have the right to train articled
clerks and to specify the circumstances in which any person of that class
may be deprived of that right.
 To maintain and publish a register of chartered accountants and of
practising accountants;
 To secure the maintenance of professional standards among persons who
are members of the Institute and to take steps as may be necessary to
acquaint such persons with methods and practices necessary to maintain
such standards;
 To maintain a library of books and periodicals relating to accountancy
and to encourage the publication of such books; and
 To encourage research in the subject of accountancy and generally
secure the well being and advancement of the profession of accountants.
18 UEW/IEDE
AUDITING AND
The Institute has several working committees just like the IFAC which
include:
 Education and Training
 Admissions
 Examination
 Professional Standards & Ethics
 Technical & Research
 Publication and Public Relations
 National Advisory Council
 Member Services
Qualification, Disqualification, Striking Off and Suspension of

Membership
Qualification of an Auditor
In reference to the authority of the Companies Act, 1963 (Act 179), no
person shall be appointed as auditor of a company unless, such appointment
have been consented to in writing and the person is duly qualified in
accordance with the provisions of section 270 of the Company Act for
auditors of a private company and section 296 of the same Act auditors of a
public company.
Section 270 provides for the qualification of Auditors of private companies
and indicates that a person shall not be qualified for appointment as auditor
of a private company unless:
(a) he is, under the Chartered Accountants Act, 1963 (Act 170), a member
of the Institute of Chartered Accountants, or
(b) he is a practising accountant within the meaning of the said Act, and is
not disqualified under subsection (3) of this section.
Similarly, Section 296 which provides for the qualification of Auditors of a
public company specifies that a person shall not be qualified for
appointment as auditor of a public company notwithstanding that he may
have been appointed auditor thereof while it was a private company, unless
he is, under the Chartered Accountants Act, 1963 (Act 170) a member of the
Institute of Chartered Accountants; and is not disqualified...
A practising accountant per section 13 of Act 170 explains that every person
who is registered as an accountant upon payment of the prescribed fees with
the Institute of Chartered Accountants, Ghana (ICAG) shall be known as a
practising accountant.
In sum, to qualify as an auditor for a company, one should be at least
twenty-one years, a member in good standing of the Institute with not less
than four years working experience in a recognised auditing firm, two years
of which relate to post-qualification.
UEW/IEDE 19
AUDITING AND
Disqualification of an Auditor
The Companies Act outlines the following criteria under sections 270 and
296 for disqualifying an auditor of a company:
 An officer of the company or of any associated company;
 A person who is a partner of or in the employment of an officer of the
company or of any associated company;
 An infant;
 Any person found by a competent court to be a person of unsound mind;
 A body corporate, except that members of an incorporated partnership
may be appointed in the manner provided by subsection (2) of section
134 of this Code;
 Any one in respect of whom an order shall have been made under
section 186 of this Code so long as such order remains in force unless
leave to act as auditor of the company concerned has been given by the
Court in accordance with that section;
 An undischarged bankrupt, unless he shall have been granted leave to
act as auditor of the company concerned by the court by which he was
adjudged bankrupt;
 A person who is for the time being disqualified from acting as auditor of
a company by order of the Registrar.
The Council of the ICAG disqualifies any person adjudged by a court of

competent jurisdiction to be of unsound mind or convicted by a court of
competent jurisdiction whether in Ghana or elsewhere of any offence
involving fraud or dishonesty.
If, having been adjudged an insolvent or bankrupt, he has not been granted
by a court of competent jurisdiction a certificate to the effect that his
insolvency or bankruptcy has arisen wholly or partly from unavoidable
losses or misfortunes, the Institute will not by its own volition re-admit that
individual as a member.
Striking off and Cancellation of Registration

 The Council of ICAG may strike off from the register of the Institute the
name of a member (chartered accountant), if it is satisfied that person is
unfit to practise the profession of an accountant by reason that he/she
has been guilty of professional misconduct or has become subject to any
disqualification.
 Where the Council has reasonable cause to believe, whether upon
compliant made to it or otherwise, that any person who is a chartered
accountant or a practising accountant has been guilty of professional
misconduct, the Council may appoint a disciplinary committee for the
purpose of holding an inquiry into the conduct of that person. This is in
line with the practise of natural justice principles. The name of any
person shall not be struck off the register of the Institute nor shall a
registration be cancelled unless a disciplinary committee has, after due
20 UEW/IEDE
AUDITING AND
inquiry, made a report to the Council that the person concerned has been
guilty of professional misconduct.
 The Council may, in lieu of exercising its powers, suspend the person
concerned from membership of the Institute or withhold his registration,
for such period as the Council may deem fit.
 The Council may also strike off the register of the Institute the name of a
chartered accountant or cancel the registration of a practising accountant
if the prescribed fees remain unpaid for a period exceeding four months.
 A person whose name has been struck off the register of the Institute or
whose registration has been cancelled may have his name or registration
restored if the Council is satisfied that he has become subsequently a fit
and proper person to practise the profession of an accountant.
 Any person aggrieved by a decision of the Council may appeal against
that decision to the High Court. Every appeal against a decision shall be
made by petition in writing, lodged within three months after the date of
that decision; and be heard and decided by a Judge of the High court
after such summary inquiry as that Judge may deem requisite.
Restrictions
Under the Chartered Accountants Act, 1963 (Act 170),
 No person who is not a chartered accountant or is not a practising
accountant is permitted to carry on practice as an auditor of financial
statements.
 No person who is a chartered accountant or is a practising accountant is
permitted to practise as an accountant unless he/she is the holder of a
certificate to practise which is for the time being in force. Every
certificate to practise is issued by the Council, renewable annually and
upon payment of the prescribed annual subscription. Every certificate to
practise is valid until thirty-first day of December of the year of issue of
that certificate.
Disciplinary Procedures
The Institute of Chartered Accountant –Ghana has a just and effective
investigative and disciplinary regime that provides a means of bringing to
account those who fail to maintain high professional standards.
There are provisions in the Chartered Accountants Act that govern
investigation and discipline of misconduct, including breaches of
professional standards and rules by its individual members and firms.
Misconduct includes all and any of the following:

 Criminal activity;
 Acts or omissions likely to bring the accountancy profession into
disrepute;
 Breaches of professional standards;
 Breaches of ethical requirements;
 Gross professional negligence;
UEW/IEDE 21
AUDITING AND
 A number of less serious instances of professional negligence that,

cumulatively, may indicate unfitness to exercise practicing rights; and
 Unsatisfactory work.
Sanctions
ICAG operates a just and effective investigative and disciplinary regime.
The regime would allow those who judge issues relating to misconduct to
impose a range of penalties, including:
 Reprimand;
 Loss or restriction of practice rights;
 Fine/payment of costs;
 Loss of professional title (designation); and
 Exclusion from membership.
It is particularly important that the penalties include loss of professional

designation, restriction and removal of practising rights, and exclusion from
membership. Such a regime protects clients and other stakeholders,
demonstrating to the outside world that the profession is playing its part in
maintaining and enhancing professional standards and, ultimately, removing
from the profession those who do not deserve to belong in it.
 IFAC contributes to the efficient functioning of the international

economy
 the regulatory bodies and authorities of the audit practise include IFAC,
ICAG and Ghana Audit Service
 Whereas section 270 of the companies code specifies the qualification of
auditors in private companies section 296 of the act provides for the that
of the public sector
 The ICAG has a just and effective investigative and disciplinary regime
that provides a means of bringing to account those who fail to maintain
high professional standards.
Review Questions
 Outline the primary responsibilities of IFAC
 State the functions of IAASB, IESBA, IPSASB, IAESB
 Discuss how ICAG regulates the accountancy profession in Ghana
 Outline the qualification requirement of an Auditor of a company and
the disqualification criteria of an Auditor
22 UEW/IEDE
AUDITING
AUDITING AND
AND
This page is
Unit 1, section 1: Regulatory institutions ofleft blank
audit for your
practice notes INVESTIGATION
in Ghana INVESTIGATION
UEW/IEDE 23
PUBLIC SECTOR AUDITING FRAMEWORK
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
2
Unit 1, section 2: Public sector auditing framework
We are now on section 2 of unit 1. In this section, we would examine

institutional and legislative regulations of public sector audit practice in
Ghana.
By the end of the section, you should be able to understand how Parliament,
Ghana Audit Service and Internal Audit Agency regulate and impact audit
practice in Ghana.
Ghana Audit Service

This section provides for the methods of operation of the Auditor-General
and determines the structure and technical expertise required for the
efficient performance of audit functions for public institution.
Audit of public accounts generally

The public accounts of Ghana and of all public offices, including the courts,
the central and local government administrations, of the Universities and
public institutions of like nature, of any public corporation or other body or
organisation established by an Act of Parliament shall be audited and
reported on by the Auditor-General. In reference to section 20 of Audit
Service Act, 2000 (Act 584), the Auditor-General is to within six months
after the end of the immediately preceding financial year to which each of
the accounts to be audited must submit report to Parliament and shall, in the
report, draw attention to any irregularities in the accounts audited and to any
other matter which ought to be brought to the notice of Parliament.
For the purposes of this statutory audit requirement, the Auditor-General or
any person authorised or appointed for the purpose by the Auditor-General
shall have access to all books, records, returns and other documents
including documents in computerized and electronic form relating to or
relevant to those accounts. Any head of a public institution or other body
subject to auditing by the Auditor-General who fails to comply with the
above is liable to be surcharged with the cost of any loss occasioned by
defective internal controls of auditing.
Audit of foreign exchange transactions

The Bank of Ghana shall, not later than three months after the end of the
first six months of its financial year, submit to the Auditor-General for
audit, a statement of its foreign exchange receipts and payments or transfers
in and outside Ghana. Upon receipt of this statement from Bank of Ghana,
the Auditor-General shall, not later than three months also submit his audit
report to Parliament on the statement.
Examination of accounts
The Auditor-General shall examine in such manner as he thinks necessary
the public and other government accounts and shall ascertain whether in his
opinion:
24 UEW/IEDE
AUDITING AND
Unit 1, section 2: Public sector auditing framework INVESTIGATION
 The accounts have been properly kept;

 All public monies have been fully accounted for, and rules and
procedures applicable are sufficient to ensure an effective check on the
assessment, collection and proper allocation of the revenue;
 Monies have been expended for the purposes for which they were
appropriated and the expenditures have been made as authorised;
 Essential records are maintained and the rules and procedures applied
are sufficient to safeguard and control public property; and
 Programmes and activities have been undertaken with due regard to
economy, efficiency and effectiveness in relation to the resources
utilised and results achieved.
Auditing of statutory corporation

Regarding the accounts of a statutory corporation, a state enterprise or a
public commercial institution operating under its own enactment, the
Auditor-General or any person appointed by him shall upon the examination
of the accounts of the body or institution, express his opinion as to whether
the accounts present fairly financial information in accordance with the
applicable statutory provisions, stated accounting policies of the
Government and is in accordance with generally accepted accounting
standards and essentially consistent with that of the preceding year.
The Auditor-General or any person appointed by the Auditor-General to
audit the accounts of statutory corporations is to draw attention to the
following:
 The profitability, liquidity, stability and solvency of the corporation and
also the performance of the shares of the corporation on the capital
markets, where relevant;
 Whether there was any delay in payment of government portion of any
declared dividend, if any, into the Consolidated Fund;
 Any significant cases of fraud or losses and the underlying causes;
 Any internal control weakness noted; and
 The general corporate performance indicating—
 Achievement against set targets and objectives; and
 Whether the finances of the body have been conducted with due
regard to economy, efficiency and effectiveness having regard to the
resources utilised.
Examination of Controller & Accountant-General’s public

accounts
The Auditor-General shall, upon receipt of the annual statement of public
accounts required to be made by the Controller and Accountant-General,
examine the statement and certify whether in his opinion the statements
present fairly financial information on the accounts in accordance with
accounting policies of the Government and consistent with statements of the
proceeding year in accordance with best international practices, and may
state such reservation or comment that he considers necessary.
UEW/IEDE 25
AUDITING AND
INVESTIGATION Unit 1, section 2: Public sector auditing framework
Appointment of the Auditor-General

There shall be an Auditor-General who shall be appointed by the President
acting in consultation with the Council of State. The office of Auditor-
General shall be a public office. A person appointed to be the Auditor-
General shall, before entering upon the duties of his office, take and
subscribe the Oath of the Auditor-General. The Auditor-General shall retire
after attaining the age of sixty years but may be engaged for a limited period
of not more than two years at a time but not exceeding five years in all and
upon such other terms and conditions as the President acting in consultation
with the Council of State shall determine.
The salary and allowances payable to the Auditor-General, the facilities and
privileges available to the Auditor-General shall be determined by the
President on the recommendations of not more than five persons appointed
by the President, acting in accordance with the advice of the Council of
State. His rights in respect of leave of absence, retiring award or retiring age
shall not be varied to his disadvantage during his tenure of office. The
provisions of article 146 of the Constitution relating to the removal of a
Justice of the Superior Court of Judicature from office shall apply to the
Auditor-General. The Auditor-General may at any time resign his office in
writing addressed to the President.
Disallowance and surcharge by Auditor-General

The Auditor-General shall specify to the appropriate head of department or
institution the amount due from any person upon whom he has made a
surcharge or disallowance and the reasons for the surcharge or disallowance.
A sum specified by the Auditor-General to be due from any person shall be
paid by that person to the department or institution as the case may be,
within 60 days after it has been so specified.
A person aggrieved by a disallowance or surcharge made by the Auditor-

General may appeal to the High Court not later than the expiration of 60
days prescribed in subsection. Any sum which is lawfully due under this
section shall, on civil proceedings taken by the Head of Department in a
court be recoverable as a civil debt and where the person surcharged is in
receipt of remuneration from government or any institution, the
remuneration shall be attached to the extent of the sum lawfully due.
In any proceedings for the recovery of that sum a certificate signed by the
Auditor- General shall be prima facie evidence of the facts certified. The
Auditor-General may with the prior approval of Parliament revoke any
surcharge made under this section.
Independence and powers of the Auditor-General

In the performance of his/her functions under Audit Service Act or any other
law, the Auditor- General:
26 UEW/IEDE
AUDITING AND
 Shall not be subject to the direction or control of any other person or

authority;
 May disallow any item of expenditure which is contrary to law and
surcharge
 The amount of any expenditure disallowed upon the person
responsible for incurring or authorising the expenditure;
 Any sum which has not been duly brought into account, upon the
person by whom the sum ought to have been brought into account;
or
 The amount of any loss or deficiency, upon any person by whose
negligence or misconduct the loss or deficiency has been incurred.
The Auditor-General may in addition to the audit of public accounts, carry

out in the public interest such special audits or reviews as he considers
necessary and shall submit reports on the audits or review undertaken by
him to Parliament.
The above paragraph shall not preclude the President, acting in accordance
with the advice of the Council of State, from requesting the Auditor-General
in the public interest, to audit, at any particular time, the accounts of any
such body or organization.
Adherence to international practices

The Auditor-General shall in the audit of accounts adhere to methods that
are consistent with emerging practices in governmental auditing such as
environmental and forensic audits adopted by the International Organisation
of Supreme Audit Institutions and other internationally recognised bodies.
Submission of Auditor-General's report to Parliament

The Auditor-General shall, within six months after the end of the
immediately preceding financial year to which each of the accounts relates,
submit his report to Parliament and shall, in the report, draw attention to any
irregularities in the accounts audited and to any other matter which in his
opinion ought to be brought to the notice of Parliament.
The Auditor-General may whenever Parliament so requests and may, of his
own motion inquire into and report on any matter relating to—
 The financial affairs of the Government or public property; and
 Any person or organisation in receipt of financial aid from the
Government or in respect of which financial aid from the Government is
sought.
Without limiting the scope, the Auditor-General in his report to Parliament

on the public accounts shall draw attention to any case in which he has
observed that
 An officer or employee of Government has wilfully or negligently
omitted to collect or receive any public money due to the Government;
UEW/IEDE 27
AUDITING AND
 Any public money was not duly accounted for and paid into the
Consolidated Fund or other designated public account;
 An appropriation was exceeded or was applied for a purpose or in a
manner not authorised by law;
 Expenditure was not authorised or properly vouched for or certified;
 There has been a deficiency through fraud, default or mistake of any
person;
 Applicable internal control and management measures are inefficient or
ineffective;
 the use or custody of property, money, stamps, securities, equipment,
stores, trust money, trust property or other assets has occurred in a
manner detrimental to the State;
 Resources have not been used with due regard to economy, efficiency
and effectiveness in relation to the results attained;
 In the public interest, the matter should be brought to the notice of
Parliament.
Debate by Parliament of the Auditor-General's reports

Parliament shall debate reports of the Auditor-General on the public
accounts of Ghana, the statement of foreign exchange receipts and payments
of the Bank of Ghana and other special audits and shall appoint where
necessary, in the public interest, committees to deal with any matters arising
from the report.
Publication of reports
The Auditor-General shall publish his reports on the public accounts of
Ghana and the statement of foreign exchange receipts and payments of the
Bank of Ghana as soon as the reports have been presented to the Speaker to
be laid before Parliament.
The Auditor-General shall submit copies of the published reports to—
 The Government Archivist;
 All public and University libraries in Ghana;
 The libraries of the Ghana Institute of Management and Public
Administration (GIMPA) and the Managing Development and
Productivity Institute (MDPI);
 Members of the Board; and
 Any other institution approved by the Board.
Auditing of the office of the Auditor-General

The accounts of the office of the Auditor-General shall be audited annually
and reported upon by an auditor appointed by Parliament. The Audit Service
Board shall submit to the President and Parliament as soon as possible but in
any event not later than eight months after the end of each financial year a
report on the activities of the Service during the year to which the report
relates
28 UEW/IEDE
AUDITING AND
The Internal Audit Agency

Public sector accountability is regulated by both external and internal audits.
We will now review the Internal Auditing of Public Sector Institutions.
Establishment and Functions of the Internal Audit Agency

The Internal Audit Agency was established under the authority of Internal
Audit Agency Act, 2003 (Act 658). The object of the agency is to co-
ordinate, facilitate and provide quality assurance for internal audit activities
within the Ministries, Departments and Agencies [MDAs] and the
Metropolitan, Municipal and District Assemblies [MMDAs]. The Agency
may upon examination of an internal audit report, take such action as it
considers appropriate including recommendation of prosecution and
disciplinary action in respect of any breaches found.
The specific functions of the agency are as follows:

 The Agency shall set standards and procedures for the conduct of
internal audit activities in the MDAs and MMDAs.
 The Agency shall ensure that

 financial, managerial and operating information reported internally
and externally is accurate, reliable and timely;
 the financial activities of MDAs and MMDAs are in compliance
with laws, policies, plans, standards and procedures;
 national resources are adequately safeguarded;
 national resources are used economically, effectively and efficiently;
 plans, goals and objectives of MDAs and MMDAs.
 Without limiting subsections (1) and (2), the Agency shall

 promote economy, efficiency and effectiveness in the administration
of government programmes and operations;
 prepare plans to be approved by the Board for the development and
maintenance of an efficient internal audit for the MDAs and
MMDAs;
 facilitate the prevention and detection of fraud; and
 Provide a means for keeping the MDAs and MMDAs fully and
currently informed about problems and deficiencies related to the
administration of their programmes and operations and the necessity
for appropriate corrective action.
 The Agency shall monitor, undertake inspections and evaluate the

internal auditing of the MDAs and MMDAs.
UEW/IEDE 29
AUDITING AND
Governing body of the Agency

The Agency shall have a governing Board known as the Internal Audit
Board.
 The Board shall consist of the following members appointed by the
president acting in consultation with the Council of State:
 a Chairperson;
 the Minister responsible for Finance or a representative of the
Minister;
 the Minister for Local Government and Rural Development or a
representative of the Minister;
 the Chairperson of the Public Services Commission or a
representative of the chairperson;
 the Director-General of the Agency appointed under section 12 of
this Act;
 two other members appointed from the private sector; and
 Two auditors each with not less than ten years’ experience in the
profession nominated by the Council of the Institute of Chartered
Accountants (Ghana).
 The President shall in appointing members of the Board have regard to
the integrity, knowledge, expertise and experience of the persons and in
particular their knowledge in matters relevant to the functions of the
Agency.
Establishment of internal audit units

 There shall be established in each MDA and MMDA an internal audit
unit.
 There shall be appointed for each internal audit unit, personnel required
to ensure an effective and efficient internal auditing of the MDA or
MMDA concerned.
 An internal audit unit established under subsection (10 shall in
accordance with this Act and standards and procedures provided by the
Agency, carry out an internal audit of its MDA or MMDA and shall
submit reports on the internal audit it carries out to the Director-General.
 The internal audit unit of an MDA shall submit a copy of its internal
audit report to its management body and such other persons as it is
required to submit the report.

 The autonomous bodies of the Constitution shall be subject to the
standards and procedures of the Agency and shall have internal audit
units.
 The internal audit units of the autonomous bodies shall not be
subject to the Agency but shall be subject to the Auditor-General.
 A copy of the internal audit report of an autonomous body shall be
submitted to the Auditor-General.
30 UEW/IEDE
AUDITING AND
 A copy of an internal audit report of an MMDA shall be submitted to its

regional co-ordinating Council.
 A regional Co-ordinating Council shall furnish the Agency with a copy
of an internal audit report submitted under subsection (6).
 The Audit report implementation committees of MDAs and MMDAs as
established under section 30(1) of the Audit Service Act, 2000 (Act 584)
shall be responsible for the implementation of the recommendations of
the internal audit report.
Exhibition of Professionalism and Competence

Internal auditors operating by virtue of the Internal Audit Act are to,
 exhibit the highest level of professionalism in the gathering, evaluation
and communication of information when auditing and shall act only in
areas for which they have the necessary knowledge, skill, experience
and competence;
 perform internal audit in accordance with General Accepted Principles
of Internal auditing and the standard and guidelines of the Agency; and
 in performance of their work make a balanced assessment of all issues or
relevance to the work and should not be influenced by their personal
interest or the interests of other persons.
The Agency holds dearly and is to regularly review the ethical conduct of
Internal Auditors regarding the following:
 Integrity – Such that Internal Auditors will perform their work with
honesty and diligence; not knowingly be a party to any illegal activities
or engage in acts that discredit the work of internal auditing or the MDA
or MMDA they work for; make disclosures required by law and the
standards; not participate in any activity or relationship that may impair
or is likely to be taken to impair unbiased assessment, including an
activity or a relationship that may be in conflict with the interests of the
MDA or MMDA; not accept anything or any favour that may impair or
might be taken to affect their professional judgement; and disclose all
material facts known to them, the non-disclosure of which may distort
any reporting activity.
 Confidentiality - Internal auditors shall respect the value and ownership

of information they receive and shall not disclose information without
authority unless there is a legal or professional obligation to do so.
Internal auditors shall be prudent in the use and protection of
information acquired in the course of their duties. Internal auditors shall
not use information for any personal gain or in any manner that would
be contrary to this Act or determine to the legitimate and ethical
objective of the Agency, MDAs and MMDAs.
UEW/IEDE 31
AUDITING AND
Offences and penalties

 Section 14 of the Internal Audit Agency Act provides that the following
are offences:
 giving the Director-General any information or explanation which
the person knows to be false or which the person has no reason to
believe to be true;
 failing to produce for inspection by the Director-General or under
his authority or otherwise fails to give the Director-General access to
any book, record or office when requested by the Director-General
 wilfully suppressing any information or explanation required by the
Director-General or obstructing the Director-General in any way in
the performance of functions under this Act;
Providing information which the person knows to be false or which the

person has no reason to believe to be true to an internal auditor, commits an
offence and is liable on summary conviction to a fine not less than 1,000
penalty units or to imprisonment for a team not exceeding 5 years or to both.
 Any internal auditor who acts in breach of any of the provisions of

section 18, 19 or 20 shall be subject to such action as the Board shall
recommend including criminal prosecution.
 Any member of staff or employee of the Agency who
 demands or takes a bribe, gratuity, recompense or reward for the
neglect, omission, commission or performance of duty under this
Act;
 wilfully fails to report to the Director-General any abuse or
irregularity that comes to the notice of the person in the course of the
performance of duties under this Act; or
 makes any report to the Director-General which the person knows to
be false or which the person has no reason to believe to be true
commits an offence and is liable on summary conviction to a fine of
not less than 1,000 penalty units or to imprisonment for a term not
exceeding 5 years or to both.
You have learnt about

 Ghana audit services and their duties in audit of public account,
 audit of foreign exchange transactions, and the auditing of statutory
corporation and examination of accounts.
You also learnt about how the public sector accountability is regulated by
the internal audit agency. In the next section, you will learn about
international standards on auditing.
Review Questions
 Explain the code of ethics of Internal Auditors
 Outline the functions of the Internal Audit Agency
32 UEW/IEDE
AUDITING AND
 Discuss the Appointment, Powers and the Independence of the Auditor

General
UEW/IEDE 33
INTERNATIONAL STANDARDS ON AUDITING
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
3
Unit 1, section 3: International standards on auditing
You are welcome to section 3 of unit 1. In this section, we would have an

overview of International Standards of Auditing (ISA).
At the end of the section, you should be able to understand and outline the
overarching International Standards on Auditing.
International Standards on Auditing (ISAs)

International Standards on Auditing (ISA) are professional standards for the
performance of financial audit of financial information. These standards are
issued by International Federation of Accountants (IFAC) through the
International Auditing and Assurance Standards Board (IAASB).
Auditing Standards contain the basic principles and essential procedures
with which auditors are expected to comply. Failure to comply with
standards may pose legal and regulatory risks. In Ghana, The Institute of
Chartered Accountant -Ghana has adopted the International Standards of
Auditing [ISA].
List of the Standards (ISAs)

Respective responsibilities
 ISA 200 Overall Objectives of the Independent Auditor and the Conduct
of an Audit in Accordance with International Standards on Auditing
 ISA 210 Agreeing the Terms of Audit Engagements
 ISA 220 Quality Control for an Audit of Financial Statements
 ISA 230 Audit Documentation
 ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of
Financial Statements
 ISA 250 Consideration of Laws and Regulations in an Audit of
 ISA 260 Communication with Those Charged with Governance
 ISA 265 Communicating Deficiencies in Internal Control to Those
Charged with Governance and Management
 ISA 299 Responsibility of Joint Auditors
Audit planning
 ISA 300 Planning an Audit of Financial Statements
 ISA 315 Identifying and assessing the risks of material misstatement
through understanding the entity and its environment
 ISA 320 Materiality in planning and performing an audit
 ISA 330 The auditor's responses to assessed risks
Internal Control
 ISA 402 Audit Considerations Relating to an Entity Using a Service
Organization
 ISA 450 Evaluation of Misstatements Identified during the Audit
34 UEW/IEDE
AUDITING AND
Unit 1, section 3: International standards on auditing INVESTIGATION
Audit evidence
 ISA 500 Audit Evidence
 ISA 501 Audit Evidence – Additional Considerations for Specific Items
 ISA 505 External Confirmations
 ISA 510 Initial Engagements - Opening Balances
 ISA 520 Analytical Procedures
 ISA 530 Audit Sampling and Other Means of Testing
 ISA 540 Auditing Accounting Estimates, Including Fair Value
Accounting Estimates, and Related Disclosures
 ISA 550 Related Parties
 ISA 560 Subsequent Events
 ISA 570 Going Concern
 ISA 580 Written Representations
Using work of other experts

 ISA 600 Special Considerations - Audits of Group Financial Statements
(Including the Work of Component Auditors)
 ISA 610 Using the Work of Internal Auditors
 ISA 620 Using the Work of an Auditor's Expert
Audit conclusions and Audit report

 ISA 700 Forming an Opinion and Reporting on Financial Statements
 ISA 705 Modifications to the Opinion in the Independent Auditor's
Report
 ISA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in
the Independent Auditor's Report
 ISA 710 Comparative Information - Corresponding Figures and
Comparative Financial Statements
 ISA 720 The Auditor's Responsibilities Relating to Other Information in
Documents Containing Audited Financial Statements
Specialized areas
 ISA 800 Special Considerations-Audits of Financial Statements
Prepared in Accordance with Special Purpose Frameworks
 ISA 805 Special Considerations-Audits of Single Financial Statements
and Specific Elements, Accounts or Items of a Financial Statement
 ISA 810 Engagements to Report on Summary Financial Statements
 International Standard on Quality Control (ISQC) 1, Quality Controls
for Firms that Perform Audits and Reviews of Financial Statements, and
Other Assurance and Related Services Engagements
1000-1100 International Auditing Practice Statements (IAPSS)

 1000 Inter-Bank Confirmation Procedures
 1004 The Relationship between Banking Supervisors and Banks
External Auditors
UEW/IEDE 35
AUDITING AND
INVESTIGATION Unit 1, section 3: International standards on auditing
 1005 The Special Considerations in the Audit of Small Entities

 1006 Audits of the Financial Statements of Banks
 1010 The Consideration of Environmental Matters in the Audit of
 1012 Auditing Derivative Financial Instruments
 1013 Electronic Commerce Effect on the Audit of Financial Statements
 1014 Reporting by Auditors on Compliance with International Financial
Reporting Standards
2000-2699 International Standards On Review Engagements

(ISREs)
 2400 Engagements to Review Financial Statements (Previously ISA
910)
 2410 Review of Interim Financial Information Performed by the
Independent Auditor of the Entity
Assurance Engagements Other Than Audits or Reviews of

Historical Financial Information
 3000-3699 International Standards on Assurance Engagements (ISAEs)
 3000 Assurance Engagements Other than Audits or Reviews of
Historical Financial Information
 3000-3399 APPLICABLE TO ALL ASSURANCE ENGAGEMENTS
 3400 The Examination of Prospective Financial Information (Previously
ISA 810)
 3400-3699 SUBJECT SPECIFIC STANDARDS
Related Services
4000-4699 INTERNATIONAL STANDARDS ON RELATED SERVICES
(ISRSS)
 4400 Engagements to Perform Agreed-upon Procedures Regarding
Financial Information (Previously ISA 920) arrangements to Compile
Financial Information (Previously ISA 930)
The Institute of Chartered Accountants, in collaboration with the Practice

Society, issues Practice Notes (PNs) to assist auditors in applying auditing
standards in particular circumstances and industries. The Institute also
occasionally issues bulletins to provide auditors with timely guidance on
new or emerging issues. Practice Notes and Bulletins are persuasive rather
than prescriptive. They may be issued without the full consultation and
exposure process that is used for auditing standards but they are very useful
reference materials.
 Auditing Standards contain the basic principles and essential procedures

with which auditors are expected to comply.
36 UEW/IEDE
AUDITING AND
Unit 1, section 3: International standards on auditing INVESTIGATION
 The International Standards on Auditing (ISA) was highlighted and the

respective headings for most standards can be identified for the
performance of financial audit
Review Questions
 Outline the International Auditing Standards. ISAs
 Which standard relates to Audit Evidence
 The Overall Objectives of the Independent Auditor and the Conduct of
an Audit in Accordance with International Standards on Auditing refers
to ISA …………….
UEW/IEDE 37
ETHICAL REQUIREMENTS OF AUDITOR
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
4
Unit 1, section 4: Ethical requirements of auditor
Having discussed general fundamental principles of ethical requirements,

we are now moving on to discuss code of ethics specifically required for the
guidance of audit practice.
At the end of the chapter, you should be able to describe professional ethical
requirements for auditors with reference to Professional Appointment,
Conflicts of interest, Second Opinions, Fees and Other Types of
Remuneration, Marketing Professional Services , Gifts and Hospitality ,
Custody of Client Assets and Objectivity.
Introduction to code of ethics for professional auditors

An auditor shall not knowingly engage in any business, occupation, or
activity that impairs or might impair integrity, objectivity or the good
reputation of the profession and as a result, would be incompatible with the
fundamental principles.
Part A of the IFAC Code of Ethics for Professional Accountants has general
application to all assignments undertaken by all professional accountants.
Part B of the Code spells out the ethical requirements specific to
accountants in public practice (professional auditors/auditing firms).
Threats to Compliance with Fundamental Principles

Compliance with the fundamental principles may potentially be threatened
by a broad range of circumstances and relationships. The nature and
significance of the threats may differ depending on whether they arise in
relation to the provision of services to an audit client and whether the audit
client is a public interest entity, to an assurance client that is not an audit
client, or to a non-assurance client. Threats fall into one or more of the
following categories:
 Self-interest;
 Self-review;
 Advocacy;
 Familiarity; and
 Intimidation.
Self Interest Threats

Examples of circumstances that create self-interest threats for an auditor
include:
 A member of the assurance team having a direct financial interest in the
assurance client.
 A firm having undue dependence on total fees from a client.
 A member of the assurance team having a significant close business
relationship with an assurance client.
 A firm being concerned about the possibility of losing a significant
client.
38 UEW/IEDE
AUDITING AND
Unit 1, section 4: Ethical requirements of auditor INVESTIGATION
 A member of the audit team entering into employment negotiations with

the audit client.
 A firm entering into a contingent fee arrangement relating to an
assurance engagement.
 An auditor discovering a significant error when evaluating the results of
a previous professional service performed by a member of the auditor’s
firm.
Self-Review Threats
Examples of circumstances that create self-review threats for an auditor
include:
 A firm issuing an assurance report on the effectiveness of the operation
of financial systems after designing or implementing the systems.
 A firm having prepared the original data used to generate records that
are the subject matter of the assurance engagement.
 A member of the assurance team being, or having recently been, a
director or officer of the client.
 A member of the assurance team being, or having recently been,
employed by the client in a position to exert significant influence over
the subject matter of the engagement.
 The firm performing a service for an assurance client that directly
affects the subject matter information of the assurance engagement.
Advocacy Threats
Examples of circumstances that create advocacy threats for an auditor
include:
 The firm promoting shares in an audit client.
 An auditor acting as an advocate on behalf of an audit client in litigation
or disputes with third parties.
Familiarity Threats
Examples of circumstances that create familiarity threats for an auditor
include:
 A member of the engagement team having a close or immediate family
member who is a director or officer of the client.
 A member of the engagement team having a close or immediate family
member who is an employee of the client who is in a position to exert
significant influence over the subject matter of the engagement.
 A director or officer of the client or an employee in a position to exert
significant influence over the subject matter of the engagement having
recently served as the engagement partner.
 An auditor accepting gifts or preferential treatment from a client, unless
the value is trivial or inconsequential.
 Senior personnel having a long association with the assurance client.
UEW/IEDE 39
AUDITING AND
INVESTIGATION Unit 1, section 4: Ethical requirements of auditor
Intimidation Threats
Examples of circumstances that create intimidation threats for an auditor in
public practice include:
 A firm being threatened with dismissal from a client engagement.
 An audit client indicating that it will not award a planned non-assurance
contract to the firm if the firm continues to disagree with the client’s
accounting treatment for a particular transaction.
 A firm being threatened with litigation by the client.
 A firm being pressured to reduce inappropriately the extent of work
performed in order to reduce fees.
 An auditor feeling pressured to agree with the judgment of a client
employee because the employee has more expertise on the matter in
question.
 An auditor being informed by a partner of the firm that a planned
promotion will not occur unless the accountant agrees with an audit
client’s inappropriate accounting treatment.
Safeguards to Eliminate or Reduce threats to Compliance with

Fundamental Principles
Safeguards that may eliminate or reduce threats to an acceptable level fall
into two broad categories:
 Safeguards created by the profession, legislation or regulation; and
 Safeguards in the work environment.
Safeguards created by the profession, legislation or regulation

Examples of safeguards created by the profession, legislation or regulation
are as follows:
 Educational, training and experience requirements for entry into the
profession.
 Continuing professional development requirements.
 Corporate governance regulations.
 Professional standards.
 Professional or regulatory monitoring and disciplinary procedures.
 External review by a legally empowered third party of the reports,
returns, communications or information produced by an auditor.
An auditor shall exercise judgment to determine how best to deal with

threats that are not at an acceptable level, whether by applying safeguards to
eliminate the threat or reduce it to an acceptable level or by terminating or
declining the relevant engagement.
In exercising this judgment, an auditor shall consider whether a reasonable

and informed third party, weighing all the specific facts and circumstances
available to the auditor at that time, would be likely to conclude that the
threats would be eliminated or reduced to an acceptable level by the
40 UEW/IEDE
AUDITING AND
application of safeguards, such that compliance with the fundamental

principles is not compromised. This consideration will be affected by
matters such as the significance of the threat, the nature of the engagement
and the structure of the firm.
Safeguards in the work environment.

In the work environment, the relevant safeguards will vary depending on the
circumstances. Work environment safeguards comprise firm-wide
safeguards and engagement-specific safeguards.
Examples of firm-wide safeguards in the work environment include:

 Leadership of the firm that stresses the importance of compliance with
the fundamental principles.
 Leadership of the firm that establishes the expectation that, members of
an assurance team will act in the public interest.
 Policies and procedures to implement and monitor quality control of
engagements.
 Documented policies regarding the need to identify threats to
compliance with the fundamental principles, evaluate the significance of
those threats, and apply safeguards to eliminate or reduce the threats to
an acceptable level or, when appropriate safeguards are not available or
cannot be applied, terminate or decline the relevant engagement.
 Documented internal policies and procedures requiring compliance with
the fundamental principles.
 Policies and procedures that will enable the identification of interests or
relationships between the firm or members of engagement teams and
clients.
 Policies and procedures to monitor and, if necessary, manage the
reliance on revenue received from a single client.
 Using different partners and engagement teams with separate reporting
lines for the provision of non-assurance services to an assurance client.
 Policies and procedures to prohibit individuals who are not members of
an engagement team from inappropriately influencing the outcome of
the engagement.
 Timely communication of a firm’s policies and procedures, including
any changes to them, to all partners and professional staff, and
appropriate training and education on such policies and procedures.
 Designating a member of senior management to be responsible for
overseeing the adequate functioning of the firm’s quality control system.
 Advising partners and professional staff of assurance clients and related
entities from which independence is required.
 A disciplinary mechanism to promote compliance with policies and
procedures.
 Published policies and procedures to encourage and empower staff to
communicate to senior levels within the firm any issue relating to
compliance with the fundamental principles that concerns them.
UEW/IEDE 41
AUDITING AND
Examples of engagement-specific safeguards in the work environment

include:
 Having an auditor who was not involved with the non-assurance service
review the non-assurance work performed or otherwise advise as
necessary.
 Having an auditor who was not a member of the assurance team review
the assurance work performed or otherwise advise as necessary.
 Consulting an independent third party, such as a committee of
independent directors, a professional regulatory body or another auditor.
 Discussing ethical issues with those charged with governance of the
client.
 Disclosing to those charged with governance of the client the nature of
services provided and extent of fees charged.
 Involving another firm to perform or re-perform part of the engagement.
 Rotating senior assurance team personnel.
Depending on the nature of the engagement, an auditor in public practice

may also be able to rely on safeguards that the client has implemented.
However it is not possible to rely solely on such safeguards to reduce threats
to an acceptable level.
Examples of safeguards within the client’s systems and procedures include:
 The client requires persons other than management to ratify or approve
the appointment of a firm to perform an engagement.
 The client has competent employees with experience and seniority to
make managerial decisions.
 The client has implemented internal procedures that ensure objective
choices in commissioning non-assurance engagements.
 The client has a corporate governance structure that provides appropriate
oversight and communications regarding the firm’s services.
Professional appointment
Client Acceptance
Before accepting a new client relationship, an auditor shall determine
whether acceptance would create any threats to compliance with the
fundamental principles. Potential threats to integrity or professional
behaviour may be created from, for example, questionable issues associated
with the client (its owners, management or activities).
Client issues that, if known, could threaten compliance with the

fundamental principles include, for example, client involvement in illegal
activities (such as money laundering), dishonesty or questionable financial
reporting practices.
42 UEW/IEDE
AUDITING AND
An auditor shall evaluate the significance of any threats and apply

safeguards when necessary to eliminate them or reduce them to an
acceptable level.
Examples of such safeguards include:
 Obtaining knowledge and understanding of the client, its owners,
managers and those responsible for its governance and business
activities; or
 Securing the client’s commitment to improve corporate governance
practices or internal controls.
Where it is not possible to reduce the threats to an acceptable level, the

auditor in public practice shall decline to enter into the client relationship.
It is recommended that an auditor periodically reviews acceptance decisions
for recurring client engagements.
Engagement Acceptance
The fundamental principle of professional competence and due care imposes
an obligation on an auditor to provide only those services that the auditor in
public practice is competent to perform. Before accepting a specific client
engagement, an auditor shall determine whether acceptance would create
any threats to compliance with the fundamental principles. For example, a
self-interest threat to professional competence and due care is created if the
engagement team does not possess, or cannot acquire, the competencies
necessary to properly carry out the engagement.
An auditor shall evaluate the significance of threats and apply safeguards,

when necessary, to eliminate them or reduce them to an acceptable level.
 Acquiring an appropriate understanding of the nature of the client’s
business, the complexity of its operations, the specific requirements of
the engagement and the purpose, nature and scope of the work to be
performed.
 Acquiring knowledge of relevant industries or subject matters.
 Possessing or obtaining experience with relevant regulatory or reporting
requirements.
 Assigning sufficient staff with the necessary competencies.
 Using experts where necessary.
 Agreeing on a realistic time frame for the performance of the
engagement.
 Complying with quality control policies and procedures designed to
provide reasonable assurance that specific engagements are accepted
only when they can be performed competently.
When an auditor intends to rely on the advice or work of an expert, the

auditor shall determine whether such reliance is warranted. Factors to
consider include: reputation, expertise, resources available and applicable
UEW/IEDE 43
AUDITING AND
professional and ethical standards. Such information may be gained from

prior association with the expert or from consulting others.
Changes in a Professional Appointment

An auditor who is asked to replace another auditor, or who is considering
tendering for an engagement currently held by another auditor, shall
determine whether there are any reasons, professional or otherwise, for not
accepting the engagement, such as circumstances that create threats to
compliance with the fundamental principles that cannot be eliminated or
reduced to an acceptable level by the application of safeguards. For
example, there may be a threat to professional competence and due care if
an auditor accepts the engagement before knowing all the pertinent facts.
An auditor shall evaluate the significance of any threats. Depending on the
nature of the engagement, this may require direct communication with the
existing auditor to establish the facts and circumstances regarding the
proposed change so that the auditor can decide whether it would be
appropriate to accept the engagement. For example, the apparent reasons for
the change in appointment may not fully reflect the facts and may indicate
disagreements with the existing accountant that may influence the decision
to accept the appointment.
Safeguards shall be applied when necessary to eliminate any threats or

reduce them to an acceptable level. Examples of such safeguards include:
 When replying to requests to submit tenders, stating in the tender that,
before accepting the engagement, contact with the existing auditor will
be requested so that inquiries may be made as to whether there are any
professional or other reasons why the appointment should not be
accepted;
 Asking the existing auditor to provide known information on any facts
or circumstances that, in the existing auditor’s opinion, the proposed
auditor needs to be aware of before deciding whether to accept the
engagement; or
 Obtaining necessary information from other sources.
When the threats cannot be eliminated or reduced to an acceptable level

through the application of safeguards, an auditor shall, unless there is
satisfaction as to necessary facts by other means, decline the engagement.
An auditor may be asked to undertake work that is complementary or
additional to the work of the existing auditor. Such circumstances may
create threats to professional competence and due care resulting from, for
example, a lack of or incomplete information. The significance of any
threats shall be evaluated and safeguards applied when necessary to
eliminate the threat or reduce it to an acceptable level. An example of such a
safeguard is notifying the existing auditor of the proposed work, which
would give the existing auditor the opportunity to provide any relevant
information needed for the proper conduct of the work.
44 UEW/IEDE
AUDITING AND
An existing auditor is bound by confidentiality.
Whether that auditor is permitted or required to discuss the affairs of a client

with a proposed auditor will depend on the nature of the engagement and
on:
 Whether the client’s permission to do so has been obtained; or
 The legal or ethical requirements relating to such communications and
disclosure, which may vary by jurisdiction.
Circumstances where the auditor is or may be required to disclose

confidential information or where such disclosure may otherwise be
appropriate are as follows:
 Disclosure is permitted by law and is authorized by the client or the
employer;
 Disclosure is required by law, for example:
 Production of documents or other provision of evidence in the
course of legal proceedings; or
 Disclosure to the appropriate public authorities of infringements of
the law that come to light; and
 (c) There is a professional duty or right to disclose, when not
prohibited by law:
 To comply with the quality review of a member body or professional
body;
 To respond to an inquiry or investigation by a member body or
regulatory body;
 To protect the professional interests of a auditor in legal
proceedings; or
 To comply with technical standards and ethics requirements
An auditor will generally need to obtain the client’s permission, preferably

in writing, to initiate discussion with an existing auditor. Once that
permission is obtained, the existing auditor shall comply with relevant legal
and other regulations governing such requests. Where the existing auditor
provides information, it shall be provided honestly and unambiguously. If
the proposed auditor is unable to communicate with the existing auditor, the
proposed auditor shall take reasonable steps to obtain information about any
possible threats by other means, such as through inquiries of third parties or
background investigations of senior management or those charged with
governance of the client.
Conflicts of Interest
An auditor shall take reasonable steps to identify circumstances that could
pose a conflict of interest. Such circumstances may create threats to
compliance with the fundamental principles. For example, a threat to
objectivity may be created when an auditor competes directly with a client
or has a joint venture or similar arrangement with a major competitor of a
UEW/IEDE 45
AUDITING AND
client. A threat to objectivity or confidentiality may also be created when an

auditor performs services for clients whose interests are in conflict or the
clients are in dispute with each other in relation to the matter or transaction
in question.

safeguards when necessary to eliminate the threats or reduce them to an
acceptable level. Before accepting or continuing a client relationship or
specific engagement, the auditor in public practice shall evaluate the
significance of any threats created by business interests or relationships with
the client or a third party.
Depending upon the circumstances giving rise to the conflict, application of

one of the following safeguards is generally necessary:
 Notifying the client of the firm’s business interest or activities that may
represent a conflict of interest and obtaining their consent to act in such
circumstances; or
 Notifying all known relevant parties that the auditor in public practice is
acting for two or more parties in respect of a matter where their
respective interests are in conflict and obtaining their consent to so act;
or
 Notifying the client that the auditor in public practice does not act
exclusively for any one client in the provision of proposed services (for
example, in a particular market sector or with respect to a specific
service) and obtaining their consent to so act.
The auditor shall also determine whether to apply one or more of the
following additional safeguards:
 The use of separate engagement teams;
 Procedures to prevent access to information (e.g., strict physical
separation of such teams, confidential and secure data filing);
 Clear guidelines for members of the engagement team on issues of
security and confidentiality;
 The use of confidentiality agreements signed by employees and partners
of the firm; and
 Regular review of the application of safeguards by a senior individual
not involved with relevant client engagements.
Where a conflict of interest creates a threat to one or more of the

fundamental principles, including objectivity, confidentiality, or
professional behaviour, that cannot be eliminated or reduced to an
acceptable level through the application of safeguards, the auditor in public
practice shall not accept a specific engagement or shall resign from one or
more conflicting engagements.
Where an auditor has requested consent from a client to act for another party
(which may or may not be an existing client) in respect of a matter where
46 UEW/IEDE
AUDITING AND
the respective interests are in conflict and that consent has been refused by
the client, the auditor in public practice shall not continue to act for one of
the parties in the matter giving rise to the conflict of interest.
Second Opinions
Situations where an auditor is asked to provide a second opinion on the
application of accounting, auditing, reporting or other standards or
principles to specific circumstances or transactions by or on behalf of a
company or an entity that is not an existing client may create threats to
compliance with the fundamental principles. For example, there may be a
threat to professional competence and due care in circumstances where the
second opinion is not based on the same set of facts that were made
available to the existing accountant or is based on inadequate evidence. The
existence and significance of any threat will depend on the circumstances of
the request and all the other available facts and assumptions relevant to the
expression of a professional judgment.
When asked to provide such an opinion, an auditor shall evaluate the

significance of any threats and apply safeguards when necessary to
eliminate them or reduce them to an acceptable level. Examples of such
safeguards include seeking client permission to contact the existing
accountant, describing the limitations surrounding any opinion in
communications with the client and providing the existing accountant with a
copy of the opinion.
If the company or entity seeking the opinion will not permit communication
with the existing accountant, an auditor shall determine whether, taking all
the circumstances into account, it is appropriate to provide the opinion
sought.
Fees and other Types of Remuneration

When entering into negotiations regarding professional services, an auditor
may quote whatever fee is deemed appropriate. The fact that one auditor in
public practice may quote a fee lower than another is not in itself unethical.
Nevertheless, there may be threats to compliance with the fundamental
principles arising from the level of fees quoted. For example, a self-interest
threat to professional competence and due care is created if the fee quoted is
so low that it may be difficult to perform the engagement in accordance with
applicable technical and professional standards for that price.
The existence and significance of any threats created will depend on factors
such as the level of fee quoted and the services to which it applies. The
significance of any threat shall be evaluated and safeguards applied when
necessary to eliminate the threat or reduce it to an acceptable level.
UEW/IEDE 47
AUDITING AND

 Making the client aware of the terms of the engagement and, in
particular, the basis on which fees are charged and which services are
covered by the quoted fee.
 Assigning appropriate time and qualified staff to the task.
Contingent fees are widely used for certain types of non-assurance

engagements. They may, however, create threats to compliance with the
fundamental principles in certain circumstances. They may create a self-
interest threat to objectivity. The existence and significance of such threats
will depend on factors including:
 The nature of the engagement.
 The range of possible fee amounts.
 The basis for determining the fee.
 Whether the outcome or result of the transaction is to be reviewed by an
independent third party.
The significance of any such threats shall be evaluated and safeguards

applied when necessary to eliminate or reduce them to an acceptable level.
 An advance written agreement with the client as to the basis of
remuneration.
 Disclosure to intended users of the work performed by the professional
accountant in public practice and the basis of remuneration.
 Quality control policies and procedures.
 Review by an independent third party of the work performed by the
professional accountant in public practice.
In certain circumstances, an auditor may receive a referral fee or

commission relating to a client. For example, where the professional
accountant in public practice does not provide the specific service required,
a fee may be received for referring a continuing client to another auditor in
public practice or other expert. An auditor may receive a commission from a
third party (e.g., a software vendor) in connection with the sale of goods or
services to a client. Accepting such a referral fee or commission creates a
self-interest threat to objectivity and professional competence and due care.
An auditor may also pay referral fee to obtain a client, for example, where
the client continues as a client of another auditor but requires specialist
services not offered by the existing auditor. The payment of such a referral
fee also creates a self-interest threat to objectivity and professional
competence and due care.
The significance of the threat shall be evaluated and safeguards applied

when necessary to eliminate the threat or reduce it to an acceptable level.
48 UEW/IEDE
AUDITING AND
 Disclosing to the client any arrangements to pay a referral fee to another

auditor for the work referred.
 Disclosing to the client any arrangements to receive a referral fee for
referring the client to another auditor in public practice.
 Obtaining advance agreement from the client for commission
arrangements in connection with the sale by a third party of goods or
services to the client.
An auditor may purchase all or part of another firm on the basis that
payments will be made to individuals formerly owning the firm or to their
heirs or estates.
Marketing Professional Services

When an auditor solicits new work through advertising or other forms of
marketing, there may be a threat to compliance with the fundamental
principles. For example, a self-interest threat to compliance with the
principle of professional behaviour is created if services, achievements, or
products are marketed in a way that is inconsistent with that principle.
An auditor shall not bring the profession into disrepute when marketing
professional services. The auditor in public practice shall be honest and
truthful and not:
 Make exaggerated claims for services offered, qualifications possessed,
or experience gained; or
 Make disparaging references or unsubstantiated comparisons to the
work of another.
If the auditor in public practice is in doubt about whether a proposed form

of advertising or marketing is appropriate, the auditor shall consider
consulting with the relevant professional body (in the case of Ghana, the
Institute of Chartered Accountants –Ghana).
Gifts and Hospitality

An auditor, or an immediate or close family member, may be offered gifts
and hospitality from a client. Such an offer may create threats to compliance
with the fundamental principles. For example, a self-interest or familiarity
threat to objectivity may be created if a gift from a client is accepted; an
intimidation threat to objectivity may result from the possibility of such
offers being made public.
The existence and significance of any threat will depend on the nature,
value, and intent of the offer. Where gifts or hospitality are offered that a
reasonable and informed third party, weighing all the specific facts and
circumstances, would consider trivial and inconsequential, an auditor may
conclude that the offer is made in the normal course of business without the
specific intent to influence decision making or to obtain information. In
UEW/IEDE 49
AUDITING AND
such cases, the auditor may generally conclude that any threat to compliance
with the fundamental principles is at an acceptable level.

safeguards when necessary to eliminate the threats or reduce them to an
acceptable level. When the threats cannot be eliminated or reduced to an
acceptable level through the application of safeguards, an auditor shall not
accept such an offer.
Custody of Client Assets

An auditor shall not assume custody of client monies or other assets unless
permitted to do so by law and, if so, in compliance with any additional legal
duties imposed on an auditor holding such assets.
The holding of client assets creates threats to compliance with the
fundamental principles; for example, there is a self-interest threat to
professional behaviour and may be a self-interest threat to objectivity arising
from holding client assets. An auditor entrusted with money (or other assets)
belonging to others shall therefore:
 Keep such assets separately from personal or firm assets;
 Use such assets only for the purpose for which they are intended;
 At all times be ready to account for those assets and any income,
dividends, or gains generated, to any persons entitled to such
accounting; and
 Comply with all relevant laws and regulations relevant to the holding of,
and accounting for such assets.
As part of client and engagement acceptance procedures for services that

may involve the holding of client assets, an auditor shall make appropriate
inquiries about the source of such assets and consider legal and regulatory
obligations. For example, if the assets were derived from illegal activities,
such as money laundering, a threat to compliance with the fundamental
principles would be created. In such situations, the auditor may consider
seeking legal advice.
Objectivity—All Services
An auditor shall determine when providing any professional service whether
there are threats to compliance with the fundamental principle of objectivity
resulting from having interests in, or relationships with, a client or its
directors, officers or employees. For example, a familiarity threat to
objectivity may be created from a family or close personal or business
relationship.
An auditor who provides an assurance service shall be independent of the

assurance client. Independence of mind and in appearance is necessary to
enable the auditor to express a conclusion, and be seen to express a
conclusion, without bias, conflict of interest, or undue influence of others.
50 UEW/IEDE
AUDITING AND
The existence of threats to objectivity when providing any professional

service will depend upon the particular circumstances of the engagement
and the nature of the work that the auditor is performing.

safeguards when necessary to eliminate them or reduce them to an
acceptable level. Examples of such safeguards include:
 Withdrawing from the engagement team.
 Supervisory procedures.
 Terminating the financial or business relationship giving rise to the
threat.
 Discussing the issue with higher levels of management within the firm.
 Discussing the issue with those charged with governance of the client.
If safeguards cannot eliminate or reduce the threat to an acceptable level, the

auditor shall decline or terminate the relevant engagement.
 The ethical requirements of auditors is a critical part of the International

Standard on Auditing
 An auditor should take reasonable steps to identify circumstances that
could pose a conflict of interest.
 The fundamental principle of professional competence and due care
imposes an obligation on an auditor to provide only those services that
the auditor in public practice is competent to perform.
 Threats such as self-interest, self-review, advocacy, familiarity and
intimidation can hinder the compliance of auditors with these
fundamental ethical principles. Auditors can apply appropriate
safeguards to minimize these threats in their work environment.
Review Questions
 Discuss the threats to compliance with the fundamental principles and
the safeguards available for eliminating or reducing the threats to
acceptable levels
 Discuss the potential threats associated with professional appointments
and the safeguards available to reduce or eliminate the threats to
acceptable levels
 Identify circumstances that could pose threat to the following ethical
issues and the safeguards available to reduce or eliminate the threats to
acceptable levels
UEW/IEDE 51
AUDITORS’ CIVIL AND CRIMINAL LIABILITY
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
5
Unit 1, section 5: Auditors’ civil and criminal liability
This Section will discuss the auditor’s liability during and after the conduct
of an audit exercise. Students should be familiar with these liabilities in
order to identify and understand the limitations in auditing.
The objective of this section is to expose students to the types of an

auditor’s liability, the criminal offenses and some remedies available to
companies that have suffered damage as a result of the auditor’s negligent
misrepresentations.
Liabilities of an Auditor
Types of liability
Auditors are potentially liable for both criminal and civil offences. The
former occur when individuals or organisations breach a government
imposed law; in other words criminal law governs relationships between
entities and the state. Civil law, in contrast, deals with disputes between
individuals and/or organisations.
Criminal offences
Like any individual or organisation auditors are bound by the laws in the
countries in which they operate. The Criminal Code, 1960 (Act 29) and
Criminal Procedure Code, 1960 (Act 30) are strong authorities that should
guide everyone including auditors in Ghana. So under current criminal law
auditors could be prosecuted for acts such as offences involving dishonesty,
fraud, deceit, insider trading offences against the person, sexual offences,
libel, forgery and so on.
Audit is also subject to legislation prescribed by the Companies Act 2006.

This includes many sections governing who can be an auditor, how auditors
are appointed and removed and the functions of auditors.
One noteworthy offence from the Companies Act is that of ‘knowingly, or

recklessly causing a report (auditor’s report on company’s annual accounts)
to include any matter that is misleading, false or deceptive in a material
particular’.
This means that auditors could be prosecuted in a criminal court for either
knowingly or recklessly issuing an inappropriate audit opinion.
Civil offences
There are two pieces of civil law of particular significance to the audit
profession; contract law and the law of tort. These establish the principles
for auditor liability to clients and to third parties, respectively. The High
Court (Civil Procedures) Rules, 2004 (CI 47).
52 UEW/IEDE
AUDITING AND
Unit 1, section 5: Auditors’ civil and criminal liability INVESTIGATION
Under contract law, parties can seek remedy for a breach of contractual
obligations. Therefore shareholders can seek remedy from an auditor if they
fail to comply with the terms of an engagement letter. Under the law of tort,
auditors can be sued for negligence if they breach a duty of care towards a
third party who consequently suffers some form of loss.
Civil liabilities arise when there are dispute between two parties for a loss
caused to one due to the act of another. In this case, the auditor is called
upon to pay damages as decided by the court. These may be of the following
types.
Liability of Negligence
While conducting the work of audit, auditor should take care and be
professional and skilful. Otherwise it amounts to negligence. Negligence
means acting carelessly or failing to perform a duty owed properly. An
auditor is expected to perform his duties as an agent of the shareholders by
exercising care and diligence in the implementation of statutory
requirements for the maintenance and presentation of the financial
statement.
 For example: Mr. X is a sole trader and Mr. A is his auditor. A has
conducted audit work which was relied upon and the report was so
misleading such that there was a loss of $40,000 due to reliance on the
auditor’s opinion. A will be liable to pay such specific damage to X. But
in the event where the amount of damage is not quantified, the court will
award general damages to compensate the client X for any loss suffered
Liability for Libel

In reporting the auditor may become liable for libel if the report
misrepresents and the reputation of officers are reduced but where the
auditor criticizes any person based on facts and substantial evidence, there
will be no liability of the auditor.
Liability of the Third Party

The auditor is expert in finding out the errors and frauds and is aware how
to check the books of accounts. Many third parties as the shareholders,
investors, tax authorities, creditors and government rely upon his reports. So
if he makes any type of error or fraud, he is liable to pay the damages.
Misstatement in Prospectus
The civil liability of an auditor arises due to misstatement in prospectus.
Where a prospectus invites person to subscribe for shares or debentures of a
company, the auditor shall be liable to pay compensation to every person
who subscribe for a purchase any shares or debentures on the faith of the
prospectus for any loss or damage be may reason of any untrue statements.
UEW/IEDE 53
AUDITING AND
INVESTIGATION Unit 1, section 5: Auditors’ civil and criminal liability
Breach of Contract
If the auditor fails to fulfill the term of the contract, the civil liability arises.
In case he omits to perform all or some conditions of the contract, he will
equally be liable to pay the owner for any financial loss sustained.
The audits which are not legally required are called optional audits. Audit of
sole trading concerns, audit of partnership firms, etc. are examples to
optional audits. In case of optional audits rights, duties, liabilities etc of
auditor will be of contractual nature. So there may be terms between auditor
and client which auditor has to become liable on certain agreed occasions.
Contractual liability is agreed liability.
Case Brief
The application of the law of tort in the auditing profession, and the way in
which auditors seek to limit their exposure to the ensuing liabilities, has
been shaped by a number of recent landmark cases. The most notable of
these are Caparo Industries Plc (Caparo) v Dickman (1990) and Royal Bank
of Scotland (RBS) vs Bannerman JohnstoneMacLay (Bannerman) (2002).
In the first case, Caparo pursued the firm Touche Ross (who later merged to
form Deloitte &Touche) following a series of share purchases of a company
called Fidelity plc. Caparo alleges that the purchase decisions were based
upon inaccurate accounts that overvalued the company. They also claimed
that, as auditors of Fidelity, Touche Ross owed potential investors a duty of
care. The claim was unsuccessful; the House of Lords concluded that the
accounts were prepared for the existing shareholders as a class for the
purposes of exercising their class rights and that the auditor had no
reasonable knowledge of the purpose that the accounts would be put to by
Caparo.
It was this case that provided the current guidance for when duty of care
between an auditor and a third party exists. Under the ruling this occurs
when:
 the loss suffered is a reasonably foreseeable consequence of the
defendant’s conduct
 there is sufficient ‘proximity’ of relationship between the defendant and
the pursuer, and
 It is 'fair, just and reasonable' to impose a liability on the defendant.
In the second case RBS alleged to have lost over £13m in unpaid overdraft
facilities to insolvent client APC Ltd. They claimed that Bannerman had
been negligent in failing to detect a fraudulent and material misstatement in
the accounts of APC. The banking facility was provided on the basis of
receiving audited financial statements each year.
54 UEW/IEDE
AUDITING AND
Unit 1, section 5: Auditors’ civil and criminal liability INVESTIGATION
In contrast to Touche Ross, who had no knowledge of Caparo’s intention to

rely upon the audited financial statements, Bannerman, through their audit
of the banking facility letter of APC, would have been aware of RBS’s
intention to use the audited accounts as a basis for lending decisions. For
this reason it was upheld that they owed RBS a duty of care. The judge in
the Bannerman case also, and crucially, concluded that the absence of any
disclaimer of liability to third parties was a significant contributing factor to
the duty of care owed to them.
The liabilities of an auditor can be classified into two groups; namely,

liability under optional audits and liability under statutory audits.
Liability under Statutory Audits

The audits which are legally required are called statutory audits. Audit of
joint stock companies comes into this category. Company auditors liabilities
are determined by companies act it. Liabilities of company auditor are of
three types.
 Liability for Negligence.
 Liability Under Companies Act, 1963
The guidance for when an auditor may be liable, either under criminal or
civil law appears to be clear and largely uncontroversial. The same cannot
be said of the nature of the fines and settlements. There is little argument
that parties that have suffered as a result should be able to seek adequate
compensation against the auditor. It is alleged that the penalties incurred by
the audit profession are unfairly high. Also the civil law principle of ‘joint
and several liability’ means that even if there are few culpable parties in a
negligent act, the plaintiff may pursue any one of the partners either
individually or jointly for the entire damages sought.
Shareholders seeking compensation for any consequent losses from wrong

audit opinion may try to recover the full loss from the auditors even though
there may have been mismanagement of the company by the Directors. This
approach to recovery of loss is mostly supported when auditors possess
professional indemnity insurance, and as such are often the sole target for
financial compensation. Regardless of the perceived fairness, this situation
does create a number of challenges for the profession, namely:
 The increasing cost to the industry, firstly from defending and settling
claims but also from spiralling insurance premiums.
 The potential for consequent increases in audit fees to cover these rising
costs.
 The overall lack of sufficient insurance cover in the sector in
comparison to the size of some of the claims.(Reference 1)
 The lack of competition in the audit market for large (listed) entities.
UEW/IEDE 55
AUDITING AND
INVESTIGATION Unit 1, section 5: Auditors’ civil and criminal liability
The management of the audit liability been discussed and it seems there is
little or not protection to the profession. There are increasing number of
advocates for a ‘proportional’ system of liability replacing the current ‘joint
and several’ one. Under this proposal the audit firms would accept their
proportion of the blame in a negligence case and would pay that proportion
of the compensation. This system would ensure a fair outcome for the
plaintiff without placing the entire financial burden upon the audit
profession.
Managing exposure to liability

There are a number of ways in which audit firms can manage their exposure
to claims of negligence. Perhaps the most obvious is not being negligent in
the first place. In practical terms this means rigorously applying
International Standards on Auditing and the Code of Ethics for Professional
Accountants and paying close attention to the terms and conditions agreed
upon in the engagement letter.
Of course, improvements in quality controls in comparison to current levels

would not happen without investment from the audit firms. With pressure to
reduce audit fees it is unlikely that firms will want to commit to further
increases in cost unless it is perceived that such action will lead to long-term
reductions in legal and insurance costs.
Disclaimers of liability
It has become common to include a disclaimer of liability to third parties in
the wording of the audit report. Disclaimers may not entirely eliminate
liability to third parties but they do reduce the scope for courts to assume
liability to them. It should be noted that whilst this should reduce the threat
of litigation, it provides no protection from the threat of litigation from
clients under contract law.
In summary, we have looked at auditors’ civil and criminal liability. We

have also looked some remedies available to companies that have suffered
damages as result of the auditor’s negligent misrepresentation.
 There are two pieces of civil law of particular significance to the audit
profession; contract law and the law of tort.
 One noteworthy offence from the Companies Act is that of ‘knowingly,
or recklessly causing a report (auditor’s report on company’s annual
accounts) to include any matter that is misleading, false or deceptive in a
material particular’
Review Questions
 State and explain the types of liabilities of an Auditor
 What lesson do we learn from the Caparo case
 In what circumstances can an Auditor be liable to his client?
56 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 1, section 5: Auditors’
This page iscivil
left and criminal
blank liability
for your notes INVESTIGATION
INVESTIGATION
UEW/IEDE 57
QUALITY CONTROL FOR PROFESSIONAL AUDITING
AUDITING AND
UNIT 1 SECTION
INVESTIGATION
6
Unit 1, section
FIRMS6: Quality control for professional auditing firms
This section is to enable students familiarize themselves with the

International Standards on Quality Control and the elements of a system
Quality Control …
By the end of this section students should understand the International

Standards on Quality Control and the elements of a system of Quality
Control. These standards are designed to enhance the understanding and
implementation of them.
International Standards on Quality Control

In March 2009, the IAASB announced the completion of its 18-month long
program to comprehensively review all the ISAs and ISQC to improve their
clarity. As a result of this landmark achievement, auditors worldwide now
have access to 36 newly updated and clarified ISAs and a clarified ISQC.
ISQCs are written to apply to firms in respect of all their services falling
under the IAASB’s Engagement Standards. The authority of ISQCs is set
out in the introduction to the ISQCs. This International Standard on Quality
Control (ISQC) deals with a firm’s responsibilities for its system of quality
control for audits and reviews of financial statements, and other assurance
and related services engagements.
A system of quality control consists of policies designed to achieve the

objective set out in paragraph below and the procedures necessary to
implement and monitor compliance with those policies.
The objective of the firm is to establish and maintain a system of quality

control to provide it with reasonable assurance that:
 The firm and its personnel comply with professional standards and
applicable legal and regulatory requirements; and
 Reports issued by the firm or engagement partners are appropriate in the
circumstances.
Elements of a System of Quality Control

The firm shall establish and maintain a system of quality control that
includes policies and procedures that address each of the following
elements:
Leadership responsibilities for quality within the firm

The firm shall establish policies and procedures designed to promote an
internal culture recognizing that quality is essential in performing
engagements. Such policies and procedures shall require the firm’s chief
executive officer (or equivalent) or, if appropriate, the firm’s managing
board of partners (or equivalent) to assume ultimate responsibility for the
firm’s system of quality control.
58 UEW/IEDE
AUDITING AND
Unit 1, section 6: Quality control for professional auditing firms INVESTIGATION
Relevant ethical requirements

The firm shall establish policies and procedures designed to provide it with
reasonable assurance that the firm and its personnel comply with relevant
ethical requirements. The firm shall establish policies and procedures
designed to provide it with reasonable assurance that it is notified of
breaches of independence requirements, and to enable it to take appropriate
actions to resolve such situations.
Acceptance and continuance of client relationships and specific

engagements
The firm shall establish policies and procedures on continuing an
engagement and the client relationship, addressing the circumstances where
the firm obtains information that would have caused it to decline the
engagement had that information been available earlier.
Human resources
reasonable assurance that it has sufficient personnel with the competence,
capabilities, and commitment to ethical principles necessary to:
 Perform engagements in accordance with professional standards and
applicable legal and regulatory requirements; and
 Enable the firm or engagement partners to issue reports that are
appropriate in the circumstances.
Engagement performance
reasonable assurance that engagements are performed in accordance with
professional standards and applicable legal and regulatory requirements, and
that the firm or the engagement partner issue reports that are appropriate in
the circumstances. Such policies and procedures shall include:
 Matters relevant to promoting consistency in the quality of engagement
 performance;
 Supervision responsibilities; and
 Review responsibilities.
Monitoring
The firm shall establish policies and procedures requiring, for appropriate
engagements, an engagement quality control review that provides an
objective evaluation of the significant judgments made by the engagement
team and the conclusions reached in formulating the report. The firm shall
document its policies and procedures and communicate them to the firm’s
personnel.
UEW/IEDE 59
AUDITING AND
INVESTIGATION Unit 1, section 6: Quality control for professional auditing firms
The firm shall establish a monitoring process designed to provide it with

reasonable assurance that the policies and procedures relating to the system
of quality control are relevant, adequate, and operating effectively. This
process shall:
 Include an ongoing consideration and evaluation of the firm’s system of
quality control including, on a cyclical basis, inspection of at least one
completed engagement for each engagement partner;
 Require responsibility for the monitoring process to be assigned to a
partner or partners or other persons with sufficient and appropriate
experience and authority in the firm to assume that responsibility; and
 Require that those performing the engagement or the engagement
quality control review are not involved in inspecting the engagements.
Documentation of the System of Quality Control

The firm is to establish policies and procedures requiring appropriate
documentation to provide evidence of the operation of each element of its
system of quality control. The firm is also to establish policies and
procedures that require retention of documentation for a period of time
sufficient to permit those performing monitoring procedures to evaluate the
firm’s compliance with its system of quality control, or for a longer period if
required by law or regulation.
 A system of quality control consists of policies designed to achieve the

objective set
 Some of the elements of quality control are leadership responsibility for
quality within the firm, relevant ethical requirement, acceptance and
continuous of client relationship and specific engagement, performance
and monitoring.
Review Questions
 Discuss the elements of system of Quality Control
 Why should firms adopt a quality control system
60 UEW/IEDE
CONDUCTING AN AUDIT ASSIGNMENT
XXXXXXX 2
Congratulations my dear student for a successful completion of the first unit

of the module. The first unit focused on the LEGAL AND
PROFESSIONAL FRAMEWORK. In this unit we are going to look at
CONDUCTING AN AUDIT ASSIGNMENT. This unit is meant to
expose students to the conduct of audits, going through the audit process,
the methods of gathering evidence and carrying out verification exercises. It
is therefore important to give serious attention to this unit. Let’s move on
then.
By the end of this unit you should be able to:

 understand and appreciate the audit process
 describe what constitute sufficient and appropriate audit evidence; list
financial statement assertions; list and explain the procedures of
obtaining audit evidence.
 outline the factors that need to be considered before the auditor places
reliance on the work of a specialist, explain how the auditor can evaluate
the competence and objectivity of the expert, assess the work done by a
specialist
 draw audit programmes for testing sales, receipts purchases, payment
and payroll, identify the objective that such tests seek to achieve, explain
analytical review
 explain the concept of verification, describe the specific objectives
verification process seeks to achieve
 obtain and evaluate accounting estimates in an audit of financial
statements in accordance with the International Standards on Auditing
62 UEW/IEDE
AUDITING AND
UEW/IEDE 63
THE AUDIT PROCESS
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
1
Unit 2, section 1: The audit process
This Section is meant to expose students to the conduct of audits, going

through the audit process, the methods of gathering evidence and carrying
out verification exercises.
At the end of this session students should understand and appreciate the
audit process
Overview of the Financial Statement Auditing Process

To understand this process you should consider how transactions are
captured and finally processed into the financial statements. The application
of basic financial knowledge is important here. Individual transactions are
grouped and summarized into various accounts, and finally, financial
statements are prepared by organizing meaningful collections of those
account balances. Entities should design and implement controls to ensure
that those transactions are initiated, captured, recorded, and summarized
appropriately. Keep in mind that the auditor is required to express an
opinion on whether or not the financial statements are presented fairly and
information provided is true.
Also remember that account balances are made up of individual transactions

that occurred during the reporting period (or beyond). The auditor will need
to design procedures to test whether the transactions were actually captured
and treated properly. The auditor should design audit procedures appropriate
enable him/her obtain information relevant to make conclusions and form an
objective opinion.
Note that the auditor can collect evidence in each stage in a client’s
accounting system to help determine whether the financial statements are
fairly stated:
 the internal control put in place by the client to ensure proper handling
of transactions (e.g. evaluates and test the controls);
 the transactions that affect each account balance (e.g. examine a sample
of the transactions that occurred during the period); and
 the ending account balances themselves (e.g. inspect a sample of the
items that make up a closing account balance at period end). Evidence
that relates directly to closing account balances is usually the highest
quality, but also the costliest evidence. Thus, an auditor will usually rely
on a combination of evidence from all three stages (if the internal
control system is reliable) in forming an audit opinion regarding the
fairness of the financial statements. Which of these three areas it is best
to focus on depends on the circumstances, and this is generally left to
the auditor’s professional judgment.
The audit process is generally a ten-step procedure as outlined below.

 Notification
 Planning
64 UEW/IEDE
AUDITING AND
Unit 2, section 1: The audit process INVESTIGATION
 Opening Meeting
 Fieldwork
 Communication
 Report Drafting
 Management Response
 Closing Meeting
 Report Distribution
 Follow-up
Consider the auditor’s task from a logical perspective. The end product of a
financial statement auditor’s work is an audit report indicating opinions
whether or not the client’s financial statements are free of material
misstatement.
After accepting a client what should an auditor do to obtain the necessary

(and appropriate and sufficient) evidence to form and support that opinion?
Notification
First, you will receive a letter to inform you of an upcoming audit. The
auditor will send a letter of engagement after reviewing a preliminary
checklist where an assessment of the auditor’s capability to carry out the
exercise will be considered. This is a list of documents (e.g. organization
charts, financial statements) that will help the auditor learn about your unit
before planning the audit.
Planning
The auditor must first obtain a thorough understanding of the entity and its
environment, including the entity’s internal control. After reviewing the
information, the auditor will plan the review, conduct an engagement risk
assessment, draft an audit plan, and schedule an opening meeting. The
auditor must understand the risks the client faces, how it is dealing with
those risks, and what remaining risks are most likely to result in a material
misstatement in the financial statements. Armed with this understanding, the
auditor will develop an audit strategy and an audit plan that will produce
evidence helpful in forming and supporting an opinion on the financial
statements.
Opening Meeting
The opening meeting should include senior management and any
administrative staff that may be involved in the audit. During this meeting,
the scope of the audit will be discussed. You should feel free to ask the
auditors to review areas that you are concerned about. The time frame of the
audit will be determined, and you should discuss any potential timing issues
(e.g. vacations, deadlines) that could impact the audit. It doesn't take as
much of your time as you might expect!
UEW/IEDE 65
AUDITING AND
INVESTIGATION Unit 2, section 1: The audit process
Fieldwork
After the opening meeting, the auditor will finalize the audit plan and begin
fieldwork. Fieldwork typically consists of talking with staff, reviewing
procedure manuals, and learning about your business processes, testing for
compliance with applicable university policies and procedures and laws and
regulations, and assessing the adequacy of internal controls.
Communication
Throughout the process, the auditor will keep the client informed, and will
have an opportunity to discuss issues noted and the possible solutions.
Report Drafting
After the fieldwork is completed, the auditor will draft a report. The report
consists of several sections and includes: the distribution list, the follow-up
date, a general overview of your unit, the scope of the audit, any major audit
concerns, the overall conclusion, and detailed commentary describing the
findings and recommended solutions. You should read the draft report
carefully to make sure there are no errors. If you find a mistake, inform the
auditor right away so that it can be corrected before the final report is
issued.
Management Response
Once the report is finalized, we will request your management responses.
The response consists of 3 components: whether you agree or disagree with
the problem, your action plan to correct the problem, and the expected
completion date.
Closing Meeting
A closing meeting will be held so that everyone can discuss the audit report
and review your management responses. This is an opportunity to discuss
how the audit went and any remaining issues.
Report Distribution
The report is then distributed to you, your manager(s), senior university
administrators, internal audit, and the university's external auditors. We also
distribute an audit survey to the audited unit to solicit feedback about the
audit. Feedback is important to us, since it can help us improve the audit
process.
Follow-Up
Follow-up reviews are performed on an issue-by-issue basis and typically
occur shortly after the expected completion date, so that agreed-upon
corrective actions can be implemented. The purpose of the follow-up is to
verify that you have implemented the agreed-upon corrective actions. The
66 UEW/IEDE
AUDITING AND
Unit 2, section 1: The audit process INVESTIGATION
auditor will interview staff, perform tests, or review new procedures to

perform the verification. You will then receive a letter from the auditor
indicating whether you have satisfactorily corrected all problems or whether
further actions are necessary.
 We discussed the conduct of audit, going through the audit process, the
methods of gathering evidence and carrying out verification exercise.
 The auditor must understand the risks the client faces, how it is dealing
with those risks, and what remaining risks are most likely to result in a
material misstatement in the financial statements.
Review Questions
 Outline and explain the stages in the auditing process
 What should be considered in audit planning
UEW/IEDE 67
AUDIT EVIDENCE
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
2
Unit 2, section 2: Audit evidence
You are now in Section 2 of the second unit of this module. Welcome, I
believe that you have now tipped Auditing and Investigation as one of the
interesting subjects in business. Let us look at what constitute audit
evidence
At the end of the section, you should be able to:

 describe what constitute sufficient and appropriate audit evidence;
 list financial statement assertions;
 list and explain the procedures of obtaining audit evidence.
Introduction to nature and purpose of audit evidence

Auditors should obtain sufficient appropriate evidence to be able to draw
reasonable conclusions on which to base the audit opinion.
“Audit evidence’ means the information auditors obtain in arriving at the

conclusions on which the audit opinion is based. Audit evidence comprises
source documents and accounting records underlying the financial statement
assertions and corroborative information from other sources.
Audit evidence is obtained from an appropriate mix of tests of control and

substantive procedures. In some circumstances, evidence may be obtained
entirely from substantive procedures.
Concept of Audit Evidence

“Audit evidence” is all the information used by the auditor in arriving at the
conclusions on which the audit opinion is based, and includes the
information contained in the accounting records underlying the financial
statements and other information. Auditors are not expected to address all
information that may exist. Any evidence, which is cumulative in nature,
includes audit evidence obtained from audit procedures performed during
the course of the audit and may include audit evidence obtained from other
sources such as previous audits and a firm’s quality control procedures for
client acceptance and continuance.
Accounting records generally include the records of initial entries and

supporting records, such as checks and records of electronic fund transfers;
invoices; contracts’ the general and subsidiary ledgers, journal entries and
other adjustments to the financial statements that are not reflected in formal
journal entries; and records such as work sheets and spreadsheets supporting
cost allocations, computations, reconciliations and disclosures. The entries
in the accounting records are often initiated, recorded, processed and
reported in electronic form. In addition, the accounting records may be part
of integrated systems that share data and support all aspects of the entity’s
financial reporting operations and compliance objectives.
68 UEW/IEDE
AUDITING AND
Unit 2, section 2: Audit evidence INVESTIGATION
Management is responsible for the preparation for the financial statements

based upon the accounting records of the entity. The auditor obtains some
audit evidence by testing the accounting records, for example, through
analysis and review, reperforming procedures followed in the financial
reporting process, and reconciling related types and applications of the some
information. Through the performance of such audit procedures, the auditor
may determine that the accounting records are internally consistent and
agree to the financial statements. However, because accounting records
alone do not provide sufficient audit evidence on which to base an audit
opinion on the financial statements, the auditor obtains other audit evidence.
Other information that the auditor may use as audit evidence includes
minutes of meetings; confirmations from third parties; analysts’ reports;
information obtained by the auditor from such audit procedures as inquiry,
observation, and inspection; and other information developed by, or
available to, the auditor that permits the auditor to reach conclusions
through valid reasoning.
Sufficient and Appropriate Audit Evidence

Sufficiency is the measure of the quantity of audit evidence.
Appropriateness is the measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for, or detecting
misstatements in, the classes of transactions, account balances, and
disclosures and related assertions. The quantity of audit evidence needed to
affected by the risk of misstatement (the greater the risk, the more audit
evidence is likely to be required) and also by the quality of such audit
evidence (the higher the quality, the less may be required).
Accordingly, the sufficiency and appropriateness of audit evidence are

interrelated. However, merely obtaining more audit evidence may not
compensate for its poor quality.
A given set of audit procedures may provide audit evidence that is relevant
to certain assertions, but not others. For example, inspection of records and
documents related to the collection of receivables after the period end may
provide audit evidence regarding both existence and valuation, although not
necessarily the appropriateness of period-end cut-offs.
On the other hand, the auditor often obtains audit evidence from different
sources or of a different nature that is relevant to the same assertion. For
example, the auditor may analyze the aging of accounts receivable and the
subsequent collection of receivables to obtain audit evidence relating to the
valuation of the allowance for doubtful accounts. Furthermore, obtaining
audit evidence relating to a particular assertion, for example, the physical
existence of inventory, is not a substitute for obtaining audit evidence
regarding another assertion, for example, the valuation of inventory.
UEW/IEDE 69
AUDITING AND
INVESTIGATION Unit 2, section 2: Audit evidence
The reliability of audit evidence is influenced by its source and by its nature
and is dependent on the individual circumstances under which it is obtained.
Generalizations about the reliability of various kinds of audit evidence can
be made; however, such generalizations are subject to important exceptions.
Even when audit evidence is obtained from sources external to the entity,
circumstances may exist that could affect the reliability of the information
obtained. For example, audit evidence obtained from an independent
external source may not be reliable if the source is not knowledgeable.
While recognizing that exceptions may exist, the following generalizations
about the reliability of audit evidence may be useful:
 Audit evidence is more reliable when it is obtained from independent
sources outside the entity.
 Audit evidence that is generated internally is more reliable when the
related controls imposed by the entity are effective.
 Audit evidence obtained directly by the auditor (for example,
observation of the application of a control) is more reliable than audit
evidence obtained indirectly or by inference (for example, inquiry about
the application of a control).
 Audit evidence is more reliable when it exists in documentary form,
whether paper, electronic, or other medium (for example, a
contemporaneously written record of a meeting is more reliable than a
subsequent oral representation of the matters discussed).
 Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles.
An audit rarely involves the authentication of documentation, nor is the

auditor trained as or expected to be an expert in such authentication.
However, the auditor considers the reliability of the information to be used
as audit evidence, for example, photocopies, facsimiles, filmed, digitized or
other electronic documents, including consideration of controls over their
preparation and maintenance where relevant.
When information produced by the entity is used by the auditor to perform

audit procedures, the auditor should obtain audit evidence about the
accuracy and completeness of the information. In order for the auditor to
obtain reliable audit evidence, the information upon which the audit
procedures are based needs to be sufficiently complete and accurate
The auditor ordinarily obtains more assurance from consistent audit

evidence obtained from different sources or of a different nature than from
items of audit evidence considered individually. In addition, obtaining audit
evidence from different sources or of a different nature may indicate that an
individual item of audit evidence is not reliable. For example, corroborating
information obtained from a source independent of the entity may increase
the assurance the auditor obtains from a management representation.
Conversely, when audit evidence obtained from one source is inconsistent
70 UEW/IEDE
AUDITING AND
with that obtained from another, the auditor determines what additional
audit procedures are necessary to resolve the inconsistency.
The auditor considers the relationship between the cost of obtaining audit
evidence and the usefulness of the information obtained. However, the
matter of difficulty or expense involved is not in itself a valid basis for
omitting an audit procedure for which there is no alternative.
In forming the audit opinion, the auditor does not examine all the
information available because conclusions ordinarily can be reached by
using sampling approaches and other means of selecting items for testing.
Also, the auditor ordinarily finds it necessary to rely on audit evidence that
is persuasive rather than conclusive. However to obtain reasonable
assurance, the auditor is not satisfied with audit evidence that is less than
persuasive. The auditor uses professional judgment and exercises
professional scepticism in evaluating the quantity and quality of audit
evidence, and thus its sufficiency and appropriateness, to support the audit
opinion.
The Use of Assertions in Obtaining Audit Evidence

Management is responsible for the fair presentation of financial statements
that reflect the nature and operations of the entity. In representing that the
financial statements give a true and fair view (or are presented fairly, in all
material respects) in accordance with the applicable financial reporting
framework, management implicitly or explicitly makes assertions regarding
the recognition, measurement, presentation and disclosure of the various
elements of financial statements and related disclosures.
The auditor should use assertions for classes of transactions, account

balances, and presentation and disclosures in sufficient detail to form a basis
for the assessment of risks of material misstatement and the design and
performance of further audit procedures. The auditor uses assertions in
assessing risks by considering the different types of potential misstatements
that may occur, and thereby designing audit procedures that are responsive
to the assessed risks.
Assertions used by the auditor fall into the following categories:
 Assertions about classes of transactions and events for the period under
audit [Income statement assertions]:
 Occurrence – transactions and events that have been recorded have
occurred and pertain to the entity.
 Completeness – all transactions and events that should have been
recorded have been recorded.
 Accuracy – amounts and other data relating to recorded transactions
and events have been recorded appropriately.
UEW/IEDE 71
AUDITING AND
 Cut-off – transactions and events have been recorded in the correct

accounting period.
 Classification – transactions and events have been recorded in the
proper accounts.
 Assertions about account balances at the period end [statement of

financial position assertions]:
 Existence – assets, liabilities, and equity interests exist.
 Rights and Obligations – the entity holds or controls the rights to
assets, and liabilities are the obligations of the entity.
 Completeness – all assets, liabilities and equity interests that should
have been recorded have been recorded
 Valuation and allocation – assets, liabilities and equity interests are
included in the financial statements at appropriate amounts and any
resulting valuation or allocation adjustments are appropriately
recorded.
 Assertions about presentation and disclosure:

 Occurrence and rights and obligations – disclosed events,
transactions, and other matters have occurred and pertain to the
entity.
 Completeness – all disclosures that should have been included in the
financial statements have been included.
 Classification and understandable – financial information is
appropriately presented and described, and disclosures are clearly
expressed.
 Accuracy and valuation- financial and other information are
disclosed fairly and at appropriate amounts.
The auditor may use the assertions as described above or may express them
differently provided all aspects described above have been covered. For
example, the auditor may choose to combine the assertions about
transactions and events with the assertions about account balances. As
another example, there may not be a separate assertion related to cut-off of
transactions and events when the occurrence and completeness assertions
include appropriate consideration of recording transactions in the correct
accounting period.
The assertions embodied in the financial statements, as used by the auditor

to consider the different types of potential misstatements that may occur,
may take the following forms:
72 UEW/IEDE
AUDITING AND
Transactions Account balances Presentation and

and events at the period-end disclosure
Occurrence and
rights and
Occurrence Existence obligations
Completeness Rights and Completeness

obligations
Accuracy Classification and
Completeness understandability
Cutoff
Valuation and Accuracy and
Classification allocation valuation
Audit Procedures for Obtaining Audit Evidence

The auditor obtains audit evidence to draw reasonable conclusions on which
to base the audit opinion by performing audit procedures to:
 Obtain an understanding of the entity and its environment, including its
internal control, to assess the risks of material misstatement at the
financial statement and assertion levels
 Test the operating effectiveness of controls in preventing, or detecting
and correcting, material misstatements at the assertion level (Audit
procedures performed for this purpose are referred to in the ISAs as
“tests of controls”); and
 Detect material misstatements at the assertion level (audit procedures
performed for this purpose are referred to in the ISAs as “substantive
procedures” and include tests of details of classes of transactions,
account balances, and disclosures and substantive analytical procedures.
The specific procedures for obtaining audit evidence are as follows:

 Inspection of records and documents
 Inspection of tangible assets
 Observation
 Enquiry
 Confirmation
 Recalculation
 Re-performance
 Analytical procedures
Inspection of Records or Documents

Inspection Consists of examining records or documents, whether internal or
external, in paper form, electronic form, or other media. Inspection of
records and documents provide audit evidence of varying degree of
UEW/IEDE 73
AUDITING AND
reliability of documents on the effectiveness of the controls over their

production. An example of inspection used as a test of controls is inspection
of records or documents for evidence of authorization.
Some documents represent direct audit evidence of the existence of an asset,

for example, a document constituting a financial instrument such as a stock
or bond. Inspection of such documents may not necessarily provide audit
evidence about ownership or value. In additions, inspecting an executed
contract may provide audit evidence relevant to the entity’s application of
accounting policies, such as revenue recognition.
Inspection of Tangible Assets

Inspection of tangible assets consists of physical examination of the assets.
Inspection of tangible assets may provide reliable audit evidence with
respect of their existence, but not necessarily about the entity’s rights and
obligations or the valuation of the assets. Inspection of individual inventory
items ordinarily accompanies the observation of inventory counting.
Observation
Observation consists of looking at a process or procedure being performed
by others. Examples include observation of the counting of inventories by
the entity’s personnel and observation of the performance of control
activities. Observation provides audit evidence about the performance of a
process or procedure, but is limited to the point in time at which the
observation takes place and by the fact that the act of being observed may
affect how the process or procedure is performed
Inquiry
Inquiry consists of seeking information of knowledgeable persons, both
financial and non-financial, throughout the entity or outside the entity.
Inquiry is an audit procedure that is used extensively throughout the audit
and often is complementary to performing other audit procedures. Inquiries
may range from formal written inquiries to informal oral inquiries.
Evaluating responses to inquiries is an integral part of the inquiry process.
Responses to inquiries may provide the auditor with information not

previously possessed or with corroborative the audit evidence.
Alternatively, responses might provide information that differs significantly
from other information that the auditor has obtained, for example,
information regarding the possibility of management override of controls. In
some cases, responses to inquiries provide a basis for the auditor to modify
or perform additional audit procedure
The auditor performs audit procedures in addition to the use of inquiry to

obtain sufficient appropriate audit evidence. Inquiry alone ordinarily does
not provide sufficient audit evidence to detect a material misstatement at the
74 UEW/IEDE
AUDITING AND
assertion level. Moreover, inquiry alone is not sufficient to test the operating
effectiveness of controls.
Although corroboration of evidence obtained through inquiry is often of

particular importance, in the case of inquiries about management intent, the
information available to support management’s intent may be limited. In
these cases, understanding management’s past history of carrying out its
stated intentions with respect to assets or liabilities, management’s stated
reasons for choosing a particular course of action, and management’s ability
to pursue a specific course of action may provide relevant information about
management’s intent.
In respect of some matters, the auditor obtains written representations from

management to confirm responses to oral inquiries. For example, the auditor
ordinarily obtains written representations from management on material
matters when other sufficient appropriate audit evidence cannot reasonably
be expected to exist or when the other audit evidence obtained is of a lower
quality.
Confirmation
Confirmation, which is a specific type of inquiry, is the process of obtaining
a representation of information or of an existing condition directly from a
third party. For example, the auditor may seek direct confirmation of
receivables by communication with debtors. Confirmations are frequently
used in relation to account balances and their components, but need not be
restricted to these items. For example, the auditor may request confirmation
of the terms of agreements or transactions an entity ha with third parties, the
confirmation request is designed to ask if any modifications have been made
to the agreement and, if so, what the relevant details are. Confirmations also
used to obtain audit evidence about the absence of certain conditions, for
example, the absence of a “side agreement” that may influence revenue
recognition.
Re-calculation
Recalculation consists of checking the mathematical accuracy of documents
or records. Recalculation can be performed through the use of information
technology, for example, by obtaining an electronic file from the entity and
using CAATs to check the accuracy of the summarization of the file.
Re-performance
Re-performance is the auditor’s independent execution of procedures of
controls that were originally performed as part of the entity’s internal
control, either manually or through the use of CAATs, for example, re-
performing the aging of accounts receivable.
UEW/IEDE 75
AUDITING AND
Analytical Procedures
Analytical procedures consist of evaluation of financial information made
by a study of plausible relationships among both financial and non-financial
data. Analytical procedures also encompass the investigation of identified
fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts. See ISA 520,
“Analytical Procedures” for further guidance on analytical procedures.
Public Sector Perspective

When carrying out audits of public sector entities, the auditor takes into
account the legislative framework and any other relevant regulations,
ordinances or ministerial directives that affect the audit mandate and any
other special auditing requirements. In making assertions about the financial
statements, management asserts that transactions and events have been in
accordance with legislation or proper authority
We have gone through the concept of audit evidence which implies that
auditors should obtain sufficient and appropriate evidence to be able to draw
reasonable conclusions on which to base the audit opinion. The auditor
should use management assertions and representations for classes of
transactions, account balances and presentation and disclosures in sufficient
detail to form a basis for the assessment of risk of material misstatement and
performance of further audit procedures.
Review Questions
 Discuss the strength or weakness of the following sources of audit
evidence, and the financial statement assertions to which they relate:
 Physical inspection of a fixed assert by an auditor
 Confirmation by a debtor of money owed
 Oral representations by management that all creditors owed money
at the end of the year have been included in the accounts.
 List and explain the methods or procedures of obtaining audit evidence
76 UEW/IEDE
AUDITING
AUDITING AND
AND
ThisUnit
page2,issection
left blank
2: Audit
for your
evidence
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 77
USING THE WORK OF EXPERTS
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
3
Unit 2, section 3: Using the work of experts
We are now in the third section of unit 2. In this section, we would examine
how the auditor can rely on the work of an expert or a specialist to obtain
reliable, appropriate and sufficient evidence.
At the end of this chapter, you should be able to:

 outline the factors that need to be considered before the auditor places
reliance on the work of a specialist
 explain how the auditor can evaluate the competence and objectivity of
the expert
 assess the work done by a specialist
Why Use the Work of a Specialist?

The auditors’ education and experience enable them to be knowledgeable
about business matters in general on be experts in one particular field, but
they are not expected to have the expertise in all areas or become specialist
in fields they have no qualification.
The limitation of an auditor in the practice of another profession affects

reviews and since some expertise is required for an effective review or
audit, auditors have had to rely on other experts/specialist in their work.
Expert, in this context, means a person or firm possessing special skill,
knowledge and experience in a particular field other than accounting and
auditing. When using the work performed by an expert, the auditor should
obtain sufficient appropriate audit evidence that such work is adequate for
the purpose of the audit.
An expert may be engaged by the client entity or the auditors. The auditors
need to have regard to ethical guidance issues by their relevant professional
bodies when an assignment involves an expert employed by them, or any
firm associated with them, being engaged by the client entity. The auditors
need to ensure their integrity, objectivity and independence are not called
into question in such circumstances.
Determining the need to Use the Work of an Expert

During the audit, the auditors may need to obtain, in conjunction with the
entity or independently, audit evidence in the form of reports, opinion,
valuations and statements of an expert.
Examples are:
 Valuations of certain types of assets, for examples land and buildings,
plant and machinery and intangible assets (valour).
 Determination of quantities or physical condition of assets for example,
minerals stored in stockpiles, underground mineral and petroleum
reserves (Geologists).
 Determination of amounts using specialized techniques or methods, for
example pensions accounting and actuarial valuations (Actuaries).
78 UEW/IEDE
AUDITING AND
Unit 2, section 3: Using the work of experts INVESTIGATION
 The measurement of work completed and to be completed on contracts

in progress (Quantity Surveyor).
 Legal opinions concerning interpretation of agreements, statutes and
regulations (lawyer)
 Issues relating to purchase and sale of investments (Stockbrokers).
When determining whether to use the work of an expert, the auditors need to
consider:
 The materiality of the financial statement assertion being considered
 The risk of misstatement based on the nature and complexity of the
matter being considered; and
 The quantity and quality of other audit evidence available regarding the
assertion
If the auditors consider that it is appropriate to use the work of an expert, the
approach needs to be discussed and agreed with management
If management is unable or unwilling to engage an expert, the auditors need
to consider whether adequate audit evidence can be obtained from other
sources. If unable to obtain sufficient appropriate audit evidence, the
auditors need to consider the implications for their audit report.
Competence and objectivity of the Expert

When planning to use the work of an expert, the auditors should assess the
objectivity and professional competence of the expert. Ordinary, this
involves considering the expert’s
 professional certificate or licensing by, or membership of, an appropriate
professional body, and
 Experience and reputation in the field in which the auditors are seeking
audit evidence.
The risk that an expert’s objectivity is impaired increases when the expert is:
 employed by the entity, or
 Related in some other manner to the entity, for example by being
financially dependent upon, or having an investment in the entity.
If the auditors are concerned with the competence or objectivity of the

expert, the auditors need to discuss their reservation with management and
consider whether adequate audit evidence can be obtained. The auditors
may need to undertake additional audit procedures or seek evidence from
another expert.
The Expert’s Scope of Work

The auditors should obtain sufficient appropriate audit evidence that the
expert’s scope of work is adequate for the purposes of their audit
Audit evidence may be obtained through a review of the terms of reference,
which are often set out in written instruction from the entity to the expert.
Such instructions to the expert may cover such matters as:
UEW/IEDE 79
AUDITING AND
INVESTIGATION Unit 2, section 3: Using the work of experts
 the objectives and scope of the expert’s work;

 a general outline as to the specific matters the expert’s report is to cover;
 the intended use of the expert’s work including the possible
communication to third parties of the expert’s identity and extent of
involvement;
 the extent of the expert’s access to appropriate records and files; and
 Information regarding the assumptions and methods intended to be used
by the expert and their consistency with those used in prior periods.
In the event that these matters are set out in written instructions to the
expert, the auditors may need to communicate with the expert directly to
obtain audit evidence in this regard.
Assessing the Work of an Expert

The auditors should assess the appropriateness of the experts work as audit
evidence regarding the financial statement assertions being considered
This involves assessment of whether the substance of the expert’s findings
is properly reflected in the financial statements or supports the financial
statement assertions, and consideration of:
 the source data used
 the assumption and methods used
 the reasons for any changes in assumptions and methods compared with
those used in the prior period
 the results of the expert’s work in the light of the auditor’s overall
knowledge of the business and the results of other audit procedures
When considering whether the expert has used source data which is
appropriate in the circumstances, the auditors may consider the following
procedures:
 making enquiries regarding any procedures undertaken by the expert to
establish whether the source data is sufficient, relevant and reliable; and
 reviewing or testing the data used by the expert
 The appropriateness and reasonableness of assumptions and methods
used and their application are the responsibility of the expert. The
auditors do not have the same expertise, and, therefore cannot
necessarily challenge the expert’s assumptions and methods used and to
consider whether they are reasonable, based on the auditors knowledge
of the business and the results of other audit procedures
If the results of the expert’s work are not consistent with other audit
evidence, the auditors need to attempt to resolve the inconsistency by
discussions with the entity and the expert. Applying additional procedures,
including possibly engaging another expert, may also assist the auditors in
resolving the inconsistency
80 UEW/IEDE
AUDITING AND
Unit 2, section 3: Using the work of experts INVESTIGATION
If the auditors are unable to obtain satisfaction regarding the expert’s work
and there is no satisfactory alternative source of audit evidence, the auditors
need to consider the implications for their audit report
Reference to the Expert’s Work

When the auditors are satisfied that the work of an expert provides
appropriate audit evidence, reference is not required to the work of the
expert in the audit report. Such a reference may be misunderstood and
interpreted as a qualification of the auditors’ opinion or a division of
responsibility, neither of which is appropriate.
Throughout this section we looked at how the auditor can rely on the work
of an expert or a specialist to obtain reliable, appropriate and sufficient audit
evidence. The auditors should access the appropriateness of the experts’
work audit evidence regarding the financial statement assertions being
considered.
Review Questions
 Explain the importance of reliance on the work of the expert and factors
you will consider in making a recommendation on reliance

 Who should appoint the expert required for an audit assignment?
 How does the auditor assess the expert’s work?
UEW/IEDE 81
SUBSTANTIVE PROCEDURES IN AUDITING
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
4
Unit 2, section 4: Substantive procedures in auditing
Welcome to section 4 of unit 2. The section outlines specific substantive

tests that are appropriate for the audit of key areas such as sales and receipts
of cash, purchases and payments and payroll administration.
A summary of basic substantive tests which might be undertaken on the

accounting transaction under the following key areas are listed as follows:
 Sales and Receipts
 Purchases and payments
 Payroll
After reading through the chapter, the learner should be able to:
 draw audit programmes for testing sales, receipts purchases, payment
and payroll.
 identify the objective that such tests seek to achieve.
Substantive procedures
Sales and Receipts
Audit Objectives may include:
 To confirm the reliability, accuracy and completeness of the accounting
 To confirm that all goods supplied were duly and properly invoiced and
recorded.
Auditing Programme:
 Test numerical sequence of dispatch notes
 Select a sample of transaction from the goods dispatched notes/goods
outwards records (if no such record from sales day book)
 Check to sales invoice
 Check to sales day book
 Trace goods from stock records
 Trace to proof of delivery records
 For each sales invoice selected:
 Check with customers’ orders
 Check that credit procedures have been applied
 Compare prices charged with price lists, quotations or
correspondence
 Check calculations and additions of invoices
 Check analysis in sales daybook if applicable
 Check posting to the ledger
 For each receipt selected:
 Check that the invoice has been paid per the sales ledger
 Cash receipt to cashbook
 Check to copy paying in slip identifying individual amount and trace
to bank statement
 Test numerical sequence of sales invoice
 Test the cast and cross-cast of the sales daybook and control account
82 UEW/IEDE
AUDITING AND
Unit 2, section 4: Substantive procedures in auditing INVESTIGATION
 Test the postings of the sale daybook throughout the year for large or
unusual items
 Selecting a sample of credit notes from the sales day book and vouch as
follows:
 vouch with correspondence or other original documents
 see that copies of credit note have been signed as authorized by a
director or other senior official
 trace goods back into stock where appropriate
 check analysis in sales day book
 where returns affect commissions, check that proper adjustments
have been made
 Review the sales day book throughout the year for large or unusual
items.
 Check the sales day book throughout the year for large unusual items
 Check credit notes through the year and verify that they have been
signed and authorized by a director or other senior official. Vouch any
large or unusual items
 Test the assets and cross-casts of the receipts cash book
 Confirm that discounts taken by credit customers are in accordance with
the client’s terms of trade
Purchases and Payments

 To confirm the reliability, accuracy and completeness of the accounting:
 To confirm that all incurred liabilities are recorded and that they
represent goods or services actually received by the client.
Audit Programme:
 Test numerical sequence of goods received notes
 Trace goods received notes to invoice or entry in day book
 Select a sample of invoice from the purchase day book (or payment from
the cash book if no purchase day book.
 verify authorisation
 confirm that cash discounts were correctly taken
 very price with order or agreements
 confirm receipt of goods with delivery notes
 check additional and calculations on invoices (including VAT)
 check allocation in day books
 check to stock records
 check to Work-in-progress records
 Test numerical sequence of purchase invoice
 Test the casts and cross casts of the purchase day book to the nominal
ledger
 Review the purchase day book throughout the year for large or unusual
items
UEW/IEDE 83
AUDITING AND
INVESTIGATION Unit 2, section 4: Substantive procedures in auditing
 Select a sample of goods returned to suppliers and ensure that credit

notes have been received
 Check additional and calculations on credit notes
 Select a sample of miscellaneous payments from the cash book
 verify authorization
 check additions and calculations on invoices
 check nominal ledger allocation
 vouch returned cheques
 Test the casts and cross-casts of the payment cash book
 Test the postings of the payments cash book to the nominal ledger
 Test the posting of payments to replenish petty cash to the petty cash
book
 Select a sample of payments from the petty cash book and
 vouch with supporting voucher and any independent evidence
 verify authorization
 check nominal ledge allocation
 test miscellaneous receipts with supporting evidence
 scrutinize a sample of sales ledger accounts through the year and up to
date of the audit, noting any large or unusual items
 scrutinize a sample of sales ledger accounts throughout the year and
ensure that all credit items originate from books of prime entry that been
subjected to audit testing
Payroll
 To ensure that levels of pay are in order
 To check accuracy and validity of deductions
 To confirm proper payments
 To test reasonableness of net pay figures
 To confirm reliability, accuracy and completeness of the accounting
 To ensure correct treatment of PAYE and social security deductions.
Audit Programme
 Select a sample of employees from different periods in the year from
both weekly payroll and monthly salaries and ensure that gross pay has
been properly authorized by checking to:
 lists of hourly rates
 lists of piece-work rates
 lists of overtime rates
 lists of annual salaries
 Contracts of employment
 For hourly paid employees, check the hours worked with the time
records, and the authorisation of overtime and bonus payment
 For piece workers, check quantities with output returns of job slips
initiated by a foreman
84 UEW/IEDE
AUDITING AND
Unit 2, section 4: Substantive procedures in auditing INVESTIGATION
 Check that hours/quantities/gross pay (as appropriate) have been entered

into cost records
 Check additions of PAYE and SSNIT deduction and cross-cast to Net
pay
 For payments in cash, inspect receipts given by employees
 Trace gross wages to Income Tax deductions and to holiday pay records
 Trace a sample of net wages to cash book and vouch returned cheques
 Check wages summaries, check casts and cross-casts of summaries and
check postings from summaries to the nominal ledger
 Review month/weekly total payroll cost and investigate any unusual
variations
 Check that authorisation of payroll is evidenced
 Trace a sample of joiners and leaver to the payroll ensuring that
payments commence and end in the correct periods
 Test payroll with contract of employment to ensure that all employees
have valid contracts
 If there are significant amounts paid in cash, then consider attending to
observe pay-out procedures.
Analytical Procedures
Nature and Purpose of Analytical Procedures
Analytical procedures mean the analysis of significant ratios and trends
including the resulting investigations of fluctuations and relationships that
are inconsistent with other relevant information or which deviate from
predictable patterns.
Analytical procedures include the consideration of comparisons of the

entity’s financial information with, for example:
 comparable information for prior periods
 anticipated results of the entity, from budgets or forecasts
 predictive estimates prepared by the auditors such as an estimation of
depreciation, and
 similar industry information, such as a comparison of the entity’s ratio
of sales to accounts receivable with industry averages or with other
entities of comparable size in the same industry
Analytical procedures also include consideration of relationship:

 among elements of financial information that are expected to conform to
a predictable pattern based on the entity’s experience such as gross
margin percentages, and
 between financial information and relevant non-financial information
such as payroll costs to number of employees
Analytical procedures may be applied to consolidated financial segments,

financial statements of components (such as subsidiaries, divisions or
UEW/IEDE 85
AUDITING AND
INVESTIGATION Unit 2, section 4: Substantive procedures in auditing
segments) and individual elements of financial information. The auditors’

choice of procedures, methods and level of application is a matter of
professional judgement.
Analytical procedures are used for the following purposes:

 To assist the auditors in planning the nature, timing and extent of other
audit procedures
 As a substantive procedure when their use can be more effective or
efficient than tests of details in reducing detection risk for specific
financial statements assertions; and
 As an overall review of the financial statements in the final review stage
of the audit.
 It is very important to draw audit programmes for testing specific

identifiable areas in the financial statement such as sales, purchases,
revenue, expenditure, assets etc.
 Each objective must have procedure drawn for its achievement
Review Questions
 Prepare an audit programme for sales and receipts; purchases and
payment and payroll
 Explain the nature and purpose of analytical procedure
86 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 2, section 4:This
Substantive
page is left
procedures
blank for your
in auditing
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 87
ANALYTICAL REVIEWS
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
5
Unit 2, section 5: Analytical reviews
This section is to expose students to ways in which auditors can make

financial statement figures more meaningful to stakeholders. The analysis of
financial information with appropriate interpretation enhances the quality of
work of the auditor. Some of the examples are illustrative and all you need
is to relax, read and enjoy.
By the end of this section, students will go through:

 analytical procedures in planning an audit
 analytical Procedures as a Review Technique at the end of the Audit
 investigating Unusual Items
 audit approach to analytical review of data
 use analytical review as a substantive testing technique
Background
We assume that you have already covered interpretation of financial
statements
in your other studies. In this section we shall ask you to apply existing
knowledge to auditing and perhaps enhance your appreciation of
interpretation of financial statement. Some auditors use the term 'diagnostic
procedures' to describe analytical procedures. Paragraph 3 of ISA 520 on
analytical procedures defines them as:
Evaluation of financial information made by a study of plausible

relationships among both financial and non-financial data
Analytical procedures encompass the investigation of identified fluctuations

and relations that are inconsistent with other relevant information or deviate
significantly from predicted amounts. Auditors should also consider the
logic of the figures. It has been earlier mentioned that an audit is a search for
evidence and we have given many examples of how the search is conducted.
Not only must the search be a global and detailed basis but also within a
clearly understood risk context.
In a notorious case in the United States, (The Salad Oil Case) the stocks of
salad oil stated in the records of the company exceeded the entire stocks of
salad oil in the United States at a particular point in time and this was not
picked up by internal auditors or the warehousing company supposedly
managing the company's tank farm.
Informed analytical information can be a valuable tool for setting the scene
and pinpointing areas of risk. We shall now put analytical procedures on to
a more formal basis and start with a number of general observations:
First, long before the auditors give their opinion on the financial statements,
they use analytical procedures at the planning stage to pinpoint critical areas
88 UEW/IEDE
AUDITING AND
Unit 2, section 5: Analytical reviews INVESTIGATION
where audit risk may be high. This is suggested by ISA 520 - Analytical
procedures, where is indicated that
'The auditor should apply analytical procedure as risk assessment

procedures to obtain an understanding of the entity and its environment.'
Truly, analytical procedures were used to set the scene for, and to aid
planning of, the final work on year-end financial statements.
Second, analytical procedures are also used as substantive procedures when

responding to the risk of material misstatement at the assertion level.
Clearly analytical procedures may be regarded as substantive procedures in
their own right in so far as they confirm the reasonability of the figures.
Thus they are used during audit of specific transactions or figures (such as
purchases). It is always useful to know how important particular figure or
sets of transactions and balances are when discussing audit matters with
management.
Third, analytical procedures are used just before the end of the audit. ISA
520 makes it clear that:
'The auditor should apply analytical procedures at or near the end of the
audit when forming an overall conclusion as to whether the finance
statements as a whole are consistent with the auditor's understanding of the
entity.'
The auditors at this stage have already formed views on individual figures in
the financial statement, but need to see that the figures are reasonable taken
together in the context of conclusions drawn from detailed audit evidence.
Auditors must be clear that:
 The financial statements have been prepared using consistent accounting
principles (unless the effect of material change is disclosed) and are
appropriate to the company's circumstances.
 Information published in the financial statements and other information
are compatible with the auditor's knowledge of the company.
 Presentation and disclosure in the financial statements are as required by
law and by regulatory bodies and in particular aid the achievement of
truth and fairness.
 Conclusions drawn from other tests, together with those drawn from the
overall review of the financial statements are the bases on which the
opinion to is formed on those statements.
Do the figures make sense? A question to direct audit effort

In performing the overall review (whether during or at the conclusion of
the audit process), the auditor compares the financial statements or
individual pieces of information with other available data. For the review to
UEW/IEDE 89
AUDITING AND
INVESTIGATION Unit 2, section 5: Analytical reviews
be effective the auditor needs to have sufficient knowledge of the activities

of the company and of its business to determine whether particular items are
abnormal.
We have seen that auditors seek background information to aid planning and
to facilitate the audit work in context. During the audit, auditors acquire
further detailed knowledge about such matters as management integrity,
management objectives, accounting and control systems in place and
performance of the company.
They use this knowledge when assessing whether the figures in the financial
statements make sense. Apart from this knowledge (described earlier as
cumulative client knowledge, the auditor uses analytical procedures to aid
analysis of the figures. Considerable experience and imagination is needed
for this task and normally the work is performed by experienced staff. This
is costly in fee terms, but a skilled review should result in time-savings as a
major objective of analytical review is to direct audit effort towards risk
areas and the reduction of audit effort elsewhere. Skilled analytical review
may well reduce the extent of detailed check on less risky areas.
Analytical Procedures in Planning the Audit

The auditors should apply analytical procedures at the planning stage to
assist in understanding the entity’s business and in identifying areas of
potential risk
Applications of analytical procedures may indicate aspects of the entity’s

business of which the auditors are unaware and assists in determining the
nature, timing and extent of other audit procedures
Analytical procedures in planning the audit use both financial and non-
financial information, for example the relationship between sales and
volume of goods sold
Analytical Procedures as a Substantive Procedure

The decision about whether to use analytical procedures as a substantive
procedure and the nature, timing and extent of their use is based on the
auditors’ judgement about the expected effectiveness and efficiency of the
available procedures in reducing detection risk for specific financial
statement assertions
Auditors normally enquire from management as to the availability and

reliability of information needed to apply analytical procedures and the
results of any such procedures performed by the entity. It may be efficient to
use analytical procedures prepared by the entity, provided the auditors are
satisfied that such data is properly prepared
90 UEW/IEDE
AUDITING AND
When intending to apply analytical procedures as a substantive procedure,

the auditors need to consider a number of factors such as:
 The objectives of the analytical procedures and the extent to which their
results are reliable
 The nature of the entity and the degree to which its information can be
disaggregated, for example, analytical procedures may be more effective
when applied to the financial information on individual sections of an
operation or to financial statements of components of a diversified entity
than when applied to the financial statements of the entity as a whole.
 The availability of information, both financial (such as budgets or
forecast) and non-financial (such as the number of units produced or
sold).
 The reliability of the information available, for example whether budgets
are prepared with sufficient care.
 The relevance of the information available, for example whether budgets
are established as results to be expected rather than goals to be achieved.
 The source of the information available, for example source independent
of the entity are more reliable than internal sources
 The comparability of the information available, for example broad
industry data may need to be supplemented to be comparable to that of
an entity that produces and sells specialized products, and
 The knowledge gained during previous audits, together with the
auditors’ understanding of the effectiveness of the accounting and
internal control systems and the types of problem that in prior periods
have given rise to accounting adjustments.
Placing Reliance on Analytical Procedures as a Substantive

Procedure
Before placing reliance on the results of analytical procedures as a
substantive procedure, the auditors should obtain sufficient appropriate audit
evidence as to the reliability of the information used
The application of the analytical procedures is based on the expectation that

relationships between data exist and continue in the absence of known
conditions to the contrary. The presence of these relationships provides
evidence as to the completeness, accuracy and validity of the data produced
by the accounting system. However, reliance on the results of analytical
procedures depends on the auditors’ assessment of the risk that the
analytical procedures may identify relationship as expected when, in fact, a
material misstatement exists
The extent of reliance that the auditors place on the results of analytical
procedures when used as a substantive procedure depends on the following
factors:
UEW/IEDE 91
AUDITING AND
The materiality of the items involved. The more material an item is, the
more likely it is that the auditors will wish to place reliance on other
substantive procedures, in addition to analytical procedures.
Other audit procedures directed towards the same audit objectives. For
example, other procedures the auditors undertake in reviewing the
collectability of accounts receivable, such as the review of subsequent cash
receipts, may confirm or dispel questions arising from the application of
analytical procedures to an agreed profile of customer’s accounts. The
assessments of inherent and control risks. For example if internal control
over sales order processing is weak and therefore control risk is high, more
reliance on tests of details of transactions and balances than on analytical
procedures in drawing conclusions on receivables may be required.
Analytical Procedures as a Review Technique at the end of the

Audit
The auditors should apply analytical procedures at or near the end of the
audit when forming an overall conclusion as to whether the financial
statements as a whole are consistent with the auditor’s knowledge of the
entity’s business
The conclusions drawn from the results of such procedure are intended to
corroborate conclusions formed during the audit of individual components
or elements of the financial statements and assist in arriving at the overall
conclusion as to the reasonableness of the financial statements. However,
they may also identify areas requiring further procedures.
Investigating Unusual Items

When analytical procedures identify significant fluctuations or relationships
that are inconsistent with other relevant information or that deviate from
predictable patterns, the auditors should investigate and obtain adequate
explanations and appropriate corroborative evidence.
The investigation of unusual fluctuations and relationships ordinarily begins

with enquiries of management, followed by corroboration of management’s
responses by:
 comparing them with the auditor’s knowledge of the entity’s business
and with other evidence obtained during the course of the audit
 by undertaking additional procedures to confirm the explanations
received
If management is unable to provide an explanation or if the explanation is

not considered adequate, the auditors need to determine the audit procedures
to be undertaken to obtain an explanation for the fluctuation or relationship
note.
92 UEW/IEDE
AUDITING AND
The Practice of Analytical Procedures

Significant items
Among the items that are generally subjected to analytical procedures are
the follow:
 Creditors and purchases
 Stocks and cost of sales
 Fixed Assets, deprecations, repairs and maintenance
 Loans and Interest Loans
 Investment and investment income
 Debtors and bad debts expenses
 Debtors and sales
Audit approach to analytical review of data

Auditors use ratio analysis and other interpretative tools in performing
analytical procedures in a manner similar to investment analysts seeking to
understand organizations on the basis of published financial statements.
In fact, the objective of the analytical review at any stage where the auditor
is searching for evidence is to direct audit effort towards the evidence
needed to form audit conclusion. For instance, if the financial statements
showed that debtors owed the company more than 100 days sales instead of
45 days, the auditor would be led to enquire about the reasons. These might
include:
 Errors - incorrect cut-off, overstating sales and debtors.
 Changes in accounting practice, such as special sales being shown in a
separate heading of the financial statements instead of being included in
general sales as previously.
 Changes in management policy - a decision to allow customers total
extended credit.
 Changes in general commercial factors, such as worsening business
climate resulting in poorer cash flows in the customers' businesses and
hence an inability to pay on time. This might prompt the auditor to
suggest a higher provision for bad and doubtful debts.
 Changes in commercial factors affecting the client only - (say) the
company has a higher proportion of sales on credit so that debtors
represent a higher proportion of total sales, despite little change in
collectability. Normally collectability should be assessed in relation to
credit sales, but II
mention the point to emphasize the need for care in the use of data and
information.
 Fraud - if, for instance, an employee has misappropriated cash received
from debtors on a significant scale, debtors may be overstated in the
accounting records.
UEW/IEDE 93
AUDITING AND
The six headings above are a useful guide to the factors the auditor should
consider when investigating apparent inconsistencies in figures. The entire
example,
relate to sales and debtors but examples could have been taken just as easily
from
other areas.
Important Ratios
Among the ratios that are computed for the purposes of carrying out
analytical procedures as the following:
 Gross Profit Margin
 Net Profit margin
 Return on capital employed
 Current ratio
 Quick or acid test ratio
 Debtors turnover period
 Creditors payment period
 Rate of stock turnover
 Gearing ratio
 Price/Earnings ratio
 Dividend per share
 Earnings per share
 Earnings yield
 Return on net assets
In addition to the above ratios, the auditors should examine the clients’
circumstance and compute other relevant ratios e.g. revenue per passenger
mile for an airfare operator.
Other areas that auditors may examine as part of the analytical procedures
include the following:
 Examine changes in products, customers, distribution chain and levels of
return
 Assess the effect of inflation, industrial disputes, changes in technology
of production and changes in activity on the wages paid
 Obtain explanations for all major variances analysed using a standard
costing system. Particular attention should be paid to those relating to
the over or under absorption of overheads since these may, inter-alia,
affect stock valuations
 Examine trends in production and sale and assess the effect on any
provisions for obsolete stocks
 Ensure that changes in the percentage labour or overhead content of
production costs are also reflected in the stock valuation
 Review other expenditure items with particular emphasis on
comparisons of the following:
94 UEW/IEDE
AUDITING AND
 Rent payment with rent agreement

 Rates with previous year and known industrial rates variations
 Interest payable with previous year’s figure and loan agreements
 Vehicle running expenses with previous year’s figure and changes in
fleet of vehicles used
 Review income statement or income statement with items which may
have been omitted
 Ensure expected variations arising from the following have occurred
 Industry or local trends
 Known disturbances of trading pattern (for example strikes, depot
closures, failure of suppliers).
Activity
Examine the draft financial statements of OJ Limited and, without
calculating any ratios, note matters of significance in the context of planning
the final examination.
Case Study
The following information for the year to 30 April 2007 has been
extracted from the accounting records of Kothari
a manufacturing concern, together
with comparative figures for 2006:
2007 2006
GH¢000 GH¢000 GH¢000 GH¢000
Sales 4600 3000
Materials: Opening stock 400 350
Purchases 3000 1500
Closing stock (800) (400)
-- --
Materials used 2600 1450
Factory overheads 1550 750
Production cost 4150 2200
Work in progress: Opening 300 400
Closing (1000) (300)
Factory cost: finished 3450 2300
goods
Finished goods: Opening 500 550
stock
Closing stock (150) (500)
Cost of sales 3800 2350
Gross profit 800 650

General expenses 150 70
Administrative expense 100 90
Sales and Marketing 300 150
UEW/IEDE 95
AUDITING AND
550 310
Net Profit 250 340
-- --
Non-current assets 3050 1840

Current assets
Stock of raw materials 800 400
Work in progress 1000 300
Finished goods 150 500
1950 1200
Trade debtors 1650 750
Trade creditors -700 -340
Net current assets 2900 1610
Net assets employed 5950 3450
Financed by
Share capital and reserves 3500 3000
Long-term borrowings 2450 450
Net capital employed 5950 3450
Approach to analytical review, particularly in the examination

room
We believe that students in the examination room spend too much time,
calculating ratios, many of little value. We think that the best approach is as
follows:
 Look at the figures broadly, before calculating any ratios. Ask the
question:
'Are there any matters requiring further investigation?' For instance, you
might note sales are higher (or lower) than the previous year, and that
stock levels look high (or low) this year compared with last year. Do not
immediately suspect that fraud is taking place.
 The next step would be to calculate selected ratios to see if your initial
impression was valid. For instance, you might wish to look at sales
trend, calculate gross profit percentages and turnover of stock. Leave the
calculation of ratios until they are necessary. In the exam room, you will
not have time to calculate inappropriate ratios. Be selective.
 Remember that many ratios are interrelated. For instance, Liquidity

ratios should be interpreted in the light of the turnover (the rate at which
stock is converted to more liquid assets) and of debtors collectability and
creditors payment period. Low gearing and good profitability make
practical a further injection of capital. The gearing ratio may be a useful
guide to the ability of a company to raise additional funds.
96 UEW/IEDE
AUDITING AND
 Bear in mind that analysis of financial statements is designed to direct

audit effort and to prove that the financial statements do, in fact, show a
true and fair view of what they purport to show.
Now let us comment on OJ’s draft financial statements.

You might want to take a look at the liquidity and gearing ratios.
 The first noticeable matter is the increase in sales from GH¢3,000,000 to

GH¢4,600,000 and you would ask why. You might decide that sales
increases would only be likely if prices have reduced, so make a note to
calculate gross profit percentage. You notice that selling expenses have
increased considerably so you may decide initially that part of the
increase is because of a sales push in the current year. (Make a note to
check ratio of selling expense to sales.)
 Second, there seems to be strange developments affecting stocks and

you note in particular that raw materials stocks have doubled (purchases
likewise), but that finished goods stock is much diminished (from
GH¢500 to GH¢150). Work in progress too has shown a substantial
increase GH¢300 to GH¢1,000). You might decide that production
activity has increased, but that this has not translated itself into finished
goods, whose level suggests that existing stock has been disposed of.
 The third matter of interest is that non-current assets have increased,

another indicator of expansion. (You make a note to calculate fixed asset
turnover ratio, but think that care should be taken with this ratio as the
new assets may not have been used fully during the whole of the year.)
Ask how the increase in fixed assets and working capital levels has been
financed and make a note to take a look at the cash flow statement.
However, it is clear from the financial statements that the increase in
assets has been funded partly by shareholders but mainly by long-term
borrowings.
 Selling expenses have increased in relation to sales over the period and
the auditor should discover what kinds of expense were included. For
instance, the expansion in sales might have been partially triggered by
an advertising campaign. At the same time we note that gross profit
percentage has dropped by more than 4.4% and this may have played a
role. Clearly the auditor would wish to know more about the company's
pricing policy.
 The acid test ratio appears to be high, but the company may still not
have completed its expansion programme. One worrying feature that we
did not address above was the reduced collect ability of debtors (the
company is waiting for more than four months for payment) and you
would want to find out why this is so. Poor collectability of debtors
might hinder an expansion programme.
UEW/IEDE 97
AUDITING AND
 The raw materials stock position and the enhanced production cost seem
reasonable in view of the expansion of the company. The finished stock
position looks strange, but it may be that the company is clearing out old
lines at low prices (hence the lower gross margin).
You may have noted other matters but these seem to be the salient features.
Now that you have obtained a global view, select ratios that would support
or refute the above observations. Do not overdo it. Remember that as the
lead auditor wish to arm yourself with relevant information before you go to
see the chief accountant.
Other analytical tools

Apart from ratio analysis as discussed above there are a number of other
analytical tools that may be used by auditors:
 Graphs (similar to flowcharting in that they show detail visually).
Graphs can be a useful tool when discussing audit results with clients.
 Regression analysis and multiple regression analysis. Analyses of this
kind using past and projected data may aid the auditor by providing
evidence of expectation in the light of which actual results may be
interpreted.
 Z-scores is a sophisticated and controversial form of ratio analysis.
The score is produced from a number of financial ratios (appropriately
weighted) and if the calculated score is very different from a benchmark
figure there may be a heightened chance that they will face serious
financial problems within a relatively short time period.
Note in this connection that paragraph 12 of ISA 520 states:
The auditor considers testing the controls, if any, over the entity's
preparation of information used by the auditor in applying substantive
analytical
procedures. When such controls are effective, the auditor has greater
confidence in the reliability of the information and, therefore, in the results
of substantive analytical procedures.'
 Auditors use ratio analysis and other interpretative tools in performing

analytical procedures
 Analytical procedures encompass the investigation of identified
fluctuations and relations that are inconsistent with other relevant
information or deviate significantly from predicted amounts.
 Auditors should also consider the logic of the figures.
 Many ratios are interrelated
Review Questions
 Explain the nature and purpose of analytical review
98 UEW/IEDE
AUDITING AND
 Describe how analytical procedure can be used to review financial

statements
 Describe how analytical procedure aids audit planning
 Describe how analytical procedure can be used to review financial
statements
UEW/IEDE 99
VERIFICATION OF FINANCIAL POSITION ITEMS
AUDITING AND
UNIT 2 SECTION
INVESTIGATION
6
Unit 2, section 6: Verification of financial position items
Dear Welcome to section 5 of unit 2. In this section we would be looking at

the procedures of verifying assets, liabilities and equity presented on the
statement of financial position.
At the end of this section, you should be able to:

 explain the concept of verification
 describe the specific objectives verification process seeks to achieve
 explain verification procedures of observation, inspection, enquiring and
confirmation, computation and analytical review
 draw specific audit programmes for the verification of statement of
financial position items
Specific Verification Objectives

Verification is the process by which auditors seek confirmation of the
existence, ownership, cost/valuation and appropriate presentation/disclosure
of assets and liabilities.
Verification procedures rely heavily on the vouching work having been

properly executed
The more specific verification objectives may be summarized as follows:

 Valuation: The auditor must be satisfied that the assets appear in the
Statement of financial position at a fair value which may be, of course,
different from the original cost. He is also concerned that liabilities are
fairly valued i.e. they are stated at amounts at which they are likely to
materialise for settlement. Auditors therefore ensure that apart from the
correct determination of cost, depreciation or any other fall in value of
assets has been fully taken into account on an acceptable basis.
 Existence: The auditor should rely on physical verification procedures,

wherever practicable, to verify the existence of assets and liabilities.
Such physical tests should be carried out on a random selection basis (if
100% inspection is not practicable).
 Ownership: The auditor must conduct test to establish that the client is
the beneficial owner of the assets existing and that the liabilities
concerned are required to be met by the client. In some instances, it is
possible to verify ownership[ by reference to a document such as leases
or deeds in relation to a property; in other case, however, it may be
necessary to rely on corroborative evidence or the representations of
outside parties.
 Presentation/Disclosure: The auditors must verify that the items in the

Statement of financial position are appropriately presented and
recognition has been given to full disclosure.
100 UEW/IEDE
AUDITING AND
Unit 2, section 6: Verification of financial position items INVESTIGATION
Verification Procedures
Procedures auditors may adopt to verify assets and liabilities include:
 Observation
 Inspection
 Enquiring
 Confirmation
 Computation
 Analytical review
Verification Objectives and Programmes for Some Statement of

Financial Position Items
Property, Plant and Equipment
 To determine whether fixed assets in the Statement of financial position
are owned by the client company
 To verify that any fixed asset built or manufactured by the client has
been capitalized
 To ascertain that assets have been recorded at cost or valuation and to
determine whether depreciation and other provisions for fall in value
have been computed on reasonable and consistent bases
 To verify physical existence
To determine whether the amounts shown in the accounts are properly

classified and presented.
Audit Programme:
 Obtain a summary of fixed assets under categories showing how the
figures in the statement of financial position are made up and reconcile
with the figures shown in the previous statement of financial position.
Cast and cross-cast
 Obtain schedules of additions during the year and for all classes of
assets
 Test items with suppliers invoices or other independent vouchers like
the architects certificates
 Test capital expenditure authorizations
 Check appropriateness of capitalization policies with respect to assets
constructed by own labour
 Obtain schedules of disposals and test proceeds of sale with independent
evidence like sale agreements
 Find out about assets scrapped during the year. Test authority for
disposal
 Verify that original cost and accumulated depreciation have been
eliminated from the fixed asset account
 Check calculations of profit or loss on disposals and agree with entries
in the income statement
UEW/IEDE 101
AUDITING AND
INVESTIGATION Unit 2, section 6: Verification of financial position items
 Inspect or obtain certificates for title deeds and leases

 If any assets have been revalued during the year, obtain a copy of the
valuation report. If the valuation is to be incorporated into the accounts
then verify that the basis of the valuation is acceptable
 Verify the independence and qualifications of the valuers
 Confirm accounts disclosures
 Physically inspect samples of all types of assets
 Inspect assets registration documents, especially motor vehicles
 Obtain or prepare a schedule of outstanding capital expenditure
distinguishing between items contracted for but not provided and items
authorized by directors but not contracted for
 Verify depreciation rates have been approved by the board and review
their reasonableness. If rates have been changed in the current year,
obtain explanation
 Check calculations of depreciation
 Reconcile fixed register with accounts
 Verify the adequacy of insurance cover on fixed assets.
Investments
 To determine whether there is a documentary evidence of the ownership
of the investment
 To determine whether changes during the period represented bonafide
transactions
 To ascertain whether the basis on which the investments are stated is
appropriate and the method employed in valuation has been consistently
applied
 To determine whether the amount shown in the statement of financial
positions are properly classified and described.
Audit Programme
 Obtain or prepare analysis of investments and test clerical accuracy of
the analysis
 Obtain third party confirmation and or make physical inspection of
securities listed on the analysis
 Test interest and dividend incomes received and accrued by reference to
supporting documents
 Check for additional acquisitions and redemptions during the year
 Review the treatments of capital distributions, bonus and rights issue
 Verify quoted prices for listed investments at statement of financial
position audit
 Determine whether unlisted investments at statement of financial
position audit
 Check whether investments are properly described and classified as
current assets or long term investments
102 UEW/IEDE
AUDITING AND
Accounts Receivable (Debtors)

Audit Objective may include:
 To confirm accuracy and collectability of trade debtors balance
 To confirm provision for doubtful debts and its adequacy
Audit Programme:
 Examine sample of ledger accounts and all accounts with balances equal
to or over the materiality factor and trace balances to summary lists
 Check the additions of the lists of balances and cross cast if analysed.
Trace total o lead schedule
 Check that the total balances agree with the balances on the control
account
 Examine control account for the year and verify unusual items
 Select balances for direct confirmation through debtors’ circularization.
Investigate discrepancies and reconcile
 If no circularization of debtors has been carried out, select a sample of
balances and check payment after date. Trace such receipts to the
paying in-book
 Examine accounts with credit balances and ensure that payments in
respect of credit balances are authorized by responsible officials
 Ensure separate and shown under creditors
 Verify that provision for doubtful debts and discounts are both
reasonable and adequate
 Examine the credit control procedures and consider if any
recommendations should be made. Check for the compliance with
credit policy of the entity with respect to credit limits, credit period, cash
discounts, etc
 Verify that bad debts written off during the period were properly
authorised and that all reasonable recovery procedures have been taken
prior to the write-offs
 Examine ledger for transfer between accounts throughout the year.
Verify reasons for this, and check authorization
 Examine credit notes issued after the year end and verify whether they
relate to genuine sales
 Test returns during the period and ensure that credit notes are raised and
posted accordingly.
Cash at bank and in hand:

 To confirm the existence and accuracy of the year-end balances
 to confirm the amounts shown in the statement of financial position are
properly classified and adequately described
UEW/IEDE 103
AUDITING AND
Audit Programme
Bank
 Obtain a copy of the year end bank reconciliation
 Compare cash book and bank statements in detail covering items in the
reconciliation
 Trace all outstanding cheques to subsequent bank statements and ensure
that they are cleared
 Verify by reference to paying-in-ships that lodgements outstanding were
actually lodged with the bank prior to the end of the year
 Scrutinize bank statements for dishonoured cheques and investigate any
such items
 Obtain direct from bankers a certificate of balance and check to
reconciliation
Cash
 Obtain a statement setting out details of the cash in hand
 Count the cash at the year-end in presence f the cashier. Reconcile
balance to year-end figure
 Verify that monies received on the last day of the financial year were
duly banked on that date or included in the cash in hand balance
 Examine the pre-and post-yearend cash count and verify that all cheques
drawn to replenish the petty cash fund have been entered in the records
Accounts Payable (Creditors)

 To confirm that all creditors existing or incurred at the statement of
financial position date are recorded at the correct amount
 to confirm that all creditors shown represent genuine claims on the
business
 to confirm that amounts included in the statement of financial position
are stated on a consistent basis and properly described and classified
Audit Programme
 Test extraction of purchases ledger
 Reconcile ledger balances with suppliers statements
 Where suppliers statements are not available, verify the balances
through circularization
 Check casting of list of balances and trace total to lead schedule
 Verify that the list of balances agrees to the control account
 Examine list of debit balances and ensure separated and shown under
debtors
 Enquire into the reasons for debt balances and ensure that they are
recoverable
104 UEW/IEDE
AUDITING AND
 Review the procedures adopted for ensuring that goods received up to

the statement of financial position, but not invoiced by the supplier have
been provided for and taken up as stock (if appropriate) and test by
reference to delivery note and goods received notes
 Review terms of trade of major suppliers to determine whether their
terms of trade include a reservation of title
 Reconcile inter-company or inter branch balance
 Check for correct classification and disclosure.
 Obtain a schedule of the trade creditors with appropriate age analysis
and check this with the control account and the creditors’ ledger.
 Debit and credit balances should be separated, debit balances being
included in debtors (this is known as ‘grossing up’). Any debit balances
should never be netted off against credit balances.
 Review the individual accounts with the largest throughput of
transacting during the period (not necessarily the largest balances at the
yearend).
 Review the year-end cur-off procedures for purchases.
 Review the internal control over the purchases system which ensures
that all goods received are properly recognised as liabilities of the
company.
 The following should be considered during the tests of individual
balance:
 Is the balance made up of specific items outstanding within a reasonable
period?
 Have all items been authorised for payment?
 Does the amount agreed or can it be reconciled with creditors’
statements?
 Consider the need to perform a creditor’s circularisation.
 Review payments to creditors just after the year end.
 Perform analytical procedures on creditors, comparing age analysis with
previous periods and creditor days.
Verification of Stocks
Problems associated with verification of stocks.
Of all the statement of financial position items of manufacturing and trading
organizations the one that requires attention in terms of verification are
stocks (Raw materials, consumables, Work-in-progress, parts, loose tools,
finished goods, lubricants and fuel etc). From the auditor’s point of view,
this had always been the asset that possesses the greatest verification
difficulties. This is because:
 The amount at which the stocks are stated in the financial statements is
almost always material especially in the case of manufacturing
companies
UEW/IEDE 105
AUDITING AND
The amount at which it is stated has direct ‘one-to-one effect on the

company’s financial results. Any overstatement of the stock figure
represents an overstatement by equal amount of the profit figure (or
understatement of the loss)
It is the only item in the published accounts which does not also feature in
the closing trial balance, i.e. it does not arise from the double entry process
itself. In some accounting systems, production costing and financial
accounting will be integrated to give a book figure for work-in-progress, but
in majority of cases, the determination of stocks is largely dependent upon
physical stock taking procedures. This factor makes the stock figure the
most susceptible to manipulation
In the case of manufacturing companies, it is not really one asset at all. It

consists of raw materials, components, spare parts, work-in-progress,
advertising materials, consumables, finished goods, and each of these
creates their own verification difficulties.
The verification process sometimes involves a special highly technical

approach which lies far beyond the auditors’ expertise
Apart from identification of goods, there is also the question of their

condition. Example of categorization (each of which is quite distinct and
carries its own valuation basis) include:
 sound
 defective
 slow moving
 obsolete
 scrap, etc.
Such categorization may have significant impact upon statement of financial

position values, yet the auditor, in most cases, would lack the required
competence to question or comment on the categorization.
Another verification problem is the fact that stocks may be held in a variety
of locations, counting of which should take place simultaneously to avoid
omission and double counting caused by subsequent movement of stock
between locations.
Further, the location of a particular stock may be a moving production line

or a construction site to and from which stocks and machines are constantly
being conveyed, and it is unlikely that work will be deliberately halted
purposely for stocktaking.
Yet another problem is the fact that certain stock items pose identification
and measuring problems, for example, how does one measure large volumes
of power on liquid? It is by volume or by weight?
106 UEW/IEDE
AUDITING AND
Verification
Objectives which verification of stocks and work-progress seeks to achieve
include the following:-
 To confirm that all stock and work-in-progress belonging to the client
has been brought into accounts
 To confirm that all stocks belonging to others in possession of the client
have been separately identified, counted, reconciled and excluded from
the valuation
 To confirm that all obsolete, damaged or slow moving stocks have been
separately identified and stated at realisable value
 The value at which stock and work-in-progress is stated in the statement
of financial position is correctly calculated on a basis consistent with
previous years
 Security arrangements for safe custody of stock and work-in-progress
are adequate.
Audit Programme for Verification of Stock Quantity includes the following:
 Prior to the stock-take, review the client’s own stock taking instructions
to its staff and consider whether they are adequate. Ensure that the
stocktaking procedures questionnaire has been completed.
 Note any weakness in the system which would invalidate the reliability
of the count and bring to the audit manager’s attention immediately so
that he may discuss the problem with the client.
 Attend to observe the physical count and ensure that the client’s stock
taking procedures are followed and in particular, that:
 All slow moving, obsolete or damaged stocks are segregated and
counted separately and clearly marked on the stock sheets
 All stores location are covered by the count
 All slow moving, obsolete or damaged stocks are segregated and
counted separately and clearly marked on the stock sheets
 All stocks belonging to third parties are counted and segregated on
stock sheets
 All stocks sheets issued are accounted for, completed properly, dated
and signed by the personnel carrying out the count.
 Complete the standard stock taking report
 Obtain details of the last few goods outward and goods inwards/delivery
notes for use in cut off tests
 Ensure that all rough stock sheets have been processed to make up the
final stock sheets
Check all quantities test checked at observation to final sheets

 Test the extension and additions on the final stock sheets
 Check all final stock sheets to stock summary
UEW/IEDE 107
AUDITING AND
 Scrutinize the stock sheets for obvious errors and compare with the
comparative sheets for the previous years to ensure that no section of the
stock has been excluded
 Select a sample of goods outward notes and check that the goods have
been entered in the stock records in the current year. Carry out a similar
test for goods inwards/delivery notes
 Compare final stock sheets with any perpetual inventory records
maintained (e.g. bin cards, stores ledgers). Note any discrepancies and
obtain adequate explanations for the differences. Ensure that all
necessary adjustments are made to the inventory records
 Reconcile stock and work in progress figure in the final accounts with
amounts shown in total by the perpetual inventory records or
management accounts. Prepare a schedule giving the reason for the
divergence, stating the evidence obtained to verify the explanations
given
 Obtain certificate direct from third parties in respect of stock held by
them. The certificate should identify the nature of the stock, the
quantities held and the purpose for which it is held. It should also
confirm that the stock held is in good condition and not subjected to any
lien or charges. Confirm that all necessary deductions are made in
respect of slow moving damaged or obsolete stocks.
Audit Programmes for the verification of stock-valuation

 Test the price of the final stock sheets to purchase invoices
 Scrutinize the bin cards or stock records to identify any apparently
obsolete stock
 Review all slow moving and obsolete stocks with storekeeper and
responsible officials
 Consider the value placed upon the items in the previous year, the
prospect of sale in the immediate future and decide what reduction in
value is appropriate
 Enter details on a schedule and bring to the manager’s attention.
Audit Programme for the verification of value of Work-in-progress:

 Test the reliability of work-in-progress by examining the costing system
in force.
 Ensure that:
 Methods of accounting and control over stores issues and labour
usage are adequate
 Method of allocation of overhead is reasonable. Confirm by
calculation that the amount added is in line with the actual rate
incurred during the year under review unless the factory operated
below normal capacity in which case the normal activity rate should
be used, and
108 UEW/IEDE
AUDITING AND
 Method of valuation of work-in-progress is consistent with previous

years and has not been distorted by changes in the level of
production.
 Compare the prices of the selected items of WIP with selling price by
adding estimate of the cost required to complete. The projected/actual
final cost should be compared with selling price and any anticipated
losses provided for
 For long term contracts, determine whether the basis for the calculation
of WIP is permissible and in accordance with the relevant accounting
standard.
Audit Programme for the value of stocks: - General

 Obtain or prepare a schedule summarizing the stock and WIP by general
category, showing the comparative figures for the previous year.
Reconcile the total with the amount shown in the statement of financial
position and with the final stock sheets. State on the schedule the basis
of valuation used and the nature of the evidence obtained to verify the
quantity of stock
 State on the schedule of stock and work in progress the amount and
proportion of value which were subject to observation at a stock count
and other audit tests
 Compare the ratios of stock and WIP to sales, raw material to cost of
sales, WIP to cost of sales, and finished goods to cost of sales with those
for the previous period. Prepare a schedule stating reasons for
significant changes in the above ratios and evidence obtained to verify
the explanations given.
 Review the stock valuation on a current cost basis. If materially
different, discuss possible disclosure with the directors.
Attendance at Stock Taking

The auditor should obtain relevant and reliable audit evidence sufficient to
enable him draw reasonable conclusions there from.
Responsibility
It is the responsibility of the management of an enterprise to ensure that the
amount at which stocks are shown in the financial statements represents
stocks physically in existence and includes all stocks owned by the
enterprise.
Management satisfies this responsibility by carrying out appropriate

procedures which will normally involve ensuring that all stocks are subject
to a count at least once in every financial year. Further, where the auditor
attends any physical count of stocks in order to obtain audit evidence, this
responsibility will not be reduced.
UEW/IEDE 109
AUDITING AND
Management also has the responsibility to maintain proper accounting

records and to include all statements of stocktaking in those records.
It is the responsibility of the auditor to obtain audit evidence in order to

enable him to draw conclusions about the validity of the quantities upon
which are based the amount of stocks shown in the financial statements.
The principal sources of this evidence are stock records, stock control
systems and the results of any stocktaking test counts made by the auditor
himself. By reviewing the enterprises stock records, and stock control
systems, the auditor can decide to what extent he needs to rely upon
attendance at stock taking to obtain the necessary audit evidence
Attendance as a means of providing evidence

Where stocks are material in the enterprise’s financial statements, and the
auditor is lacing reliance upon the management’s stock take in order to
provide evidence of existence, and then the auditor should attend the
stocktaking.
This is because attendance at stocktaking is normally the best way of

providing evidence of the proper functioning of management’s stocktaking
procedures, and hence of the existence of stocks and their conditions.
Evidence of the existence of WIP will frequently be obtained by a stock

take. However, the nature of the WIP may be such that it is impracticable to
determine it existence by a count. Management may place substantial
reliance on internal controls designated to ensure the completeness and
accuracy of records of work-in-progress. In such circumstances there may
not be stock take which could be attended by the auditor. Nevertheless,
inspection of the work-in-progress will assist the auditor to plan his audit
procedures, and it may also help on such matters as the determination of the
stage of completion or engineering work in progress.
Types of stocktaking
Physical verification of stocks may be by means of a full count (or
measurement in the case of bulk stock) of all the stocks at the yearend or at
a selected date before or shortly after the year end, or by means of a count of
part of the stocks in which case it may be possible to extrapolate the total
statistically. Alternatively, verification may be by means of the counting or
measurement of stocks during the course of the year using continuous stock-
checking methods. Some business enterprise use continuous stock-checking
methods for certain stocks and carry out a full count of other stocks at a
selected date.
The evidence of the existence of stocks provided by the stock take results is
most effective when stocktaking is carried out at the end of the financial
110 UEW/IEDE
AUDITING AND
year. Stocktaking carried out before or after the year end may also be
acceptable for audit purposes provided records of stock movement in the
period are such that the movements can be examined and substantiated.
The auditor should bear in mind that the greater the interval between the
stocktaking and the year end, the greater will be his difficulties in
substantiating the amount of stock at the statement of financial position
date. Such difficulties will, however, be lessened by the existence of a well-
developed system of internal control and satisfactory stock records.
Where continuous stock-checking methods are being used, the auditor

should perform tests designed to confirm that management,
 maintains adequate stock records that are kept up-to-date;
 has satisfactory procedures for stock taking and test-counting, so that in
normal circumstances, the programme of counts will cover all stocks at
least once during the year; and
 Investigates and corrects all materials differences between the book
stock records and the physical counts.
 Stocktaking Procedures
The following are the principal procedures which may be carried out by an
auditor when attending a stock take.
 Before the Stock taking: Planning,
 The auditor should plan his audit coverage of a stock take by:
 reviewing his working papers for the previous year, where applicable,
and discussing with management any significant changes in stocks over
the year
 discussing stock taking arrangements and instructions with management
 familiarizing himself with the nature and volume of the stocks, the
identification of high value items and the method of accounting for
stocks
 considering the location of the stock and assessing the implications of
this for stock control and recording
 Reviewing the systems of internal and accounting relating to stocks, so
as to identify potential areas of difficulty (for example cut off).
 considering any internal audit involvement, with a view to deciding the
reliance which can be placed on it
 ensuring that a representative selection of locations, stocks and
procedures are covered, and particular attention is given to high value
items where these form a significant proportion of total stock value
 arranging to obtain third party confirmation of stocks held by them, but
if the auditor considers that such stocks are a material part of the
enterprise’s total stock, or the third party is not considered to be
independent or reliable, then arranging, (where appropriate) either for
him or for the third party’s auditor to attend a stock take at the party’s
premise’s; and
UEW/IEDE 111
AUDITING AND
 Establishing whether expert help needs to be obtained to substantiate

quantities, or to identify the nature and condition of the stock, where
they are very specialized.
 The auditor should examine the way the stock taking is organized and
should evaluate the adequacy of the client’s stocktaking instructions.
Such instructions should preferably be in writing, cover all phases of the
stocktaking procedures, be issued in good time and be discussed with
those responsible for carrying out the stock taking to ensure that the
procedures are understood and that potential difficulties are anticipated.
If the instructions are found to be inadequate, the auditor seeks
improvements to them.
 During the Stocktaking

 During the stock taking, the auditor should ascertain whether the client’s
staffs are carrying out their instructions properly so as to provide
reasonable assurance that the stocktaking will be accurate. He should
make test count to satisfy himself that procedures and internal control
relating to the stock taking or the results of the test counts are not
satisfactory, the auditor should immediately draw the matter to the
attention of the management supervising the stock taking and he may
have to request a recount of part, or all of the stocks
 When carrying out the stock count, the auditor should select items both
from count records and from the physical stocks and should check one
to the other to gain assurance as to the completeness and accuracy of the
count records. In this context, he should give particular consideration to
those stocks which he believes to have a high value either individually
or as a category of stock. The auditor should include in his working
papers items for subsequent testing, such as photocopies of rough stock
sheets and details of the sequence of stock sheets.
 The auditor should determine whether the procedures for identifying
damaged, obsolete and slow moving stocks operate properly. He should
obtain information about the stocks condition, age usage, and in the case
of work-in-progress, its stage of completion. Further, he should
ascertain that stocks held on behalf of third parties are separately
identified and accounted for
 The auditor should consider whether the management has instituted
adequate cur-off procedures, i.e. procedures intended to ensure that
movements into, within and out of stock are properly identified and
reflected in the accounting records.
The auditor should conclude whether the stock taking has been properly
carried out and is sufficiently reliable as a basis of determining the existence
of stocks. The auditor should consider whether any amendment is necessary
to his subsequent audit procedures.
112 UEW/IEDE
AUDITING AND
The auditor should try to gain from his observations and overall impression
of the levels and values of stocks held so that he may, in due course, judge
whether the figure for stocks appearing in the financial statements is
reasonable.
The auditor’s working paper should include details of his observations and
tests, the manner in which points that are relevant and material to the stocks
being counted or measured have been dealt with by the client, instances
where the client’s procedures have not been satisfactorily carried out and the
auditor’s conclusions.
 After Stocktaking
After the stock taking, the matters recorded in the auditors’ working papers
at the time of the count or measurement should be followed up.
Photocopies of or extracts from rough stock sheets and details of test counts
may be used to check that the final stock sheets are accurate and complete.
The auditor should check replies from third parties about stocks held by or
for them, follow up all queries and notify senior management of serious
problems encountered during the stock taking.
Bank Overdraft
Bank overdrafts are shown as liabilities even though there may be other
bank balances shown as an asset. The only exception is where there a legal
right of set-off; in such cases, the accounts presentation is to net off the two
balances against each other. Verification of bank overdrafts is in other
respects identical to the verification of cash balances.
Accruals
Accruals, like prepayments, are commonly made for rent, electricity,
telephone and other items where the expenditure has been incurred in the
current period but where no invoice has yet been recorded. Accruals are
often immaterial and reliance is often placed on analytical procedures.
Nevertheless, as year-end adjustments, there are rarely controls over
accruals and any errors are likely to be those of understatement.
Test for accruals include the following:
 Consider the client’s own system (if any) for capturing accruals.
 Obtain a schedule of accruals, ensuring that it is cast correctly,
comparing it with prior year accruals and performing other analytical
procedures.
 Test check a sample of accruals for correct calculation, referring to
supporting invoices received in the next period.
 Include confirmation of the completeness of accruals in the management
representation letter. This is dealt with in further detail later.
UEW/IEDE 113
AUDITING AND
Long-term Liabilities
The main long-term liabilities will be debenture loans and bank loans.
There may be other amounts, such as a creditor who has agreed a specially
extended date of payment. If so, the audit procedures are the same as for a
similar item under current liabilities. It should also be appreciated that if all
or part of the debenture loan has a due date of payment within one year of
the statement of financial position date, then the loan (or the part requiring
payment) must be disclosed under current liabilities.
 Debenture Loans
 A debenture loan is defined as a written acknowledgement by a
company, usually under seal, of a loan made to it, containing provisions
as to payment of interest and repayment of capital.
 The procedure with regard to the issue of debentures is similar to that in
the case of an issue of shares and the work to be performed by the
auditor in vouching the issue will be of the same nature.
 On vouching the issue, the auditor should always refer to the debenture
trust deed.
 The auditor should inspect the certificate of registration given by the
Registrar.
 When a new issue of debentures takes place in the year, it is necessary to
disclose the class of debentures issued, the amount issued for each class
and the consideration received.
 Debentures may be redeemable according to the terms of the issue, at
specified dates, by annual or other drawings, or at the option of the
company, after due notice has been given of intention to repay.
Auditors should examine the provisions of the trust deed or the
debenture bonds relating to the redemption, and ascertain that they are
duly complied with.
 The auditor’s principal duties with regard to the redemption are as
follows:
 Examine the trust instrument as to the terms of the redemption, and
note that these have been complied with.
 Check the payment of cash to the debenture holders.
 Inspect the cancelled bonds.
 See that the entry in the register of charges has been cancelled, and
inspect any ‘memorandum of satisfaction’ filed with the Registrar.
 Contingent Liabilities
 A contingency may be defined as a condition which exists at the
statement of financial position date where the ultimate outcome (gain or
loss) will only be confirmed by the occurrence or non-occurrence of one
or more uncertain future events. Under the rules of IAS 37, probable
losses should be accrued, possible losses should be disclosed. Probable
gains should be disclosed.
114 UEW/IEDE
AUDITING AND
It is, therefore, very important to consider whether a contingent liability

should actually be incorporated into the accounts as a liability or merely
disclosed as a note to the accounts. Auditors and directors have often fallen
out over such issues.
 Typical contingent liabilities include the following:
 Bills discounted
 Guarantees given to third parties, e.g. to guarantee a subsidiary
company’s overdraft
 Forward contracts
 Damages and costs in actions pending
 Claims under guarantees, warranties (express or implied) arising out
of past transactions.
 IAS 37 requires that, for any contingent liability not provided for in the
financial statements, disclosures should be made of:
 The amount or estimated amount of that liability
 Its legal nature
 Whether any valuable security has been provided by the company in
connection with that liability and if so, what
 Pending lawsuits and other actions against the company often present
problems to auditors. They should take the following steps:
 Review the client’s system of recoding claims including the
procedures for bringing them to the attention of management.
 Discuss with the legal department or company secretary the
procedures for instructing solicitors.
 Examine board or management minutes for indications of possible
claims.
 Examine correspondence with solicitors, including bills rendered.
 Obtain a list of matters referred to solicitors with the company’s
estimates of possible liabilities.
 Obtain a letter of representation from the relevant director that he is
not aware of any other matters referred to solicitors.
UEW/IEDE 115
AUDITING AND
 The auditor may also consider it useful to obtain the client’s consent to
send a letter requesting confirmation of specific matters to the client’s
solicitors. An example of such a letter is:
In connection with the presentation and audit of our accounts for the
year ended….. …. The directors have made estimates of the ultimate
liabilities (including costs) which might be incurred, and which are
regarded as material, in relation to the following matters on which you
have been consulted. We should be obliged if you would confirm that in
your opinion these estimates are reasonable.
Matter estimated liability including cost
Libel action against the company in connection with statements
GH¢25,000
appearing in newspaper.
Signed ………………………
Dated ……………………….
The knowledge of contingent liabilities may very well be confined to

management and is therefore a suitable matter for inclusion in such a letter.
In addition, it will remind the directors of their responsibility to disclose
such matters to the auditor.
Share Capital
 There are many distinct types of shares of limited companies, but capital
is most often divided into preference and ordinary shares. The rights of
the respective shareholders are governed by the Regulations. The
preference shareholders, as a rule, are entitled to a fixed dividend out of
profits. The surplus profits after such payments belong to the ordinary
shareholders.
 Depending on the provisions in the Regulations, the preference shares
may also carry a preferential right as regards capital, that is to say, that
they are entitled to the return of their capital before there is any return on
the ordinary shares in the event of liquidation, and possibly they may
also be entitled to a premium on liquidation.
 Share capital represents part of the capital invested in the company by its
shareholders, but may also represent past reserves of the company which
have been ‘capitalised’ by a bonus issue of shares.
 The total of share capital and reserves represents the books value of the
net assets of the company.
116 UEW/IEDE
AUDITING AND
 In the notes to the accounts, the authorised and issued share capital must
be disclosed by class of share.
 The issued share capital is the total amount of the authorised share
capital which has actually been issued
 In addition, full details must be given of any changes in the share capital
during the year.
 As any change in share is likely to be a material transaction subject to
special legal requirements, all changes should be checked. Sampling
would not be appropriate except for an issue of shares for cash involving
a substantial number of shareholders:
Appropriate procedures:
 Check authorised capital limit to memorandum and articles.
 Check changes to issued capital in year and agree to board minutes.
 Trace all transactions involving cash to the cash book and bank
statement.
 Ensure that appropriate returns have been made to the Registrar of
Companies.
 Ensure appropriate disclosure in accordance with FRS 4 Capital
Instruments, as either debt or equity.
 Ensure that all transactions are legal and that any share premiums in
particular have been accounted for in accordance with the CA 1985
requirements.
Reserves
 Reserves represent the balance of net assets accruing to the shareholders
and may include retained earnings (income surplus), capital
surplus(capital redemption reserve fund, asset replacement reserve fund,
revaluation surplus, etc.) and share deals account
 It is necessary to disclose all the information required by the Companies
Code.
This includes:
 Following the standardised formats laid down in Part 2 of Schedule 4 of
the Companies Code (under review)
 Showing the opening and closing balances on reserves and any transfer
to or from the reserves during the year
 Disclosing the source and application of any amount to be transferred.
The audit of the revaluation reserve will involve the following steps:
 Assess the reason for the revaluation, the basis of valuation and its
reasonableness in the light of the auditor’s knowledge of the business
and the position of the property market.
 Evaluate the qualifications and experience of the valuer, which must be
disclosed in the year in which the valuation take place (the year of the
valuation is given in subsequent years). Reliance on experts has been
dealt with in an earlier chapter.
UEW/IEDE 117
AUDITING AND
 Ensure that adequate disclosures are made as above and that any
difference between market value and the recorded value is disclosed.
 The Income Surplus balance represents accumulated retained profits of
the business. The balance at the yearend consists of the balance brought
forward from the previous year plus the retained profit for the current
year.
 The audit procedures for income surplus mainly consist of verifying that
legal requirements have been complied with and correct disclosures
made. The following is a summary of the procedures:
 Prepare a schedule of reserves showing movements in the year.
 Check material movements, and ensure compliance with legal
regulations.
 Ensure all gains and losses have been included in the income statement
or other reserves as appropriate.
Review Question:
As an auditor to Gameli Ltd., and automobile firm, state the audit work that
you would carry out in connection with the following items disclosed in the
financial statements dated 31 December, 2006.
 charges in the profit and loss account in respect of depreciation of fixed
assets
 the sale during the year of one of the company’s freehold properties
 the purchase during the year of the freehold premises
 Capital grants received in respect of expenditure during the year on
plant and equipment.
118 UEW/IEDE
FINANCIAL STATEMENT AUDIT
XXXXXXX 3
Dear learner, you are once again welcome to the third unit of the course
“auditing and investigation”. In this unit, we will deal with financial
statement audit. We have already taken you through legal and professional
framework of audit and conducting an audit assignment.
This section provides guidance to auditors on obtaining and evaluating

sufficient appropriate evidential matter to support significant accounting
estimates in an audit of financial statements in accordance with generally
accepted auditing standards.
Generally, the basic idea of financial statement audit are equally important
for any business and therefore a business student. It is very important you
pay attention to this topic. Enjoy your lesson.
At the end of this section, you should be able to understand

 understand the nature of accounting estimates, identify internal controls
relating to accounting estimates, evaluate accounting estimates of
financial statements in accordance with the International Standards on
Auditing
 explain what is meant by prospective financial information; identify and
describe the matters to be considered before accepting a specified
engagement to report on prospective financial information, discuss the
level of assurance the practitioner may provide; explain the factors to be
considered in determining the nature, timing and extent of examination
procedures
 explain what is a charity, identify certain tax reliefs, appreciate how to
review the financial statements of Charities and Trade Unions
 engagement of Principal Auditor, consideration for Planning and
Control of Group Audit, reliance by the Principal Auditor on the Work
of Other Auditor
 identify factors that show that a business is facing going-concern
difficulty, describe the audit evidence to be gathered in relation to going-
concern status of a business, describe the auditing procedures required in
assessing going concern disclosures in financial statements
 describe the purpose, significance and content of audit report, describe
the forms of opinions an auditor can express on a financial statement
120 UEW/IEDE
AUDITING AND
UEW/IEDE 121
AUDIT OF ACCOUNTING ESTIMATES IN FINANCIAL
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
1
Unit 3, section 1: Audit of accounting estimates in financial statement
STATEMENT
This section provides guidance to auditors on obtaining and evaluating

sufficient appropriate evidential matter to support significant accounting
estimates in an audit of financial statements in accordance with generally
accepted auditing standards.
At the end of this section, students should be able to:

 understand the nature of accounting estimates
 identify internal controls relating to accounting estimates
 evaluate accounting estimates of financial statements in accordance with
the International Standards on Auditing
Accounting Estimates in Financial Statement

For purposes of this section, an accounting estimate is an approximation of
a financial statement element, item, or account. Accounting estimates are
often included in historical financial statements because,
 the measurement of some amounts or the valuation of some accounts is
uncertain, pending the outcome of future events;
 relevant data concerning events that have already occurred cannot be
accumulated on a timely, cost-effective basis.
Accounting estimates in historical financial statements measure the effects

of past business transactions or events, or the present status of an asset or
liability. Examples of accounting estimates include net realizable values of
inventory and accounts receivable, revenues from contracts accounted for by
the percentage-of-completion method and pension.
Management is responsible for making the accounting estimates included in

the financial statements. Estimates are based on subjective as well as
objective factors and, as a result, judgment is required to estimate an amount
at the date of the financial statements. Management's judgment is normally
based on its knowledge and experience about past and current events and its
assumptions about conditions it expects to exist and courses of action it
expects to take.
The auditor is responsible for evaluating the reasonableness of accounting

estimates made by management in the context of the financial statements
taken as a whole. As estimates are based on subjective as well as objective
factors, it may be difficult for management to establish controls over them.
Even when management's estimation process involves competent personnel
using relevant and reliable data, there is potential for bias in the subjective
factors. The auditor should therefore consider both the subjective and
objective factors when planning and performing procedures to evaluate
accounting estimates.
122 UEW/IEDE
AUDITING AND
Unit 3, section 1: Audit of accounting estimates in financial statement INVESTIGATION
Nature of Accounting Estimates

Some financial statement items cannot be measured precisely but can only
be estimated. For purposes of this section, such financial statement items are
referred to as accounting estimates. The nature and reliability of information
available to management to support the making of an accounting estimate
varies widely. The measurement objective of accounting estimates can vary,
depending on the applicable financial reporting framework and the financial
item being reported. The measurement objective for some accounting
estimates is to forecast the outcome of one or more transactions, events, or
conditions giving rise to the need for the accounting estimate.
For other accounting estimates, including many fair value accounting

estimates, the measurement objective is different and is expressed in terms
of the value of a current transaction or financial statement item based on
conditions prevalent at the measurement date, such as estimated market
price for a particular type of asset or liability.
A difference between the outcome of an accounting estimate and the amount

originally recognized or disclosed in the financial statements does not
necessarily represent a misstatement of the financial statements; rather, it
could be an outcome of estimation uncertainty. This is particularly the case
for fair value accounting estimates because any observed outcome may be
affected by events or conditions subsequent to the date at which the
measurement is estimated for purposes of the financial statements.
Developing Accounting Estimates

Management is responsible for establishing a process for preparing
accounting estimates. Although the process may not be documented or
formally applied, it normally consists of:
 Identifying situations for which accounting estimates are required.
 Identifying the relevant factors that may affect the accounting estimate.
 Accumulating relevant, sufficient, and reliable data on which to base the
estimate.
 Developing assumptions that represent management's judgment of the
most likely circumstances and events with respect to the relevant factors.
 Determining the estimated amount based on the assumptions and other
relevant factors.
 Determining that the accounting estimate is presented in conformity
with applicable accounting principles and that disclosure is adequate.
The risk of material misstatement of accounting estimates normally varies

with the complexity and subjectivity associated with the process, the
availability and reliability of relevant data, the number and significance of
assumptions that are made, and the degree of uncertainty associated with the
assumptions.
UEW/IEDE 123
AUDITING AND
INVESTIGATION Unit 3, section 1: Audit of accounting estimates in financial statement
Internal Control Related to Accounting Estimates

An entity's internal control may reduce the likelihood of material
misstatements of accounting estimates. Specific relevant aspects of internal
control include the following:
 Management communication of the need for proper accounting
estimates
 Accumulation of relevant, sufficient, and reliable data on which to base
an accounting estimate
 Preparation of the accounting estimate by qualified personnel
 Adequate review and approval of the accounting estimates by
appropriate levels of authority, including—
 Review of sources of relevant factors
 Review of development of assumptions
 Review of reasonableness of assumptions and resulting estimates
 Consideration of the need to use the work of specialists
 Consideration of changes in previously established methods to arrive
at accounting estimates
 Comparison of prior accounting estimates with subsequent results to
assess the reliability of the process used to develop estimates
 Consideration by management of whether the resulting accounting
estimate is consistent with the operational plans of the entity.
Evaluating Accounting Estimates

The auditor's objective when evaluating accounting estimates is to obtain
sufficient appropriate evidential matter to provide reasonable assurance
that—
 All accounting estimates that could be material to the financial
statements have been developed.
 Those accounting estimates are reasonable in the circumstances.
 The accounting estimates are presented in conformity with applicable
accounting principles and are properly disclosed.
Identifying Circumstances That Require Accounting Estimates

In evaluating whether management has identified all accounting estimates
that could be material to the financial statements, the auditor considers the
circumstances of the industry or industries in which the entity operates, its
methods of conducting business, new accounting pronouncements, and
other external factors. The auditor should consider performing the following
procedures:
 Consider assertions embodied in the financial statements to determine
the need for estimates. (See paragraph .16 for examples of accounting
estimates included in financial statements.)
 Evaluate information obtained in performing other procedures, such
as—
124 UEW/IEDE
AUDITING AND
 Information about changes made or planned in the entity's business,

including changes in operating strategy, and the industry in which
the entity operates that may indicate the need to make an accounting
estimate.
 Changes in the methods of accumulating information.
 Information concerning identified litigation, claims, and assessments
and other contingencies.
 Information from reading available minutes of meetings of
stockholders, directors, and appropriate committees.
 Information contained in regulatory or examination reports,
supervisory correspondence, and similar materials from applicable
regulatory agencies.
 Inquire of management about the existence of circumstances that may
indicate the need to make an accounting estimate.
Evaluating Reasonableness
In evaluating the reasonableness of an estimate, the auditor normally
concentrates on key factors and assumptions that are—
 Significant to the accounting estimate.
 Sensitive to variations.
 Deviations from historical patterns.
 Subjective and susceptible to misstatement and bias.
The auditor normally should consider the historical experience of the entity
in making past estimates as well as the auditor's experience in the industry.
However, changes in facts, circumstances, or entity's procedures may cause
factors different from those considered in the past to become significant to
the accounting estimate.
In evaluating reasonableness, the auditor should obtain an understanding of

how management developed the estimate. Based on that understanding, the
auditor should use one or a combination of the following approaches:
 Review and test the process used by management to develop the
estimate.
 Develop an independent expectation of the estimate to corroborate the
reasonableness of management's estimate.
The auditor should evaluate whether the difference between estimates best
supported by the audit evidence and estimates included in the financial
statements, which are individually reasonable, or indicating a possible bias
on the part of the company's management. If each accounting estimate
included in the financial statements was individually reasonable but the
effect of the difference between each estimate and the estimate best
supported by the audit evidence was to increase earnings or loss, the auditor
should evaluate whether these circumstances indicate potential management
bias in the estimates.
UEW/IEDE 125
AUDITING AND
Review and test management's process

In many situations, the auditor assesses the reasonableness of an accounting
estimate by performing procedures to test the process used by management
to make the estimate. The following are procedures the auditor may consider
performing when using this approach:
 Identify whether there are controls over the preparation of accounting
estimates and supporting data that may be useful in the evaluation.
 Identify the sources of data and factors that management used in
forming the assumptions, and consider whether such data and factors are
relevant, reliable, and sufficient for the purpose based on information
gathered in other audit tests.
 Consider whether there are additional key factors or alternative
assumptions about the factors.
 Evaluate whether the assumptions are consistent with each other, the
supporting data, relevant historical data, and industry data.
 Analyze historical data used in developing the assumptions to assess
whether the data is comparable and consistent with data of the period
under audit, and consider whether such data is sufficiently reliable for
the purpose.
 Consider whether changes in the business or industry may cause other
factors to become significant to the assumptions.
 Review available documentation of the assumptions used in developing
the accounting estimates and inquire about any other plans, goals, and
objectives of the entity, as well as consider their relationship to the
assumptions.
 Consider using the work of a specialist regarding certain assumptions
 Test the calculations used by management to translate the assumptions
and key factors into the accounting estimate.
Based on the auditor's understanding of the facts and circumstances, he may

independently develop an expectation as to the estimate by using other key
factors or alternative assumptions about those factors.
Review subsequent events or transactions

When evaluating whether the financial statements as a whole are free of
material misstatement, the auditor should evaluate the qualitative aspects of
the company's accounting practices, including potential bias in
management's judgments about the amounts and disclosures in the financial
statements.
Events or transactions sometimes occur subsequent to the date of the

balance sheet, but prior to the date of the auditor's report, that are important
in identifying and evaluating the reasonableness of accounting estimates or
key factors or assumptions used in the preparation of the estimate. In such
circumstances, an evaluation of the estimate or of a key factor or assumption
126 UEW/IEDE
AUDITING AND
may be minimized or unnecessary as the event or transaction can be used by

the auditor in evaluating their reasonableness.
Paragraphs 24 through 27 of Auditing Standard No. 14, Evaluating Audit

Results, discuss the auditor's responsibilities for assessing bias and
evaluating accounting estimates in relationship to the financial statements
taken as a whole.
Examples of Accounting Estimates

The following are examples of accounting estimates that are included in
financial statements. The list is presented for information only. It should not
be considered all-inclusive.
Receivables: Revenues:
Uncollectible receivables Airline passenger revenue
Allowance for loan losses Subscription income
Uncollectible pledges Freight and cargo revenue
Dues income
Inventories: Losses on sales contracts
Obsolete inventory
Net realizable value of inventories
where future selling prices and future Contracts:
costs are involved
Losses on purchase commitments Revenue to be earned
Costs to be incurred
Financial instruments: Percent of completion
Valuation of securities
Trading versus investment security
Leases:
classification
Probability of high correlation of a
Initial direct costs
hedge
Sales of securities with puts and calls Executory costs
Residual values
Productive facilities, natural
resources and intangibles:
Useful lives and residual values Litigation:
Depreciation and amortization methods Probability of loss
Recoverability of costs Amount of loss
Recoverable reserves Rates:
Annual effective tax rate in
interim reporting
UEW/IEDE 127
AUDITING AND
Imputed interest rates on

Accruals:
receivables and payables
Property and casualty insurance Gross profit rates under program
company loss method of
reserves accounting
Compensation in stock option plans and
deferred
plans
Warranty claims Other:
Losses and net realizable value on
disposal of
Taxes on real and personal property
segment or restructuring of a
business
Fair values in nonmonetary
Renegotiation refunds
exchanges
Interim period costs in interim
Actuarial assumptions in pension costs
reporting
Current values in personal
financial statements
 Some financial statement items cannot be measured precisely but can

only be estimated
 Management is responsible for establishing a process for preparing
accounting estimates
 The auditor assesses the reasonableness of an accounting estimate by
performing procedures to test the process used by management to make
the estimate
 Based on the auditor's understanding of the facts and circumstances, he
may independently develop an expectation as to the estimate
Review Questions
 Identify five areas in which accounting estimates are likely to be made
in a financial statement
 Explain the circumstances that require accounting estimates to be made
 Enumerate the audit procedures required to audit accounting estimates
128 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 3, section 1: Audit of accounting
This estimates
page is leftinblank
financial
for your
statement
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 129
EXAMINATION OF PROSPECTIVE FINANCIAL
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
2
Unit 3, section 2: Examination of prospective financial information
INFORMATION
The purpose of this section is to establish standards and provide guidance on

engagements to examine and report on prospective financial information
including examination procedures for best-estimate and hypothetical
assumptions. Guidance is provided by International Standard on Assurance
Engagements 3400 (lSA 3400)
At the end of the section, you should be able to:

 explain what is meant by prospective financial information;
 identify and describe the matters to be considered before accepting a
specified engagement to report on prospective financial information
 discuss the level of assurance the practitioner may provide;
 explain the factors to be considered in determining the nature, timing
and extent of examination procedures
 explain the differences between the content of a report on an
examination of prospective financial information and reports made in
providing audit related services
The Auditor's Assurance Regarding Prospective Financial

Information
In an engagement to examine prospective financial information, the auditor
should obtain sufficient appropriate evidence as to whether:
 Management's best estimate assumptions on which the prospective

financial information is based are reasonable and,
 There are hypothetical assumptions, where such assumptions are
consistent with the purpose of the information and that the prospective
financial information is properly prepared on the basis of the
assumptions;
 The prospective financial information is properly presented and all
material assumptions are adequately disclosed, including a clear
indication as to whether they are best estimate assumptions or
hypothetical assumptions; and
 The prospective financial information is prepared on a consistent basis
with historical financial statements, using appropriate accounting
principles.
Prospective financial information relates to events and actions that have not
yet occurred and may not occur. While evidence may be available to support
the assumptions on which the prospective financial information is based,
such evidence is itself generally future oriented and, therefore, speculative
in nature, as distinct from the evidence ordinarily available in the audit of
historical financial information. The auditor is, therefore, not in a position to
express an opinion as to whether the results shown in the prospective
financial information will be achieved.
130 UEW/IEDE
AUDITING AND
Unit 3, section 2: Examination of prospective financial information INVESTIGATION
Further, given the types of evidence available in assessing the assumptions

on which the prospective financial information is based, it may be difficult
for the auditor to obtain a level of satisfaction sufficient to provide a
positive expression of opinion that the assumptions are free of material
misstatement. Consequently, when reporting on the reasonableness of
management's assumptions, the auditor provides only a moderate level of
assurance. However, when in the auditor's judgment an appropriate level of
satisfaction has been obtained, the auditor is not precluded from expressing
positive assurance regarding the assumptions.
Some Definitions
Prospective financial information' means financial information based on
assumptions about events that may occur in the future and possible actions
by an entity. It is highly subjective in nature and its preparation requires the
exercise of considerable judgment. Prospective financial information can be
in the form of a forecast, a projection or a combination of both, for example,
a one year forecast plus a five year projection.
A forecast' means prospective financial information prepared on the basis of

assumptions as to future events which management expects to take place
and the actions management expects to take as of the date the information is
prepared (best-estimate assumptions).
A 'projection' means prospective financial information prepared on the basis

of:
 Hypothetical assumptions about future events and management actions
which are not necessarily expected to take place, such as when some
entities are in a start-up phase or are considering a major change in the
nature of operations; or
 A mixture of best-estimate and hypothetical assumptions. Such
information illustrates the possible consequences as of the date the
information is prepared if the events and actions were to occur (a 'what-
if' scenario).
Prospective financial information can include financial statements or one or

more elements of financial statements. Management is responsible for the
preparation and presentation of the prospective financial information,
including the identification and disclosure of the assumptions on which it is
based. The auditor may be asked to examine and report on the prospective
financial information to enhance its credibility whether it is intended for use
by third parties or for internal purposes.
Acceptance of Engagement
Before accepting an engagement to examine prospective financial
information, the auditor would consider, amongst other things:
• The intended use of the information:
UEW/IEDE 131
AUDITING AND
INVESTIGATION Unit 3, section 2: Examination of prospective financial information
• Whether the information will be for general or limited distribution;

• The nature of the assumptions, that is, whether they are best-estimate or
hypothetical assumptions;
• The elements to be included in the information; and
• The period covered by the information.
The auditor should not accept, or should withdraw from, an engagement

when the assumptions are clearly unrealistic or when the auditor believes
that the prospective financial information will be inappropriate for its
intended use.
The auditor and the client should agree on the terms of the engagement. It is
in the interests of both entity and auditor that the auditor sends an
engagement letter to help in avoiding misunderstandings regarding the
engagement.
Knowledge of the Business

The auditor should obtain a sufficient level of knowledge of the business to
be able to evaluate whether all significant assumptions required for the
preparation of the prospective financial information have been identified.
The auditor would also need to become familiar with the entity's process for
preparing prospective financial information, for example, by considering the
following:
 The internal controls over the system used to prepare prospective
financial information and the expertise and experience of those persons
preparing the prospective financial information.
 The nature of the documentation prepared by the entity supporting
management's assumptions.
 The extent to which statistical, mathematical and computer-assisted
techniques are used.
 The methods used to develop and apply assumptions.
 The accuracy of prospective financial information prepared in prior
periods and the reasons for significant variances.
The auditor should consider the extent to which reliance on the entity's
historical financial information is justified. The auditor requires knowledge
of the entity's historical financial information to assess whether the
prospective financial information has been prepared on a basis consistent
with the historical financial information and to provide a historical yardstick
for considering management’s assumptions. The auditor will need to
establish, for example, whether relevant historical information was audited
or reviewed and whether acceptable accounting principles were used in its
preparation.
If the audit or review report on prior period historical financial information

was other than unmodified or if the entity is in a start-up phase, the auditor
132 UEW/IEDE
AUDITING AND
would consider the surrounding facts and the effect on the examination of
the prospective financial information.
Period Covered
The auditor should consider the period of time covered by the prospective
financial information. Assumptions are usually speculative with the length
of the period covered. The period to cover should not extend beyond the
time for which management has a reasonable basis for the assumptions.
The following are some of the factors that are relevant to the auditor's
consideration of the period of time covered by the prospective financial
information:
 Operating cycle, for example, in the case of a major construction project
the time required to complete the project may dictate the period covered.
 The degree of reliability of assumptions, for example, if the entity is
introducing a new product the prospective period covered could be short
and broken into small segments, such as weeks or months. Alternatively,
if the entity's sole business owns a property under long-term lease, a
relatively long prospective period might be reasonable.
 The needs of users, for example, prospective financial information may
be prepared in connection with an application for a loan for the period of
time required to generate sufficient funds for repayment. Alternatively,
the information may be prepared for investors in connection with the
sale of debentures to illustrate the intended use of the proceeds in the
subsequent period.
Examination Procedures
When determining the nature, timing and extent of examination procedures,
the auditor's considerations should include:
 The likelihood of material misstatement;
 The knowledge obtained during any previous engagements;
 Management's competence regarding the preparation of prospective
financial information;
 The extent to which the prospective financial information is affected by
the management's judgment; and
 The adequacy and reliability of the underlying data.
The auditor would assess the source and reliability of the evidence
supporting management's best-estimate assumptions. Sufficient appropriate
evidence supporting such assumptions would be obtained from internal and
external sources including consideration of the assumptions in the light of
historical information and an evaluation of whether they are based on plans
that are within the entity’s capacity.
The auditor would consider whether, when hypothetical assumptions are

used, all significant implications of such assumptions have been taken into
UEW/IEDE 133
AUDITING AND
consideration. For example, if sales are assumed to grow beyond the entity's
current plant capacity, the prospective financial information will need to
include the necessary investment in the additional plant capacity or the costs
of alternative means of meeting the anticipated sales, such as subcontracting
production.
Although evidence supporting hypothetical assumptions need not be

obtained, the auditor would need to be satisfied that they are consistent with
the purpose of the prospective financial information and that there is no
reason to believe they are clearly unrealistic.
The auditor will need to be satisfied that the prospective financial

information is properly prepared from management's assumptions by, for
example, making clerical checks such as re-computation and reviewing
internal consistency, that is, the actions management intends to take are
compatible with each other and there are no inconsistencies in the
determination of the amounts that are based on common variables such as
interest rates.
The auditor would focus on the extent to which those areas that are
particularly sensitive to variation will have a material effect on the results
shown in the prospective financial information. This will influence the
extent to which the auditor will seek appropriate evidence. It will also
influence the auditor's evaluation of the appropriateness and adequacy of
disclosure.
When engaged to examine one or more elements of prospective financial

information, such as an individual financial statement, it is important that
the auditor consider the interrelationship of other components in the
financial statements.
When any elapsed portion of the current period is included in the

prospective financial information, the auditor would consider the extent to
which procedures need to be applied to the historical information.
Procedures will vary depending on the circumstances, for example, how
much of the prospective period has elapsed.
The auditor should obtain written representations from management

regarding the intended prospective financial information, the completeness
of significant management assumptions and management's acceptance of its
responsibility for the prospective financial information.
Presentation and Disclosure

When assessing the presentation and disclosure of the prospective financial
information, in addition to the specific requirements of any relevant statutes,
 The presentation of prospective financial information is informative and
not misleading;
134 UEW/IEDE
AUDITING AND
 The accounting policies are clearly disclosed in the notes to the

prospective financial
information;
 The assumptions are adequately disclosed in the notes to the prospective
financial information. It needs to be clear whether assumptions represent
management's best estimates or are hypothetical and, when assumptions
are made in areas that are material and are subject to a high degree of
uncertainty, this uncertainty and the resulting sensitivity of results needs
to be adequately disclosed;
 The date as of which the prospective financial information was prepared
is disclosed. Management needs to confirm that the assumptions are
appropriate as of this date, even though the underlying information may
have been accumulated over a period of time. The basis of establishing
points in a range is clearly indicated and the range is not elected in a
biased or misleading manner when results shown in the prospective
financial information are expressed in terms of a range; and
 Any change in accounting policy since the most recent historical
financial statements is disclosed, along with the reason for the change
and its effect on the prospective financial information on an examination
of prospective financial information should
Report on Examination of Prospective Financial Information

The report by an auditor contains the following:
 Title;
 Addressee;
 Identification of the prospective financial information;
 A reference to the ISAE or relevant national standards or practices
applicable to the examination of prospective financial information;
 A statement that management is responsible for the prospective financial
information including the assumptions on which it is based;
 When applicable, a reference to the purpose and/or restricted distribution
of the prospective financial information;
 A statement of negative assurance as to whether the assumptions
provide a reasonable basis for the prospective financial information;
 An opinion as to whether the prospective financial information is
properly prepared on the basis of the assumptions and is presented in
accordance with the relevant financial reporting framework;
 Appropriate caveats concerning the achievability of the results indicated
by the prospective financial information;
 Date of the report which should be the date procedures have been
completed;
 Auditor's address; and
 Signature.
UEW/IEDE 135
AUDITING AND
Such a report would:

 State whether, based on the examination of the evidence supporting the
assumptions, anything has come to the auditor's attention which causes
the auditor to believe that the assumptions do not provide a reasonable
basis for the prospective financial information.
 Express an opinion as to whether the prospective financial information
is properly prepared on the basis of the assumptions and is presented in
accordance with the relevant financial reporting framework.
 State that:
Actual results are likely to be different from the prospective financial
information since anticipated events frequently do not occur as expected and
the variation could be material. Likewise, when the prospective financial
information is expressed as a range, it would be stated that there can be no
assurance that actual results will fall within the range; and
 In the case of a projection, the prospective financial information has

been prepared for (state purpose), using a set of assumptions that include
hypothetical assumptions about future events and management's actions
that are not necessarily expected to occur.
The following is an example of an extract from an unmodified report on a

forecast:
We have examined the forecast in accordance with the International

Standard on Assurance Engagements applicable to the examination of
prospective financial information. Management is responsible for the
forecast including the assumptions set out in Note A on which it is based.
Based on our examination of the evidence supporting the assumptions,

nothing has come to our attention which causes us to believe that these
assumptions do not provide a reasonable basis for the forecast. Further, in
our opinion the forecast is properly prepared on the basis of the
assumptions and is presented in accordance with.... Actual results are likely
to be different from the forecast since anticipated events frequently do not
occur as expected and the variation may be material.
The following is an example of an extract from an unmodified report on a

projection: We have examined the projections in accordance with the
International Standard on Assurance Engagements applicable to the
examination of prospective financial information. Management is
responsible for the projection including the assumptions set out in Note A
on which it is based. This projection has been prepared for (describe
purpose). As the entity is in a start-up phase the projection has been
prepared using a set of assumptions that include hypothetical assumptions
about future events and management's actions that are not necessarily
expected to occur.
136 UEW/IEDE
AUDITING AND
Based on our examination of the evidence supporting the assumptions,

nothing has come to our attention which causes us to believe that these
assumptions do not provide a reasonable basis for the projection, assuming
that (state or refer to the hypothetical assumptions). Further, in our opinion
the projection is properly prepared on the basis of the assumptions and is
presented in accordance with
Even if the events anticipated under the hypothetical assumptions described

above occur, actual results are still likely to be different from the projection
since other anticipated events frequently do not occur as expected and the
variation may be material.
When the auditor believes that the presentation and disclosure of the
prospective financial information is not adequate, the auditor should express
a qualified or adverse opinion in the report on the prospective financial
information, or withdraw from the engagement as appropriate.
An example would be where financial information fails to disclose

adequately the consequences of any assumptions which are highly sensitive.
When the auditor believes that one or more significant assumptions do not
provide a reasonable basis for the prospective financial information
prepared on the basis of best estimate assumptions or that one or more
significant assumptions do not provide a reasonable basis for the
prospective financial information given the hypothetical assumptions, the
auditor should either express an adverse opinion in the report on the
prospective financial information, or withdraw from the engagement.
When the examination is affected by conditions that preclude application of

one or more procedures considered necessary in the circumstances, the
auditor should either withdraw from the engagement or disclaim the opinion
and describe the scope limitation in the report on the prospective financial
information.
 The auditor should obtain a sufficient level of knowledge of the business

to be able to evaluate whether all significant assumptions required for
the preparation of the prospective financial information have been
identified.
 The auditor should consider the period of time covered by the
prospective financial information.
 In an engagement to examine prospective financial information, the
auditor should obtain sufficient appropriate evidence.
UEW/IEDE 137
Unit 3, section
AUDITING3: Auditing
OF THE of the financial statements
FINANCIAL of charities
STATEMENTS OFand trade
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
3
unions CHARITIES AND TRADE UNIONS
In response to increasing public concern about the growing number of

charities and in consideration of the large sums of public money which they
handle, some donors have insisted on independent audits and this section
will provide a cursory guide to student on auditing financial statements of
charities.
At the end of this session, you should be able to

 explain what is a charity
 identify certain tax reliefs
 appreciate how to review the financial statements of Charities and Trade
Unions
Background
Not every charitable non-profit is required to conduct an independent audit.
Some non-profits, because of the size of their annual budgets, or because of
the sources of their funding, are required by state or federal law to conduct
an independent audit. In other situations, a charitable non-profit has a choice
whether or not to conduct an independent audit.
The Guideline is particularly relevant to the audit of charities which would

normally expect to receive a substantial portion of their income from
voluntary sources, including those small charities which have a few
voluntary workers and relatively small income.
The requirement for audit of the financial statements of a charity may be

required under statute, the charity's own constitution or at the request of the
governing body.
What is a charity?
Definition of charitable purposes: A charity is defined as any institution,
corporate or otherwise, which is established exclusively for charitable
purpose according to the laws of Ghana.
A layman's guide to the meaning of ‘charitable purposes’ includes the

following:
 The relief of poverty:
 The advancement of education;
 The advancement of religion; as an unincorporated association; as a
company limited by guarantee under the Companies Code; by special
Act of Parliament
 other purposes beneficial to the community not falling under purposes
stated above.
138 UEW/IEDE
Unit 3, section 3: Auditing of the financial statements of charities and trade AUDITING AND
unions INVESTIGATION
Legal status and constitution

A charity may be established by trust deed. The objects of a charity will be
set out in its constitution. Clearly, the activities performed by the charity
should accord with its objects, but they must also be within the categories of
charitable purposes defined above.
Regulatory bodies
If the Registrar of companies is satisfied that an institution applying for
registration is established for exclusively charitable purposes (and if it is not
one of a class of charities exempted from the need to register) it will enter it
in the Register of charities maintained by them. The Registrar may request
that the accounts of registered charities are filed with them and they can also
require that such accounts be audited.
Any charity which is incorporated as a company must file an annual return

and audited accounts with the Register of Companies. Charities which
organize house collections, street collections,' or lotteries or prize
competitions may also be required to file an audited return.
Fiscal provisions affecting charities

The auditor should ensure that he is aware of any changes in legislation
which may alter the various forms of relief and tax advantages which may
be enjoyed by charities. There is no general exemption from tax on income
or VAT given to charities. However, there are specific exemptions from
taxation of income which will be granted if a claim is made to the
Commissioner of Internal Revenue Service.
If a charity is carrying on a trade, relevant taxation exemptions will only be

allowed if the
 The trade is exercised in the course of the actual carrying out of a
primary purpose of the charity, or
 The work in connection with the trade is mainly carried out by the
beneficiaries of the charity.
There are also certain reliefs in respect of:

 Corporation tax;
 Capital gains tax;
 Inheritance tax;
 Stamp duty;
 national insurance;
 VAT;
 Rates.
UEW/IEDE 139
AUDITING AND Unit 3, section 3: Auditing of the financial statements of charities and trade
INVESTIGATION unions
The accounts of a charity

Purpose of financial statements - stewardship
Charities exist to meet an identified objective rather than to generate profits;
consequently, their performance is often measured in financial terms, not by
the surplus of income over expenditure, but rather by the size of the income
and the manner in which it has been applied. Thus the primary purpose of
the annual financial statements of a charity is to account for the stewardship
of funds entrusted to it by the public, the state and others.
Form of financial statements

Charities are required to keep proper books of account and to prepare
consecutive statements of account and they may also be bound by other
statutory regulations in this respect. The financial statements usually
comprise.
 Revenue account (often in the form of an income and expenditure
account);
 Statement of financial position(s;)
 Cash flow statement;
 Notes to the accounts.
In the case of small charities, however, the financial statements may

comprise little more than receipts and payments account and a concise
statement of assets and liabilities.
Accounting policies
It is essential that the financial statements of all charities should include a
statement of the main accounting policies in accordance lASI and IAS 8.
The disclosure of significant accounting policies assumes a greater
importance than for other enterprises. The most important accounting
policies for a charity will probably include:
 the basis on which income has been taken to the credit of the revenue
account (for example, accruals or cash basis, policy with regard to
legacy income, gross or net profit from trading activities);
 the basis on which expenditure has been charged to the revenue account
(for example, accrual or cash, costs. including Y AT);
 the accounting treatment of fixed assets and investments, including
donated assets;
 the presentation of the special funds and the movements thereon;
 The treatment of branches.
Some areas of activity requiring special attention

Included and excluded activities.
It is often difficult to decide where the charity activities stop and a third
party takes over. The criteria are:
 Does the charity have control?
140 UEW/IEDE
 Is the activity undertaken by a body with a separate constitution?
It is sometimes necessary for a charity to take legal advice to determine

which activities form part of the stewardship of the main charitable body
and should be accounted for in the financial statements.
Cash income
In practice a charity may find it difficult to institute procedures to ensure
that all cash collections, often by volunteers, are properly accounted for in
the books of account.
The cut-off date for the cash income of some charities is not always the
year-end date, a later date sometimes being adopted because of the
importance of accounting for income collected, but not yet remitted by
voluntary supporters.
Other Income Sources

Donations in kind: Charities are sometimes reluctant, or find it
impracticable, to bring donations in kind into their books at their market
value.
Specific funds: Charities may produce separate accounts to detail

movements in certain funds for which they act as trustee or which represent
monies raised for specific projects. Categories of specific funds include
designated, restricted and endowment funds.
Central and local government grants and loans: Charities can be eligible for
a number of grants and loans, which can create problems in respect of:
 knowing of the existence of the grant or loan scheme and the right to
claim;
 Using the money for the correct purpose.
 Accounting for the money in the right format
The Auditor's operational approach

Scope of the audit
The scope of the audit will depend on the status of the charity and the form
of report to be given. Where the charity is a company, a friendly or an
industrial and provident society or in many cases where it is incorporated by
special Act of parliament, the minimum audit requirements are laid down by
statute. In other cases, the constitutional documents should be examined to
determine audit requirements and discussions held with the trustees of the
charity. Even in cases where the audit requirements are well defined, the
trustees should be consulted; they may wish to expand the scope of the audit
to cover, for example, specific instructions for the auditors to look for fraud.
UEW/IEDE 141
Once the scope of the audit has been established, it .should be defined and
explained in a suitably worded letter of engagement.
Key audit areas peculiar to charities

Donations and fund-raising: It may be difficult to ensure the completeness
and accuracy of recording of income from donations, fund-raising activities
or other sources of income as donations can take the form of capital gifts
such as shares or property, but they all require being valued.
Legacies: These may give rise to problems of completeness where, for

example, they involve reversionary gifts. The auditor should confirm that,
where possible, the charity has followed up legacies.
Central and local government grants and loans: The auditor should be
familiar with the workings of the grant or loan system and the accepted
ways of treating grants or loans in the financial statements.
Branches: Some charities regard a voluntary organizer in a particular area as

a branch, while others only confer branch status on a local office. It can thus
be difficult to decide the status of a branch, and whether its transactions and
balances should or can be included in the main financial statements. This is
a matter which might usefully be dealt with in a letter of engagement:
"'Where a branch has its own separate constitution which is quite different
from that of the main charity, its transactions and- balances will, properly be
excluded from the financial statements of the charity. Where the branch is
so independent that it cannot be required to submit independent returns it
may not be possibly to include its transactions and balances. Where
branches are excluded, it is essential that adequate disclosure is made in the
financial statements, and consideration given as to whether the auditor's
report should be suitably amplified or qualified. There may also be a
problem for the auditor in forming an opinion on branches which do not
have proper accounting disciplines.
Overseas activities: Where records are maintained overseas and the amounts
are material, the auditor should give consideration to a local audit. If
remittances to overseas branches are treated as an expense when made,
evidence of receipt will be required.
Specific funds: Tests will need to be designed to confirm that these funds
have been correctly accounted for and app lied.
Grants to beneficiaries: The auditor should confirm that the bona fides of
the recipients have been established. For example, the auditor will look for
evidence of the bona fides of a sample of grants made by the charity, and
scrutinize all grants of an unusual size or nature.
142 UEW/IEDE
Audit procedures
The following procedures amplify those given in the operational guidelines.
They do not impose on the auditor any additional requirements. For
example, the internal controls operated by some charities, particularly small
ones, whilst adequate for their own purposes, may not be sufficient for the
purposes of reliance by the auditor in arriving at his opinion. In such cases
the auditor would choose a substantive route and not rely upon controls
which may exist.
In all audits, the scope will be determined by, and the audit procedures used
will vary in accordance with, the terms of the auditor's appointment. The
level of audit evidence to be obtained will be a matter of judgement for the
auditor in each individual case.
Planning
When planning the audit of a charity the auditor should particularly consider
the following:
 the scope of the audit;
 the acceptability of accounting policies adopted;
 changes in circumstances in the sector in which the charity operates;
 past experience of the effectiveness of the charity's accounting systems;
 key audit areas;
 the amount of details included in the financial statements on which the
auditor is required to report.
Audit evidence
When designing substantive tests for charities, the auditor should give
special attention to the possibility of:
 understatement or incompleteness of the recording of all income
including gifts In kind, cash donations, and legacies;
 overstatement of cash grants or expenses;
 Misanalysis or misuse in the application of funds;
 Misstatement or omission of assets including donated properties and
investments; the existence of restricted or uncontrollable funds in
foreign or Independent branches.
The extent of testing required will depend on the scope of the audit. For
example, the auditor may be required to report on financial statements
which include considerable details.
Normal analytical review procedures as applied to a commercial enterprise,

including the comparison of one year's' financial statements with another,
may need to be modified in the case of a charity. Particular consideration
should be given to the relationship between appeals income and related
expenses, and investments and the income from such investments. A
UEW/IEDE 143
comparison of the funds raised by particular branches from one period to the
next should also be carried out and explanation obtained for significant
differences.
Internal controls
The auditor will have to consider where there are any internal controls on
which he may wish to reply, or whether he will need to carry out extensive
substantive testing. Large charities should have the internal controls
appropriate to any large enterprise, and the auditor should look for and
encourage the charity to implement normal internal controls and reporting
systems in keeping with the scale of operations.
Small charities will generally suffer from internal control weaknesses

common to small enterprises, such as lack of segregation of duties and use
of unqualified staff. Shortcomings may arise from the staff's lack of training
and also, if they are volunteers, from their attitude, in that they may resent
formal procedures. The auditor will have to consider carefully whether he
will be able to obtain adequate assurance that the accounting records do
reflect the transaction of the enterprise. Adequate control may often be
available in a small charity by means of increased review and authorization
procedures by the trustees or other officials of the charity.
Generally, the auditor will hope to be able to rely on the internal controls of
the charity in one or more key areas wherever the volume of transactions
makes this reliance desirable. For example, the auditor might wish to rely on
the charity's system of authorizing and controlling grants payments by the
grants committee. His compliance tests might include checking with the
minutes concerned and other documentation.
Donations - Postal and cash:

 dual control over the opening of mail;
 immediate recording of donations on opening mail or receipt of cash~'
Deed of covenant:
regular checks and follow-up procedures to ensure due amounts are
received;
 regular checks to ensure all tax repayments have been obtained.
Legacies:
 comprehensive correspondence files maintained in respect of each
legacy, numerically controlled; ,
 search agency reports of legacies receivable;
 Regular reports and follow-up' procedures undertaken in respect' of
outstanding legacies.
144 UEW/IEDE
Fund-raising activities
 records maintained for each fund-raising event;
 comparable controls maintained over receipts as for normal donations;
 comparable controls maintained over expenses as for administrative
expenses.
Central and local government grants and loans:

 Regular checks that all sources of income of funds are fully exploited
and appropriate claims made;
 ensuring income of funds are correctly applied in accordance with the
terms of the grant or loan;
 Comprehensive records of applications made and follow-up procedures
for those not discharged.
Branches
 Any branch, office or individual representative of the charity should-
make regular reports or returns to the charity, and checks should be
made to ensure that all these are received;
 Any reports of misuse of the 'charity's name should be promptly
investigated;
 Wherever the trustees of the charity have direct control over the
branches, internal
controls should be of equivalent standard to that of the main charity;
 Consideration of an accounts manual and the standardization of
procedures-at all branches;
 Proper acknowledgements of remittances to and from abroad.
Fixed assets and depreciations,

 a register of fixed assets maintained including donated assets;
 assets vested in the Official Custodian, where appropriate;
 donated assets recorded at approximate market value, where appropriate;
 Depreciation calculated and recorded as for commercial enterprise,
where the accounting policy requires.
Specific funds:
 separate revenue and assets accounts;
 terms controlling application of fund monies:
 applications of fund monies
Grants beneficiaries:
 records maintained of all requests for material grants received and their
treatments;
 checks made of the bona fides of applicants for substantial grants, and
that amounts paid are intra vires;
 minutes maintained of all grants committee meetings with record of
decisions made;
UEW/IEDE 145
 adequate documentation given to committee for them to base their

decision on the accurate facts.
Bank records
In small charities the following controls will have particular significance:
 prompt banking of receipts:
 independent agreement of banking records to receipts records;
 regular bank reconciliations;
 scrutiny of returned cheques for unusual or frequent endorsements;
adequate arrangements for bank signatories.
Review of financial statements

The auditor must consider carefully whether the accounting policies adopted
are appropriate to the activities, constitution and objectives of the charity,
and are consistently applied, and whether the financial statements
adequately disclose these policies and fairly present the state of affairs and
the results for the accounting period.
In particular the auditor should consider the basis of:

 disclosing income from fund-raising activities (eg. net or gross);
 accounting for income and expenses (accruals or cash);
 the capitalizing of expenditure on fixed assets;
 apportioning administrative expenditure;
 recognising income from donations and legacies;
 treating exceptional and extraordinary items.
In determining whether the financial statements comply with all relevant

statutory requirements and other regulations, it is necessary to take account
of the legal framework within which a particular charity operates.
In determining whether proper disclosures have been made, the auditor

should consider the presentation of:
 special or irregular income or expenditure:
 specific funds;
 net surplus/deficit for the period;
 allocation of funds;
 movements on particular funds;
 statement of cash flow
 realised and unrealised surplus/deficits on disposal or revaluation of
assets;
 branch accounts;
 detail analysis of income and expenses.
Charities without significant endowments or accumulated funds will often

be dependent upon future income from voluntary sources, in order to meet
the financial commitments arising from the continuation of their activities.
146 UEW/IEDE
In these circumstances, the review of the financial statements may lead the
auditor to question whether a going concern basis of accounting is
appropriate. He should therefore, in forming a conclusion on the matter, take
account of the amount of, trends in, income and expenditure since the
accounting date, any forecast and representations by management as to
future income and expenditure and (where relevant) the market value or the
charity's tangible assets.
Reporting
Form of report and address
The form of auditor's report and the persons to whom it will be addressed
will depend on the constitution of the particular charity concerned. Where
the auditor's report on the financial statements of a charity is registered
under the Companies Code, the provisions of the Code will apply and it will
be addressed to the members of appropriate governing body. The auditor’s
report on the financial statements of a charity registered under the Acts
relating to friendly and industrial and provident societies will be in another
form and addressed to the charity itself. In other cases, where charities are
not governed by statute, the auditor's report will be determined in
accordance with the terms of the auditor's appointment. For example, it may
be appropriate for the auditor to report only that the financial statements
have been prepared in compliance with regulations governing the charity's
operations.
If applicable, the auditor should identify in his report the statutory

provisions under which he has carried out his audit. Where appropriate he
should state that the accounts comply with the Companies Code, relevant
Acts relating to friendly and industrial and provident societies or the specific
applicable Act of Parliament. Where a charity is not incorporated under an
Act of Parliament, reference should normally be made to the trust deed or
other constitutional document of the charity under which the accounts' have
been produced.
Unqualified audit report expressed in 'true and fair' terms

'AUDITORS' REPORT TO (THE MEMBERS/TRUSTEES) OF…’
We have audited the financial statements on pages ..... to ..... in
accordance with approved auditing standards.
In our opinion the financial statements give a true and fair view of
the state of the charity's affairs at 31st December 201x .... and of its
surplus/deficit and cash flow statement for the year ended and
comply with (insert relevant statutory and/or constitutional
provisions)'.
Some constitutional documents impose on the auditor additional reporting

requirements, which must also be incorporated, for example, a positive
confirmation that proper books and records have been kept.
UEW/IEDE 147
Qualification ill audit reports

The basic criteria regarding qualifications in audit reports are the same in
charities as in other audits and thus the Auditing Standards, 'Qualifications
in Audit Reports' will be applicable, together with the related guidance in
the guideline, 'audit report Examples'.
A particular and frequent problem for many shall charities is the difficulty
of applying proper control over voluntary donations until they are entered in
the accounting records. This creates a problem for auditors similar to that
which exists in relation to many small businesses regarding evidence of
completeness of income. Where such a problem does exist, even after the
auditor has taken steps to obtain all the evidence which can reasonably be
obtained, he may conclude that he is unable to give an unqualified opinion
on the financial statements in respect of the completeness of income. In such
a case, provided that he has satisfied himself that the charity's operations,
and that he has no reason to believe that income has been omitted, an
example of a form of report which be used is as follows:
'AUDITORS' REPORT TO (THE MEMBERS/TRUSTEES) OF …’

We have audited the financial statements on pages.... to.... our audit was
conducted in accordance with approved auditing standards having regard to
the matters referred to in the following: paragraph.
This charity, in common with many others of similar size and organisation,
derives a substantial proportion of its income from voluntary donations
which cannot be fully controlled until they are entered in the accounting
records, and are not therefore susceptible to independent audit verification.
Subject to the foregoing, in our opinion the financial statements give a true
and fair view of the state of the charity's affairs at 31st December 201x and
of its surplus/deficit and cash flow statement for the year then ended and
comply with (insert relevant statutory and/or constitutional provision).'
It must also be emphasised that the above example is not automatically

appropriate for use in the audits of all charities, since in many, and
particularly in larger charities, there can, and should be, adequate internal
controls covering all significant types of income.
Trade Unions and Employers' Associations

Background
A Trade Union may be defined as: 'an organization (whether permanent or
temporary) which consists wholly or mainly of workers of one or more
descriptions and is an organization whose principal purposes include the
regulation of relations between workers of that description of those
descriptions and employers or employers' associations;
148 UEW/IEDE
Employers' association is defined as:

'An organization (whether permanent or temporary) which consists
wholly or mainly of employers or individual proprietors of one or more
descriptions and is an organization whose principal purposes include the
regulation of relations between employers of that description or those
descriptions and workers or trade unions.'
Accounting
It is required that every trade union (except one which consists wholly or
mainly of representatives of constituent or affiliated organizations) to:
 establish and maintain a satisfactory system of control of its accounting
records, its cash holdings and its receipts and remittances; and
 keep proper accounting records with respect to its transactions, assets
and liabilities.
These records must be as to give a true and fair view of the state of affairs of
the trade union and to explain its transactions.
The accounting records of the trade union should be maintained in such a

manner as to enable the revenue accounts to be produced. This would
involve the inclusion of members' contributions in arrears except where
after any necessary provision for contributions which are not considered to
be collectable, the amount is immaterial.
Auditor's duties and rights

Every trade union is required to appoint an auditor to audit the accounts
contained in its annual return. The auditor of a trade union should make a
report to the trade union on the accounts audited by him and contained in its
Annual Return. This report should state whether in the opinion of the
auditor those accounts give a true and fair view of the matters to which they
relate.
The auditor also has a duty to carry out such investigations as will enable
him to form an opinion on whether proper accounting records have been
kept, whether a satisfactory system of control over proper accounting
records have been kept, whether a satisfactory system of control over
transactions has been maintained and whether the accounts are in
agreements with the accounting records. If these statutory requirements
have not, in the auditor's opinion, been satisfied, or if he fails to obtain the
necessary information and explanations, he must state that fact in his report.
The auditor's rights are as follows:

 the right of access at all times to the accounting records of the trade
union, including those of branches dealt with in its annual return, and to
all other documents relating to its affairs;
UEW/IEDE 149
 the right to require from officers of the trade union, or of any of its
branches, such information and explanations as he considerers
necessary;
 the right to attend general meetings of members or of delegates of
members and to receive due notices of such meetings;
 the right to be heard at such meetings on any part of the business which
concerns him as auditor.
The trade union rules contain provision for the appointment and removal of
auditors and also prescribe both the scope of the audit and the terms of the
auditor's report on the accounts included in the annual return.
Auditing procedures
Planning
The auditor should send an engagement letter to the executive committee to
confirm his understanding of the terms of his appointment. The letter should
indicate that the auditor is required to state whether in his opinion the
accounts contained in the annual return give a true and fair view. It should
also indicate the matters which he is required to state in his report on the
annual financial statements. In most cases, these will include his opinion on
whether these statements give a true and fair view.
The engagement letter should deal with the treatment of branch funds within
the annual return and the annual financial statements and the extent to which
such branch funds are included within the scope of the audit in respect of
any activities where the connection with the rules or objects of the trade
union is in doubt.
The auditor will need to consider the extent to which it is necessary to visit
and examine the records maintained at branches. He will take into account
the manner in which head office exercises its responsibilities for control and
supervision over the accounting records maintained at branch level and
whether separate branch auditors are appointed.
Branch financial statements are frequently audited by individuals or firms

other than the auditors of the trade unions themselves. Such branch auditors
may be either professionally qualified or unqualified. The trade union
auditor, however, is responsible for reporting on the accounts contained in
the annual return and/or the annual financial statements prepared by the
trade union and, if these incorporate branch transactions, he should take this
matter into account when planning his audit. He will need to consider the
extent to which he can rely on other auditors.
Accounting systems
Members' contributions represent the largest source of income for most
trade unions. It will therefore be necessary for the auditor to obtain an
150 UEW/IEDE
understanding of the accounting system in respect of contributions. In order

to make an assessment of its adequacy he will have to consider its
completeness. This will involve him examining the methods for updating
membership and contribution records, the procedures for ensuring that all
contributions due (including those collected by employers) are properly
received and the arrangements for ensuring that all contributions are banked
promptly and intact. He should also examine the systems dealing with
arrears of contributions.
In particular, where there are delays between the date of collection and
remittance to the trade union, the auditor will need to satisfy himself as to
the appropriateness of the method of determining arrears and the
reasonableness of the figures produced.
Audit evidence
Particularly important sources of evidence in respect of a trade union are the
membership and contribution records. Normally, an examination of these
records, and the figures contained within them, will assist the auditor in
obtaining the assurance that he requires in respect of members' contribution
income for the trade union as a whole and for the separate funds.
Two other important sources of audit evidence are the rules and decisions
from minutes. The latter represents an important source because many
significant decisions affecting financial matters may be taken by conference
or delegated down to specific councils, committees or branches. Key areas
where the auditor will have to rely on are as follows:
 contributions (including political fund contributions) and entrance fees;
fines and special levies receivable;
 benefits payable;
 travel, subsistence and attendance payment and allowances;
 dispute payments and receipts.
Internal controls
The auditing guideline on internal controls has particular relevance to the
audit of trade union. This is because of the specific requirement on most
trade unions to establish and maintain satisfactory systems of control over
their accounting records, their cash holdings, receipts and remittances; the
duties of auditors reporting on accounts contained in annual returns to carry
out investigations into and, where necessary, to report on such systems.
Large trade unions should have the internal controls appropriate to any large
enterprise, and the auditor should look for and encourage such a trade union
to implement normal internal controls and reporting systems in keeping with
the scale of operations.
Small unions and branches, even those of large trade unions, will generally
suffer from internal control weaknesses common to small enterprises, such
UEW/IEDE 151
as lack of segregation of duties and use of unqualified or part-time staff.

Shortcomings may possibly arise in the implementation of formal
procedures from the staff's lack of training, particularly if they are
volunteers. Adequate control may often be available by means of increased
review and authorization procedures by committee members or other
officials of the trade union.
Some indications of the internal controls which might be present in most

trade unions are given below.
Financial organization
 Preparation and appraisal of budgets
 Comparison of actual performance against budgets
 Monitoring in detail by specific committees or officers of expenditure
incurred.
Contributions (including political fund contributions) and entrance fees

Regular checks are required to ensure that the membership and contribution
records are being kept up-to-date. Ensuring that contributions and entrance
fees are collected at the appropriate rates Reconciliations between
contributions and entrance fees received and the membership and
contribution records Investigation of arrears by officials. Where possible,
these officials should not be responsible for collecting or handling
contributions or entrance fee monies Checks to ensure that any amounts
accounted for by branch officers or other persons collecting contributions
are in accordance with agreed rates and any deductions for collecting
commissions or locally incurred expenditure are properly controlled.
Fines and special levies receivable

Regular checks to ensure that fines and special levies receivable are
properly imposed and recorded, and are in accordance with agreed rates.
Benefits payable
 Regular checks to ensure that benefits payable are properly recorded
 Checks to ensure that applicants fulfil all conditions necessary before
receiving benefits.
Travel subsistence and attendance payments and allowances

 Regular checks to ensure that claims are bona fide.
 Ensuring that payments are made in accordance with agreed scale rates
 Checks to ensure that claims for loss of earnings are properly supported.
Separate funds
 Checks to ensure that income and expenditure, assets and liabilities and
numbers of members contributing are properly identified and recorded
in respect of each separate fund.
152 UEW/IEDE
Cash and bank

 Prompt banking of receipts
 Independent agreement of banking records to receipt records
 Regular bank reconciliations
 Adequate arrangements for bank signatories
 Periodic checking of petty cash by an independent official.
Investments
 Ensuring that investments are properly recorded
 Periodic checks to ensure that all investment income due is in fact
received
 Proper authorization of purchases and disposal of investments
 Regular checking of the register of investments with evidence of title.
Properties
 Ensuring all property transactions are properly authorized
 Ensuring that all properties are properly recorded and that all rental
income due is in fact received
Review of financial statements

It is essential that accounts contained in annual returns and annual financial
statements include a statement of the main accounting policies followed.
These will probably include:
 the basis for accounting for contribution income;
 the basis for inclusion of transactions, assets and liabilities of branches;
 the accounting bases adopted in connection with separate funds,
In addition to the accounting policies highlighted above, the auditor should

basis for apportioning administrative expenses and taxation between funds
In connection with the presentation and disclosure, the auditor should
consider whether:
 the treatment of transactions, assets and liabilities relating to the rules
and objects of the trade union, is appropriate;
 the treatment of branch funds is appropriate; there has been proper
disclosure of separate funds, there has been appropriate disclosure of the
allocation of the income expenditure between funds and of any transfers
between funds;
Reporting
The audit report on the accounts contained in the annual return is required to
be express: in 'true and fair' terms. The audit report should be dated and
indicate the year to which the annual return relates. It should identify the
trade union as the body on which the report is addressed and also identify
those pages or paragraphs of the annual return.
The auditor should also state expressly in his report whether:
UEW/IEDE 153
The accounts have been audited in accordance with approved auditing

Standards; in his opinion, the accounts give a true and fair view (or not) of
the state of the trade union's financial affairs, transactions, and where
applicable, cash flow statement.
The auditor must also state the fact in his report, where in his opinion:
 proper accounting records have been or have not been maintained;
 a satisfactory or unsatisfactory system of control over its transactions
has (or has not) been maintained;
 the accounts are in or not in agreement with the accounting records; or
 he has not obtained the necessary information and explanation that he
requires.
In these circumstances the auditor should include in his report a separate

'explanatory' paragraph outlining the facts giving rise to qualification. The
following suggested wording would be appropriate where the report is
unqualified and the annual return covers both head office and all branches:
'AUDITORS REPORT TO THE ..... ON THE ACCOUNTS CONTAINED

IN ITS ANNUAL RETURN FOR THE YEAR ENDED ....’
We have audited the accounts set out on pages .... to .... of this return in
accordance with approved Auditing Standards.
In our opinion the accounts give a true and fair view of the state of the
financial affairs at 3 I December .... and of its transactions and cash flow
statement for the year then ended.'
Failure to meet reporting deadlines may mean that information concerning

the financial affairs of certain branches is not received by head office. As a
result the trade union may include estimated figures in its annual return or
exclude the financial affairs of the branches concerned from its annual
return entirely. In these circumstances, the auditor should consider using
one of the following examples.
Qualified audit report. Uncertainty - subject to: inclusion of estimated

branch revenue.

IN ITS ANNUAL RETURN FOR THE YEAR ENDED…’
We have audited the accounts set out on pages ………….to ...of this return
in accordance with approved Auditing Standards.
As explained in note .... certain financial information relating to the affairs

of a number of branches has not been received and accordingly revenue
expenditure
154 UEW/IEDE
totaling ¢… in respect of (type of expenditure) has been estimated.
Subject to any adjustments that may be required when the actual amount of
revenue expenditure referred to above is known, in our opinion the accounts
give a true and fair view of Qualified audit report. Disagreement - except:
omission of branch financial affairs.

IN ITS ANNUAL RETURN FOR THE YEAR ENDED ....’
We have audited the accounts set out on pages .... to .... of this
return. Our audit was conducted in accordance with approved
Auditing Standards except that the scope of our work was limited by
the matter referred to below.
As explained in..... certain financial information relating to the affair

of a number of branches has not been received and nothing has been
included in the accounts in respect thereof. In these circumstances
we were unable to carry out all the auditing procedures, or to obtain
all the information and explanations we considered necessary.
Except for the effects of the adjustments which would have been
shown to be necessary has the information indicated in the paragraph
above been received, in our opinion the accounts give a true and fair
view of '
The terms of the audit will depend on the requirements set out in the trade
union rules as confirmed in the engagement letter. In most cases, however,
the audit report will be required to be in true and fair terms.
 The auditor should send an engagement letter to the executive

committee of charities or non-profit organisation to confirm his
understanding of the terms of his appointment.
 Small charities will generally suffer from internal control weaknesses
common to small enterprises, such as lack of segregation of duties and
use of unqualified staff.
 Every trade union is required to appoint an auditor to audit the accounts
contained in its annual return.
 Members' contributions represent the largest source of income for most
trade unions. It will therefore be necessary for the auditor to obtain an
understanding of the accounting system in respect of contributions.
Review Questions
 What are the key audit areas peculiar to charities?
 List 10 indications of an effective internal controls system in Trade
Unions
UEW/IEDE 155
 Identify two source of income for most trade unions
156 UEW/IEDE
AUDITING AND
This page was left blank for yourunions
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 157
GROUP ACCOUNTS AUDIT
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
4
Unit 3, section 4: Group accounts audit
Welcome to this engaging area. Group accounts are made up of parent

company's accounts and the consolidated accounts of the parent company
and the subsidiary companies. You will be introduced to International
Standard on Auditing (ISA) 600 which provides for “Special
Considerations—Audits of Group Financial Statements (Including the Work
of Component Auditors)”.
By the end of this session, students will understand:

 engagement of Principal Auditor
 consideration for Planning and Control of Group Audit
 reliance by the Principal Auditor on the Work of Other Auditor
Acceptance of Engagement as Principal Auditor

The auditor of the parent company known as the primary auditor or
principal auditor is solely responsible for the opinion expressed on the group
accounts. In particular, the primary auditor must form an opinion as to the
independence and competence of any secondary auditor and quality of their
audit.
The principal auditor should consider whether his own participation is

sufficient to enable him to act as the principal auditor. For this purpose the
principal auditor would consider:
 The materiality of the portion of the financial statements which the
principal auditor audits.
 The principal auditor's agreement of knowledge regarding the business
of the components.
 The risk of material misstatements in the financial statements of the
component audited by the other auditor.
 The performance of additional procedure resulting in the principal
auditor having significant participation in such audit.
The objectives of the auditor are:

 To determine whether to act as the auditor of the group financial
statements; and
 If acting as the auditor of the group financial statements:
 To communicate clearly with component auditors about the scope
and timing of their work on financial information related to
components and their findings; and
 To obtain sufficient appropriate audit evidence regarding the
financial information of the components and the consolidation
process to express an opinion on whether the group financial
statements are prepared, in all material respects, in accordance with
the applicable financial reporting framework.
158 UEW/IEDE
AUDITING AND
Unit 3, section 4: Group accounts audit INVESTIGATION
Special Consideration for Planning and Control of Group Audit

The principal auditors are required to report to the members of the holding
company on the accounts examined by them including the group accounts as
prepared in accordance with company legislation. The auditors'
responsibility for the group accounts is exactly the same as their
responsibility for the accounts of an individual company, which they audit.
The audit report will cover the relevant information for the individual
holding company, (the company) accounts and the group accounts. At the
planning stages the holding company auditor will need to consider the
following:
 The client's procedures for preparing the group's financial statements
including;
 The client's group accounting instructions.
 Liaison with other auditors of subsidiaries and associated companies.
 Anticipating problem areas: for example, certain overseas
subsidiaries.
Planning
Communication between the principal and subsidiary auditors is necessary
in the planning phases in order to resolve matters such as the following:
 Evidence required by the principal auditor for the purposes of verifying
consolidation adjustments such as profits on inter-company stocks.
 Differences in accounting policies and the need for information to
enable the subsidiaries account to be brought into line with group
policies on consolidation. This may be particularly important for foreign
subsidiaries where reporting requirements differ from those acceptable
in the country of the parent company.
 Additional audit procedures for foreign subsidiaries where local auditing
standards differ from those of the parent company.
 Additional audit procedures in situations where audit materiality and
audit risk at the group levels are potentially greater than those pertaining
to the subsidiary. For example, the extent of a contingent liability on the
group as a whole may only be apparent when the cumulative effect of
guarantees given by each subsidiary is considered.
 Anticipated problems based on past experience and a review of up-to-
date information, such as management accounts.
 Overall Audit Strategy and Audit Plan in accordance with ISA 300
requires that the group engagement team shall establish an overall group
audit strategy and shall develop a group audit plan. The group
engagement partner shall review the overall group audit strategy and
group audit plan
Reliance by the Principal Auditor on the Work of Other Auditor

The main matters that the principal auditors would consider before relying
on the accounts audited by other auditors include:
UEW/IEDE 159
AUDITING AND
INVESTIGATION Unit 3, section 4: Group accounts audit
 Obtaining information regarding the professional competence of the

other auditor in the context of the specific assignment undertaken by the
other auditor.
 The independence of the other auditor. Advising the other auditor of the
independence requirements applicable to both the entity and the
component and obtaining representations as to his compliance with
them.
 Advising the other auditor of the use to be made of his work and report.
The principal auditor should inform the other auditor of other matters
such as areas requiring special consideration, procedures for the
identification of inter-company transactions that may require disclosure
and timetable for completion of the audit. He should therefore make
sufficient arrangements for the co-ordination of their efforts at the
planning stage of his audit.
 Advising the other auditor of the applicable accounting, auditing and
other reporting requirements and obtaining representation as to
compliance with them.
 ACCOUNTING POLICIES. Ensuring that there are uniform accounting
policies throughout the group and if not what adjustments will be
required to bring all the account to the same footing.
 SCOPE OF THE WORK OF THE OTHER AUDITORS. The principal
auditor must consider:
 whether all material aspects of the underlying accounts have been
subjected to audit examination.
 whether there are any reasons why they cannot rely on the work of
the other auditor(s). The auditor should consider any modification in
the other auditor's report when drafting their own report.
 MATERIALITY. The principal auditor must consider the materiality
of the accounts involved when deciding the extent of their enquiries.
 QUALITY OF WORK. The principal auditor must obtain
satisfactory evidence that the work of the other auditor is adequate.
 Considering the significant audit findings of the other auditor.
 Performing procedures to obtain reasonable assurance that the work
performed by the other auditor is adequate for the principal auditor's
purpose. For example the principal auditor might discuss with the other
auditor(s) the audit procedures applied or review a written summary of
the other auditor's procedures and findings (this may be in the form of a
completed questionnaire or check list) or review sufficient working
papers of the other auditors.
 PERFORM FURTHER TEST. The principal auditor may decide that

supplementary tests of the records on the financial statements of the
components are necessary. He may request the other auditor to perform
the tests or alternatively, he may request permission to perform them
himself or together with the other auditor.
160 UEW/IEDE
AUDITING AND
Audit Procedures Relevant to the Consolidation

 Agreeing the transposition of component information to consolidation
schedules.
 Checking that consolidation adjustments and classification of items are
appropriate and consistent among the group and with previous years.
 Verifying work on acquisition and disposals.
 Checking fair values of assets by reference to valuers' reports.
 Checking the calculation of goodwill by reference to proportion of
net assets acquired, compared to the consideration on the date of
acquisition. Carry out impairment review to determine whether the
goodwill is beneficial to the entity.
 Agreeing sales proceed and purchase consideration transactions to
underlying documentation and records.
 Determining in respect of acquisitions and disposals that the correct
proportion of net assets have been brought on or taken out for the
purpose of deterring goodwill and profits on disposal by reference to
the dates of acquisition/disposal.
 Verify current year consolidation adjustments:
 Reconcile inter-company sales and purchases.
 Check calculation of unrealized profit by reference to terms of trade.
 Determining the current proportion of sales has been included by
reference to acquisition! disposal dates of subsidiaries acquired and
disposed of during the year.
 Reconciling inter-company balances and obtaining letters of
confirmation.
 Determining minority interest by reference to number of shares held,
net assets and profits.
 Verifying the mathematical accuracy of consolidation workings:
 Review/Revise for compliance with legislation and accounting
standards.
 Consider whether group accounts show a true and fair view.
Audit of Inter-company Balances

Inter-company balances arise from trading transactions between group
companies, from loans and from other transactions such as management
charges, transfer of fixed assets etc.
Audit Procedures
 Ascertain the group'sprocedures for accounting for and reconciling such
balances.
 Ascertaining the procedure for reconciling and eliminating such
balances on consolidations.
 If the procedures are satisfactory and the amounts involved are not
material check that:
 the balances on the consolidation worksheets are in agreement with
the audited accounts of each company, and
UEW/IEDE 161
AUDITING AND
 inter-company balances are in agreement with each other, or

 the consolidation worksheets provide a reconciliation showing cause
of differences, that the correct adjustments have been made on
consolidation, and the amounts involved are small.
 If the amounts involved are material either in terms of the balances

outstanding or value of transactions or there are significant differences
on reconciliation:
 Request a detailed statement of outstanding items on each company's
account.
 Consider the need to request secondary auditors to verify their
clients statements. (if this is a regular problem consider requesting
secondary auditor to obtain, verify and supply such statements in
instructions issued at the time of planning).
 Verify the company's reconciliation against these statements
(reconciling items will be those on one company's account with
another but not appearing on that other company's account and may
be due to such matters as goods or cash in transit errors, disputes
etc.).
 Check that the adjustment on consolidation worksheet is consistent
with reconciliation and correctly eliminates such balances.
Audit of Inter-Company Profits

Audit of inter-company profits involves obtaining information on quantity
of stocks held, the amount at which they are recorded in the accounts of the
purchasing company and the amount debited to cost of goods sold by the
selling company. Parent company management should institute procedures
to determine such goods supplied by other group companies at stock taking
or from perpetual stock records. Cognizance should also be taken of
components incorporated into work-in-progress and manufactured goods.
The original cost to the group could be determined from the supplying
company's records and the supplying company's profit margin on inter-
company transactions ascertained. Companies holding such stocks should be
required to advise parent company management and companies, supplying
stocks to others should be required to advise their profit margins on such
sales. The appropriate inter-company profit may be calculated and
eliminated on consolidation.
Audit Procedures
 Identify and determine the appropriateness of procedures adopted by the
parent company for identifying inter-company profits in stock.
 Request the auditors of other group companies to verify:
 the schedule of inter-company stock as supplied to the parent
company and indicating whether the carrying value of that stock is
other than at purchase cost.
162 UEW/IEDE
AUDITING AND
 Details of profit margins on goods supplied to other group

companies as supplied to the
parent company.
 Check the calculation of inter-company profit in stocks and verify that
it is properly eliminated on the consolidation worksheets.
 Examine invoices from other group companies to identify the types of
purchases from those companies and see that those goods are included in
the list.
 Inquire into any significant differences in the amounts of such stocks or
in profit margins compared to previous years.
Parent Company First Reliance on the Work of Other Auditors

Auditors Procedures
 On appointment as auditor of a parent company, whenever the auditor of
a subsidiary changes or on the acquisition of a new subsidiary the
principal auditor should:
 Enquire into the other auditors' reputation and professional standing.
 Write to the other auditor (with due clearance from management)
explaining reliance on his work.
 Ask the other auditor to complete a questionnaire to provide
information on the other firm's quality control procedures.
 Evaluate the results to the enquiries and the questionnaire and
consider the extent to which it might be necessary to perform
additional procedures each year such as reviewing the working
papers of the other auditor(s).
 Issue each auditor with questionnaire during the planning stage of the
audit, identifying the major audit procedures expected to be carried out,
such as attendance at stocktaking and review of post balance sheet date
events and ask the other auditors to confirm that the procedures have
been complied with.
 Ask management for copies of all management letters sent by the other
auditors and all letters of representations issued to them.
 Review the working papers of a number of the other auditors, the criteria
for selection being based on:
 materiality of the subsidiary to the group;
 doubts as to the reputation or quality control procedures of the other
auditors, questionnaires indicating that not all auditing procedures
had been completed;
 management letters or letters of representation indicating serious
control weaknesses or other problems;
 qualification in the other auditor's report.
 Request the other auditors to perform additional procedures or re-
perform certain auditing procedures by self if there are doubts as to the
satisfactory nature of work performed by other auditors.
 Consider the need for a qualification in the audit report on the group
accounts on the grounds of a scope limitation if the doubts remain.
UEW/IEDE 163
AUDITING AND
Further Considerations in Audit of Group Accounts

In the audit of group accounts the auditor also needs to consider the
following:
Accounting Policies
In order for the group accounts to give a true and fair view they should be
prepared using consistent accounting policies. It is therefore necessary for
all the group companies to adopt uniform accounting policies wherever
practicable. There may be situations where the adoption of uniform
accounting policies by all group companies is not always possible. Some
subsidiaries may follow different accounting policies because of local
accounting requirements.
In such cases the following procedures should be implemented for the

purpose of preparing the consolidated accounts.
 Appropriate consolidation adjustments should be made, purely for the
purposes of preparing the group accounts. No comments will be needed
in the group accounts since the group accounts give a true and fair view.
 In cases where consolidation adjustments will be impracticable or
undesirable the following should be disclosed.
 the different accounting policies followed,
 an indication of the amounts of assets and liabilities involved,
 if possible, some indication of the effect on group profits and assets
of using those different policies,
 the reasons for the different treatment.
Consolidation Adjustments
Certain types of adjustments are required purely for the purpose of
preparing the group accounts referred to as consolidation adjustments. These
include:
 adjustments required because certain subsidiary companies have based
their financial statements on accounting policies different from those of
the rest of the group.
 Adjustments for unrealized inter-company profits on transfer of stocks
and fixed assets
 Adjustments for inter-company management charges.
 Adjustments for in-transit items.
The group auditor must make sure that he obtains the necessary information
to ensure that all such adjustments are reflected in the group accounts.
Accounting Periods
Section 127 (10) of the Companies Code 1963, Act 179 requires that "a
holding company's directors shall secure that, except where in their opinion
there are good reasons against it in which case their reasons shall be
164 UEW/IEDE
AUDITING AND
indicated in a note on the company's accounts, the financial year of each of

its subsidiaries shall coincide with the company's own financial year, and
the group accounts shall deal with the affairs of the holding company and
the subsidiaries for the same financial year."
"If the financial year of a subsidiary does not coincide with that of the
holding company the group accounts shall, unless the Registrar shall
otherwise direct, deal with the subsidiary's profit or loss for, and the state of
affairs as at the end of, its financial year ending last before that of the
holding company."
Particular care should be taken in the case of group companies where there
are significant trading relationships between them. Their financial
statements should relate to the same periods and be made up to the same
date. If they were not, it is difficult to see how the group accounts could
give a true and fair view unless all significant transactions were adjusted.
Window-arresting between group companies could distort the view given by
the group accounts.
Loss-making Subsidiaries
The auditor may need to consider the following aspects:
 If a subsidiary company continues to make losses, the directors may
consider there has been a permanent fall in value of the holding
company's investment. This could involve:
 writing down the cost of the investment in the subsidiary to below
cost in the separate accounts of the holding company; and
 writing down goodwill on consolidation, through the consolidated
profit and loss account in the group accounts.
If a subsidiary company is making losses on such a scale that it is almost

insolvent, the holding company may well be guaranteeing loans, overdrafts
and normal trade credit. If the policy of the holding company is to continue
to support rather than abandon the subsidiary, the subsidiary is likely to be
included within the consolidation.
The auditor will need to examine the extent of support by the holding
company, the subsidiary cash flow projections and the extent of disclosure
of guarantees in the group financial statements.
Restrictions on Distributions
There may be significant restrictions on the ability of the holding company
to distribute group retained profits because of statutory, contractual or
exchange control restrictions. There may be variety of restrictions, some of
which may be relatively short-term in nature. These may include:
 Profits which have been appropriated to statutory reserves because of
legal requirement in a particular country.
UEW/IEDE 165
AUDITING AND
 Profits capitalized by a subsidiary company.

 Post-acquisition profits of a subsidiary company applied against its pre-
acquisition losses.
 Local exchange control restrictions.
 Exchange control restrictions preventing distribution of prior-year
retained profits. Points (a) (b) and (c) are likely to be permanent,
whereas (d) and (e) may be temporary in nature.
The auditor must ensure that the company's disclosure is consistent with a
true and fair view.
Foreign Subsidiaries
The problems of auditing a foreign subsidiary include the following:
 The geographical location of the subsidiary. If the auditing firm has an
office in the country in which the subsidiary operates, then the audit
client will probably choose the holding company's auditor as the auditor
of the subsidiary company. However, this may not be the case if the
holding company auditor does not have such a representation.
That subsidiary will require an audit to be carried out on it as separate entity

complying with the audit requirement in that company; an auditor based in
that country is likely to be in a better position to carry out the required audit.
 Consolidation of the subsidiary company into the group accounts. In

addition to the normal problems of perhaps the subsidiary being audited
by another firm, the holding company auditor will need to consider the
following points:
 Whether the local audit is different in scope to audit in the parent
company in such an event, the holding company auditor may require
the local auditor to carry out further work.
 Whether different accounting policies are being used to comply with
local regulations.
 Language problems may arise in both examination of the financial
statements of the foreign subsidiary and in liaising with the local
auditor. Provision should be made to anticipate and solve this
problem.
 Translation of the amounts in the foreign currency financial
statements will be required.
 The primary auditor must be satisfied as to the adequacy of the work of

the auditor of a subsidiary (the secondary auditor) on which reliance is
intended to be placed.
 There may be significant restrictions on the ability of the holding
company to distribute group retained profits because of statutory,
contractual or exchange control restrictions.
 Certain types of adjustments are required purely for the purpose of
preparing the group accounts
166 UEW/IEDE
AUDITING AND
 Communication between the principal and subsidiary auditors is

necessary in the planning phases
Review Questions
 What is inter-company profit?
 Identify two special consideration for planning and control of group
audit
 What factors should be considered by the Principal Auditor in the
reliance on the work of other Auditor
UEW/IEDE 167
GOING CONCERN EVALUATIONS
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
5
Unit 3, section 5: Going concern evaluations
The going concern assumption is a fundamental principle in the preparation

of financial statements. The assessment of an entity’s ability to continue as a
going concern is the responsibility of the entity’s management. International
Standard on Auditing (ISA) 570, “Going Concern,” establishes the relevant
requirements and guidance with regard to the auditor’s consideration of the
appropriateness of management’s use of the going concern assumption and
auditor reporting.
When planning and performing audit procedures and in evaluating the

results thereof, the auditor should consider the appropriateness of
management’s use of the going concern assumption in the preparation of the
After reading through the section, the learner should be able to:
 identify factors that show that a business is facing going-concern
difficulty
 describe the audit evidence to be gathered in relation to going-concern
status of a business
 describe the auditing procedures required in assessing going concern
disclosures in financial statements
Introduction: Going Concern Assumption

Under the going concern assumption, an entity is viewed as continuing in
business for the foreseeable future. General purpose financial statements are
prepared on a going concern basis, unless management either intends to
liquidate the entity or to cease operations, or has no realistic alternative but
to do so.
Special purpose financial statements may or may not be prepared in

accordance with a financial reporting framework for which the going
concern basis is relevant (for example, the going concern basis is not
relevant for some financial statements prepared on a tax basis in particular
jurisdictions). When the use of the going concern assumption is appropriate,
assets and liabilities are recorded on the basis that the entity will be able to
realize its assets and discharge its liabilities in the normal course of
business.
Responsibility for Assessment of the Entity’s Ability to Continue

as a Going Concern
Some financial reporting frameworks contain an explicit requirement for
management to make a specific assessment of the entity’s ability to continue
as a going concern, and standards regarding matters to be considered and
disclosures to be made in connection with going concern. For example,
International Accounting Standard (IAS) 1 requires management to make an
assessment of an entity’s ability to continue as a going concern.
168 UEW/IEDE
AUDITING AND
Unit 3, section 5: Going concern evaluations INVESTIGATION
In other financial reporting frameworks, there may be no explicit

requirement for management to make a specific assessment of the entity’s
ability to continue as a going concern. Nevertheless, since the going concern
assumption is a fundamental principle in the preparation of financial
statements, the preparation of the financial statements requires management
to assess the entity’s ability to continue as a going concern even if the
financial reporting framework does not include an explicit requirement to do
so.
Management’s assessment of the entity’s ability to continue as a going

concern involves making a judgment, at a particular point in time, about
inherently uncertain future outcomes of events or conditions. The following
factors are relevant to that judgment:
 The degree of uncertainty associated with the outcome of an event. For
that reason, most financial reporting frameworks that require an explicit
management assessment specify the period for which management is
required to take into account all available information.
 The size and complexity of the entity, the nature and condition of its
business and the degree to which it is affected by external factors affect
the judgment regarding the outcome of events or conditions.
 Any judgment about the future is based on information available at the
time at which the judgment is made. Subsequent events may result in
outcomes that are inconsistent with judgments that were reasonable at
the time they were made.
Responsibilities of the Auditor

The auditor’s responsibility is to obtain sufficient appropriate audit
evidence about the appropriateness of management’s use of the going
concern assumption in the preparation of the financial statements and to
conclude whether there is a material uncertainty about the entity’s ability to
continue as a going concern.
However, the potential effects of inherent limitations on the auditor’s ability

to detect material misstatements are greater for future events or conditions
that may cause an entity to cease to continue as a going concern. The auditor
cannot predict such future events or conditions.
Accordingly, the absence of any reference to going concern uncertainty in

an auditor’s report cannot be viewed as a guarantee as to the entity’s ability
to continue as a going concern.
Required Risk Assessment Procedures and Related Activities

When performing risk assessment procedures, the auditor shall consider
whether there are events or conditions that may cast significant doubt on the
entity’s ability to continue as a going concern. In so doing, the auditor shall
UEW/IEDE 169
AUDITING AND
INVESTIGATION Unit 3, section 5: Going concern evaluations
determine whether management has already performed a preliminary

assessment of the entity’s ability to continue as a going concern, and:
 If such an assessment has been performed, the auditor shall discuss the
assessment with management and determine whether management has
identified events or conditions that, individually or collectively, may
cast significant doubt on the entity’s ability to continue as a going
concern and, if so, management’s plans to address them; or
 If such an assessment has not yet been performed, the auditor shall
discuss with management the basis for the intended use of the going
concern assumption, and inquire of management whether events or
conditions exist that, individually or collectively, may cast significant
doubt on the entity’s ability to continue as a going concern.
The auditor shall remain alert throughout the audit for audit evidence of
events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern.
Evaluating Management’s Assessment

The auditor shall evaluate management’s assessment of the entity’s ability
to continue as a going concern.
In evaluating management’s assessment of the entity’s ability to continue as

a going concern, the auditor shall cover the same period as that used by
management to make its assessment as required by the applicable financial
reporting framework, or by law or regulation if it specifies a longer period.
If management’s assessment of the entity’s ability to continue as a going
concern covers less than twelve months from the date of the financial
statements, the auditor shall request management to extend its assessment
period to at least twelve months from that date.
In evaluating management’s assessment, the auditor shall consider whether

management’s assessment includes all relevant information of which the
auditor is aware as a result of the audit.
Period beyond Management’s Assessment

The auditor shall inquire of management as to its knowledge of events or
conditions beyond the period of management’s assessment that may cast
significant doubt on the entity’s ability to continue as a going concern.
Additional Audit Procedures When Events or Conditions Are

Identified
If events or conditions have been identified that may cast significant doubt
on the entity’s ability to continue as a going concern, the auditor shall obtain
sufficient appropriate audit evidence to determine whether or not a material
uncertainty exists through performing additional audit procedures, including
consideration of mitigating factors. These procedures shall include:
170 UEW/IEDE
AUDITING AND
 Where management has not yet performed an assessment of the entity’s

ability to continue as a going concern, requesting management to make
its assessment.
 Evaluating management’s plans for future actions in relation to its going
concern assessment, whether the outcome of these plans is likely to
improve the situation and whether management’s plans are feasible in
the circumstances.
 Where the entity has prepared a cash flow forecast, and analysis of the
forecast is a significant factor in considering the future outcome of
events or conditions in the evaluation of management’s plans for future
action:
 Evaluating the reliability of the underlying data generated to prepare
the forecast; and
 Determining whether there is adequate support for the assumptions
underlying the forecast.
 Considering whether any additional facts or information have become
available since the date on which management made its assessment.
 Requesting written representations from management and, where
appropriate, those charged with governance, regarding their plans for
future action and the feasibility of these plans.
Audit Conclusions and Reporting

Based on the audit evidence obtained, the auditor shall conclude whether, in
the auditor’s judgment, a material uncertainty exists related to events or
conditions that, individually or collectively, may cast significant doubt on
the entity’s ability to continue as a going concern.
A material uncertainty exists when the magnitude of its potential impact and
likelihood of occurrence is such that, in the auditor’s judgment, appropriate
disclosure of the nature and implications of the uncertainty is necessary for:
 In the case of a fair presentation financial reporting framework, the fair
presentation of the financial statements, or
 In the case of a compliance framework, the financial statements not to
be misleading.
Use of Going Concern Assumption Appropriate but a Material

Uncertainty Exists
 If the auditor concludes that the use of the going concern assumption is
appropriate in the circumstances but a material uncertainty exists, the
auditor shall determine whether the financial statements:
 Adequately describe the principal events or conditions that may cast
significant doubt on the entity’s ability to continue as a going
concern and management’s plans to deal with these events or
conditions; and
 Disclose clearly that there is a material uncertainty related to events
or conditions that may cast significant doubt on the entity’s ability to
UEW/IEDE 171
AUDITING AND
continue as a going concern and, therefore, that it may be unable to

realize its assets and discharge its liabilities in the normal course of
business.
 If adequate disclosure is made in the financial statements, the auditor

shall express an unmodified opinion and include an Emphasis of Matter
paragraph in the auditor’s report to:
 Highlight the existence of a material uncertainty relating to the event
or condition that may cast significant doubt on the entity’s ability to
continue as a going concern; and
 Draw attention to the relevant note in the financial statements.
 If adequate disclosure is not made in the financial statements, the auditor

shall express a qualified opinion or adverse opinion, as appropriate, in
accordance with ISA 705. The auditor shall state in the auditor’s report
that there is a material uncertainty that may cast significant doubt about
the entity’s ability to continue as a going concern.
Use of Going Concern Assumption Inappropriate

If the financial statements have been prepared on a going concern basis but,
in the auditor’s judgment, management’s use of the going concern
assumption in the financial statements is inappropriate, the auditor shall
express an adverse opinion.
Management Unwilling to Make or Extend Its Assessment

If management is unwilling to make or extend its assessment when
requested to do so by the auditor, the auditor shall consider the implications
for the auditor’s report.
Communication with Those Charged with Governance

Unless all those charged with governance are involved in managing the
entity, the auditor shall communicate with those charged with governance
events or conditions identified that may cast significant doubt on the entity’s
ability to continue as a going concern. Such communication with those
charged with governance shall include the following:
 Whether the events or conditions constitute a material uncertainty;
 Whether the use of the going concern assumption is appropriate in the
preparation of the financial statements; and
 The adequacy of related disclosures in the financial statements.
Significant Delay in the Approval of Financial Statements

If there is significant delay in the approval of the financial statements by
management or those charged with governance after the date of the financial
statements, the auditor shall inquire as to the reasons for the delay. If the
auditor believes that the delay could be related to events or conditions
172 UEW/IEDE
AUDITING AND
relating to the going concern assessment, the auditor shall perform those
additional audit procedures necessary, as well as consider the effect on the
auditor’s conclusion regarding the existence of a material uncertainty,
Events or Conditions That May Cast Doubt about Going

Concern Assumption
The following are examples of events or conditions that, individually or
collectively, may cast significant doubt about the going concern assumption.
This listing is not all-inclusive nor does the existence of one or more of the
items always signify that a material uncertainty exists.
Financial
 Net liability or net current liability position.
 Fixed-term borrowings approaching maturity without realistic prospects
of renewal or repayment; or excessive reliance on short-term borrowings
to finance long-term assets.
 Indications of withdrawal of financial support by creditors.
 Negative operating cash flows indicated by historical or prospective
 Adverse key financial ratios.
 Substantial operating losses or significant deterioration in the value of
assets used to generate cash flows.
 Arrears or discontinuance of dividends.
 Inability to pay creditors on due dates.
 Inability to comply with the terms of loan agreements.
 Change from credit to cash-on-delivery transactions with suppliers.
 Inability to obtain financing for essential new product development or
other essential investments.
Operating
 Management intentions to liquidate the entity or to cease operations.
 Loss of key management without replacement.
 Loss of a major market, key customer(s), franchise, license, or principal
supplier(s).
 Labour difficulties.
 Shortages of important supplies.
 Emergence of a highly successful competitor.
Other
 Non-compliance with capital or other statutory requirements.
 Pending legal or regulatory proceedings against the entity that may, if
successful, result in claims that the entity is unlikely to be able to satisfy.
 Changes in law or regulation or government policy expected to
adversely affect the entity.
UEW/IEDE 173
AUDITING AND
 Uninsured or underinsured catastrophes when they occur.
The significance of such events or conditions often can be mitigated by

other factors. For example, the effect of an entity being unable to make its
normal debt repayments may be counter-balanced by management’s plans to
maintain adequate cash flows by alternative means, such as by disposing of
assets, rescheduling loan repayments, or obtaining additional capital.
Similarly, the loss of a principal supplier may be mitigated by the
availability of a suitable alternative source of supply.
Public Sector Perspective

The appropriateness of the use of the going concern assumption in the
preparation of the financial statements is generally not in question when
auditing either a central government or those public sector entities having
funding arrangements backed by a central government. However, where
such arrangements do not exist, or where central government funding of the
entity may be withdrawn and the existence of the entity may be at risk, the
going concern difficulties may be imputed. As governments corporatize and
privatize government entities, going concern issues will become
increasingly relevant to the public sector.
 The appropriateness of the use of the going concern assumption is a

matter for the auditor to consider on every audit engagement
 The extent of disclosures in the financial statements is driven by

management’s assessment of its ability to continue as a going concern,
coupled with the disclosure requirements of the applicable financial
reporting standard
Review Questions
 What is meant by the statement “These accounts have been prepared on
a going concern basis”?
 What procedures should auditors carry out in order to obtain an
assurance that a company is a going concern? (You may assume auditors
have no initial reasons to doubt the company’s ability to continue as a
going concern)
174 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 3, section
This page
5: Going
is left concern
blank forevaluations
your notes INVESTIGATION
INVESTIGATION
UEW/IEDE 175
AUDIT REPORTING TO MEMBERS – UNMODIFIED AUDIT
AUDITING AND
UNIT 3 SECTION
INVESTIGATION
6
Unit 3, section
REPORT 6: Audit reporting to members – Unmodified audit report
The purpose of this section is to establish standards and provide guidance

when the independent auditor’s report should be modified and the form and
the content of the modifications to the auditor’s report in those
circumstances. It also provides guidance on the matters the auditor considers
in forming an opinion on those financial statements. The section addresses
circumstances when the auditor is able to express an unqualified opinion
and no modification to the auditor’s report is necessary.
After reading through the chapter, the learner should be able to:
 describe the purpose, significance and content of audit report
 describe the forms of opinions an auditor can express on a financial
statement
The Auditor’s Report on Financial Statements

The auditor’s report should contain a clear expression of the auditor’s
opinion on the financial statements.
Unless required by law or regulation to use different wording, the auditor’s

opinion on a complete set of general purpose financial statements prepared
in accordance with a financial reporting framework that is designed to
achieve fair presentation state whether the financial statements give a true
and fair view or are presented fairly, in all material respects, in accordance
with the applicable financial reporting framework.
In some jurisdictions, law or regulation governing the audit of financial

statements may prescribe different wording for the auditor’s opinion.
Although the auditor may be obliged to use the prescribed wording, the
auditor’s responsibilities for forming the opinion remain the same.
The auditor should evaluate the conclusions drawn from the audit evidence
obtained as the basis for forming an opinion on the financial statements.
When forming an opinion on the financial statements, the auditor evaluates

whether, based on the audit evidence obtained, there is reasonable assurance
about whether the financial statements taken as a whole are free from
material misstatement. This involves concluding whether sufficient
appropriate audit evidence has been obtained to reduce to an acceptably low
level the risks of material misstatement of the financial statements6 and
evaluating the effects of uncorrected misstatements identified.
Forming an opinion as to whether the financial statements give a true and

fair view or are presented fairly, in all material respects, in accordance with
the applicable financial reporting framework involves evaluating whether
the financial statements have been prepared and presented in accordance
with the specific requirements of the applicable financial reporting
framework for particular classes of transactions, account balances and
176 UEW/IEDE
AUDITING AND
Unit 3, section 6: Audit reporting to members – Unmodified audit report INVESTIGATION
disclosures. This evaluation includes considering whether, in the context of

the applicable financial reporting framework:
 The accounting policies selected and applied are consistent with the
financial reporting framework and are appropriate in the circumstances;
 The accounting estimates made by management are reasonable in the

circumstances;
 The information presented in the financial statements, including

accounting policies, is relevant, reliable, comparable and
understandable; and
 The financial statements provide sufficient disclosures to enable users to

understand the effect of material transactions and events on the
information conveyed in the financial statements, for example, in the
case of financial statements prepared in accordance with International
Financial Reporting Standards (IFRSs), the entity’s financial position,
financial performance and cash flows.
Elements Of The Auditor’s Report

The following are the elements of the auditor’s report:
 Title;
 Addressee;
 Introductory paragraph;
 Management’s responsibility for the financial statements;
 Auditor’s responsibility;
 Auditor’s opinion;
 Other reporting responsibilities;
 Auditor’s signature;
 Date of the auditor’s report; and
 Auditor’s address.
Auditor’s Report
The auditor’s report should be in writing. A written report encompasses
both reports issued in hard copy format and those using an electronic
medium.
The following is an illustration of the auditor’s report incorporating the

elements set forth above for an audit of financial statements prepared in
accordance with IFRSs expressing an unmodified opinion. In addition to the
audit of the financial statements, the illustration assumes that the auditor has
other reporting responsibilities required under local law. In rare
circumstances, law or regulation also identifies the point in the financial
statement reporting process at which the audit is expected to be complete.
UEW/IEDE 177
AUDITING AND
INVESTIGATION Unit 3, section 6: Audit reporting to members – Unmodified audit report
TO THE MEMBERS OF DNI COMPANY LIMITED LIMITED

REPORT ON THE FINANCIAL STATEMENTS
We have audited the accompanying financial statements of DNI Company

Limited set out on pages 5 to 32. These financial statements comprise the
statement of financial position as at 31 December 2013, the statement of
comprehensive income , statement of changes in equity and the statement of
cash flows for the year then ended and a summary of significant accounting
policies and other explanatory information.
Directors’ responsibility for the financial statements
The directors are responsible for the preparation of financial statements that
give a true and fair view in accordance with International Financial
Reporting Standards and with the requirements of the Companies Act, 1963
(Act 179) and for such internal control, as the directors determine is
necessary to enable the preparation of financial statements that are free from
material misstatements whether due to fraud and error.
Auditor’s responsibility
Our responsibility is to express an opinion on the financial statements based

on our audit. We conducted our audit in accordance with International
Standards on Auditing. Those standards require that we comply with ethical
requirements and plan and perform the audit to obtain reasonable assurance
about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the

amounts and disclosures in the financial statements. The procedures selected
depend on the auditor’s judgement, including the assessment of the risks of
material misstatement of the financial statements, whether due to fraud or
error. In making those risk assessments, the auditor considers internal
control relevant to the entity’s preparation of financial statements that give a
true and fair view in order to design audit procedures that are appropriate in
the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. An audit also includes
evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by the directors, as well as
evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and
appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the accompanying financial statements give a true and fair
view of the financial position of Meridian Port Services Limited as at 31
December 2013 and of its financial performance and its cash flows for the
178 UEW/IEDE
AUDITING AND
year then ended in accordance with International Financial Reporting

Standards and in the manner required by the Companies Act, 1963 (Act
179).
The Companies Act, 1963 (Act 179) requires that in carrying out our audit
we consider and report on the following matters. We confirm that:
we have obtained all the information and explanations which to the best of
our knowledge and belief were necessary for the purposes of our audit;
in our opinion proper books of account have been kept by the Company, so
far as appears from our examination of those books; and
the Company’s balance sheet (statement of financial position) and profit and
loss account ( part of statement of comprehensive income) are in agreement
with the books
Intelligent Auditors
XXXX April 2014
Modifications to the Independent Auditor’s Opinion

Forms of Opinion
An audit opinion is either modified or unmodified. There are various factors
that determine which form the opinion takes and we shall go through them.
Unmodified Opinion
This is also referred to as an unqualified opinion. In this form of opinion,
that auditor reports that the financial statements give a true and fair view.
The essential thing is there is nothing that has come to the auditor’s
attention which suggests that the accounts are materially misstated
Modified Opinion
This is simply any other opinion other than an unmodified opinion. It
comprises qualified opinion, adverse opinion and disclaimer of opinion.
Matters that Do Not Affect the Auditor’s Opinion

 Emphasis of matter
Matters that Do Affect the Auditor’s Opinion

 Qualified opinion,
 Disclaimer of opinion, or
 Adverse opinion.
Uniformity in the form and content of each type of modified report will
further the user’s understanding of such reports. Accordingly, this chapter
includes suggested wording of modifying phrases for use when issuing
modified reports.
UEW/IEDE 179
AUDITING AND
The principles relating to the circumstances when the auditor’s report needs
to be modified are, however, also applicable to reports on other
engagements related to the audit of historical financial information, such as
general purpose financial statements for entities of a different nature (for
example, a not-for-profit organization
Matters That Do Not Affect the Auditor’s Opinion

In certain circumstances, an auditor’s report may be modified by adding an
emphasis of matter paragraph to highlight a matter affecting the financial
statements which is included in a note to the financial statements that more
extensively discusses the matter. The addition of such an emphasis of matter
paragraph does not affect the auditor’s opinion. The paragraph would
preferably be included after the paragraph containing the auditor’s opinion
but before the section on any other reporting responsibilities, if any. The
emphasis of matter paragraph would ordinarily refer to the fact that the
auditor’s opinion is not qualified in this respect.
The auditor should modify the auditor’s report by adding a paragraph to

highlight a material matter regarding a going concern problem.
The auditor should consider modifying the auditor’s report by adding a

paragraph if there is a significant uncertainty (other than a going concern
problem), the resolution of which is dependent upon future events and
which may affect the financial statements. An uncertainty is a matter whose
outcome depends on future actions or events not under the direct control of
the entity but that may affect the financial statements.
An illustration of an emphasis of matter paragraph for a significant

uncertainty in an auditor’s report follows:
Without qualifying our opinion we draw attention to Note X to the financial

statements. The Company is the defendant in a lawsuit alleging infringement
of certain patent rights and claiming royalties and punitive damages. The
Company has filed a counter action, and preliminary hearings and
discovery proceedings on both actions are in progress. The ultimate
outcome of the matter cannot presently be determined, and no provision for
any liability that may result has been made in the financial statements.
The addition of a paragraph emphasizing a going concern problem or

significant uncertainty is ordinarily adequate to meet the auditor’s reporting
responsibilities regarding such matters. However, in extreme cases, such as
situations involving multiple uncertainties that are significant to the
financial statements, the auditor may consider it appropriate to express a
disclaimer of opinion instead of adding an emphasis of matter paragraph.
In addition to the use of an emphasis of matter paragraph for matters that

affect the financial statements, the auditor may also modify the auditor’s
180 UEW/IEDE
AUDITING AND
report by using an emphasis of matter paragraph, preferably after the

paragraph containing the auditor’s opinion but before the section on any
other reporting responsibilities, if any, to report on matters other than those
affecting the financial statements. For example, if an amendment to other
information in a document containing audited financial statements is
necessary and the entity refuses to make the amendment, the auditor would
consider including in the auditor’s report an emphasis of matter paragraph
describing the material inconsistency.
Circumstances When a Modification to the Auditor’s Opinion Is Required

The auditor shall modify the opinion in the auditor’s report when:
 The auditor concludes that, based on the audit evidence obtained, the
financial statements as a whole are not free from material misstatement
(disagreement with management).
 The auditor is unable to obtain sufficient appropriate audit evidence to

conclude that the financial statements as a whole are free from material
misstatement (limitation on scope)
Matters That Do Affect the Auditor’s Opinion

An auditor may not be able to express an unqualified opinion when either of
the following circumstances exists and, in the auditor’s judgment, the effect
of the matter is or may be material to the financial statements:
 There is a limitation on the scope of the auditor’s work; or

 There is a disagreement with management regarding the acceptability of
the accounting policies selected, the method of their application or the
adequacy of financial statement disclosures.
The circumstances described in (a) could lead to a qualified opinion or a

disclaimer of opinion.
The circumstances described in (b) could lead to a qualified opinion or an
adverse opinion.
A qualified opinion should be expressed when the auditor concludes that an

unqualified opinion cannot be expressed but that the effect of any
disagreement with management, or limitation on scope is not so material
and pervasive as to require an adverse opinion or a disclaimer of opinion. A
qualified opinion should be expressed as being ‘except for’ the effects of the
matter to which the qualification relates.
A disclaimer of opinion should be expressed when the possible effect of a

limitation on scope is so material and pervasive that the auditor has not been
able to obtain sufficient appropriate audit evidence and accordingly is
unable to express an opinion on the financial statements.
UEW/IEDE 181
AUDITING AND
An adverse opinion should be expressed when the effect of a disagreement

is so material and pervasive to the financial statements that the auditor
concludes that a qualification of the report is not adequate to disclose the
misleading or incomplete nature of the financial statements.
Whenever the auditor expresses an opinion that is other than unqualified, a

clear description of all the substantive reasons should be included in the
report and, unless impracticable, a quantification of the possible effect(s) on
the financial statements. Ordinarily, this information would be set out in a
separate paragraph preceding the opinion or disclaimer of opinion on the
financial statements and may include a reference to a more extensive
discussion, if any, in a note to the financial statements.
Circumstances That May Result In Other Than an Unqualified

Opinion
Limitation on Scope
A limitation on the scope of the auditor’s work may sometimes be imposed
by the entity (for example, when the terms of the engagement specify that
the auditor will not carry out an audit procedure that the auditor believes is
necessary). However, when the limitation in the terms of a proposed
engagement is such that the auditor believes the need to express a disclaimer
of opinion exists, the auditor would ordinarily not accept such a limited
engagement as an audit engagement, unless required by statute. Also, a
statutory auditor would not accept such an audit engagement when the
limitation infringes on the auditor’s statutory duties.
A scope limitation may be imposed by circumstances (for example, when

the timing of the auditor’s appointment is such that the auditor is unable to
observe the counting of physical inventories). It may also arise when, in the
opinion of the auditor, the entity’s accounting records are inadequate or
when the auditor is unable to carry out an audit procedure believed to be
desirable. In these circumstances, the auditor would attempt to carry out
reasonable alternative procedures to obtain sufficient appropriate audit
evidence to support an unqualified opinion.
When there is a limitation on the scope of the auditor’s work that requires
expression of a qualified opinion or a disclaimer of opinion, the auditor’s
report should describe the limitation and indicate the possible adjustments to
the financial statements that might have been determined to be necessary
had the limitation not existed.
Illustrations of these matters are set out below.
Limitation on Scope. Qualified Opinion

We did not observe the counting of the physical inventories as of December
31, 20X1, since that date was prior to the time we were initially engaged as
182 UEW/IEDE
AUDITING AND
auditors for the company. Owing to the nature of the Company’s records,
we were unable to satisfy ourselves as to inventory quantities by other audit
procedures.
Opinion
In our opinion, except for the effects of such adjustments, if any, as might
have been determined to be necessary had we been able to satisfy ourselves
as to physical inventory quantities, the financial statements give a true and
fair view of (or present fairly, in all material respects,) the financial position
of ABC Company as of December 31, 20X1, and of its financial
performance and its cash flows for the year then ended in accordance with
International Financial Reporting Standards.
Limitation on Scope
Disclaimer of Opinion
Report on the Financial Statement
(Omit the sentence stating the responsibility of the auditor.)
(The paragraph discussing the scope of the audit would either be omitted or
amended according to the circumstances.)
(Add a paragraph discussing the scope limitation as follows:

We were not able to observe all physical inventories and confirm accounts
receivable due to limitations placed on the scope of our work by the
Company.) Because of the significance of the matters discussed in the
preceding paragraph, we do not express an opinion on the financial
statements.’
Report on Other Legal and Regulatory Requirements

[Form and content of this section of the auditor’s report will vary depending
on the nature of the auditor’s other reporting responsibilities.]
Disagreement with Management

The auditor may disagree with management about matters such as the
acceptability of accounting policies selected, the method of their
application, or the adequacy of disclosures in the financial statements. If
such disagreements are material to the financial statements, the auditor
should express a qualified or an adverse opinion.
Illustrations of these matters are set out below:

6.4.2.1 Disagreement on Accounting Policies: Inappropriate Accounting
Method.
Qualified Opinion
UEW/IEDE 183
AUDITING AND
Basis of Opinion
As discussed in Note X to the financial statements, no depreciation has been
provided in the financial statements which practice, in our opinion, is not in
accordance with International Financial Reporting Standards. The provision
for the year ended December 31, 20X1, should be xxx based on the straight-
line method of depreciation using annual rates of 5% for the building and
20% for the equipment.
Accordingly, the fixed assets should be reduced by accumulated
depreciation of xxx and the loss for the year and accumulated deficit should
be increased by xxx and xxx, respectively.
Opinion
In our opinion, except for the effect on the financial statements of the matter
referred to in the preceding paragraph, the financial statements give a true
and fair view of (or present fairly, in all material respects,) the financial
position of ABC Company as of December 31, 20X1, and of its financial
Disagreement on Accounting Policies: Inadequate Disclosure:

Qualified Opinion
Basis of Opinion
On January 15, 20X2, the Company issued debentures in the amount of xxx
for the purpose of financing plant expansion. The debenture agreement
restricts the payment of future cash dividends to earnings after December
31, 20x2. In our opinion, disclosure of this information is required by ...
Opinion
In our opinion, except for the omission of the information included in the
preceding paragraph, the financial statements give a true and fair view of (or
present fairly, in all material respects,) the financial position of ABC
Company as of December 31, 20X1, and of its financial performance and its
cash flows for the year then ended in accordance with International
Financial Reporting Standards.
Disagreement on Accounting Policies: Inadequate Disclosure:

Adverse Opinion
Basis of Disagreement
(Paragraph(s) discussing the disagreement.)
Opinion
In our opinion, because of the effects of the matters discussed in the
preceding paragraph(s), the financial statements do not give a true and fair
184 UEW/IEDE
AUDITING AND
view of (or do not present fairly, in all material respects,) the financial
position of ABC Company as of December 20, 19X1, and of its financial
Summary of Modified Opinions
Auditor’s Judgment about the Pervasiveness of the

Effects or Possible Effects on the Financial
Statements
Material and Material but Not Material and Pervasive
Pervasive Pervasive
Financial statements Qualified opinion Adverse opinion
are
materially misstated
Inability to obtain Qualified opinion Disclaimer of opinion
sufficient appropriate
audit
evidence
The table below provides some guidance on the determinants of modified

opinions.
Guidance
Pervasive – A term used, in the context of misstatements, to describe the
effects on the financial statements of misstatements or the possible effects
on the financial statements of misstatements, if any, that are undetected due
to an inability to obtain sufficient appropriate audit evidence. Pervasive
effects on the financial statements are those that in the auditor’s judgment:
 Are not confined to specific elements, accounts or items of the financial
statements;
 If so confined, represent or could represent a substantial proportion of
the financial statements; or
 In relation to disclosures, are fundamental to users’ understanding of the
In other words, pervasive factors are very important to the financial

statement as a whole.
 The auditor’s opinion on a complete set of general purpose financial

statements prepared in accordance with a financial reporting framework
that is designed to achieve fair presentation state whether the financial
statements give a true and fair view or are presented fairly, in all
material respects, in accordance with the applicable financial reporting
framework.
 An audit opinion is either modified or unmodified.
UEW/IEDE 185
AUDITING AND
 An auditor may not be able to express an unqualified opinion when:

 There is a limitation on the scope of the auditor’s work; or
 There is a disagreement with management regarding the
acceptability of the accounting policies selected, the method of their
application or the adequacy of financial statement disclosure
Review Questions
 Under what circumstances will an audit report be modified
 What is meant by material but not pervasive
 State the elements in a typical audit report
186 UEW/IEDE
AUDITING IN A COMPUTERISED ENVIRONMENT
XXXXXXX 4
Welcome to Unit 3 of the Auditing and Investigation course. We hope to

cover auditing in an Electronic Data Processing (EDP) Environment with
particular emphasis on reviews of the internal controls system, the impact of
Information Technology (IT) in auditing and fraud in computer audit.
At the end of this session students will be able to understand the basic
principles of auditing in a computer in an Electronic Data Processing
Environment
188 UEW/IEDE
AUDITING AND
UEW/IEDE 189
AUDITING IN AN EDP ENVIRONMENT
UNIT 4AND
AUDITING SECTION
INVESTIGATION
1
This section explains the Electronic Data Processing (EDP) environment
and how the Information Technology keeps changing and through
innovation and creativity, the world is realizing results in the use of IT. The
impact of this evolution on auditing cannot be under-estimated. Keep
reading to learn more about the changes in audit processes in such
environments of higher technological advancements.
The aim of this lesson is to understand what auditors should ordinarily know
about the information technology and how they can carry out audits
smoothly applying the relevant auditing standards.
EDP Environment
Electronic Data Processing system brings to mind a system where the use of
Information Technology (IT) is encouraged and adopted. Television, Mobile
phones, computers (desk top, lap tops, notebooks, and tablets), are all
physical evidence of technological changes. We also have logical evidence
with electronic data transfers, software, computer programmes, interchange,
internet and many others.
Information technology has actually simplified processes, better organized

and reduced space and time but this is also at a cost. The auditor becomes
challenged because computer system records and processing of transactions
are significantly different from manual systems, giving rise to such
possibilities as a lack of visible evidence and systematic errors.
When auditing in a computer environment therefore, the auditor will need to

consider techniques available to him, the availability of the data, the internal
controls which exist, the timing of his work, and the form in which the
accounting records are maintained as well as the length of time information
is retained in readily useable form.
Approaches to Audit in an EDP Environment

Auditing around the computer approach
This is an audit approach where the auditor would audit around the
computer by ignoring the procedures which take place within the computer
programs and concentrating solely on the input and corresponding output.
Audit procedures would include cross-checking of data, the authorization,
coding and control totals of input and checking the output with source
documents and clerical controls.
Auditing through the computer approach

This involves an examination of the detailed processing routines of the
computer to determine whether the controls in the system are adequate to
ensure complete and correct processing of all data. In this case the auditor
190 UEW/IEDE
AUDITING AND
Unit 4, section 1: Auditing in an EDP environment INVESTIGATION
also uses computer assisted audit techniques (CAATs). With the advent of
embedded audit facilities there is an increase in the use of this approach.
Use of Information Technology (IT) in Auditing

 Flowcharting a clients system is made easier and more eligible. Updates
where system changes is not as cumbersome as the manually produced
flowcharts.
 Evaluation of audit risk. The system interrogates and provides guidance
to the level of testing required
 Preparation of audit programme. Typing, editing printing makes
programmes look more professional
 Analytical review techniques can be facilitated by using template
software. Statistical techniques such as regression analysis or standard
deviations and other quantitative techniques are made easier
 Preparation of audit working papers and report
The overall objectives and scope of an audit do not change when an audit is
conducted in a computer information systems (CIS) environment. The
application of auditing procedures may, however, require the auditor to
consider techniques known as Computer Assisted Audit Techniques
(CAATs) that use the computer as an audit tool for enhancing the
effectiveness and efficiency of audit procedures.
CAATs are computer programs and data that the auditor uses as part of the
audit procedures to process data of audit significance, contained in an
entity’s information systems. The purpose of this Guidance Note is to
provide guidance in the use of CAATs. This Guidance Note describes
computer assisted audit techniques including computer tools, collectively
referred to as CAATs. This Guidance Note applies to all uses of CAATs
when a computer of any type or size is involved whether that computer is
operated by the entity or by a third party.
Review Questions
 Explain Electronic Data Processing environment
 Describe the approaches to auditing in an EDP Environment
UEW/IEDE 191
INTERNAL CONTROLS IN AN EDP ENVIRONMENT
AUDITING AND
UNIT 4 SECTION
INVESTIGATION
2
Unit 4, section 2: Internal controls in an EDP environment
This section is all about the internal controls in place in an environment

which is highly automated and the reviews that can be carried out by the
Auditor to assess the adequacy and effectiveness of such controls.
At the end of this session students should be able to understand and the
whole system of controls in an EDP Environment.
Internal Controls in an EDP – Application and General Controls

Internal control is the whole system of controls, financial and otherwise
established by management in order to ensure that policies and regulations
are adhered to; assets are safeguarded and that the business is carried out in
an effective and efficient manner. To the auditor, indications of effective
internal controls include clear management direction, segregation of duties
(in relation to authorization, recording and custody), organization (roles,
responsibility, delegation of authority), physical security, approvals,
supervision, and arithmetic accuracy in accounting etc. All these controls
are applicable in both the manual and electronic data processing system. The
difference to the auditor is how to check these controls. There are thus two
main classifications of controls in an EDP environment namely, general
controls and application controls.
General Controls
This cover the environment within which applications are developed,
maintained and operated. Examples include, controls over system
development such as proper authorization and documentation; prevention of
unauthorized changes to programs; job scheduling; physical protection of
files; segregation of duties; back-up facilities; internal audit environment;
insurance cover.
These are policies and procedures that relate to many applications and
support the effective functioning of application controls. They apply to
mainframe, mini-frame and end-user environments. General IT controls that
maintain the integrity of information and security of data commonly include
controls over the following:
 data centre and network operations
 system software acquisition, change and maintenance
 program change
 access security
 application system acquisition, development, and maintenance (ISA 315
(Redrafted))
‘End-user environment’ refers to the situation in which the users of the

computer systems are involved in all stages of the development of the
system.
192 UEW/IEDE
AUDITING AND
Unit 4, section 2: Internal controls in an EDP environment INVESTIGATION
Administrative controls
Controls over ‘data centre and network operations’ and ‘access security’
include those that:
 prevent or detect errors during program execution, e.g. procedure
manuals, job scheduling, training and supervision; all these prevent
errors such as using wrong data files or wrong versions of production
programs
 prevent unauthorised amendments to data files, e.g. authorisation of jobs
prior to processing, back up and physical protection of files and access
controls such as passwords
 Ensure the continuity of operations, e.g. testing of back - up procedures,
protection against fire and floods.
System development controls

The other general controls referred to in ISA 315 cover the areas of system
software acquisition development and maintenance; program change; and
application system acquisition, development and maintenance.
‘System software’ refers to the operating system, database management

systems and other software that increases the efficiency of processing.
Application software refers to particular applications such as sales or wages.
The controls over the development and maintenance of both types of
software are similar and include:
 Controls over application development, such as good standards over the
system design and program writing, good documentation, testing
procedures (e.g. use of test data to identify program code errors, pilot
running and parallel running of old and new systems), as well as
segregation of duties so that operators are not involved in program
development
 Controls over program changes – to ensure no unauthorised amendments
and that changes are adequately tested, e.g. password protection of
programs, comparison of production programs to controlled copies and
approval of changes by users
 Controls over installation and maintenance of system software – many
of the controls mentioned above are relevant, e.g. authorisation of
changes, good documentation, access controls and segregation of duties.
Application Controls
This covers the transactions and standing data used by each application. The
data here relates to computer-based application system and controls are
specific to each application. The objectives of application controls which
may be manual or programmed, are to ensure the completeness and
accuracy of records and the validity of the entries made therein. Examples
of application controls include data input validation, agreement of batch
totals, reconciliations, identification of omissions and missing data or
UEW/IEDE 193
AUDITING AND
INVESTIGATION Unit 4, section 2: Internal controls in an EDP environment
exception data, and encryption of data transmitted. Simply put, application

controls are controls over input, processing and output functions.
These are manual or automated procedures that typically operate at a
business process level and apply to the processing of transactions by
individual applications. Application controls can be preventative or
detective in nature and are designed to ensure the integrity of the accounting
records.
Accordingly, application controls relate to procedures used to initiate,

record, process and report transactions or other financial data. These
controls help ensure that transactions occurred, are authorised and are
completely and accurately recorded and processed (ISA 315 (Redrafted)).
Application controls apply to data processing tasks such as sales, purchases
and wages procedures and are normally divided into the following
categories:
Input controls
These ensure that every transaction to be processed is received, processed
and recorded accurately and completely. These controls should ensure that
only valid and authorized information is entered and that transactions are
only processed once (duplication problems). Auditors therefore consider
input authorization; one-for-one checking of output to source documents;
sequence and digit checking, matching of input to master file data;
procedures covering re-submissions; reasonable checks; batch integrity;
batch controls and balancing; error reporting and handling.
Examples include batch control totals and document counts, as well as

manual scrutiny of documents to ensure they have been authorised. An
example of the operation of batch controls using accounting software would
be the checking of a manually produced figure for the total gross value of
purchase invoices against that produced on screen when the batch-
processing option is used to input the invoices. This total could also be
printed out to confirm the totals agree.
The most common example of programmed controls over the accuracy and
completeness of input are edit (data validation) checks when the software
checks that data fields included on transactions by performing:
 reasonableness check, e.g. net wage to gross wage
 existence check, e.g. that a supplier account exists
 character check, e.g. that there are no alphabetical characters in a sales
invoice number field
 range check, e.g. no employee’s weekly wage is more than $2,000
 Check digit, e.g. an extra character added to the account reference field
on a purchase invoice to detect mistakes such as transposition errors
during input.
194 UEW/IEDE
AUDITING AND
Unit 4, section 2: Internal controls in an EDP environment INVESTIGATION
When data is input via a keyboard, the software will often display a screen
message if any of the above checks reveal an anomaly, e.g. ‘Supplier
account number does not exist’.
Processing Controls
Processing procedures and controls ensure the reliability of application
program processing. The auditor needs to understand the procedures and
controls that are exercised over processing to evaluate what exposures are
covered by these controls and what exposures remain. Under this, auditors
consider batch reconciliation; summary processing; transaction files (checks
for correct files used for processing); review of output reports; manual
recalculations; editing; limit checks on calculated amounts; system control
parameters (where entries in these files would alter controls); standing data (
include data such as names and address of stakeholders which does not
frequently change).
An example of a programmed control over processing is a run-to-run

control. The totals from one processing run, plus the input totals from the
second processing, should equal the result from the second processing run.
For instance, the beginning balances on the receivables ledger plus the sales
invoices (processing run 1) less the cheques received (processing run 2)
should equal the closing balances on the receivable ledger.
Output Controls
These controls provide assurance that the data delivered to users will be
presented, formatted and delivered in a consistent and secure manner. These
controls include logging and information security; computer generation of
negotiable instruments, signatures and forms; balancing and output error
handling; report distribution; verification of receipt of reports; control totals,
one-for-one checking of amendments; record counts; maintenance of back-
ups, etc.
Batch processing matches input to output, and is therefore also a control

over processing and output. Other examples of output controls include the
controlled resubmission of rejected transactions or the review of exception
reports (e.g. the wages exception report showing employees being paid
more than $1,000).
Master files and standing data controls

Examples include one-for-one checking of changes to master files, e.g.
customer price changes are checked to an authorised list. A regular printout
of master files such as the wages master file could be forwarded monthly to
the personnel department to ensure employees listed have personnel records.
UEW/IEDE 195
AUDITING AND
INVESTIGATION Unit 4, section 2: Internal controls in an EDP environment
The purpose of master file controls is to ensure the ongoing integrity of the
standing data contained in the master files. It is vitally important that
stringent ‘security’ controls should be exercised over all master files.
These include:
 Appropriate use of passwords, to restrict access to master file data
 The establishment of adequate procedures over the amendment of data,
comprising appropriate segregation of duties, and authority to amend
being restricted to appropriate responsible individuals
 Regular checking of master file data to authorised data, by independent
responsible official processing controls over the updating of master files,
including the use of record counts and control totals.
In auditing application controls, auditors must also consider the following:

 Risk assessment to analyze application controls to identify inherent risks
 Flow of transactions through the System
 Observing and testing user performing procedures such as authorization,
segregation of duties, etc.
 Data integrity testing as a form of substantive test to examine the
accuracy, completeness, consistency and authorization of data
 Test and evaluate application systems by applying appropriate audit
procedures. Here, generalized audit software is used.
 Carry out continuous online auditing
Review Questions
 Explain general controls and application controls
196 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 4, section 2: Internal
This controls
page is left
in an
blank
EDPfor
environment
your notes INVESTIGATION
INVESTIGATION
UEW/IEDE 197
COMPUTER-ASSISTED AUDIT TECHNIQUES (CAATS)
AUDITING AND
UNIT 4 SECTION
INVESTIGATION
3
Unit 4, section 3: Computer-assisted audit techniques (CAATS)
Dear The third section of the third unit focuses on the IT auditing techniques
applied in gathering evidence, determining the computer programmes to use
in the audit and the effect of each technique used on both the client and the
auditor. The IT jargons should not scare you because each technical term
has been explained in the section.
CAATs are becoming more popular throughout the accountancy profession.

CAATs are used to extrapolate large amounts of data and assist auditors to
effectively and efficiently conduct detailed analysis or investigation and
deliver audit service. It is important that students are abreast with basic
techniques in auditing through the computer.
At the end of this sections students should be able to understand what an

audit software is used for, types of audit softwares and difficulties in using
computer programs
Computer-Assisted Audit Techniques (CAATs)

ISA 500 Audit Evidence requires that auditors ‘obtain sufficient appropriate
audit evidence to be able to draw reasonable conclusions on which to base
the audit opinion’. However, the form and method of obtaining the evidence
in computer-based accounting systems is likely to differ from that in
manually-based systems. For example, the absence of input documents, or
audit trail, or output, might necessitate the use of CAATs. The two most
important CAATs are:
Audit Software —. These are computer programs developed for audit

purposes to process data of audit significance from the entity’s accounting
system. It enables the auditor to access, review, analyze and report on data
and programs held on magnetic files.
Test Data — data used by the auditor for computer processing to test the
operation of the enterprise’s computer programs. There are other more
complex techniques.
Audit Software
Audit software may be used during many audit testing procedures. Its use is
particularly appropriate during substantive testing of transactions and
balances, as it can scrutinize large, volumes of data and extract information,
leaving skilled manual resources to concentrate upon the investigation of the
results.
Typical examples of uses of such programs include:

 calculation checks — e.g. the program adds the value of items on a file
to ensure that they agree with control records which are maintained
198 UEW/IEDE
AUDITING AND
Unit 4, section 3: Computer-assisted audit techniques (CAATS) INVESTIGATION
 detecting violation of systems rules — e.g. the program checks all

accounts on the sales ledger to ensure that no customer has a balance
above a specified credit line
 detecting unreasonable items — e.g. a check that no customer is allowed
trade discount of more than 50%
 conducting new calculations and analyses — e.g. obtaining a statistical
analysis of inventory movements to identify slow-moving items
 selecting items for audit testing — e.g. obtaining a stratified sample on
sales ledger balances to be used for confirmation of accounts receivable
 Completeness checks — e.g. checking continuity of sales invoices to
ensure that they are all accounted for.
The following are examples of how software could be applied to the audit of
wages:
 Select a random sample of employees from the payroll master file; the
auditor could then trace the sample back to contracts of employment in
the HR department to confirm existence
 Report all employees earning more than $1,000 per week
 Compare the wages master file at the start and end of the year to identify
starters and leavers during the year; the auditor would then trace the
items identified back to evidence, such as starters’ and leavers’ forms (in
the HR department) to ensure they were valid employees and had been
added or deleted from the payroll at the appropriate time (the auditor
would need to request that the client retain a copy of the master file at
the start of the year to perform this test)
 Check that the total of gross wages minus deductions equates to net pay.
Types of Audit Software

Audit software may consist of generalized package programs, purpose-
written programs or utility programs used by the client.
Generalized package programs are programs already written either by the

auditor or a specialist software company, designed to be used on different
types of machine. They need to be tailored to each specific case by defining
the format of the files to be interrogated and by specifying the parameters of
output data required and the form of that output. In some cases
supplementary program coding is required.
Specially written programs - In some cases it is not possible to adapt a

package program because of the type of machine, processing or file
organization used. In such cases a purpose-written program is required. It
could be written by the auditor, by a software specialist or by the client
acting on the instructions of the auditor. In all cases it should be fully tested
before being used ‘live’.
UEW/IEDE 199
AUDITING AND
INVESTIGATION Unit 4, section 3: Computer-assisted audit techniques (CAATS)
Utility programs - These are used by the entity to perform common data
processing functions such as sorting and printing files. For example, when
using a terminal, it is necessary to use existing enquiry programs to refer to
data held on files, or to obtain a print-out of a file. In many cases, however,
the client’s own programs will not provide all the facilities needed by the
auditor. It is likely that the team responsible for writing the enquiry
programs produced the rest of the system and there is therefore a danger that
the same defects apply to all such programs in the system.
Advantages of CAATS to the Auditor

 In a computer-based system the large volume of transactions is likely to
force the auditor to rely upon programmed controls. CAATs are likely to
be the only effective way of testing programmed controls. The use of
CAATs therefore will enable auditors to test a much larger number of
items quickly and accurately, thereby increasing the confidence they
have in their opinion.
 CAATs enable auditors to test the accounting system and its records (i.e.
the tapes and disk files) rather than relying on testing printouts of what
they believe to be a copy of those records.
 Once set up, CAATs are likely to be a cost effective way of obtaining
audit evidence provided that the enterprise does not regularly change its
systems.
 Careful planning by auditors should enable the results of their work
using CAATs to be compared with results from the traditional clerical
audit work with higher confidence and reduced audit risk.
Difficulties in Using Computer Audit Programs

Costs: There will be substantial set-up costs even in using a generalized
package. This is because the client’s procedures and files need to be
investigated thoroughly prior to identifying audit tests. The use of specially
written programs will be even more expensive.
Changes to client’s systems: These can mean costly alterations to the

programs or at least require the programs to run regularly during the year to
test the system at different dates.
Small installations: There may be no suitable audit software package for

use on mini-computer or microcomputer installations. Software
documentation may be incomplete so that it is very difficult to identify all
procedures. It may be impossible to justify and hence recover the cost of
specially written audit software.
Over-elaboration: There may be a tendency to produce over-elaborate

enquiry programs which are expensive to develop, take up considerable
computer running time and extensive reviewing time. Auditors should be
200 UEW/IEDE
AUDITING AND
able to justify the costs of using the program to the benefit in audit terms of
its use.
Version of files used in the test: The audit software only tests the old files
or irrelevant files for testing purpose. It is however preferable to use the
software on the actual files of the client. The permission of the client is
needed and the software must be carefully tested prior to its use on ‘live’
data. An alternative approach is to run the programs against copies of the
data file. To be valid there must be adequate general controls to ensure that
the client uses the same files. Provided this is so, the use of copy files
enables the auditor to be more flexible in deciding when to test and to retain
the copy files for further testing.
Test Data
This refers to data that are used to test a computer program. Depending on
the purpose of the test, the data may be production data (files) or data
created by either information system (IS) or the customer (User). Audit test
data consists of data submitted by the auditor for processing by the client’s
computer-based accounting system. It may be processed during a normal
production run (running test data ‘live’) or during a special run at a point in
time outside the normal cycle (running the test data ‘dead’).
Test data could be held in the form of a batch of documents put through the
system to test both manual and computer controls. It is more often meant to
refer to data recorded on magnetic tape or disk used to test programmed
controls. Its primary use is in the testing of application controls. This is
useful to the external auditor, the programmers, analysts and internal
auditors as part of systems development and monitoring procedures.
Sometimes, there may be scope for co-operation between internal and
external auditors in creating such test data.
Approach and Use of test data - There are three major approaches to the
use of test data.
Using Live Data

Auditors could use real data that is being or has been processed to test the
controls. They should however predetermine the results they would expect
and will compare with what the system derives and investigating any
differences. This method is not usually feasible. Auditors will usually want
to use a collection of normal, exceptional and even absurd data to test
controls. They are unlikely to find all these conditions in a batch of data.
The vast bulk of day-to-day items will contain few exceptions and no absurd
data. It would take auditors a long time to find a suitable range of data items
to use.
UEW/IEDE 201
AUDITING AND
INVESTIGATION Unit 4, section 3: Computer-assisted audit techniques (CAATS)
Dummy Data in a Normal Production Run

The auditor constructs a series of dummy transactions which contain the
required conditions. These are processed along with normal data. Actual
results are then compared with predetermined results. This method has the
advantage of producing a realistic test environment. The client’s actual
programs and data files are being used in the test.
The dangers of this method are, however, considerable. Computer-generated

documentation may have to be intercepted before it is released. This may be
time-consuming and require program amendments. It may distort
management information by swelling the number of cancelled orders and
credit notes. It would indeed be ironic if a client’s accounting records were
corrupted by the auditor’s own test data. Therefore, great care is needed in
planning and controlling the test and the use of an integrated test facility is
often required
Dummy Data in a Special Run: In this method the auditor creates special
data and uses it against copies of the client’s data files. The dangers
associated with ‘live’ testing are therefore largely eliminated although the
interaction of one file with another must still be carefully considered.
It is still essential to obtain the client’s permission and this reduces the
independence the test. If special test runs are used, an artificial testing
environment is created. It is also necessary to obtain assurance that the
program being used in the test run is identical to that used by the client for
production runs and not a special program kept aside for the auditor’s use.
Other difficulties in using audit test data

Costs - There may be considerable costs involved in ascertaining the
relevant controls and in constructing test data from scratch. It may be very
difficult to identify all relevant conditions. The need to predetermine the
results manually may be both time-consuming and tedious. These costs are
however, substantially less than costs for audit software.
Objectives of the test - Test data is likely to be confined to tests of control

and may therefore be less valuable in audit terms than using audit software.
Recording: The use of test data does not necessarily provide visible
evidence of the audit work
Other techniques
There are increasing numbers of other techniques that can be used; the main
two are:
 Integrated test facility – used when test data is run live; involves the
establishment of dummy records, such as departments or customer
202 UEW/IEDE
AUDITING AND
accounts to which the dummy data can be processed. They can then be
ignored when client records are printed out, and reversed out later.
 Embedded audit facilities (embedded audit monitor) – also known as

resident audit software; requires the auditor’s own program code to be
embedded into the client’s application software. The embedded code is
designed to perform audit functions and can be switched on at selected
times or activated each time the application program is used. Embedded
facilities can be used to:
 Gather and store information relating to transactions at the time of
processing for subsequent audit review; the selected transactions are
written to audit files for subsequent examination, often called system
control and review file (SCARF)
 Spot and record (for subsequent audit attention) any items that are
unusual; the transactions are marked by the audit code when
selection conditions (specified by the auditor) are satisfied. This
technique is also referred to as tagging.
The attraction of embedded audit facilities is obvious, as it equates to having

a perpetual audit of transactions. However, the set-up is costly and may
require the auditor to have an input at the system development stage.
Embedded audit facilities are often used in real time and database
environments.
UEW/IEDE 203
IMPACT OF INFORMATION TECHNOLOGY ON AUDITING
AUDITING AND
UNIT 4 SECTION
INVESTIGATION
4
Unit 4, section 4: Impact of information technology on auditing
This section is meant to expose students to the impact of technology in

auditing considering both the positive and negative aspects. At the end of
this session, student will be able to advise businesses on the pros and cons
of using specific IT systems.
Technology has changed auditing. Today's technology audit tools offer so

much more than simply automating the preparation of a working trial
balance from the client's general ledger system. Technology provides the
opportunity for auditors to analyze tremendous amounts of data,
transforming the act of auditing. Some consider technology to impact where
we work, when we work, the information auditor’s request from clients and
how our teams work together. Auditors no longer are required to lug huge
trunks of documents around because all information can now be stored
electronically.
Historically, auditors have treated technology as a separate tool. Technology

expertise can be found in one person and auditing expertise found in another
person. A dramatic change in workflow process represents the biggest
impact technology has had on audits. Today's paperless workflow systems
allow users to comply with standards and maintain audit documentation in
one application. These systems also offer advanced security and document
integrity, and support checks and balances to guarantee compliance.
At the end of this session students should be able to appreciate the impact of
information technology is having on auditing
Impact of computer-based systems on the audit approach

The fact that systems are computer-based does not alter the key stages of the
audit process; this explains why references to the audit of computer-based
systems have been subsumed into ISAs 300, 315, 330 etc.
Planning
The Appendix to ISA 300 (Redrafted) states ‘the effect of information
technology on the audit procedures, including the availability of data and
the expected use of computer - assisted audit techniques’ as one of the
characteristics of the audit that needs to be considered in developing the
overall audit strategy.
Risk assessment
'The auditor shall obtain an understanding of the internal control relevant to
the audit.’ (ISA 315 (Redrafted).The application notes to ISA 315 identify
the information system as one of the five components of internal control. It
requires the auditor to obtain an understanding of the information system,
including the procedures within both IT and manual systems. In other
words, if the auditor relies on internal control in assessing risk at an
assertion level, s/he needs to understand and test the controls, whether they
204 UEW/IEDE
AUDITING AND
Unit 4, section 4: Impact of information technology on auditing INVESTIGATION
are manual or automated. Auditors often use internal control evaluation

(ICE) questions to identify strengths and weaknesses in internal control.
These questions remain the same – but in answering them, the auditor
considers both manual and automated controls.
For instance, when answering the ICE question, ‘Can liabilities be incurred
but not recorded?’, the auditor needs to consider manual controls, such as
matching goods received notes to purchase invoices – but will also consider
application controls, such as programmed sequence checks on purchase
invoices. The operation of batch control totals, whether programmed or
performed manually, would also be relevant to this question.
Testing
‘The auditor shall design and perform further audit procedures whose
nature, timing and extent are based on and are responsive to the assessed
risks of material misstatement at the assertion level.’ (ISA 330 (Redrafted)).
This statement holds true irrespective of the accounting system, and the
auditor will design compliance and substantive tests that reflect the
strengths and weaknesses of the system. When testing a computer
information system, the auditor is likely to use a mix of manual and
computer-assisted audit tests.
Increasingly, clients are providing work papers in electronic format, which

can then be dropped directly into paperless systems facilitated by online
application. Review and workflow features provide a safer method of
identifying what's been completed, and security features give firms more
control.
The Effect of Electronic Records in Audit Evidence

The way e-commerce transactions are captured and transferred to the
entity's accounting system may affect such matters as:
 The completeness and accuracy of transaction processing and
information storage,
 The timing of the recognition of sales revenues, purchases and other
transactions.
 Identification and recording of disputed transactions.
There may not also be any proper records for e-commerce transactions, and
electronic records may be more easily destroyed or altered than paper
records without leaving evidence of such destruction or alteration. The
auditor considers whether the entity's security of information policies, and
security controls as implemented are adequate to prevent unauthorized
changes to the accounting system or records, or to systems that provide data
to the accounting system.
UEW/IEDE 205
AUDITING AND
INVESTIGATION Unit 4, section 4: Impact of information technology on auditing
The auditor may test automated controls, such as record integrity checks,
electronic date stamps, digital signatures, and version controls when
considering the integrity of electronic evidence. Depending on the auditor's
assessment of these controls, the auditor may also consider the need to
perform additional procedures such as confirming transaction details or
account balances with third parties.
Challenges in using computer-based systems in the audit

approach
Up-front investment in time is one of the biggest drawbacks using this
technology. Standardizing procedures and implementing a paperless
workflow requires firms to allot adequate resources and time, not to mention
buy-in from all staff and partners and a designated champion to ensure
implementation.
Some firms fail to put enough into the upfront costs. They have to make
sure the whole firm understands what technology can do, and make sure the
skill sets to apply that technology across many different engagements is
adequate. Auditors must now be skilled in extracting client data, or
facilitating the extraction of the data through the client.
Parties who resist change are also drawbacks. Investing in technology

requires a real financial and cultural commitment by a firm. Transformation
to a paperless environment requires careful planning and implementation.
Review Questions
 Outline the challenges in using computer based systems in auditing
206 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 4, section 4: Impact ofThis
information
page is left
technology
blank foron
your
auditing
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 207
FRAUD IN COMPUTER AUDIT
AUDITING AND
UNIT 4 SECTION
INVESTIGATION
5
Unit 4, section 5: Fraud in computer audit
This section is meant to expose students to the high technological risks in

auditing considering both the positive and negative aspects. At the end of
this session, student will be able to identify fraud and advice on safeguards
against them in computer audits.
So far as fraud is concerned, the computer offers both opportunities for

fraud and safeguards against fraud. It must be acknowledged that while
computers have opened up new opportunities for fraud they have also
played a positive role in preventing fraud. Where records are programmed it
is much harder for individual fraudulent entries to be slipped undetected in
the system.
At the end of this session, students should be able to understand the various
types of computer fraud
Types of Computer Fraud

The following is a well-known classification of computer related crimes:
 Salami techniques - This involves software manipulation for rounding
off fractions such as on interest and payroll calculations and transferring
the results to the perpetrator's account.
 Trojan horse - This is another software manipulation where a
programme is hidden within another programme set up to erase all
evidence of illegal access.
 Asynchronous attack - This uses the asynchronous nature of most
computer operating systems to command parallel execution of two
programmes while recording only one continuous run in the operating
log.
 Trapdoor - This is rather like the Trojan horse, but where false
instructions are hidden in gaps left in numbers assigned to programme
lines during the development stages.
 Hacking - This is probably the most publicized computer crime. It
involves obtaining illegal access to computer systems by cracking access
codes.
 Data diddling - This technique does not involve the computer itself but
manipulation of input or output data. Analysis of most reported
computer frauds reveals that data diddling is the most common cause of
fraud involving material losses and that most computer frauds are
perpetrated by non-computer staff.
Many of the fears regarding manipulations of programmes are unfounded.

Most frauds are facilitated by weaknesses in input and access controls
permitting the input of bogus or altered transactions.
208 UEW/IEDE
AUDITING AND
Unit 4, section 5: Fraud in computer audit INVESTIGATION
Case Study on Computer Fraud

The auditor’s responsibility in relation to fraud is an issue that has gained
even more attention in recent years. The best known computer fraud is the
Equity Funding Case.
This ‘crime of the century’ took place during the ‘sixties and ‘seventies at
Equity Funding, the USA financial services and life assurance group.
Although the conception of the fraud required no computer, other than to
provide immensity of scale, it was the first widely publicised case of
computer crime which demonstrated the manipulative possibilities of
electronic data processing when it comes under the untrammelled control of
the criminal mind, while also subject to totally ineffective audit.
The fraud involved massive collusion among senior employees, but should
have been detected by the application of round through the computer audit
procedures. Phony life insurance policies were imbibed into the computer
programme and coded 99 so as to suppress unwanted print-outs. This was an
example of computer related data diddling, since all policies were recorded
on the computer and the reinsurers relied on computer produced print-outs
which had been altered fraudulently.
Auditors are required to form an opinion on the basis of sufficient

appropriate audit evidence obtained and express it clearly in the form of a
written report. In order to form an opinion auditor must adhere to the
requirements of ISA 700 and under the circumstances of engagement
appropriately select the type of opinion to be expressed.
Lessons from Equity Funding Case

 Throughout the period of this growing fraud, the presence of auditors
was regarded by the staff and officers of Equity as a mere formality,
devoid of substance or significance.
 enquire before you acquire. there was no evidence that Seidman

suspected Wolfson Weiner of being complicit or acquiescent in the
‘creative’ accounting methods of its major client.
 Learn to distinguish when duty to one’s client has been superseded by a

duty to the public – especially where criminal acts are concerned. The
auditor must take the initiative. After all, a criminal client is hardly
likely to report one to a professional body for breach of confidence
 When faced by technical difficulties in the course of verification, avoid

the temptation of asking or allowing an obliging client to assist. It is
essential to overcome the difficulties oneself if the audit programme is
to carry any real significance
UEW/IEDE 209
AUDITING AND
INVESTIGATION Unit 4, section 5: Fraud in computer audit
 Audit confirmations should always include direct contact with the other
auditors on matters such as inter-company balances, and should require
the submission and exchange of complete copies of all the book entries
in the respective accounts during the period under review.
 Standards of vigilance should have required them to insist on at least a

handful of such files being traced immediately, regardless of any alleged
inconvenience to staff. The auditors appear to have been altogether too
accommodating – no doubt due to the circumstances described in (a)
 The client’s computer expertise must be matched by that of the audit

staff. The Equity auditors were attempting to audit ‘round’ the
computer, when the complete absence of an audit trail ought to have
made it obvious that the computer itself had to be used as a prime audit
tool
Other examples of computer frauds are:

A payroll supervisor in an on-line system was able to authorize alterations
to the master file such as entering new employees and adjusting pay rates -
which he did in his own favour.
An IT systems manager in a bank transferred funds from the accounts of

some dormant customers into the accounts of other customers who
withdrew the amounts and shared with him.
An Accountant creates a personal bank account with a similar name of his

company and pays in debtors cheques meant for the company. He could thus
draw cheques in favour of accounts he had established.
Bank staff used the PIN (personal identification number) of an ATM

customer to withdraw money from his account when his own ATM card
was in his possession.
A credit department supervisor was able to alter the age of overdue account
balances so as to avoid their being printed out and thus adversely affecting
his performance evaluation.
Fraudulent payments to:
 Creditors
 Employees,
 Others, typically pension and insurance claims.
The most common manipulations of transactions were,

 Adding unauthorized transactions such as purchase orders
 Altering transactions such as posting deposits to another account,
 Not recording transactions such as interest income.
210 UEW/IEDE
AUDITING AND
Unit 4, section 5: Fraud in computer audit INVESTIGATION
Incoming funds were most often manipulated by making unauthorized

adjustments eliminating balances from debtor’s accounts.
More discovered frauds have been perpetrated by ordinary managers and

clerks than by computer experts.
Most frauds are detected by fellow employees reporting suspicious

circumstances. (Service Journal of Accountancy, May 1977 by Brandt
Allen)
Review Questions
 State and explain the various types of computer fraud
UEW/IEDE 211
Unit 4, section
EFFECTS 6: Effects of electronic commerce
OF ELECTRONIC on the audit
COMMERCE ON THEof financial
AUDIT
AUDITING AND
UNIT 4 SECTION
INVESTIGATION
6
statements
OF FINANCIAL STATEMENTS
The purpose of this section is to provide guidance to assist auditors of

financial statements where an entity engages in commercial activity that
takes place by means of connected computers over a public network, or
internet (e-commerce).
At the end of the chapter, you should be able to describe the effect of
electronic commerce on the audit of financial statements.
Risk Assessments and Internal Control

This chapter identifies specific matters to assist the auditor when-
considering the significance of e-commerce to the entity's business activities
and the effect of e-commerce on the auditor's assessments of risk for the
purpose of forming an opinion on the financial statements. The purpose of
the auditor's consideration is not to form an opinion or provide consulting
advice concerning the entity's e-commerce systems or activities in their own
right. Communications and transactions over networks and through
computers are not new features of the business environment. For example,
business processes frequently involve interaction with a remote computer,
the use of computer networks, or electronic data interchange (EDI).
However the increasing use of the Internet for business to consumer,
business to business, business to government and business to employee e-
commerce is introducing new elements of risk to be addressed by the entity
and considered by the auditor when planning and performing the audit of
the financial statements.
The Internet refers to the worldwide network of computer networks, it is a

shared public network that enables communication with other entities and
individuals around the world. It is interoperable, which means that any
computer connected to the Internet can communicate with any other.
The term 'e-commerce' is used in this section. E-business is also commonly

used in a similar context. There are no generally accepted definitions of
these terms, and e-commerce and e-business are often used interchangeably.
Where a distinction i; made, e-commerce is sometimes used to refer solely
to transactional activities (such as the buying and selling of goods and
services) and e-business is used to refer to all business activities, both
transactional and non-transactional, such as customer relations and
communications.
Skills and Knowledge

The level of skills and knowledge required to understand the effect of
ecommerce on the audit will vary with the complexity of the entity's e-
commerce activities. The auditor considers whether the personnel assigned
to the engagement have appropriate experience and Internet business
knowledge to perform the audit. When e-commerce has a significant effect
on the entity's business, appropriate levels of both information technology
212 UEW/IEDE
Unit 4, section 6: Effects of electronic commerce on the audit of financial AUDITING AND
statements INVESTIGATION
(IT) and Internet business knowledge may be required. The risks involved in
the entity's use of e- commerce and the entity's approach to managing those
risks, particularly the adequacy of the internal control system, including the
security infrastructure and related controls, as it affects the financial
reporting process need to be understood.
The auditor will have to determine the nature, timing and extent of audit
procedures and evaluate audit evidence considering the effect of the entity's
dependence on e-commerce activities on its ability to continue as a going
concern. In some circumstances, the auditor may decide to use the work of
an expert, for example if the auditor considers it appropriate to test controls
by attempting to break through the security layers of the entity's system.
When the work of an expert is used, the auditor obtains sufficient

appropriate audit evidence that such work is adequate for the purposes of the
audit. The auditor also considers how the work of the expert is integrated
with the work of others on the audit, and what procedures are undertaken
regarding risks identified through the expert's work.
Knowledge of the Business

Knowledge of the business includes a general knowledge of the economy
and the industry within which the entity operates. The growth of e-
commerce may have a significant effect on the entity's traditional business
environment.
The auditor's knowledge of the business is fundamental to assessing the

significance of e- commerce to the entity's business activities and any effect
on audit risk. The auditor considers changes in the entity's business
environment attributable to e-commerce, and e- commerce business risks as
identified so far as they affect the financial statements. Although the auditor
obtains much information from inquiries of those responsible for financial
reporting, making inquiries of personnel directly involved with the entity's
e- commerce activities, such as the chief information officer or equivalent,
may also be useful. In obtaining or updating knowledge of the entity's
business, the auditor considers, so far as they affect the financial statements:
 The entity's business activities and industry;
 The entity's e-commerce strategy;
 The extent of the entity's e-commerce; and
 The entity's outsourcing arrangements.
Each of these is discussed below.
The Entity's Business Activities and Industry

E-commerce activities may be complementary to an entity's traditional
business activity. For example, the entity may use the Internet to sell
conventional products (such as books or CDs), delivered by conventional
UEW/IEDE 213
AUDITING AND Unit 4, section 6: Effects of electronic commerce on the audit of financial
INVESTIGATION statements
methods from a contract executed on the Internet. In contrast, e-commerce

may represent a new line of business and the entity may use its web site to
both sell and deliver digital products via the Internet.
The Internet lacks the clear, fixed geographic lines of transit that
traditionally have characterized the physical trade of many goods and
services. In many cases, particularly where goods or services can be
delivered via the Internet, e-commerce has been able to reduce or eliminate
many of the limitations imposed by time and distance.
Certain industries are more conducive to the use of e-commerce; therefore

e-commerce in these industries is in a more mature phase of development.
When an entity's industry has been significantly influenced by e-commerce
over the Internet, business risks that may affect the financial statements may
be greater. Examples of industries that are being transformed bye-commerce
include:
 Computer software;
 Securities trading;
 Banking;
 Travel services;
 Books and magazines;
 Recorded music;
 Advertising;
 News media; and
 Education.
1n addition many other industries, In all business sectors, have been

significantly affected by e-commerce.
The Entity's E-commerce Strategy

The entity's e-commerce strategy, including the way it uses IT for e-
commerce and its assessment of acceptable risk levels, may affect the
security of the financial records and the completeness and reliability of the
financial information produced. Matters that may be relevant to the auditor
when considering the entity's e-commerce strategy in the context of
the auditor's understanding of the control environment, include:
 1nvolvement of those charged with governance in considering the
alignment of e- commerce activities with the entity's overall business
strategy;
 Whether e-commerce supports a new activity for the entity, or whether it
is intended to make existing activities more efficient or reach new
markets for existing activities;
 Sources of revenue for the entity and how these are changing (for
example, whether the entity will be acting as a principal or agent for
goods or services sold);
214 UEW/IEDE
 Management's evaluation of how e-commerce affects the earnings of the

entity and its financial requirements;
 Management's attitude to risk and how this may affect the risk profile of
the entity;
 The extent to which management has identified e-commerce
opportunities and risks in a documented strategy that is supported by
appropriate controls, or whether e- commerce is subject to ad hoc
development responding to opportunities and risks as they arise; and
 Management's commitment to relevant codes of best practice or web
seal programs.
The Extent of the Entity's E-commerce Activities

Different entities use e-commerce in different ways. For example, e-
commerce might be used to:
 Provide only information about the entity and its activities, which can be
accessed by third parties such as investors, customers, suppliers, finance
providers, and employees;
 Facilitate transactions with established customers whereby transactions
are entered via the Internet;
 Gain access to new markets and new customers by providing
information and transaction processing via the Internet;
 Access Application Service Providers (ASPs); and Create an entirely
new business model.
The extent of e-commerce use affects the nature of risks to be addressed by

the entity. Security issues may arise whenever the entity has a web site.
Even if there is no third party interactive access, information-only pages can
provide an access point to the entity's financial records. The security
infrastructure and related controls can be expected to be
more extensive where the web site is used for transacting with business
partners, or where systems are highly integrated.
As an entity becomes more involved with e-commerce, and as its internal

systems become more integrated and complex, it becomes more likely that
new ways of transacting business will differ from traditional forms of
business activity and will introduce new types of risks.
The Entity's Outsourcing Arrangements

Many entities do not have the technical expertise to establish and operate in-
house systems needed to undertake e-commerce. These entities may depend
on service organizations such as Internet Service Providers (ISPs),
Application Service Providers (ASPs) and data hosting companies to
provide many or all of the IT requirements of e-commerce. The entity may
also use service organizations for various other functions in relation to its e-
commerce activities such as order fulfilment, delivery of goods, operation of
call centres and certain accounting functions.
UEW/IEDE 215
When the entity uses a service organization, certain policies, procedures and
records maintained by the service organization may be relevant to the audit
of the entity's financial statements. The auditor considers the outsourcing
arrangements used by the entity to identify how the entity responds to risks
arising from the outsourced activities.
Risk Identification
Management faces many business risks relating to the entity's e-commerce
activities, including:
 Loss of transaction integrity, the effects of which may be compounded
by the lack of an adequate audit trail in either paper or electronic form;
 Pervasive e-commerce security risks, including virus attacks and the
potential for the entity to suffer fraud by customers, employees and
others through unauthorized access;
 Improper accounting policies related to, for example, capitalization of
expenditures such as website development costs, misunderstanding of
complex contractual arrangements, title transfer risks, translation of
foreign currencies, allowances for warranties or returns, and revenue
recognition issues such as:
 Whether the entity is acting as principal or agent and whether gross
sales or commission only are to be recognized;
 If other entities are given advertising space on the entity's web site,
how revenues are determined and settled (for example, by the use of
barter transactions);
 The treatment of volume discounts and introductory offers (for example,
free goods worth a certain amount); and
 Cut off (for example, whether sales are only recognized when goods and
services have been supplied);
 Noncompliance with taxation and other legal and regulatory
requirements, particularly when Internet e-commerce transactions are
conducted across international boundaries;
 Failure to ensure that contracts evidenced only by electronic means are
binding;
 Over reliance on e-commerce when placing significant business systems
or other business transactions on the Internet; and
 Systems and infrastructure failures or 'crashes'.
The entity addresses certain business risks arising in e-commerce through

the implementation of an appropriate security infrastructure and related
controls, which generally include measures to:
 Verify the identity of customers and suppliers;
 Ensure the integrity of transactions;
 Obtain agreement on terms of trade, including agreement of delivery and
credit terms and dispute resolution processes, which may address
tracking of transactions and procedures to ensure a party to a transaction
216 UEW/IEDE
cannot later deny having agreed to specified terms (non-repudiation

procedures);
 Obtain payment from, or secure credit facilities for, customers; and
 Establish privacy and information protection protocols.
The auditor uses the knowledge of the business obtained to identify those
events, transactions and practices related to business risks arising from the
entity's e-commerce activities that, in the auditor's judgment, may result in a
material misstatement of the financial statements or have a significant effect
on the auditor's procedures or the auditor's report.
Legal and Regulatory Issues

A comprehensive international legal framework for e-commerce and an
efficient infrastructure to support such a framework (electronic signatures,
document registries, dispute mechanisms, consumer protection, etc.) do not
yet exist. Legal frameworks in different jurisdictions vary in their
recognition of e-commerce. Nonetheless, management needs to consider
legal and regulatory issues related to the entity's e-commerce activities, for
example, whether the entity has adequate mechanisms for recognition of
taxation liabilities, particularly sales or value-added taxes, in various
jurisdictions. Factors that may give rise to taxes on e-commerce transactions
include the place where:
 The entity is legally registered;
 Its physical operations are based;
 Its web server is located;
 Goods and services are supplied from; and
 Its customers are located or goods and services are delivered.
These may all be in different jurisdictions. This may give rise to a risk that
taxes due on cross-jurisdictional transactions are not appropriately
recognized.
Legal or regulatory issues that may be particularly relevant in an e-

commerce environment
include:
 Adherence to national and international privacy requirements;
 Adherence to national and international requirements for regulated
industries;
 The enforceability of contracts;
 The legality of particular activities, for example Internet gambling;
 The risk of money laundering; and
 Violation of intellectual property rights.
ISA 250, 'Consideration of Laws and Regulations in an Audit of Financial

Statements' requires that when planning and performing audit procedures
and in evaluating and reporting the results thereof, the auditor recognize that
UEW/IEDE 217
noncompliance by the entity with laws and regulations may materially affect
the financial statements. ISA 250 also requires that, in order to plan the
audit, the auditor should obtain a general understanding of the legal and
regulatory framework applicable to the entity and the industry and how the
entity is complying with that framework. That framework may, in the
particular circumstances of the entity, include certain legal and regulatory
issues related to its e-commerce activities.
While ISA 250 recognizes that an audit cannot be expected to detect non-
compliance with all laws and regulations, the auditor is specifically required
to perform procedures to help identify instances of noncompliance with
those laws and regulations where noncompliance should be considered
when preparing financial statements. When a legal or regulatory issue arises
that, in the auditor's judgment, may result in a material misstatement of the
financial statements or have a significant effect on the auditor's procedures
or the auditor's report, the auditor considers management's response to the
issue. In some cases, the advice of a lawyer with particular expertise in e-
commerce issues may be necessary when considering legal and regulatory
issues arising from an entity's e-commerce activity.
Internal Control Considerations

Internal controls can be used to mitigate many of the risks associated with e-
commerce activities. The auditor considers the control environment and
control procedures the entity has applied to its e-commerce activities to the
extent they are relevant to the financial statement assertions. In some
circumstances, for example when electronic commerce systems are highly
automated, when transaction volumes are high, or when electronic
evidence comprising the audit trail is not retained, the auditor may
determine that it is not possible to reduce audit risk to an acceptably low
level by using only substantive procedures. CAATs are often used in such
circumstances
As well as addressing security, transaction integrity and process alignment,
as discussed below, the following aspects of internal control are particularly
relevant when the entity engages In e-commerce:
 Maintaining the integrity of control procedures ill the quickly changing
e-commerce environment; and
 Ensuring access to relevant records for the entity's needs and for audit
purposes.
Security
The entity's security infrastructure and related controls are a particularly
important feature of its internal control system when external parties are
able to access the entity's information system using a public network such as
the Internet. Information is secure to the extent that the requirements for its
authorization, authenticity, confidentiality, integrity, non-repudiation and
availability have been satisfied.
218 UEW/IEDE
The entity will ordinarily address security risks related to the recording and
processing of e-commerce transactions through its security infrastructure
and related controls. The security infrastructure and related controls may
include an information security policy, an information security risk
assessment, and standards, measures, practices, and procedures within
which individual systems are introduced and maintained, including both
physical measures and logical and other technical safeguards such as user
identifiers, passwords and firewalls. To the extent they are relevant to the
financial statement assertions the auditor considers such matters as:
 The effective use of firewalls and virus protection software to protect its
systems from the introduction of unauthorized or harmful software, data
or other material in electronic form;
 The effective use of encryption, including both:
 Maintaining the privacy and security of transmissions through, for
example, authorization of decryption keys; and
 Preventing the misuse of encryption technology through, for example,
controlling and safeguarding private decryption keys;
 Controls over the development and implementation of systems used to
support e- commerce activities;
 Whether security controls in place continue to be effective as new
technologies that can be used to attack Internet security become
available; and
 Whether the control environment supports the control procedures
implemented. For example, while some control procedures, such as
digital certificate-based encryption systems, can be technically
advanced, they may not be effective if they operate within an inadequate
control environment.
Transaction Integrity
The auditor considers the completeness, accuracy, timeliness and
authorization of information provided for recording and processing in the
entity's financial records (transaction integrity). The nature and the level of
sophistication of an entity's e-commerce activities influence the nature and
extent of risks related to the recording and processing of e-commerce
transactions.
In contrast to audit procedures for traditional business activities, which

ordinarily focus separately on control processes relating to each stage of
transaction capture and processing, audit procedures for sophisticated e-
commerce often focus on automated controls that relate to the integrity of
transactions as they are captured and then immediately and automatically
processed.
In an e-commerce environment, controls relating to transaction integrity are

often designed to, for example:
 Validate input;
UEW/IEDE 219
 Prevent duplication or omission of transactions;

 Ensure the terms of trade have been agreed before an order is processed,
including delivery and credit terms, which may require, for example,
that payment is obtained when an order is placed;
 Distinguish between customer browsing and orders placed, ensure a
party to a transaction cannot later deny having agreed to specified terms
(non-repudiation), and ensure transactions are with approved parties
when appropriate;
 Prevent incomplete processing by ensuring all steps are completed and
recorded (for example, for a business to consumer transaction: order
accepted, payment received, goods/services delivered and accounting
system updated) or if all steps are not completed and recorded, by
rejecting the order;
 Ensure the proper distribution of transaction details across multiple
systems in a network (for example, when data is collected centrally and
is communicated to various resource managers to execute the
transaction); and
 Ensure records are properly retained, backed-up and secured.
Process Alignment
Process alignment refers to the way various IT systems are integrated with
one another and thus operate, in effect, as one system. In the e-commerce
environment, it is important that transactions generated from an entity's web
site are processed properly by the entity's internal systems, such as the
accounting system, customer relationship management systems and
inventory management systems (often known as 'back office' systems).
Many web sites are not automatically integrated with internal systems. The
way e-commerce transactions are captured and transferred to the entity's
accounting
system may affect such matters as:
 The completeness and accuracy of transaction processing and
information storage;
 The timing of the recognition of sales revenues, purchases and other
transactions;
 Identification and recording of disputed transactions.
When it is relevant to the financial statement assertions, the auditor

considers the controls governing the integration of e-commerce transactions
with internal systems, and the controls over systems changes and data
conversion to automate process alignment.
Review Questions
 Discuss the effects of Electronic Commerce on the audit of financial
statements
220 UEW/IEDE
INTERNAL AUDITING
XXXXXXX 5
It is heart-warming to welcome you to another interesting and useful unit.

Internal auditing is a catalyst for improving an organisation’s governance,
risk management and management control by providing insight and
recommendations processes. Let us go on.
By the end of the section, the reader should be able to:

 describe the overall role of internal auditing, identify some standards on
the professional practice of internal auditing, identify the purpose of
international standards for the prefessional practice of internal auditing.
 describe the role of internal audit in risk management, describe the audit
process involved in risk management, explain the responsibility of
management towards risk management.
 describe the role of internal auditing in corporate governance, identify
the responsibilities of the board of direction, identify various
stakeholders and their interests in corporate governance.
 knowing what control self-assessment is, types or approaches to
effective CSA, purpose of conducting CSA in our offices, ways of
performing a CSA in our offices, benefits of CSA, ways of maintaining
the use of CSA
 explain what is meant by Quality assessment and improvement program,
describe the various activities in an internal and external assessment
program, describe the procedure for reporting a quality assessment
program
 describe the audit committee relationship with management, explain the
audit committee’s role in evaluating the internal audit performance,
describe the functions of the audit committee
222 UEW/IEDE
AUDITING AND
UEW/IEDE 223
PROFESSIONAL PRACTICE OF INTERNAL AUDITING
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
1
Unit 5, section 1: Professional practice of internal auditing
Internal auditing is a catalyst for improving an organisation’s governance,

risk management and management control by providing insight and
recommendations processes.
After this section, learners will be able to:

 describe the overall role of internal auditing
 identify some standards on the professional practice of internal auditing
 identify the purpose of international standards for the prefessional
practice of internal auditing.
What Is Internal Auditing

Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization's operations. It
helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes. With commitment to
integrity and accountability, internal auditing provides value to governing
bodies and senior management as an objective source of independent
advice.
Internal auditing is conducted in diverse legal and cultural environments;

within organizations that vary in purpose, size, complexity, and structure;
and by persons within or outside the organization. Internal auditors work for
government agencies (national, regional and local); for publicly traded
companies; and for non-profit companies across all industries. Internal
auditing departments are led by a Chief Audit Executive (CAE) who
generally reports to the Audit Committee of the Board of Directors, with
administrative reporting to the Chief Executive Officer.
The scope of internal auditing within an organization is broad and may

involve topics such as an organization's governance, risk management and
management controls over: efficiency/effectiveness of operations (including
safeguarding of assets), the reliability of financial and management
reporting, and compliance with laws and regulations.
Internal auditors are not responsible for the execution of company activities;
they advise management and the Board of Directors (or similar oversight
body) regarding how to better execute their responsibilities. As a result of
their broad scope of involvement, internal auditors may have a variety of
higher educational and professional backgrounds.
The Institute of Internal Auditors (IIA) is the recognized international

standard setting body for the internal audit profession and awards the
Certified Internal Auditor designation internationally through rigorous
written examination. Internal audit's role has changed over time, shifting
focus between controls compliance and value-added consulting. The review
224 UEW/IEDE
AUDITING AND
Unit 5, section 1: Professional practice of internal auditing INVESTIGATION
and development of the Standards is an ongoing process. The International

Internal Audit Standards Board engages in extensive consultation and
discussion prior to issuing the Standards. This includes worldwide
solicitation for public comment through the exposure draft process.
International Standards For The Professional Practice Of

Internal Auditing (Standards)
While differences in business may affect the practice of internal auditing in
each environment, conformance with The IIA’s International Standards for
the Professional Practice of Internal Auditing (Standards) is essential in
meeting the responsibilities of internal auditors and the internal audit
activity. If internal auditors or the internal audit activity is prohibited by law
or regulation from conformance with certain parts of the Standards,
conformance with all other parts of the Standards and appropriate
disclosures are needed.
If the Standards are used in conjunction with standards issued by other

authoritative bodies, internal audit communications may also cite the use of
other standards, as appropriate. In such a case, if inconsistencies exist
between the Standards and other standards, internal auditors and the internal
audit activity must conform with the
Standards, and may conform with the other standards if they are more
restrictive.
The purpose of the Standards is to:

 Delineate basic principles that represent the practice of internal auditing.
 Provide a framework for performing and promoting a broad range of
value -added internal auditing.
 Establish the basis for the evaluation of internal audit performance.
 Foster improved organizational processes and operations.
The Standards are principles-focused, mandatory requirements consisting

of: Statements of basic requirements for the professional practice of internal
auditing and for evaluating the effectiveness of performance, which are
internationally applicable at organizational and individual levels. The
structure of the Standards is divided between Attribute and Performance
Standards.
Attribute Standards address the attributes of organizations and individuals

performing internal auditing. The Performance Standards describe the
nature of internal auditing and provide quality criteria against which the
performance of these services can be measured. Implementation Standards
are also provided to expand upon the Attribute and Performance standards,
by providing the requirements applicable to assurance (A) or consulting (C)
activities.
UEW/IEDE 225
AUDITING AND
INVESTIGATION Unit 5, section 1: Professional practice of internal auditing
Assurance services involve the internal auditor’s objective assessment of

evidence to provide an independent opinion or conclusions regarding an
entity, operation, function, process, system, or other subject matter. The
nature and scope of the assurance engagement are determined by the
internal auditor. There are generally three parties involved in assurance
services:
 the person or group directly involved with the entity, operation,
function, process, system, or other subject matter — the process owner,
 the person or group making the assessment —the internal auditor, and
 the person or group using the assessment —the user.
Consulting services are advisory in nature, and are generally performed at

the specific request of an engagement client. The nature and scope of the
consulting engagement are subject to agreement with the engagement client.
Consulting services generally involve two parties: (1) the person or group
offering the advice — the internal auditor, and (2) the person or group
seeking and receiving the advice — the engagement client. When
performing consulting services the internal auditor should maintain
objectivity and not assume management responsibility. The Standards apply
to individual internal auditors and internal audit activities. All internal
auditors are accountable for conforming to the Standards related to
individual objectivity, proficiency, and due professional care. In addition,
internal auditors are accountable for conforming with the Standards, which
are relevant to the performance of their job responsibilities.
Chief Audit Executives are accountable for overall conformance with the
Standards. This responsibility is demonstrated through the quality assurance
and improvement program which assesses conformance with the Definition
of Internal Auditing, the Code of Ethics, and the Standards.
Standards
1130 – Impairment to Independence or Objectivity: If independence or
objectivity is impaired in fact or appearance, the details of the impairment
must be disclosed to appropriate parties. The nature of the disclosure will
depend upon the impairment.
Interpretation: Impairment to organizational independence and individual

objectivity may include, but is not limited to, personal conflict of interest,
scope limitations, restrictions on access to records, personnel, and
properties, and resource limitations, such as funding.
The determination of appropriate parties to which the details of an

impairment to independence or objectivity must be disclosed is dependent
upon the expectations of the internal audit activity’s and the chief audit
executive’s responsibilities to senior management and the board as
226 UEW/IEDE
AUDITING AND
described in the internal audit charter, as well as the nature of the

impairment.
1130.A1 – Internal auditors must refrain from assessing specific operations
for which they were previously responsible. Objectivity is presumed to be
impaired if an internal auditor provides assurance services for an activity for
which the internal auditor had responsibility within the previous year.
1130.A2 – Assurance engagements for functions over which the chief audit
executive has responsibility must be overseen by a party outside the internal
audit activity.
1130.C1 – Internal auditors may provide consulting services relating to
operations for which they had previous responsibilities.
1130.C2 – If internal auditors have potential impairments to independence
or objectivity relating to proposed consulting services, disclosure must be
made to the engagement client prior to accepting the engagement.
1200 – Proficiency and Due Professional Care

Engagements must be performed with proficiency and due professional care.
1210 – Proficiency: Internal auditors must possess the knowledge, skills,

and other competencies needed to perform their individual responsibilities.
The internal audit activity collectively must possess or obtain the
knowledge, skills, and other competencies needed to perform its
responsibilities.
Knowledge, skills, and other competencies is a collective term that refers to

the professional proficiency required of internal auditors to effectively carry
out their professional responsibilities. Internal auditors are encouraged to
demonstrate their proficiency by obtaining appropriate professional
certifications and qualifications, such as the Certified Internal Auditor
designation and other designations offered by The Institute of Internal
Auditors and other appropriate professional organizations.
1210.A1 – The chief audit executive must obtain competent advice and
assistance if the internal auditors lack the knowledge, skills, or other
competencies needed to perform all or part of the engagement.
Performance Standards
2000 – Managing the Internal Audit Activity
The chief audit executive must effectively manage the internal audit activity
to ensure it adds value to the organization. The internal audit activity is
effectively managed when: The results of the internal audit activity’s work
achieve the purpose and responsibility included in the internal audit charter
The internal audit activity conforms to the Definition of Internal Auditing

and the Standards; and the individuals who are part of the internal audit
activity demonstrate conformance with the Code of Ethics and the
UEW/IEDE 227
AUDITING AND
Standards. The internal audit activity adds value to the organization (and its
stakeholders) when it provides objective and relevant assurance, and
contributes to the effectiveness and efficiency of governance, risk
management, and control processes.
2100 – Nature of Work: The internal audit activity must evaluate and
contribute to the improvement of governance, risk management, and control
processes using a systematic and disciplined approach.
2110 – Governance: The internal audit activity must assess and make
appropriate recommendations for improving the governance process in its
accomplishment of the following objectives:
 Promoting appropriate ethics and values within the organization;
 Ensuring effective organizational performance management and
accountability;
 Communicating risk and control information to appropriate areas of the
organization; and
 Coordinating the activities of and communicating information among
the board, external and internal auditors, and management.
2110. A1 –The internal audit activity must evaluate the design,

implementation, and effectiveness of the organization’s ethics-related
objectives, programs, and activities.
2110. A2 – The internal audit activity must assess whether the information
technology governance of the organization supports the organization’s
strategies and objectives.
2120 – Risk Management: The internal audit activity must evaluate the
effectiveness and contribute to the improvement of risk management
processes
Determining whether risk management processes are effective is a judgment

resulting from the internal auditor’s assessment that:
 Organizational objectives support and align with the organization’s
mission;
 Significant risks are identified and assessed;
 Appropriate risk responses are selected that align risks with the
organization’s risk appetite; and
 Relevant risk information is captured and communicated in a timely
manner across the organization, enabling staff, management, and the
board to carry out their responsibilities.
The internal audit activity may gather the information to support this
assessment during multiple engagements. The results of these engagements,
when viewed together, provide an understanding of the organization’s risk
management processes and their effectiveness.
228 UEW/IEDE
AUDITING AND
Sufficient information is factual, adequate, and convincing so that a prudent,

informed person would reach the same conclusions as the auditor. Reliable
information is the best attainable information through the use of appropriate
engagement techniques. Relevant information supports engagement
observations and recommendations and is consistent with the objectives for
the engagement. Useful information helps the organization meet its goals.
2200 – Engagement Planning: Internal auditors must develop and

document a plan for each engagement, including the engagement’s
objectives, scope, timing, and resource allocations.
2201 – Planning Considerations: In planning the engagement, internal

auditors must consider:
 The objectives of the activity being reviewed and the means by which
the activity controls its performance;
 The significant risks to the activity, its objectives, resources, and
operations and the means by which the potential impact of risk is kept to
an acceptable level;
 The adequacy and effectiveness of the activity’s governance, risk
management, and control processes compared to a relevant framework
or model; and
 The opportunities for making significant improvements to the activity’s
governance, risk management, and control processes.
2201.A1– When planning an engagement for parties outside the

organization, internal auditors must establish a written understanding with
them about objectives, scope, respective responsibilities, and other
expectations, including restrictions on distribution of the results of the
engagement and access to engagement records.
2201.C1 – Internal auditors must establish an understanding with consulting

engagement clients about objectives, scope, respective responsibilities, and
other client expectations. For significant engagements, this understanding
must be documented.
2210 – Engagement Objectives: Objectives must be established for each

engagement.
2210.A1–Internal auditors must conduct a preliminary assessment of the

risks relevant to the activity under review. Engagement objectives must
reflect the results of this assessment.
2210.A2 - Internal auditors must consider the probability of significant
errors, fraud, noncompliance, and other exposures when developing the
engagement objectives.
2210.A3 – Adequate criteria are needed to evaluate governance, risk
management, and controls. Internal auditors must ascertain the extent to
which management and/or the board has established adequate criteria to
UEW/IEDE 229
AUDITING AND
determine whether objectives and goals have been accomplished. If

adequate, internal auditors must use such criteria in their evaluation. If
inadequate, internal auditors must work with management and/or the board
to develop appropriate evaluation criteria.
2210.C1 – Consulting engagement objectives must address governance, risk
management, and control processes to the extent agreed upon with the
client.
2210.C2 – Consulting engagement objectives must be consistent with the
organization's values, strategies, and objectives.
2220 – Engagement Scope: The established scope must be sufficient to

achieve the objectives of the engagement.
2220.A1 – The scope of the engagement must include consideration of
relevant systems, records, personnel, and physical properties, including
those under the control of third parties.
2220.A2 – If significant consulting opportunities arise during an assurance
engagement, a specific written understanding as to the objectives, scope,
respective responsibilities, and other expectations should be reached and the
results of the consulting engagement communicated in accordance with
consulting standards.
2220.C1 – In performing consulting engagements, internal auditors must
ensure that the scope of the engagement is sufficient to address the agreed-
upon objectives. If internal auditors develop reservations about the scope
during the engagement, these reservations must be discussed with the client
to determine whether to continue with the engagement.
2220.C2 – During consulting engagements, internal auditors must address
controls consistent with the engagement’s objectives and be alert to
significant control issues.
2230 – Engagement Resource Allocation: Internal auditors must

determine appropriate and sufficient resources to achieve engagement
objectives based on an evaluation of the nature and complexity of each
engagement, time constraints, and available resources.
2240 – Engagement Work Program: Internal auditors must develop and

document work programs that achieve the engagement objectives.
2240.A1 – Work programs must include the procedures for identifying,
analyzing, evaluating, and documenting information during the engagement.
The work program must be approved prior to its implementation, and any
adjustments approved promptly.
2240.C1 – Work programs for consulting engagements may vary in for m
and content depending upon the nature of the engagement
2300 – Performing the Engagement: Internal auditors must identify,

analyze, evaluate, and document sufficient information to achieve the
engagement’s objectives.
230 UEW/IEDE
AUDITING AND
2310 – Identifying Information: Internal auditors must identify sufficient,

reliable, relevant, and useful information to achieve the engagement’s
objectives.
2320 –Analysis and Evaluation: Internal auditors must base conclusions

and engagement results on appropriate analyses and evaluations.
2330 – Documenting Information: Internal auditors must document

relevant information to support the conclusions and engagement results.
2330. A1 –The chief audit executive must control access to engagement

records. The chief audit executive must obtain the approval of senior
management and/or legal counsel prior to releasing such records to external
parties, as appropriate.
2330. A2 – The chief audit executive must develop retention requirements

for engagement records, regardless of the medium in which each record is
stored. These retention requirements must be consistent with the
organization’s guidelines and any pertinent regulatory or other
requirements.
2330. C1 – The chief audit executive must develop policies governing the
custody and retention of consulting engagement records, as well as their
release to internal and external parties. These policies must be consistent
with the organization’s guidelines and any pertinent regulatory or other
requirements.
2340 –Engagement Supervision: Engagements must be properly

supervised to ensure objectives are achieved, quality is assured, and staff is
developed.
The extent of supervision required will depend on the proficiency and

experience of internal auditors and the complexity of the engagement. The
chief audit executive has overall responsibility for supervising the
engagement, whether performed by or for the internal audit activity, but
may designate appropriately experienced members of the internal audit
activity to perform the review. Appropriate evidence of supervision is
documented and retained.
2400 – Communicating Results: Internal auditors must communicate the

results of engagements. Communications must include the engagement’s
objectives and scope as well as applicable conclusions, recommendations,
and action plans.
2440 –Disseminating Results: The chief audit executive must

communicate results to the appropriate parties. The chief audit executive is
responsible for reviewing and approving the final engagement
UEW/IEDE 231
AUDITING AND
communication before issuance and for deciding to whom and how it will
be disseminated. When the chief audit executive delegates these duties, he
or she retains overall responsibility.
2420 – Quality of Communications: Communications must be accurate,

objective, clear, concise, constructive, complete, and timely.
Accurate communications are free from errors and distortions and are
faithful to the underlying facts. Objective communications are fair,
impartial, and unbiased and are the result of a fair-minded and balanced
assessment of all relevant facts and circumstances. Clear communications
are easily understood and logical, avoiding unnecessary technical language
and providing all significant and relevant information. Concise
communications are to the point and avoid unnecessary elaboration,
superfluous detail, redundancy, and wordiness. Constructive
communications are helpful to the engagement client and the organization
and lead to improvements where needed. Complete communications lack
nothing that is essential to the target audience and include all significant and
relevant information and observations to support recommendations and
conclusions. Timely communications are opportune and expedient,
depending on the significance of the issue, allowing management to take
appropriate corrective action.
2450 - Overall Opinions: When an overall opinion is issued, it must take

into account the expectations of senior management, the board, and other
stakeholders and must be supported by sufficient, reliable, relevant, and
useful information. The communication will identify:
 The scope, including the time period to which the opinion pertains;
 Scope limitations;
 Consideration of all related projects including the reliance on other
assurance providers;
 The risk or control framework or other criteria used as a basis for the
overall opinion; and
 The overall opinion, judgment, or conclusion reached.
2500 – Monitoring Progress: The chief audit executive must establish and
maintain a system to monitor the disposition of results communicated to
management. He must establish a follow-up process to monitor and ensure
that management actions have been effectively implemented or that senior
management has accepted the risk of not taking action.
2500.C1 – The internal audit activity must monitor the disposition of results
of consulting engagements to the extent agreed upon with the client.
2600 –Communicating The Acceptance Of Risks: When the chief audit

executive concludes that management has accepted a level of risk that may
be unacceptable to the organization, the chief audit executive must discuss
232 UEW/IEDE
AUDITING AND
the matter with senior management. If the chief audit executive determines
that the matter has not been resolved, the chief audit executive must
communicate the matter to the board.
The identification of risk accepted by management may be observed through

an assurance or consulting engagement, monitoring progress on actions
taken by management as a result of prior engagements, or other means. It is
not the responsibility of the chief audit executive to resolve the risk.
This section looked at the framework of the professional practice of internal

auditing. We also looked at how international standards enhances the
professional practice of internal auditing.
Review questions
 Explain the role of internal auditing.
 Outline the purpose of international standards on the professional
practice of internal auditing
 Explain what is meant by terms,
 Attribute standards
 Performance standards
UEW/IEDE 233
INTERNAL AUDITING AND RISK MANAGEMENT
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
2
Unit 5, section 2: Internal auditing and risk management
The internal audit function may help the organization address its risk of
fraud through a fraud risk assessment. Risk management is a major part of
the internal audit function.
By the end of this section, learners should be able to:

 describe the role of internal audit in risk management
 describe the audit process involved in risk management
 explain the responsibility of management towards risk management.
Background
The scope of internal auditing within an organization is broad and must
cover the organization's governance, risk management and internal controls.
Internal auditors are not responsible for ensuring risk management but must
facilitate in the process and must adopt risk-based audit approach in order to
add value and assist the organization achieve its objectives.
Internal auditing is a catalyst for improving an organization's governance,

risk management and management controls by providing insight and
recommendations based on analyses and assessments of data and business
processes.
Role of internal audit in internal control

Internal auditing activity is primarily directed at evaluating internal control.
Under the COSO Framework, internal control is broadly defined as a
process, affected by an entity's board of directors, management, and other
personnel, designed to provide reasonable assurance regarding the
achievement of the following core objectives for which all businesses strive:
 Effectiveness and efficiency of operations.
 Reliability of financial and management reporting.
 Compliance with laws and regulations.
 Safeguarding of Assets
Management is responsible for internal control, which comprises five

critical components: the control environment; risk assessment; risk focused
control activities; information and communication; and monitoring
activities. Managers establish policies, processes, and practices in these five
components of management control to help the organization achieve the
four specific objectives listed above. Internal auditors perform audits to
evaluate whether the five components of management control are present
and operating effectively, and if not, provide recommendations for
improvement.
Management responsibility
The driving force for the enterprise is the CEO and board of directors. This
is where the key decisions are made regarding the strategy that will
234 UEW/IEDE
AUDITING AND
Unit 5, section 2: Internal auditing and risk management INVESTIGATION
transform the mission into firm results. The board has a key role in
overseeing the risk management process.
Managers are responsible for ensuring that their staff, systems, and budgets
are applied to delivering the set strategy. They do this by breaking down the
longer-term corporate strategy into more manageable shorter-term chunks
that are handed out to their workforce and associates. The workforce is in
effect the engine room of the organization. Empowering organizations allow
people to make decisions on the front line and flex their responses to the
needs of customers and clients. In terms of implementing solutions, the
responsibilities of senior management have been outlined in the banking
operational risk management framework.
Management are responsible for identifying risk and for the internal control
environment. Internal audit reviews the risk assessments and the internal
controls in place to ensure they are effective. When risk assessments are not
explicit or not documented, the internal auditor may work with management
to document them and make them explicit.
The role of the risk manager is not to manage risk but to ensure that
common procedures and practices are adopted throughout the organization,
that line managers have responsibility for identifying and managing risk in
their own areas and to provide a cohesive overview and reporting line to the
board.
Role of internal audit in risk management

Internal auditing professional standards require the function to evaluate the
effectiveness of the organization's Risk management activities. Risk
management is the process by which an organization identifies, analyzes,
responds, gathers information about, and monitors strategic risks that could
actually or potentially impact the organization's ability to achieve its
mission and objectives. The audit role in risk management depends on what
adds the most value in the control of the need to evaluate and make
improvements. Much depends on where the organization stands in terms of
the extent to which risk, and how risk is addressed, is embedded into the
way it works.
Under the COSO enterprise risk management (ERM) Framework, an

organization's strategy, operations, reporting, and compliance objectives all
have associated strategic business risks - the negative outcomes resulting
from internal and external events that inhibit the organization's ability to
achieve its objectives. Management assesses risk as part of the ordinary
course of business activities such as strategic planning, marketing planning,
capital planning, budgeting, hedging, incentive payout structure,
credit/lending practices, mergers and acquisitions, strategic partnerships,
legislative changes, conducting business abroad, etc.
UEW/IEDE 235
AUDITING AND
INVESTIGATION Unit 5, section 2: Internal auditing and risk management
Internal auditing evolved to satisfy management needs, and the most

effective audit staffs keep management and organizational objectives at the
forefront of their own planning and activities. Sarbanes-Oxley regulations
require extensive risk assessment of financial reporting processes. Corporate
legal counsel often prepares comprehensive assessments of the current and
potential litigation a company faces. Internal auditors may evaluate each of
these activities, or focus on the overarching process used to manage risks
entity-wide. For example, internal auditors can advise management
regarding the reporting of forward-looking operating measures to the Board,
to help identify emerging risks; or internal auditors can evaluate and report
on whether the board and other stakeholders can have reasonable assurance
the organization's management team has implemented an effective
enterprise risk management program.
In larger organizations, major strategic initiatives are implemented to

achieve objectives and drive changes. As a member of senior management,
the Chief Audit Executive (CAE) may participate in status updates on these
major initiatives. This places the CAE in the position to report on many of
the major risks the organization faces to the Audit Committee, or ensure
management's reporting is effective for that purpose.
The audit role then reflects the degree of risk maturity, and auditors may
need to swing into action to kick-start the process. Although there is much
flexibility in establishing an early audit role, it is important that this is part
of a negotiated position with the board and audit committee. As such, the
audit charter needs to set this role as a way of defining expectations.
The internal audit function may help the organization address its risk of
fraud via a fraud risk assessment, using principles of fraud deterrence.
Internal auditors may help companies establish and maintain Enterprise Risk
Management processes. Internal auditors also play an important role in
helping companies execute risk assessment or are typically part of the risk
assessment team in an advisory role.
Audit approach to reviewing the risk management process

The overall audit approach to reviewing the risk management process
operates on several different levels. One way to consider auditing the risk
management process is to go through the following steps:
 Use the audit charter to develop an approach to reviewing risk
management that takes into account the board’s ERM policy and the
views of the audit committee. Within this charter, set out the level of
consulting work that will complement the most important core audit
assurance services.
 Use any work performed by the organization to support the risk-based
audit plans after having judged whether this work is reliable.
236 UEW/IEDE
AUDITING AND
 Develop preliminary surveys in audit areas that have been prioritised

through risk-based audit plans. CRSA workshops, interviews, and staff
surveys may be used to clarify the terms of reference for the planned
audits so that the resultant audit work may focus on real risks to
achieving the set business objectives.
 Review the risk registers in use in the areas under review and determine
whether they can be relied on to support the business manager’s reviews
of internal control. Auditing should look for evidence that supports (or
otherwise) the way risks are currently being managed in the areas under
review. Where there are no registers in use, consulting work may be
developed to assist the business to make the necessary progress, and
meanwhile, the audit work may entail a complete assessment of risks
and controls in the area in question.
 Ensure that the audit work allows the chief auditor to report on the state
of ERM and internal controls in the area that has been reviewed and also
comments on the way that business management are certifying their
controls as part of the wider controls disclosure infrastructure.
Audit Charter
The audit charter is a brief document, but building on this platform, the
auditor should be able to provide a full range of important services
including:
Advising the audit committee on the way it is discharging its areas of

responsibility.
 Assisting the board in setting up its published disclosures infrastructure
and ensuring that the audit input in these disclosures is well organized.
 Encouraging dialogue with key stakeholders so that, wherever possible,
their concerns are built into the risk management process.
 Helping management establish a reliable risk management process and
effective internal controls.
 Promoting compliance with legal and regulatory requirements.
 Providing assurance and consultancy services that fit in with the other
tasks.
Strategy
Internal audit functions may also develop functional strategies described in
multi-year strategic plans. Professional guidance on building an Internal
Audit strategic plan was issued by the Institute of Internal Auditors in July
2012 via a Practice Guide called Developing the Internal Audit Strategic
Plan. A key aspect of developing IA strategy is to understand the
expectations of stakeholders, such as the Audit Committee and top
management. This helps guide the IA function in its mission of helping the
organization address the risks it faces. Specific topics considered in IA
strategic planning include:
UEW/IEDE 237
AUDITING AND
 Scope and emphasis: An IA function may be involved in addressing

risks related to financial reporting, operations, legal and regulatory
compliance, and the company strategy. There may also be special topics
of interest to stakeholders that change considerably year-to-year.
 Portfolio of services: IA functions may provide traditional audit
assurance across the risk spectrum as well as consulting project support
in a variety of areas such as project management, data analysis, and
monitoring of major company initiatives. Larger audit functions may
establish specialty areas to handle their service portfolio.
 Competency development: The stakeholder expectations around scope
and service portfolio determine what competencies the function needs,
which drives decisions regarding hiring of specific skills and training
programs.
 Technology: IA functions use a variety of technology tools/software to
support audit process workflow, statistical analysis, and obtaining data
from systems.
Building the IA strategy may involve a variety of strategic management

concepts and frameworks, such as strategic planning, strategic thinking, and
SWOT analysis
Risk base audit plan

The audit universe can include components from the organisation’s strategic
plan. By incorporating components of the organisation’s strategic plan, the
audit universe will consider and reflect the overall business objectives.
Strategic plans also likely reflect the organisation’s attitude toward risk and
the degree of difficulty to achieving planned objectives.
The audit universe will normally be influenced by the results of the risk
management process. The organisation’s strategic plan should have been
created considering the environment in which the organization operates.
These same environmental factors would likely impact the audit universe
and assessment factors would likely impact the audit universe and
assessment of relative risk.
Audit plans must be carefully thought through, and the impact of the risk
management process can be seen in the way standards are set covering the
way auditors should plan their work.
Preliminary audit survey

Internal auditors should ascertain the extent to which operating and program
goals and objectives have been established and conform to those of the
organization. Business risk management depends on good objective setting.
The auditor needs to make sure the operational objectives for the area under
review pass this test before we can start to think about the way risks have
238 UEW/IEDE
AUDITING AND
been identified and assessed. The preliminary survey will ask several key
questions:
 How objectives are set, and are these objectives aligned to corporate
objectives?
 What is the level of risk awareness among managers and staff, and have
staff expressed any concerns about the way risk is being dealt with?
 Are those clearly defined roles and responsibilities and assigned risk
owners for each aspect of the business?
Business risk register

One crucial aspect of auditing the risk management process is the role of the
risk register. This document becomes a focal point for the entire audit
process. The risk register captures the risk cycle of identification,
assessment, and management- that should be compiled by any good
business manager. This could be through reviews by the manager and
management team, or risk workshops by teams reporting up to the manager,
or through an assessment of intelligence and trend analysis.
Audit Evidence
Evidence determines whether the information recorded about risks in each
part of the organization can be verified or at least supported by good
evidence. One risk management standard asks that the risk process be
reviewed and several general questions addressed and answered as a result
of this review:
 What is the reliability of the information?
 How confident are we that the list of risks is comprehensive?
 Is there a need for additional research into specific risks?
 Are the objectives and scope covered adequately?
 Have the right people been involved in the risk identification process?
In addition, the auditor will wish to make three key considerations in

reaching an evaluation of the overall effectiveness of the organisation’s risk
management and control processes:
 Were significant discrepancies or weakness discovered from the audit
work performed and other assessment information gathered?
 If so, were corrections or improvements made after the discoveries?
Do the discoveries and their consequences lead to the conclusion that a

pervasive condition exists, resulting in an unacceptable level of business
risk?
Internal audit execution

A typical internal audit assignment involves the following steps:
 Establish and communicate the scope and objectives for the audit to
appropriate management.
UEW/IEDE 239
AUDITING AND
 Develop an understanding of the business area under review. This

includes objectives, measurements, and key transaction types. This
involves review of documents and interviews. Flowcharts and narratives
may be created if necessary.
 Describe the key risks facing the business activities within the scope of
the audit.
 Identify management practices in the five components of control used to
ensure each key risk is properly controlled and monitored. Internal Audit
checklist can be a helpful tool to identify common risks and desired
controls in the specific process or industry being audited.
 Develop and execute a risk-based sampling and testing approach to
determine whether the most important management controls are
operating as intended.
 Report issues and challenges identified and negotiate action plans with
management to address the problems.
 Follow-up on reported findings at appropriate intervals. Internal audit
departments maintain a follow-up database for this purpose.
Internal audit reports

Internal auditors typically issue reports at the end of each audit that
summarize their findings, recommendations, and any responses or action
plans from management. Engagements observations and recommendations
emerge by a process of comparing what should be with what is. Whether or
not there is difference, the internal auditor has a foundation on which to
build the report. When conditions meet the criteria, acknowledgment in the
engagement communications of satisfactory performance may be
appropriate.
An audit report may have an executive summary; a body that includes the
specific issues or findings identified and related recommendations or action
plans; and appendix information such as detailed graphs and charts or
process information. Each audit finding within the body of the report may
contain five elements, sometimes called the "5 C's":
 Condition: What is the particular problem identified?
 Criteria: What is the standard that was not met? The standard may be a
company policy or other benchmark.
 Cause: Why did the problem occur?
 Consequence: What is the risk/negative outcome (or opportunity
foregone) because of the finding?
 Corrective action: What should management do about the finding? What
have they agreed to do and by when?
The recommendations in an internal audit report are designed to help the

organization achieve effective and efficient governance, risk and control
processes associated with operations objectives, financial and management
reporting objectives; and legal/regulatory compliance objectives.
240 UEW/IEDE
AUDITING AND
Audit findings and recommendations may also relate to particular assertions

about transactions, such as whether the transactions audited were valid or
authorized, completely processed, accurately valued, processed in the
correct time period, and properly disclosed in financial or operational
reporting, among other elements.
Under the IIA standards, a critical component of the audit process is the
preparation of a balanced report that provides executives and the board with
the opportunity to evaluate and weigh the issues being reported in the proper
context and perspective. In providing perspective, analysis and workable
recommendations for business improvements in critical areas, auditors help
the organization meet its objectives.
 One crucial aspect of auditing the risk management process is the role of
the risk register. This document becomes a focal point for the entire
audit process.
 Internal auditing evolved to satisfy management needs, and the most
effective audit staffs keep management and organizational objectives at
the forefront of their own planning and activities.
 Management are responsible for identifying risk and for the internal
control environment. Internal audit reviews the risk assessments and the
internal controls in place to ensure they are effective.
Review questions
 Explain the role of internal auditing in risk management.
 Describe the audit processes involved in risk management.
 What your opinion, what is the responsibility of management towards
risk assessment and management.
UEW/IEDE 241
INTERNAL AUDITING & CORPORATE GOVERNANCE
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
3
Unit 5, section 3: Internal auditing & corporate governance
After looking at internal auditing and its relation to risk management, we

need to understand the role of internal auditing in relation to corporate
governance. This section will give students an insight about this issue.
 describe the role of internal auditing in corporate governance

 identify the responsibilities of the board of direction
 identify various stakeholders and their interests in corporate governance.
Nature of corporate governance

Corporate governance broadly refers to the mechanisms, processes and
relations by which corporations are controlled and directed. Governance
structures identify the distribution of rights and responsibilities among
different participants in the corporation (such as the board of directors,
managers, shareholders, creditors, auditors, regulators, and other
stakeholders) and include the rules and procedures for making decisions in
corporate affairs. Corporate governance includes the processes through
which corporations' objectives are set and pursued in the context of the
social, regulatory and market environment.
Governance mechanisms include monitoring the actions, policies and

decisions of corporations and their agents. Corporate governance practices
are affected by attempts to align the interests of stakeholders. Interest in the
corporate governance practices of modern corporations, particularly in
relation to accountability, increased following the high-profile collapses of a
number of large corporations during 2001–2002, most of which involved
accounting fraud; and then again, the recent financial crisis in 2008.
Corporate scandals of various forms have maintained public and political
interest in the regulation of corporate governance.
In the U.S., these include Enron and MCI Inc. (formerly WorldCom). Their
demise is associated with the U.S. federal government passing the Sarbanes-
Oxley Act in 2002, intending to restore public confidence in corporate
governance. Comparable failures were recorded Australia are associated
with the eventual passage of the CLERP 9 reforms. Similar corporate
failures in other countries stimulated increased regulatory interest (e.g.,
Parmalat in Italy).
Corporate governance has also been more narrowly defined as "a system of
law and sound approaches by which corporations are directed and controlled
focusing on the internal and external corporate structures with the intention
of monitoring the actions of management and directors and thereby,
mitigating agency risks which may stem from the misdeeds of corporate
officers.
One source defines corporate governance as "the set of conditions that

shapes the ex post bargaining over the quasi-rents generated by a firm.” The
242 UEW/IEDE
AUDITING AND
Unit 5, section 3: Internal auditing & corporate governance INVESTIGATION
firm itself is modelled as a governance structure acting through the

mechanisms of contract. Here corporate governance may include its relation
to corporate finance.
Stakeholders and their interest

Key parties involved in corporate governance include stakeholders such as
the board of directors, management and shareholders. External stakeholders
such as creditors, auditors, customers, suppliers, government agencies, and
the community at large also exert influence. The agency view of the
corporation posits that the shareholder forgoes decision rights (control) and
entrusts the manager to act in the shareholders' best (joint) interests. Partly
as a result of this separation between the two investors and managers,
corporate governance mechanisms include a system of controls intended to
help align managers' incentives with those of shareholders. Agency
concerns (risk) are necessarily lower for a controlling shareholder.
All parties to corporate governance have an interest, whether direct or
indirect, in the financial performance of the corporation. Directors, workers
and management receive salaries, benefits and reputation, while investors
expect to receive financial returns. For lenders, it is specified interest
payments, while returns to equity investors arise from dividend distributions
or capital gains on their stock. Customers are concerned with the certainty
of the provision of goods and services of an appropriate quality; suppliers
are concerned with compensation for their goods or services, and possible
continued trading relationships. These parties provide value to the
corporation in the form of financial, physical, human and other forms of
capital. Many parties may also be concerned with corporate social
performance.
A key factor in a party's decision to participate in or engage with a

corporation is their confidence that the corporation will deliver the party's
expected outcomes. When categories of parties (stakeholders) do not have
sufficient confidence that a corporation is being controlled and directed in a
manner consistent with their desired outcomes, they are less likely to engage
with the corporation. When this becomes an endemic system feature, the
loss of confidence and participation in markets may affect many other
stakeholders, and increases the likelihood of political action. There is
substantial interest in how external systems and institutions, including
markets, influence corporate governance.
Responsibilities of the Board of Directors (BOD)

The OECD Principles of Corporate Governance (2004) describe the
following responsibilities of the board:
 Board members should be informed and act ethically and in good faith,
with due diligence and care, in the best interest of the company and the
shareholders.
UEW/IEDE 243
AUDITING AND
INVESTIGATION Unit 5, section 3: Internal auditing & corporate governance
 Review and guide corporate strategy, objective setting, major plans of

action, risk policy, capital plans, and annual budgets.
 Oversee major acquisitions and divestitures.
 Select, compensate, monitor and replace key executives and oversee
succession planning.
 Align key executive and board remuneration (pay) with the longer-term
interests of the company and its shareholders.
 Ensure a formal and transparent board member nomination and election
process.
 Ensure the integrity of the corporations accounting and financial
reporting systems, including their independent audit.
 Ensure appropriate systems of internal control are established.
 Oversee the process of disclosure and communications.
 Where committees of the board are established, their mandate,
composition and working procedures should be well-defined and
disclosed.
While internal auditors are not independent of the companies that employ
them, independence and objectivity are the cornerstone of their professional
standards. The required organizational independence from management
enables unrestricted evaluation of management activities and personnel and
allows internal auditors to perform their role effectively. Although internal
auditors are part of company management and paid by the company, the
primary customer of internal audit activity is the entity charged with
oversight of management's activities. This is typically the Audit Committee,
a sub-committee of the Board of Directors. Organizational independence is
effectively achieved when the chief audit executive reports functionally to
the board.
Role of internal audit in corporate governance

Internal auditing activity as it relates to corporate governance has in the past
been generally informal, accomplished primarily through participation in
meetings and discussions with members of the Board of Directors.
According to COSO's ERM framework, governance is the policies,
processes and structures used by the organization’s leadership to direct
activities, achieve objectives, and protect the interests of diverse stakeholder
groups in a manner consistent with ethical standards. The internal auditor is
often considered one of the "four pillars" of corporate governance, the other
pillars being the Board of Directors, management, and the external auditor.
A primary focus area of internal auditing as it relates to corporate
governance is helping the Audit Committee of the Board of Directors (or
equivalent) perform its responsibilities effectively. This may include
reporting critical management control issues, suggesting questions or topics
for the Audit Committee's meeting agendas, and coordinating with the
external auditor and management to ensure the Committee receives effective
information. In recent years, the IIA has advocated more formal evaluation
244 UEW/IEDE
AUDITING AND
of corporate governance, particularly in the areas of board oversight of

enterprise risk, corporate ethics, and fraud.
Control and ownership structures

Control and ownership structure refers to the types and composition of
shareholders in a company. In some countries, ownership is not necessarily
equivalent to control due to the existence of e.g. dual-class shares,
ownership pyramids, voting coalitions, proxy votes and clauses in the
memorandum of association that confer additional voting rights to long-term
shareholders. Ownership is typically defined as the ownership of cash flow
rights whereas control refers to ownership of control or voting rights.
Researchers often "measure" control and ownership structures by using
some observable measures of control and ownership concentration or the
extent of inside control and ownership. Corporate engagement with
shareholders and other stakeholders can differ substantially across different
control and ownership structures.
Family control
Family interests dominate ownership and control structures of some
companies, and it has been suggested that the oversight of family controlled
companies is superior to those "controlled" by institutional investors (or
with such diverse share ownership that they are controlled by management).
The significance of institutional investors varies substantially across
countries. The largest pools of invested money are designed to maximize the
benefits of diversified investment by investing in a very large number of
different companies with sufficient liquidity. A recent study by Credit
Suisse found that companies in which "founding families retain a stake of
more than 10% of the company's capital enjoyed a superior performance
over their respective sectorial peers." One of the biggest strategic
advantages a company can have is blood ties," according to a Business
Week study.
Mechanisms and controls

Corporate governance mechanisms and controls are designed to reduce the
inefficiencies that arise from moral hazard and adverse selection. There are
both internal monitoring systems and external monitoring systems. Internal
monitoring can be done, for example, by one (or a few) large shareholder(s)
in the case of privately held companies or a firm belonging to a business
group. Furthermore, the various board mechanisms provide for internal
monitoring.
External monitoring of managers' behaviour occurs when an independent

third party (e.g. the external auditor) attests the accuracy of information
provided by management to investors. Stock analysts and debt holders may
also conduct such external monitoring. An ideal monitoring and control
system should regulate both motivation and ability, while providing
UEW/IEDE 245
AUDITING AND
INVESTIGATION Unit 5, section 3: Internal auditing & corporate governance
incentive alignment toward corporate goals and objectives. Care should be

taken that incentives are not so strong that some individuals are tempted to
cross lines of ethical behaviour, for example by manipulating revenue and
profit figures to drive the share price of the company up.
Internal controls
Internal controls monitor activities and then take corrective action to
accomplish organisational goals. These controls include:
Monitoring by the board of directors:

 The board of directors, with its legal authority to hire, fire and
compensate top management is to ensure that invested capital is
safeguarded.
 Regular board meetings allow potential problems to be identified,
discussed and avoided. Whilst non-executive directors are thought to be
more independent, they may not always result in more effective
corporate governance and may not increase performance.
 The ability of the board to monitor the firm's executives is a function of
its access to information. Executive directors possess superior
knowledge of the decision-making process and therefore evaluate top
management on the basis of the quality of its decisions that lead to
financial performance outcomes, ex ante. In publicly traded U.S.
corporations, boards of directors are largely chosen by the
President/CEO and the President/CEO often takes the Chair of the
Board position for him/herself (which makes it much more difficult for
the institutional owners to "fire" him/her). The practice of the CEO also
being the Chair of the Board is fairly common in large American
corporations.
Internal control procedures and internal auditors: Internal control

procedures are policies implemented by an entity's board of directors, audit
committee, management, and other personnel to provide reasonable
assurance of the entity achieving its objectives related to reliable financial
reporting, operating efficiency, and compliance with laws and regulations.
Internal auditors are personnel within the organization who test the design
and implementation of the entity's internal control procedures and the
reliability of its financial reporting.
Balance of power: The simplest balance of power requires that the

President or CEO be a different person from the Treasurer. This application
of separation of powers is further developed in companies where separate
divisions check and balance each other's actions. One group may propose
company-wide administrative changes, another group review and can veto
the changes, and a third group check that the interests of people (customers,
shareholders, employees) outside the three groups are being met.
246 UEW/IEDE
AUDITING AND
Monitoring by large shareholders and/or monitoring by banks and

other large creditors: Given their large investment in the firm, these
stakeholders have the incentives, combined with the right degree of control
and power, to monitor the management.
We just looked at corporate governance as an integral arm of the internal

audit function. Corporate governance is a system of law and sound approach
by which corporations are directed and controlled and controlled focusing
on the internal and external corporate structures with the intention of
monitoring the actions of management and directors and thereby, mitigating
agency risks which may stem from the misdeeds of corporate officers.
We also identify the interests of stakeholders and the responsibilities of the
board of directors towards good corporate governance.
Review questions
 Describe the role of internal auditing in ensuring good corporate
governance
 Identify the responsibilities of board of directors in achieving good
corporate governance.
 How can stakeholders interests be satisfied?
UEW/IEDE 247
CONTROL SELF - ASSESSMENT
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
4
Unit 5, section 4: Control self-assessment
This unit will be looking at control self-assessment, its purpose in an

organization and through to the various benefits that can be derived from its
use. We can say, control self-assessment (CSA) is a tool used in many
institutions to assess their own controls and risks, and also increase the
ability to achieve their objectives.
By the end of this section, these students should become aware of:
 knowing what control self-assessment is
 types or approaches to effective CSA
 purpose of conducting CSA in our offices.
 ways of performing a CSA in our offices.
 benefits of CSA
 ways of maintaining the use of CSA
Background
 CSA is a tool used in many institutions to assess their own controls and
risks, and also increase the ability to achieve their objectives.
 IIA defines CSA as a process through which internal control
effectiveness is examined with the objective of providing reasonable
assurance that all objectives are met.
 CSA comes from frameworks of good corporate governance such as
Committee of Sponsoring Organisations (COSO).
 CSA is a highly interactive and collaborative tool that is designed to
focus on those areas and issues of most importance to the department.
This requires participation and commitment from top management
within the Departments and Faculties
Meaning of CSA
 Auditing improves performance of every institution, but traditional audit
is not enough to detect fundamental institutional weaknesses because
Auditors do not “own” the process and do not make the absolute
assessments and evaluations.
 Control Self-Assessment (CSA) is a management technique that allows
managers and work teams directly involved in departmental functions
and processes to participate or contribute in assessing the organisation’s
risk management and control processes.
 CSA is a means of monitoring the strength of an organisation by
collecting information on the state of institutional controls. And
assessing the risks to achieve its objectives through recommendation for
change within the organisation.
Purpose of CSA
 To emphasize management’s responsibilities for developing and
monitoring internal controls set to achieve set objectives.
 CSA identify obstacles to departmental strength and opportunities and
helps agree appropriate actions to improve these deficiencies.
248 UEW/IEDE
AUDITING AND
Unit 5, section 4: Control self-assessment INVESTIGATION
 To help measure and quantify the effectiveness of the current controls

and how this makes their objectives to be achieved.
 To help implementing improvements faster and with a lower risk.
Approaches of CSA
 The most common approaches to CSA include:
 Facilitated team meetings
 CSA surveys
 These are performed by staff whose day-to-day role is within the
functional area which is being controlled.
 CSA becomes more impactful when staff have in-depth knowledge of
how the department’s processes operate. Staff within each Department
must have a wealth of information about internal controls and fraud.
 Facilitated team meeting
 Facilitated team meetings are the most popular form of CSA. The
facilitated sessions consist of six to 15 employees who are subject on a
day-to-day basis to the internal controls being evaluated. A trained
facilitator guides the meeting, and another individual records the
activity. Anonymity can be promoted by using “groupware” software.
CSA survey
The survey approach uses questionnaires to elicit data about controls, risks,
and processes. It differs from traditional internal control questionnaires used
by auditors because the operational employees (not the auditors) use the
survey results to self-evaluate the controls or processes.
Making CSA effective

 Making CSA effective has the potential of exposing most weaknesses in
the control system of an institution.
 Employees must understand the importance of the tool, as to help
improve performance.
 Facilitators must also keep the anonymity of employees closed for fear
of job loss.
 Users of the tool should have a prior training of how to use the tool
before implementing it.
Benefit of CSA
 CSA has more advantages over other assessment tools because it is an
inclusive tool that sets an expectation of high performance and a high
level of knowledge about the work structure and policies.
 It also creates clear lines for accountability for control, reducing the risk
of fraud and creating an organisation with lower risk profile.
 The key advantage to implementing a CSA program includes early
detection of risks as well as weaknesses in the internal control system.
UEW/IEDE 249
AUDITING AND
INVESTIGATION Unit 5, section 4: Control self-assessment
Maintenance and use of CSA

 The CSA should be updated on a continuous basis to document changes
in departmental activities, processes, controls, etc.
 Once in place, faculty heads can use the CSA as part of a constant
monitoring effort.
 Internal audit can also use information from the CSA during its key
control audit.
Throughout the section, control self-assessment was looked at. We say,CSA

is a tool used in many institutions to assess their own controls and risks, and
also increase the ability to achieve their objectives. We highlighted on the
types of CSA, the purpose of CSA, the maintenance and use of CSA, how to
make CSA an influencial tool in assessing the performance of staff at the
departmental level of an organization and also looking at the significant
benefit to be derived when a system of control self-assessment is in place.
Review questions
 What is control self-assessment?
 Identify the main purpose of control self-assessment in appraising the
performance of departmental staff.
 Discuss some benefits of control self-assessment
250 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 5,
This
section
page4:
is Control
left blank
self-assessment
for your notes INVESTIGATION
INVESTIGATION
UEW/IEDE 251
QUALITY ASSURANCE AND IMPROVEMENT
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
5
Unit 5, section 5: Quality assurance and improvement programme
PROGRAMME
After looking extensively at the various areas of internal auditing and

control self-assessments, there is a need to look at the quality of work
performed and how some programs to improve on work performed. This
section seeks to achieve this purpose. Readers are advice to take a thorough
look at the content of this section.
By the end of the section, the reader should be able to:

 explain what is meant by Quality assessment and improvement program.
 describe the various activities in an internal and external assessment
program
 describe the procedure for reporting a quality assessment program
Background
Internal auditing’s quality assurance and improvement program (QAIP) is
designed to provide reasonable assurance to the various stakeholders of the
internal audit activity that the activity:
 Performs its work in accordance with its charter, which is consistent
with The Institute of Internal Auditors’ International Standards for the
Professional Practice of Internal Auditing (Standards) and Code of
Ethics.
 Operates in an effective and efficient manner.
 Is perceived by stakeholders as adding value and improving internal
auditing’s operations (PA 1310-1). To that end, internal auditing’s
QAIP:
 Covers all aspects of the internal audit activity (1300). In this regard,
a list of the features to be considered for the QAIP, from PA 1300-1
 Continually monitors the internal audit activity’s effectiveness
(1300)
 Assures compliance with the Standards and Code of Ethics (1300)
 Helps the internal audit activity add value and improve
organizational operations (1300)
 Includes both periodic and ongoing internal assessments (1311)
 Includes an external assessment at least once every five years, the
results of which are communicated to the board of directors through
the audit committee of the board of directors (1312, 1320)
The chief audit executive (CAE) is ultimately responsible for the QAIP,
which covers all types of internal audit activities, including consulting.
Internal Assessments
Ongoing Reviews – Ongoing assessments are conducted through:
 Supervision of engagements
 Regular, documented review of work papers during engagements by
appropriate internal audit staff
 Audit policies and procedures used for each engagement to ensure
compliance with applicable planning, fieldwork, and reporting standards
252 UEW/IEDE
AUDITING AND
Unit 5, section 5: Quality assurance and improvement programme INVESTIGATION
 Feedback from customer survey on individual engagements

 Analyses of performance metrics established
All final reports and recommendations are approved by the CAE
Periodic Reviews – Periodic assessments are designed to assess

conformance with the internal audit charter, the Standards, the Code of
Ethics, and the efficiency and effectiveness of internal auditing in meeting
the needs of its various stakeholders. Periodic assessments will be
conducted through:
 Biannual customer survey.
 Annual risk assessments for purposes of annual audit planning.
 Semi-annual work paper reviews for performance in accordance with
internal audit policies and the Standards (using Tool 17 of The IIA’s
Quality Assessment Manual).
 Review of internal audit performance metrics and benchmarking of
successful practices, prepared and analyzed in accordance with audit
policies and procedures.
 Periodic activity and performance reporting to the president and the
audit committee.
External Assessments
General Considerations – External assessments should appraise and
express an opinion about internal auditing’s conformance with the
Standards and includes recommendations for improvement as appropriate.
Timing – An external assessment should be conducted every five years.
Scope of External Assessment – The external assessment should consist

of a broad scope of coverage that includes the following elements of internal
audit activity:
 Conformance with the Standards; the Code of Ethics; and internal
auditing’s charter, plans, policies, procedures, and practices; and any
applicable legislative and regulatory requirements.
 Expectations of internal auditing as expressed by the board of directors,
executive management, and operational managers.
 Integration of the internal audit activity into ABC’s governance process,
including the audit relationship between and among the key groups
involved in the process.
 Tools and techniques used by internal auditing.
 The mix of knowledge, experiences, and disciplines within the staff,
including staff focus on process improvement.
 A determination on whether internal auditing adds value and improves
ABC’s operations.
UEW/IEDE 253
AUDITING AND
INVESTIGATION Unit 5, section 5: Quality assurance and improvement programme
Considerations – The qualifications and considerations of external

reviewers, as noted in the IIA’s Practice Advisory 1312-1, should be
considered when contracting with an outside party to conduct the review.
Reporting On Quality Program

Internal Assessments – Results of internal assessments will be reported to
the audit committee and the president at least annually.
External Assessments – Results of external assessments will be provided

to the president and the audit committee. The external assessment report
will be accompanied by a written action plan in response to significant
comments and recommendations contained in the report.
Follow-up – The CAE will implement appropriate follow-up actions to

ensure that recommendations made in the report and action plans developed
are implemented in a reasonable time frame.
Administrative Matters
This policy will be updated appropriately for changes in the Standards or
internal auditing’s operating environment.
Potential Internal Audit Components

– From Practice advisory 1300-1
 Oversee the development and implementation of internal audit
policies/procedures; administer/maintain the policy/procedures manual.
 Assist the chief audit executive (CAE) and audit managers with
budgeting and financial administration for internal auditing.
 Maintain and update the comprehensive audit risk universe, including
gathering and incorporating new information impacting the universe;
oversee the division of labor among internal audit, external audit, and
evaluation and investigation functions, etc.
 Administer the general operation of the system for evaluation of audit
risk and long-range planning — assisting the CAE and the audit
managers in this area.
 Assist internal audit management in the acquisition and maintenance of
audit tools and use of technology.
 Administer external recruitment and internal auditing’s participation in
the organization’s internal staff rotation and management development
programs.
 Oversee the training/development of staff, including selection and
administration of training courses; administer the career planning and
performance evaluation processes in internal auditing.
 Oversee the system(s) for internal audit statistics/metrics; administer the
system for post-audit and other surveys of internal audit customers.
254 UEW/IEDE
AUDITING AND
 Administer/monitor quality assurance and process improvement

activities, including formal quality assessment processes (using the tools
from The IIA’s Quality Assessment Manual).
 Oversee/administer information gathering and preparation of the
periodic summary reports by internal auditing to senior management and
the audit committee (including reports of the results of internal and
external quality assessments).
 Administer/maintain the comprehensive follow-up database for
recommendations and action plans resulting from internal audit
engagements and the work of external auditors and other internal
evaluation and investigation functions.
 Assist the CAE, audit managers, and internal audit staff in keeping
current on changes and emerging successful practices of the internal
audit profession; undertake research into other emerging issues and
opportunities under the direction of internal audit management.
The quality assurance and improvement program (QAIP) function would be

performed by a relatively small staff (from one part-time person to two or
three people, depending on the size of the internal audit activity and the
extent to which the CAE wishes to delegate administrative matters). The
words “assist, administer, oversee, monitor, and maintain” are intended to
indicate that the internal audit person(s) responsible for the QAIP would
not physically perform much of this work. It would be assigned — either ad
hoc for a particular task or on a longer-term basis — to other internal audit
executives and staff, but overseen, administered, etc., by the QAIP function.
SAMPLE QUALITY ASSESSMENT

TEAM CHECKLIST
Organization Name
Quality Assessment Process
Draft 9/25/20XX
Planning
 Prepare project action plan.
 Discuss scope, methodology, and time frame.
 Discuss standards and other criteria for assessment.
 Discuss need for comprehensive self-assessment.
 Identify, agree on, and recruit quality assessment (QA) team member(s).
 Review completed self-assessment documentation.
 Schedule on-site QA dates.
 Finalize engagement letter.
 Discuss expense reimbursement documentation and related procedures.
 Make travel arrangements.
UEW/IEDE 255
AUDITING AND
INVESTIGATION Unit 5, section 5: Quality assurance and improvement programme
 Schedule entrance conference date, time, place, and invitees [chief

executive officer (CEO); chief audit executive (CAE), board
representative, if available; and others].
 Send questionnaire surveys to selected managers/business partners.
 Schedule interviews (with executive management, other managers,
board audit committee representative, external auditor, CAE, and
internal audit staff).
 Prepare QA schedule formats (four attribute standards, seven
performance standards, and other standards).
 Prepare QA interview formats.
 Prepare QA final report format.
 Review prior QA reports and references.
 Revise project action plan as appropriate.
 Make courtesy contact with CAE.
Fieldwork
 Meet with CAE and team member(s).
 Set up QA work area.
 Review timetable and interview appointments, entrance conference,
interviews, and exit conference.
 Make assignments to team member(s).
 Conduct entrance conference.
 Review self-assessment documentation.
 Obtain records not included in self-assessment documentation.
 Begin interviews.
 Document interviews.
 Meet with CAE and request work papers for two or more audit projects
[preferably (a) projects completed within the most recent 12- to 18-
month period and (b) that reflect the work of various internal auditors/IA
workgroups].
 Seek CAE input on noteworthy accomplishments.
 Seek CAE input on opportunities for improvement.
 Complete QA schedules.
 Complete QA interviews.
 Request additional information as appropriate.
 Schedule additional interviews as appropriate.
 Provide status updates to the CAE at least once each work day (e.g.,
noteworthy accomplishments, potential issue areas, questions).
 Schedule exit conference date, time, place, and invitees (CAE; CEO;
board representative, if available; and others).
 Develop draft issues and recommendations.
 Request CAE input on draft issues and recommendations.
 Finalize issues and recommendations.
 Conduct exit conference.
 Revise project action plan as appropriate.
256 UEW/IEDE
AUDITING AND
Report Writing
 Develop draft report.
 Provide draft report to CAE for review and input, including CAE
response to QA recommendations, if any.
 Incorporate CAE input as applicable.
 Provide second draft of report to CAE for review and input.
 Make courtesy contact with the CAE.
 Solicit CAE input on QA process improvements.
 Finalize and distribute final report.
Follow-Up
 Make summary presentation to audit committee/board as appropriate.
 Revise standard QA materials to reflect lessons learned, improved
methodologies, etc.
 Make follow-up courtesy contact with the CAE.
This section examines the nature of quality assessments and improvement

program and the processes involved in conducting quality assessments,
looking at the various activities in an internal and external assessment
program.
Review questions
 What are the activities is conducting both an internal and external
assessment program.
 Outline the steps in the quality assessments process
 Differentiate between a control self-assessment program and quality
assessments program.
UEW/IEDE 257
AUDIT COMMITTEE EFFECTIVENESS
AUDITING AND
UNIT 5 SECTION
INVESTIGATION
6
Unit 5, section 6: Audit committee effectiveness
This section seeks to look at audit committee and its effectiveness in

relation with management. The audit committee is an integral part of
management which helps in the oversight of the internal audit function.
By the end of this section, the students should be able to:

 Describe the audit committee relationship with management.
 Explain the audit committee’s role in evaluating the internal audit
performance
 Describe the functions of the audit committee
Audit Committee Relationship with Management

The effectiveness of the committee is obviously closely linked to the
effectiveness of senior managers. Management should not wait for the audit
committee to ask for information. It needs to ensure that the audit committee
is kept informed at all times and to take the initiative in supplying
information to it.
Management has deep insight into the organization and its challenges, and
therefore is best positioned to recommend what information the audit
committee needs. Management also prioritizes the resources and training
that are essential to the committee effectively discharging its
responsibilities. Management should expect rigorous questioning from the
audit committee. If management doesn't provide clear responses or is overly
defensive, that should raise a red flag for the committee. Having active
communications with management outside the committee meetings allows
the Committee to have a good understanding of issues as they arise.
The committee can add value for management by bringing an objective

perspective on financial reporting decisions and counselling on how to
handle difficult issues. Although audit committees should have a positive,
trusting relationship with management, they need to maintain their
scepticism and be ready to question management.
Formal and informal meetings with management are essential to a strong

relationship. The degree of interaction and involvement the committee has
with management shifts with changes in the business environment, changes
in the company's circumstances, and the capabilities of individuals in the
finance function. So when the company is running in a steady state, the
committee continues to review information carefully - and challenge
management when necessary - but properly relies on management to resolve
everyday issues.
Questions the audit committee can use to initiate discussions with company
management about financial reporting. Many of these questions are drawn
from the 2010 Center for Audit Quality Report, Deterring and Detecting
258 UEW/IEDE
AUDITING AND
Unit 5, section 6: Audit committee effectiveness INVESTIGATION
Financial Reporting Fraud. The committee should however avoid

micromanaging and critiquing at a detailed level.
 Were there any transactions during the reporting period that would not
have been entered into except to impact the company's financial ratios or
presentation of results?
 Were there any transactions recorded during the last few weeks of the
period that did not occur earlier in the period?
 Were any significant exceptions reported in the internal representation
letters regarding financial reporting that are signed by various managers
throughout the company?
 What judgment calls were required during the period? What was the
decision process?
 What kind of input into accounting determinations does nonfinancial
management have?
 What areas present recurring challenges or problems?
 What keeps you up at night?
 What areas of accounting require the most finance personnel time?
 What pressures influence financial reporting?
Conflict may arise when no clear understanding and consensus exist on

where management's responsibilities end and the audit committee's begin.
Although committees have the right to ask for whatever information they
feel they need, experienced committees respect the oversight role and guard
against requesting information about relatively minor matters or asking for
it to be formatted to personal preferences.
It's also vital to have an environment that encourages open dialogue and
face-to- face discussions with management personnel from a wide cross
section of the business throughout the year. For instance, Audit committees
should regularly meet privately with the CFO. Private or executive sessions
are appropriate to discuss sensitive matters, such as the considerations
around the performance of the internal audit director and the external
auditors. These sessions can also be an opportunity for a committee to find
out if other developments or issues have surfaced that management believes
the committee should be asking about or spending more time discussing.
Relationship with the Board

The role of the audit committee is for the board to decide and to the extent
that the audit committee undertakes tasks on behalf of the board, the results
should be reported to, and considered by, the board. In doing so it should
identify any matters in respect of which it considers that action or
improvement is needed, and makes recommendations as to the steps to be
taken.
The terms of reference should be tailored to the particular circumstances of

the company. The audit committee should review annually its terms of
UEW/IEDE 259
AUDITING AND
INVESTIGATION Unit 5, section 6: Audit committee effectiveness
reference and its own effectiveness and recommend any necessary changes
to the board. The board should also review the audit committee’s
effectiveness annually.
The audit committee should report to the board on how it has discharged its
responsibilities, including:
 The significant issues that it considered in relation to the financial
statements and how these issues were addressed;
 Its assessment of the effectiveness of the external audit process and its
recommendation on the appointment or reappointment of the external
auditor; and
 Any other issues on which the board has requested the committee’s
opinion.
Where there is disagreement between the audit committee and the board,
adequate time should be made available for discussion of the issue with a
view to resolving the disagreement. Where any such disagreements cannot
be resolved, the audit committee should have the right to report the issue to
the shareholders as part of the report on its activities in the annual report.
Membership of an Audit committee

Best Practice requires that audit committee should consist of at least three
independent non-executive directors, or two for small companies. The
chairman of a smaller company may be an additional member of the
committee provided he was regarded as independent when he was appointed
chairman, but he should not chair the committee.
It is also desirable that at least one member of the committee must have
recent and relevant financial experience. What constitutes ‘relevant
experience’ may seem relative, but generally, it is interpreted to mean a
professional qualification from one of the accountancy bodies or a higher
academic qualification in accounting/finance, backed by relevant practical
experience.
Often, the ‘expert’ will be a retired finance director from another company
or a former partner of an accountancy firm. It is highly recommended that in
the interest of independence, the board should exclude its own former
finance directors and auditors.
Given the complexity of the issues usually faced by an audit committee, it’s
essential that its members receive proper induction and training.
Functions/Responsibilities of an Audit Committee

 To review (formally and regularly) the financial results shown by both
management accounts and those presented to shareholders.
 To make recommendations for the improvement of management control
260 UEW/IEDE
AUDITING AND
 To ensure that there are adequate procedures for reviewing ‘rights’

circulars, interim statements, forecasts and other financial information
before distribution to shareholders.
 To assist external auditors in obtaining all the information they need and
in resolving difficulties experienced by them in pursuing their
independent examination.
 To deal with any material reservations of the auditors regarding the
company’s management, its records and its final accounts; including the
manner in which significant items are presented.
 To facilitate a satisfactory working relationship between the
management and auditors, and between the internal and external audit
functions.
 To be responsible for the appointment of auditors as well as fixing their
remuneration.
 To be available for consultation with the auditors at all times, if
necessary, without the presence of management to discuss regularly and
review the procedures employed by the auditors.
 To be concerned with all matters relating to the disclosure by the
accounts of a true and fair view for the benefit of all users.
Resources and rewards for committee members

The audit committee needs to be adequately resourced. It should have access
to outside advice when necessary. It also recommended that the committee
members should be paid further remuneration in addition to other fees to
reflect the onerous nature of their duties and responsibilities. The chairman
should command a higher level of remuneration than his colleagues.
Defining internal audit's role

A highly effective internal audit department can be an important resource,
helping the committee understand how effectively the company is managing
its business risks. Once the audit committee understands the work internal
audit is performing, what other work it is capable of doing, and what
management's objectives are for internal audit, the committee can reach
consensus on what role internal audit should play to provide maximum
value.
When first established, internal audit departments concentrated on assessing

internal control compliance. In the 1990s, many internal audit functions
shifted gears becoming internal "consultants" to management in
reengineering and process improvement efforts, with the goal of adding
value.
In the United States, the 2002 Sarbanes-Oxley Act caused internal audit to
be allocate significant resources to support management in documenting and
testing internal control over financial reporting. Internal audit can perform a
wide variety of work, unfortunately, people in the company don't understand
UEW/IEDE 261
AUDITING AND
the audit committee's expectations of internal audit. Often, different internal

audit stakeholders see different value in different types of work by internal
audit. The audit committee's challenge is to be comfortable internal audit is
focusing its efforts in the right places and using its limited resources to
provide not only value to management, but also assurance to the audit
committee.
Typically internal audit usually cover areas such as assessing the company's
key risks and how well they're mitigated; assessing IT security; and
conducting investigations. But it cannot be significantly involved in
implementing internal controls it may have to test at a later time.
Examples of the work internal auditors can do, on a spectrum from basic
compliance to consulting, as well as the implications of such work.
 Assist in testing internal control over financial reporting/provide
assistance
to the external auditors
 On a rotational or risk ranked basis, audit the company's major operating
units and functions (e.g., IT, payroll)
 Perform legal and regulatory compliance audits; for example, health and
safety audits
 Consult with management on process improvement and operational
efficiency, especially related to major company initiatives, such as new
products or entry into new markets
Internal Audit is becoming more consultative in nature. Nature of internal

audit's work depends greatly on the skills it brings and the business
environment. For instance because of increased government regulation and a
corresponding increase in risk, internal audit is providing more assurance
that risks are being addressed and related investigations are conducted.
While audit has long covered major IT projects and security risks, the level,
potential impact, and speed of change in these areas have increased
substantially.
Internal audit's role should be reflected in its charter. A charter sets out
internal audit's purpose, authority, reporting structure, and responsibilities
and should specify the group cannot perform responsibilities that could
hinder its objectivity. In addition to planned audits and site visits, some
internal audit departments use a continuous audit process which may
involve ongoing control evaluations or risk assessments. This approach
helps identify errors and fraud on a timely basis, and creates a stronger
internal control environment across the company. Many audit committees
review internal audit's charter annually, and approve any changes to the
charter.
262 UEW/IEDE
AUDITING AND
Internal Audit Reporting Lines

The audit committee can help support internal audit's independence from
management through the extent of its communications with internal audit
and by making this level of engagement visible to management.
Often internal audit reports both to executive management
(administratively) and to the audit committee. The internal audit reporting
level is important because, it should demonstrate the highest support for
internal audit's mandate.
The Institute of Internal Auditors' 1999 Global Audit Information Network

survey showed 43% of internal audit directors reported directly to the audit
committee chair. But the 2010 survey shows 81 % of internal audit directors
report directly to the audit committee chair. Such a dramatic shift in only a
decade demonstrates the understanding of how important it is for internal
audit to be able to report issues to a supervisory body, not just to
management.
The audit committee chair can reinforce the reporting relationship through
periodic contact with the internal audit director between audit committee
meetings. In major companies, sometimes this interaction is monthly. The
audit committee chair needs to have a good relationship with the internal
audit director
Easing the formality of reporting can help the committee ensure internal
audit can provide timely reporting on operational or management issues that
may arise. Plus, these meetings send the right tone-at-the-top message to
internal audit and management.
Internal Audit Leadership

The internal audit director drives the function's effectiveness and perception
in the company. This person's background, experience, and executive
presence play a key role in whether other executives view him or her as part
of the management team and whether they hold internal audit in high regard.
The internal audit director walks a fine line, as a member of management

and as the leader of an internal group that is expected to be objective of
management. The committee and management need to be sensitive to this
challenge and maintain ongoing dialogue with the director to learn quickly
of any potential problems. The committee should expect the director to
maintain an effective day-to-day working relationship with management,
but also to have the courage to make tough calls when needed.
Lastly, succession planning is important to ensure that the transition to a

new internal audit director is handled appropriately. Finding a candidate
who has the right skill set and who the audit committee believes would be
highly effective can be challenging.
UEW/IEDE 263
AUDITING AND
Typically both management and the audit committee play a role in the
hiring of the internal audit director. And astute committee chair knows the
importance of conducting an exit interview with the outgoing director to
learn of any pertinent issues. Audit committees should be involved in hiring
the internal audit director, evaluating his or her performance, and being
satisfied with that individual's compensation.
Evaluating Internal Audit Performance

First, the committee should understand how internal audit monitors its own
quality. Many departments at larger companies have quality assurance and
improvement programs to check that audits are conducted in accordance
with the department's standards, and with professional internal auditing
standards. Many departments also have quality assessments done by
external parties to conform to The Institute of Internal Auditors'
International Standards for the Professional Practice of Internal Auditing.
The Standards call for such assessments to be conducted at least every five
years. The audit committee should understand the competency of the
external reviewers and the results of both the internal and external quality
assessments. The committee will also need to understand how internal audit
is adjusting its work or processes to address major findings and areas for
improvement.
Is internal audit leveraging technology effectively, both to monitor for

possible issues in the company and to make its own processes more
efficient? The audit committee can rely on internal audit's work and findings
only if the function fulfils its duties. And so it's important the committee
periodically discusses the department's effectiveness.
Committees can also seek input from the external auditors. External auditors
work with internal audit functions from different companies and can share a
perspective on how well the department performs compared to others.
Committees should also understand any red flags. For example, if the
external auditors decide to place no reliance on internal audit's work or
choose not to leverage any internal audit staff to assist with audit testing, the
committee should understand why.
Discussions with the CEO, CFO and other members of management will
provide additional views, including how internal audit is perceived
throughout the company and whether the function approaches its work with
a client service mentality.
Finally, the audit committee will have its own point of view through its
interactions with internal audit.
Other factors the audit committee may want to problem
 Is internal audit focused on the right reports to management?
 Is internal audit issuing timely topics?
264 UEW/IEDE
AUDITING AND
 Does management turn to internal

 Does internal audit have the audit when there are issues? Right
incentives - money and recognition - to drive superior performance?
Limitation on Audit Committee's Role

While the Audit Committee has the responsibilities and powers stated
above, it is not the duty of the Audit Committee to, and the Audit
Committee shall not:
 Plan or conduct audits,
 Prepare the company’s financial statements, or
 Determine or certify that the company’s financial statements and
disclosures are complete and accurate and are in accordance with
relevant legislations, regulatory framework and applicable rules and
regulations. These are the responsibilities of management and the
independent auditor.
Model Audit
Committee Charter
Purpose
To assist the board of directors in fulfilling its oversight responsibilities for
the financial reporting process, the system of internal control, the audit
process, and the organization’s process for monitoring compliance with
laws and regulations and the code of conduct.
Authority
The audit committee has authority to conduct or authorize investigations
into any matters within its scope of responsibility. It is empowered to:
 Appoint, compensate, and oversee the work of any registered public
accounting firm employed by the organization.
 Resolve any disagreements between management and the auditor
regarding financial reporting.
 Pre-approve all audit and nonaudit services.
 Retain independent counsel, accountants, or others to advise the
committee or assist in the conduct of an investigation.
 Seek any information it requires from employees — all of whom are
directed to cooperate with the committee’s requests — or external
parties.
 Meet with the organization’s officers, external auditors, or outside
counsel as necessary.
Composition
The audit committee will consist of at least three, and no more than six,
members of the board of directors. The board or its nominating committee
will appoint committee members and the committee chair.
UEW/IEDE 265
AUDITING AND
Each audit committee member will be both independent and financially

literate. At least one member shall be designated as the “financial expert,” as
defined by applicable legislation and regulation.
Meetings
The audit committee will meet at least four times a year, with authority to
convene additional meetings as circumstances require. All audit committee
members are expected to attend each meeting in person or via
teleconference or videoconference. The audit committee will invite
members of management, auditors, or others to attend meetings and provide
pertinent information as necessary. It will hold private meetings with
auditors (see below) and executive sessions. Meeting agendas will be
prepared and provided in advance to members, along with appropriate
briefing materials. Minutes will be prepared.
Responsibilities
The committee will carry out the following responsibilities:
 Review significant accounting and reporting issues, including complex
or unusual transactions and highly judgmental areas, and recent
professional and regulatory pronouncements, and understand their
impact on the financial statements.
 Review with management and the external auditors the results of the
audit, including any difficulties encountered.
 Review the annual financial statements and consider whether they are
complete, consistent with information known to committee members,
and reflect appropriate accounting principles.
 Review other sections of the annual report and related regulatory filings
before release and consider the accuracy and completeness of the
information.
 Review with management and the external auditors all matters required
to be communicated to the audit committee under generally accepted
auditing standards.
 Understand how management develops interim financial information,
and the nature and extent of internal and external auditor involvement.
 Review interim financial reports with management and the external
auditors before filing with regulators, and consider whether they are
complete and consistent with the information known to audit committee
members.
Internal Control
 Consider the effectiveness of the organization’s internal control system,
including information technology security and control.
266 UEW/IEDE
AUDITING AND
 Understand the scope of internal and external auditors’ review of

internal control over financial reporting, and obtain reports on
significant findings and recommendations, together with management’s
responses.
Internal Audit
 Review with management and the chief audit executive (CAE) the
charter, activities, staffing, and organizational structure of the internal
audit function.
 Have final authority to review and approve the annual audit plan and all
major changes to the plan.
 Ensure there are no unjustified restrictions or limitations, and review and
concur in the appointment, replacement, or dismissal of the CAE.
 At least once per year, review the performance of the CAE and concur
with the annual compensation and salary adjustment.
 Review the effectiveness of the internal audit function, including
compliance with The Institute of Internal Auditors’ International
Standards for the Professional Practice of Internal Auditing.
 On a regular basis, meet separately with the CAE to discuss any matters
that the committee or internal auditing believes should be discussed
privately.
External Audit
 Review the external auditors’ proposed audit scope and approach,
including coordination of audit effort with internal auditing.
 Review the performance of the external auditors and exercise final
approval on their appointment or discharge.
 Review and confirm the independence of the external auditors by
obtaining statements from the auditors on relationships between the
auditors and the organization, including nonaudit services, and
discussing the relationships with the auditors.
 On a regular basis, meet separately with the external auditors to discuss
any matters that the committee or auditors believe should be discussed
privately.
Compliance
 Review the effectiveness of the system for monitoring compliance with
laws and regulations and the results of management’s investigation and
follow-up (including disciplinary action) of any instances of
noncompliance.
 Review the findings of any examinations by regulatory agencies and any
auditor observations.
 Review the process for communicating the code of conduct to the
organization’s personnel and for monitoring compliance therewith.
UEW/IEDE 267
AUDITING AND
 Obtain regular updates from management and the organization’s legal

counsel regarding compliance matters.
Reporting
 Regularly report to the board of directors about committee activities,
issues, and related recommendations.
 Provide an open avenue of communication among internal auditing, the
external auditors, and the board of directors.
 Report annually to the shareholders, describing the audit committee’s
composition, responsibilities and how they were discharged, and any
other information required by rule, including approval of nonaudit
services.
 Review any other reports the organization issues that relate to the audit
committee responsibilities.
Other Responsibilities
 Perform other activities related to this charter as requested by the board
of directors.
 Institute and oversee special investigations as needed.
 Review and assess the adequacy of the audit committee charter annually,
requesting board approval for proposed changes, and ensure appropriate
disclosure as may be required by law or regulation.
 Confirm annually that all responsibilities outlined in this charter have
been carried out.
 Evaluate the audit committee’s and individual members’ performance on
a regular basis.
The section looked extensively at the audit committee effectiveness, the

responsibilities of the committee and its relation with management.
Review questions
 Describe the role of the audit committee in evaluating the internal audit
performance.
 Give some functions of the audit committee
 Describe the relationship between the internal audit and the audit
committee
 Explain how the audit committee has oversight responsibility over
management in an organisation.
268 UEW/IEDE
SPECIALISED AUDIT
XXXXXXX 6
Hello dear learner! You are welcome to the last unit of this course module.
The unit is divided into six sections and in each section we are going to treat
specific issues that introduce you to specialised audit. We will explain of
social and environmental auditing, investigative audits, forensic audits,
Value for money (VFM) audit, Tax Audit, information system audit.
By the end of this section the student should be able to

 explain the objective on environmental auditing, identify risk associated
to environments of businesses, describe the steps and procedures to be
followed in conducting an environmental audit
 describe the stages involved in environmental auditing, explain what
back-duty investigation is, determine situations in which investigations
need to be carried out
 identify the primary objective of a forensic audit, determine the types of
investigation, describe the procedures involved in this special audit
 describe the concept of value for money, identify the main benefit of
promoting value for money, determine the responsibility for ensuring
value for money
 taxation, types of Taxation, how to carry out a review of some types of
taxes relating to companies
 what information system is, auditable areas to cover to
 protect of information assets,
 deliver IT services and support
 in Systems and Infrastructure Life Cycle Management
270 UEW/IEDE
AUDITING AND
UEW/IEDE 271
SOCIAL AND ENVIRONMENTAL AUDITING
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
1
Unit 6, section 1: Social and environmental auditing
This first section of the fourth unit covers reviews relating to environment
which require certain specific considerations in the planning, execution and
reporting of audits.
After reading through this section, the learner should be able to:
 explain the objective on environmental auditing
 identify risk associated to environments of businesses
 describe the steps and procedures to be followed in conducting an
environmental audit
Background
Environmental safety and health auditing developed in the early 1970s,
largely among companies operating in environmentally intensive sectors
such as oils and chemicals. Environmental matters are becoming significant
to increasing number of entities, and may in certain circumstances, have a
material impact on their financial statements. Environmental auditing has
spread rapidly with a corresponding development of the approaches and
techniques adopted. This section will expose students to basics in
environmental auditing.
Environmental Problems - It is estimated that the deterioration of the

ozone layer will lead to more than 300,000 additional cases of skin cancer in
the world and 1.7million cases of cataracts. Today, people are experiencing
the effects of ecosystem decline, from water shortages, flooding to
landslides on deforested slopes. Environmental degradation has adverse
impact on the quality of life and enjoyment of human rights.
Industrial accidents - Major incidents such as the Bhopal, Chernobyl and

Exxon-Valdez disasters have reminded companies that it is not sufficient to
set corporate policies and standards on environmental health and safety
matters without ensuring that they are being implemented. These issues are
of growing interest to the users of financial statements and thus the need for
audits to help reduce the risk of unpleasant surprises.
Regulatory developments - Since the early 1970s regulations on

environmental topics have increased substantially. Environmental issues
have assumed greater focus after the Earth Summit in Rio de Jameiro (1992)
and subsequent World Summit in Johannesburg (2002). All countries have
endorsed the concept of environmentally sustainable development but have
not succeeded in having unified environmental assessment criteria.
Domestic laws and regulations have differed among countries and depended
on a number of factors that cannot be fully controlled by technology. This
has made it steadily more difficult for a company to ascertain whether a
specific plant in a particular country is complying with all of the relevant
legislation.
272 UEW/IEDE
AUDITING AND
Unit 6, section 1: Social and environmental auditing INVESTIGATION
Public awareness - The public has become increasingly aware of, and
vocal about, environmental and safety issues. Companies have had to
demonstrate to the public that they are managing environmental risks
effectively.
AKOBEN program is an environmental performance rating and disclosure

initiative of the Environmental Protection Agency (EPA), Government of
Ghana. Under the AKOBEN initiative, the environmental performance of
mining and manufacturing operations is assessed using a five-colour rating
scheme. The five colours are GOLD, GREEN, BLUE, ORANGE and RED,
indicating environmental performance ranging from excellent to poor. These
ratings are annually disclosed to the public and the general media, and it
aims to strengthen public awareness and participation.
Litigation - The growth of legislation has led to a corresponding explosion

of litigation and liability claims, particularly in the United States. In Europe
and elsewhere, there is growing emphasis on the responsibilities of
individual directors and on making information available to the public.
What is an Environmental Audit?

Environmental audit is the systematic scrutiny of environmental
performance throughout a company’s existing operations. At best, an audit
is a comprehensive examination of management systems and facilities; at
worst, it is a superficial review. It is important to draw the distinction
between auditing and techniques such as environmental impact assessment
(EIA). The latter assesses the potential environmental effects of a proposed
facility.
The term environmental audit means different things to different people.

Terms such as assessment, survey and review are used to describe the same
type of activity. Furthermore, some organizations consider that an
“environmental audit” addresses only environmental matters, whereas others
use the term to mean an audit of health, safety and environmental matters.
Although there is no universal definition, environmental auditing, as
practised by many leading companies, follows the same basic philosophy
and approach summarized and adopted by the International Chambers of
Commerce (ICC) in its publication Environmental Auditing (1989). The
ICC defines environmental auditing as:
A management tool comprising a systematic, documented periodic and

objective evaluation of how well environmental organization, management
and equipment are performing, with the aim of helping safeguard the
environment by:
 Facilitating management control of environmental practices and

 Assessing compliance with company policies which would include
meeting regulatory requirements.
UEW/IEDE 273
AUDITING AND
INVESTIGATION Unit 6, section 1: Social and environmental auditing
The European Commission in its proposed regulation on environmental

auditing also adopts the ICC definition of environmental audit.
Environmental Matters and their Impact on the Financial

Statements
According to ISA 1010 environmental matters are defined as:
 Initiatives to prevent, abate or remedy damage to the environment or to
deal with conservation of renewable and non-renewable resources. Such
initiatives may be required by environmental laws and regulations or by
contract or they may be undertaken voluntarily,
 Consequences of violating environmental laws and regulations,
 Consequences of environmental damage done to others or to natural
resources, and
 Consequences of vicarious liability imposed by law, for example
liability for damages caused by previous owners.
The recognition, measurement, and disclosure of these matters are the

responsibilities of management.
Objectives of Environmental Auditing

The overall objective of environmental auditing is to help safeguard the
environment and minimize risks to human health through pollution,
desertification, land degradation, erosions, desertification and climate
change. Clearly, auditing alone will not achieve this goal but it aids in
providing assurance whilst identifying high and low risks for prompt
management actions. The key objectives of an environmental audit therefore
are to:
 determine the adequacy of environmental management systems within
the organisation
 verify compliance with the relevant national, local or other laws and
regulations
 minimize human exposures to risks from environmental, health and
safety problems.
When environmental matters are significant to an entity, there may be a risk

of material misstatement (including inadequate disclosure). In these
circumstances, the auditor need to give consideration to environmental
matters in the audit of the financial statements.
Scope of the Audit

As the prime objective of audits is to test the adequacy of existing
management systems, they fulfil a fundamentally different role from the
monitoring of environmental performance. Audits can address one topic, or
a whole range of issues. The greater the scope of the audit, the greater will
be the size of the audit team, the time spent onsite and the depth of
274 UEW/IEDE
AUDITING AND
investigation. Where international audits need to be carried out by a central

team, there can be good reasons for covering more than one area while
onsite to minimize costs.
In addition, the scope of an audit can vary from simple compliance testing
to a more rigorous examination, depending on the perceived needs of the
management. The technique is applied not only to operational
environmental, health and safety management, but increasingly also to
product safety and product quality management, and to areas such as loss
prevention. If the intention of auditing is to help ensure that these broad
areas are managed properly, then all of these individual topics must be
reviewed. Items which may be addressed in audits, including environment,
health, safety and product safety are shown in table 54.1.
Table 1.1 Scope of environmental audit

Environmental Safety Occupational Product Safety
Health
Site history - Safety policy Employee exposure Product safety
Process/materials /procedures to air contaminants programme
Storage of materials Accident Exposure to physical Product quality control
above ground and recording, agents, e.g., noise, Product packaging,
below ground reporting and radiation, heat storage and shipping
Air emissions investigation Measurements of Product recall
Water discharges Permit to work employee exposure /withdrawal procedures
Liquid/hazardous systems Exposure records Customer information
wastes Special Ventilation/engineeri on product
Waste disposal - procedures for ng controls handling and quality
onsite /offsite confined space Personal protective Regulatory compliance
Oil/chemical spill entry, work on equipment Labelling
prevention electrical Information and Specifications for
Permits/licenses equipment, training on health purchased materials
Breaking into hazards /products/packaging
pipelines, etc. Medical surveillance Materials & data safety
Emergency programme Vendor qualification
response Hearing programme
Fire fighting conservation QA testing and
Job safety First aid inspections
analysis Regulatory Product literature
Safety training, requirements Process control
communication
and promotion
Housekeeping
Regulatory
compliance
UEW/IEDE 275
AUDITING AND
Although some companies have a regular (often annual) environmental

audit cycle, audits are primarily determined by need and priority. Thus not
all facilities or aspects of a company will be assessed at the same frequency
or to the same extent.
The Typical Audit Process

An audit is usually conducted by a team of people who will assemble factual
information prior to and during a site visit, analyse the facts and compare
them with the criteria for the audit, draw conclusions and report their
findings. These steps are usually conducted within some kind of formal
structure (an audit protocol); such that the process can be repeated reliably
at other facilities and quality can be maintained. To ensure that an audit is
effective, a number of key steps must be included. These are summarized
and explained in table 54.
Basic Steps in Environmental Auditing

An essential step in establishing an audit programme is to decide the criteria
against which the audit will be conducted and to ensure that management
throughout the organization knows what these criteria are. Typically criteria
or standards used for audits include:
 company policies and procedures on environmental matters
 applicable legislation and regulations
 Good environmental management practice.
Pre-audit steps
Pre-audit steps include the administrative issues associated with planning
the audit, selecting the personnel for the audit team (often from different
parts of the company or from a specialized unit), preparing the audit
protocol used by the organization and obtaining background information
about the facility.
If auditing is new, the need for education of those involved in the audit
process (the auditors or those being audited) should not be underestimated.
This also applies to a multinational company extending an audit programme
in its home country to subsidiaries abroad. In these situations, the time spent
on explanation and education will pay dividends by ensuring that the audits
are approached in a spirit of cooperation and are not seen as a threat by the
local management.
When one major US Company proposed extending its auditing programme

to its operations in Europe, it was particularly concerned to ensure that the
plants and audit protocols were appropriate for European operations and that
audit teams understood the relevant regulations. Pilot audits were conducted
at selected plants. In addition, the audit process was introduced in a way that
stressed the benefits of a cooperative rather than a “policing” approach.
276 UEW/IEDE
AUDITING AND
Obtaining background information about a site and its processes can help to
minimize the time spent onsite by the audit team and to focus its activities,
thus saving resources.
The composition of the audit team will depend on the approach adopted by a
particular organization. Where there is a lack of internal expertise, or where
resources cannot be devoted to the audit activity, companies frequently use
independent consultants to conduct the audits for them. Other companies
employ a mix of in-house staff and external consultants on each team to
ensure an “independent” view. Some large companies use only in-house
staff for audits, and have environmental audit groups for this specific
function. Many major companies have their own dedicated audit staff, but
also include an independent consultant on many of the audits they carry out.
Onsite steps
 Understanding the internal controls. As a first step, it is necessary to
develop an understanding of the controls that are in place or are thought
to be in place. These will include assessing formal procedures and
practices; record keeping and monitoring; inspection and maintenance
programmes and physical controls for containing spills. The audit team
gathers information on the various controls by observation, interviewing
staff and the use of detailed questionnaires.
 Assessing strengths and weaknesses of internal controls. Evaluating the
strengths and weaknesses of internal controls provides the rationale for
conducting subsequent audit steps. Auditors will look for indicators such
as clearly defined responsibilities, competence of personnel, appropriate
documentation and records and systems of authorization. It is more
important to determine whether the system is effective than whether it is
sophisticated.
 Gathering audit evidence. The audit team attempts to verify that the
steps and controls work as intended. Evidence may be collected through
inquiry (e.g., asking a plant operator what he or she would do if there
were a major chemical spill), observation (e.g., watching specific
activities and operations in progress) and testing (checking records to
confirm compliance with regulations).
 Recording audit findings. All the information obtained is recorded
(usually on the audit protocol document and as working papers), and a
comprehensive record of the audit and the state of the facility at the time
is thus produced. Where a deficiency is found, it is noted as an audit
“finding”.
 Evaluating the audit findings. The audit team integrates and evaluates
the findings of the individual team members. There may also be
common findings. For some observations, an informal discussion with
the plant manager may be sufficient; for others, inclusion in the formal
report will be appropriate.
UEW/IEDE 277
AUDITING AND
 Reporting the audit findings. This usually is done at a meeting with the
plant management at the end of the team’s visit. Each finding and its
significance can be discussed with the plant personnel. Prior to leaving
the site, the audit team will often provide a written summary of findings
for the plant management, to ensure that there are no surprises in the
final report.
Post-audit steps
Following the onsite work, the next step is to prepare a draft report, which is
reviewed by the plant management to confirm its accuracy. It is then
distributed to senior management according to the requirements of the
company.
The other key step is to develop an action plan to address the deficiencies.
Some companies ask for recommendations for corrective action to be
included in the formal audit report. The plant will then base its plan on
implementing these recommendations. Other companies require the audit
report to state the facts and the deficiencies, with no reference to how they
should be corrected. It is then the responsibility of the plant management to
devise the means of remedying the failings.
Once an audit programme is in place, future audits will include past reports-
and progress in the implementation of any recommendations made therein-
as part of their evidence.
Extending the Audit Process-Other Types of Audit

Although the most widespread use of environmental auditing is to assess the
environmental performance of a company’s operations, there are variations
on the theme. Other types of audit used in particular circumstances include
the following:
 Pre-acquisition audits. Concern about potential liabilities has promoted
the dramatic increase in environmental auditing prior to acquisition. Pre-
acquisition audits are a means of identifying actual or potential
problems, and taking these into account in the final negotiations of the
deal. Time scales are often very short. However, the information
obtained on past operations (perhaps before the present owner), current
activities, past incidents and so on can be invaluable.
 Pre-sale audits. Less common than pre-acquisition audits, but becoming
more popular, are audits conducted by the owner prior to selling a plant
or a subsidiary company. A growing number of major organizations,
such as the Dutch chemical company DSM and the Finnish
conglomerate Neste, undertake pre-sale audits as part of corporate
policy. The rationale is that the company will then know the status of
environmental issues before the plant is sold, and can take action to
remedy any problems if it feels that is appropriate. Equally important, it
can present the results of an independent audit to a potential purchaser as
278 UEW/IEDE
AUDITING AND
confirmation of the situation. Should any environmental problems arise

after the sale, a baseline has been established against which issues of
liability can be decided.
 Issues audits. Some organizations apply the audit technique to a specific
issue that may have implications for the whole company, such as waste.
The UK-based oil multinational BP has carried out audits examining the
impact of ozone depletion and the implications of public concern about
tropical deforestation.
Benefits of Environmental Auditing

If environmental auditing is implemented in a constructive way, there are
many benefits to be derived from the process. The auditing approach
described in this paper will help to:
 safeguard the environment
 verify compliance with local and national laws
 indicate current or potential future problems that need to be addressed
 assess training programmes and provide data to assist in training
 enable companies to build on good environmental performance, give
credit where appropriate and highlight deficiencies
 identify potential cost savings, such as from waste minimization
 assist the exchange and comparison of information between different
plants or subsidiary companies
 Demonstrate company commitment to environmental protection to
employees, the public and the authorities.
Environmental Auditing and Environmental Management

Systems (EMS)
An EMS is a tool designed to enable organisations to target, achieve and
demonstrate continuous improvement in environmental performance. It is
one integrated management process with a number of stages, which includes
an environmental audit. These consist of most or all of the following
elements depending on the standard to:
 adopt an environmental policy to confirm and promote commitment to
continual improvement in environmental performance;
 undertake an environmental review to identify significant environmental
issues and effects;
 set up environmental programmes of objectives, targets and actions;
 establish an environmental management system to ensure the
implementation of the necessary actions to achieve these objectives;
 undertake periodic environmental audits to assess the performance of
such components;
 prepare an environmental statement on environmental performance; and
UEW/IEDE 279
AUDITING AND
Obtain independent verification of the environmental statement. Many

companies have set up internal environmental standards which are applied
world-wide. These may be more stringent than local legislation.
Public sector environmental auditing

Increasingly, public sector bodies and local authorities are adapting auditing
methods to establish baselines of environmental performance. These then
inform management action.
Interest and action were stimulated in the late 1980s by the Friends of the
Earth (1989). A number of authorities prepared environmental charters,
follow-up environmental strategies and action plans, which are generally
referred to as Green Plans (Raemaekers et al.. 1991 and Raemaekers, 1993).
It was not long before leading authorities also realised the greater corporate
performance and environmental benefits of the broader and deeper
approaches of the internal and external auditing (COSLA, 1992).
In 1989, the first local authority environmental audit was undertaken by

Kirklees District Council with the assistance of Friends of the Earth. Since
then a number of Scottish local authorities have produced environmental
audits, notably Fife and Grampian Regional Councils, Ross and Cromarty,
Gordon, Falkirk, Clackmannan and Dundee District Councils. The scope of
public sector audits is different from that of the industrial sector in that the
effects of service provision are considered as well as the direct effects of the
activities of the local authority:
 Direct effects - environmental impacts that result from the way in which
day to day activities are undertaken. Direct effects are covered by
internal management audit.
 Service effects - environmental impacts that result from the
organisations efforts in implementing environmental policies and
objectives. They would be covered by the Policy Impact Assessment
type of audit.
Additionally, audit techniques have been adapted to prepare State of the

Environment Reports. After several authorities, including Fife Regional
Council and Ross and Cromarty District Council, piloted the approach, the
DoE published a guide to implementing environmental management
systems within local authorities. It is referred to as UK-EMAS, as it was
derived from the European Eco-Management and Audit Scheme (DoE,
1993).
Typically public sector audits cover a number of target areas such as:
 energy use;
 recycling;
 hardwoods from sustainable sources;
 environmental education;
 habitat conservation and creation;
280 UEW/IEDE
AUDITING AND
 green purchasing; and

 Traffic calming.
Inevitably there are issues which may have been overlooked or might be
misinterpreted, and further and clearer guidance will be necessary. SNH
along with the Countryside Commission and the Countryside Council for
Wales have commissioned guidance on the treatment of countryside and
conservation issues within State of the Environment Reports.
Trends/future developments
Audit programmes are becoming a standard environmental management tool
and pressures for the disclosure of audit results are increasing. Public
statements of environmental information with external validation are
required by those participating in the European or local authority Eco-
Management and Audit Scheme.
The utility of environmental audits vary from organisation to organisation. It

is likely that audits will be used increasingly to:
 provide baseline information to enable organisations to evaluate and
manage
environmental change, threat and risk;
 form the basis for initiating and monitoring the performance of
Environmental Management Systems;
 contribute to environmental management approaches which become
integrated with environmental impact assessment and the management
of predicted impacts, mitigation and monitoring measures;
 support the implementation and management of integrated pollution
control procedures and assist in the definition of 'best practicable
environmental options' (BPEO);
 tackle external off-site impacts which consider the broader
environmental footprint of an organisation's activities; and
 Pass environmentally responsible approaches down the supply chain.
Environmental audits have traditionally dealt with the environmental effects

of industrial processes and, to a lesser extent, with resource consumption.
Guided by the legislation and compliance procedures, the environment has
usually been considered in terms of air land and water. Considerable
conservation benefits could be achieved by broadening the focus of auditing
to include natural heritage features and objectives. This would include
natural heritage legislation and by the application of audit techniques to
habitats and land use, such as farm units (Edwards et al.. 1992, LEAF,
1994), forest management units, or sporting estates. Generic approaches
could contribute to the development of conservation management plans.
 Environmental degradation has adverse impact on the quality of life and

enjoyment of human rights.
 environmental audits vary from organisation to organisation
UEW/IEDE 281
AUDITING AND
 Public sector bodies and local authorities are adapting auditing methods
to establish baselines of environmental performance.
 Environmental auditing must be implemented in a systematic and
constructive manner
 Environmental audits have traditionally dealt with the environmental
effects of industrial processes and, to a lesser extent, with resource
consumption.
Review Questions
 Define Environmental auditing
 Describe the auditing procedures in carrying out an environmental audit
 Explain why EPA should assess the environment of businesses before
issuing operating permit
282 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit 6, section 1:
This
Social
pageand
is left
environmental
blank for your
auditing
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 283
INVESTIGATIVE AUDITS
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
2
Unit 6, section 2: Investigative audits
This section will throw some light on how investigations are generally
carried out by auditors. Investigations are not part of the work of an auditor.
However, auditors are trained in investigative techniques and are known to
be independent and to have integrity. Consequently, auditors are frequent
asked to carry out investigations. Students need to understand the basics in
investigation.
By the end of this section, the reader should be able to:

 describe the stages involved in environmental auditing
 explain what back-duty investigation is
 determine situations in which investigations need to be carried out
Investigations
Investigations are simply examinations of or enquires into something or
somebody commissioned by a client for a purpose. This may takes place as
a result of a report of unusual or suspicious activity on the part of an
individual or a department. It is usually focused on specific aspects of the
work of a department or individual. Investigative Auditing deals with
innocent errors and abnormal or invalid financial incidents/events having
fraudulent potential or capable of bringing undesired financial implications
to the investigated subject.
Investigative techniques are very useful in forensic audits. In forensic

auditing, accountants with specialized knowledge of both accounting and
investigation seek to uncover fraud, missing money, negligence and/or
malfeasance. When fraud or theft is uncovered, the investigative auditor
compiles evidence and is often asked to testify if the individual responsible
for the theft is eventually prosecuted.
If you're merely interested in conducting an investigative audit for internal

purposes - such as determining whether to terminate an employee or to deter
future illegal activity by employees - using your own accountant is probably
sufficient. However, if you believe you're missing a significant amount of
money or if you believe your own accountant might be doing something
illegal, then it's a good idea to turn to an independent investigative auditing
firm.
Stages of Investigations
 Obtain precise written instructions from the client
 Clear view of the object of the investigation
 The scope of the assignment
 The degree of details and the secrecy to be observed
 Line of reporting
 Professional etiquette – Auditors must be communicated with, both to
observe the usual courtesies and to obtain their cooperation
284 UEW/IEDE
AUDITING AND
Unit 6, section 2: Investigative audits INVESTIGATION
 Organizing the investigation – This involves assessing the aims of the

investigation, estimating the time to be taken and the likely cost,
assigning the appropriate staff
 Seek background information – suppose the client is contemplating the
purchase of a factory, you will need to determine all about the business
in general (The size, structure, history, future prospects, investment
information, etc).
 Preliminary information on the subject to be investigated
 The report outline – This provides a framework to the investigation
which disciplines and controls the staff engaged on the investigation.
 The detailed investigative activities involve where obtaining, testing and
analyzing substantive information gathered. It is important to maintain
working papers in a meticulous manner.
 Draft the report
 Discuss the report verbally with the client. The draft report may require
augmentation, deletion of some sections, or other amendments
 Submission of report and follow-ups
Situations requiring Investigation

 Acquisition of companies
 Purchase of a business
 Prospective investment
 Incoming partners
 Prospective lending
 Fraud
 Losses arising from systems breakdown
 Back duty etc
Need for investigative audit

Accountants focus on investigative accounting only when necessary and
provide litigation support. Investigative accounting involves skills that
accountants do not usually possess. For example, a forensic accountant is
trained to introduce evidence in court, answer questions from attorneys
while on the witness stand and understand courtroom rules and procedure.
Investigative auditing firms are staffed with these professionals. If your
business requires an investigative audit, there are distinct advantages and
disadvantages to involving a third party.
The advantages of bringing in a third-party firm are numerous. Investigative

auditing firms employ accountants who do this work on a regular basis. As
such, they know what to look for. Another advantage is impartiality. An
outside investigative auditor who has no personal or professional
relationship with your employees is likely to conduct the audit in an
impartial manner. This is important, as these investigations can lead to
criminal prosecution. Thus, relying on an internal accountant to find fraud
UEW/IEDE 285
AUDITING AND
INVESTIGATION Unit 6, section 2: Investigative audits
or theft might place him in an uncomfortable situation, which can affect

morale.
However if the organization has an accountant or a staff trained in

investigative auditing, it makes sense to use your own staff in the
investigative auditing process. The positive side of this is that it gives you
more control over the dissemination of information. It is typically harder to
control dissemination of information when an outside firm is involved.
Another disadvantage is cost-related. Hiring an investigative auditing firm is
typically far more expensive than using your own investigative accountant.
 Investigations are simply examinations of or enquires into something or

somebody commissioned by a client for a purpose.
 Investigative techniques are very useful in forensic audits.
 Accountants focus on investigative accounting only when necessary and
provide litigation support.
 An outside investigative auditor who has no personal or professional
relationship with your employees is likely to conduct the audit in an
impartial manner.
Review Questions
 Define an Investigation
 List the stages in an investigation
 What is back duty Investigation
286 UEW/IEDE
AUDITING
AUDITING AND
AND
Unit
This 6,
page
section
is left
2:blank
Investigative
for youraudits
notes INVESTIGATION
INVESTIGATION
UEW/IEDE 287
FORENSIC AUDITS
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
3
Unit 6, section 3: Forensic audits
This sections advances the earlier section on investigative audit and

highlights credibility of information provided for an audit. Students are to
understand the objectives of forensic audit as it differs from financial audits.
By the end of this section, students should be able to:

 identify the primary objective of a forensic audit
 determine the types of investigation
 describe the procedures involved in this special audit
Background
Forensic auditing is the verification (attestation) that the transactions are
valid and that the underlying documentation and other sources of
verification can support the reported amounts. It is used to provide
credibility to financial activities in legal matters, sometimes requiring expert
testimony. It expands far beyond a routine audit, which is intended to grant
assurance. Forensic auditing by nature is intent upon proving or disproving
values, actions, intents, etc. Everything is suspect. A forensic audit may
involve subpoenaing of nonstandard records as well. By the time an audit is
escalated to the forensic level, there are many red flags in the air.
Forensic auditing combines investigative techniques along with an

understanding of accounting principles to determine if there are suspicious
practices hiding beneath company or individual financial records and
statements.
Forensic audits are used wherever an entity's finances present a legal

concern. For instance, it is used in cases of suspected embezzlement or
fraud, to determine tax liability, to investigate a spouse during divorce
proceedings or to investigate allegations of bribery, among other reasons.
‘Forensic auditing’ covers a broad spectrum of activities, with terminology
not strictly defined in regulatory guidance. Generally, the term ‘forensic
accounting’ is used to describe the wide range of investigative work which
accountants in practice could be asked to perform. The work would
normally involve an investigation into the financial affairs of an entity and
is often associated with investigations into alleged fraudulent activity.
The primary objectives of a forensic audit include:

 Examine the system of internal controls in place for safeguarding assets,
 Identify any weaknesses in those controls, and
 Determine if anyone within the company has exploited the control
weaknesses and misappropriated assets for personal gain.
If properly planned and conducted, a forensic audit should uncover asset-

theft fraud. However, it is highly unlikely that a financial statement audit
will uncover asset-theft fraud. Why? Forensic audits are performed by a
class of professionals with skill sets in both criminology and accounting
288 UEW/IEDE
AUDITING AND
Unit 6, section 3: Forensic audits INVESTIGATION
who specialize in following a money trail, keeping track of fraudulent and

actual balance sheets and checking for inaccuracies in overall and detailed
reports of income or expenditures. If they find discrepancies, it may be the
auditor's job to investigate and determine the reason for it, or it may be the
job of a separate financial investigator.
Forensic accounting refers to the whole process of investigating a financial

matter, including potentially acting as an expert witness if the fraud comes
to trial. Although this section focuses on investigations into alleged frauds,
it is important to be aware that forensic accountants could be asked to look
into non-fraud situations, such as the settling of monetary disputes in
relation to a business closure or matrimonial disputes under insurance
claims.
The process of forensic accounting as described above includes the ‘forensic

investigation’ itself, which refers to the practical steps that the forensic
accountant takes in order to gather evidence relevant to the alleged
fraudulent activity. The investigation is likely to be similar in many ways to
an audit of financial information, in that it will include a planning stage, a
period when evidence is gathered, a review process, and a report to the
client. The purpose of the investigation, in the case of an alleged fraud,
would be to discover if a fraud had actually taken place, to identify those
involved, to quantify the monetary amount of the fraud (i.e. the financial
loss suffered by the client), and to ultimately present findings to the client
and potentially to court.
Finally, ‘forensic auditing’ refers to the specific procedures carried out in

order to produce evidence. Audit techniques are used to identify and to
gather evidence to prove, for example, how long the fraud has been carried
out, and how it was conducted and concealed by the perpetrators. Evidence
may also be gathered to support other issues which would be relevant in the
event of a court case. Such issues could include:
 the suspect’s motive and opportunity to commit fraud whether the fraud
involved collusion between several suspects any physical evidence at the
scene of the crime or contained in documents comments made by the
suspect during interviews and/or at the time of arrest attempts to destroy
evidence.
Types of investigation
The forensic accountant could be asked to investigate many different types
of fraud. It is useful to categorise these types into three groups to provide an
overview of the wide range of investigations that could be carried out. The
three categories of frauds are corruption, asset misappropriation and
financial statement fraud.
UEW/IEDE 289
AUDITING AND
INVESTIGATION Unit 6, section 3: Forensic audits
Corruption
There are three types of corruption fraud: conflicts of interest, bribery, and
extortion. Research shows that corruption is involved in around one third of
all frauds.
In a conflict of interest fraud, the fraudster exerts their influence to achieve a

personal gain which detrimentally affects the company.
The fraudster may not benefit financially, but rather receives an undisclosed
personal benefit as a result of the situation. For example, a manager may
approve the expenses of an employee who is also a personal friend in order
to maintain that friendship, even if the expenses are inaccurate. Bribery is
when money (or something else of value) is offered in order to influence a
situation. Extortion is the opposite of bribery, and happens when money is
demanded (rather than offered) in order to secure a particular outcome.
Asset misappropriation
By far the most common frauds are those involving asset misappropriations,
and there are many different types of fraud which fall into this category. The
common feature is the theft of cash or other assets from the company, for
example:
 Cash theft – the stealing of physical cash, for example petty cash, from
the premises of a company.
 Fraudulent disbursements – company funds being used to make
fraudulent payments. Common examples include billing schemes, where
payments are made to a fictitious supplier, and payroll schemes, where
payments are made to fictitious employees (often known as ‘ghost
employees’).
 Inventory frauds – the theft of inventory from the company.
 Misuse of assets – employees using company assets for their own
personal interest.
Financial statement fraud

This is also known as fraudulent financial reporting, and is a type of fraud
that causes a material misstatement in the financial statements. It can
include deliberate falsification of accounting records; omission of
transactions, balances or disclosures from the financial statements; or the
misapplication of financial reporting standards. This is often carried out
with the intention of presenting the financial statements with a particular
bias, for example concealing liabilities in order to improve any analysis of
liquidity and gearing.
290 UEW/IEDE
AUDITING AND
Conducting an investigation
The process of conducting a forensic investigation is, in many ways, similar
to the process of conducting an audit, but with some additional
considerations. The various stages are briefly described below.
Accepting the investigation

The forensic accountant must initially consider whether their firm has the
necessary skills and experience to accept the work. Forensic investigations
are specialist in nature, and the work requires detailed knowledge of fraud
investigation techniques and the legal framework. Investigators must also
have received training in interview and interrogation techniques, and in how
to maintain the safe custody of evidence gathered. Additional considerations
include whether or not the investigation is being requested by an audit
client. If it is, this poses extra ethical questions, as the investigating firm
would be potentially exposed to self-review, advocacy and management
threats to objectivity. Unless robust safeguards are put in place, the firm
should not provide audit and forensic investigation services to the same
client. Commercial considerations are also important, and a high fee level
should be negotiated to compensate for the specialist nature of the work, and
the likely involvement of senior and experienced members of the firm in the
investigation.
Planning the investigation

The investigating team must carefully consider what they have been asked
to achieve and plan their work accordingly. The objectives of the
investigation will include: identifying the type of fraud that has been
operating, how long it has been operating for, and how the fraud has been
concealed identifying the fraudster(s) involved quantifying the financial loss
suffered by the client gathering evidence to be used in court proceedings
providing advice to prevent the reoccurrence of the fraud. The investigators
should also consider the best way to gather evidence – the use of computer
assisted audit techniques, for example, is very common in fraud
investigations.
Gathering evidence
In order to gather detailed evidence, the investigator must understand the
specific type of fraud that has been carried out, and how the fraud has been
committed. The evidence should be sufficient to ultimately prove the
identity of the fraudster(s), the mechanics of the fraud scheme, and the
amount of financial loss suffered. It is important that the investigating team
is skilled in collecting evidence that can be used in a court case, and in
keeping a clear chain of custody until the evidence is presented in court. If
any evidence is inconclusive or there are gaps in the chain of custody, then
the evidence may be challenged in court, or even become inadmissible.
UEW/IEDE 291
AUDITING AND
INVESTIGATION Unit 6, section 3: Forensic audits
Investigators must be alert to documents being falsified, damaged or

destroyed by the suspect(s).
Evidence can be gathered using various techniques, such as: testing controls
to gather evidence which identifies the weaknesses, which allowed the fraud
to be perpetrated using analytical procedures to compare trends over time or
to provide comparatives between different segments of the business
applying computer assisted audit techniques, for example to identify the
timing and location of relevant details being altered in the computer system
discussions and interviews with employees substantive techniques such as
reconciliations, cash counts and reviews of documentation.
The ultimate goal of the forensic investigation team is to obtain a confession

by the fraudster, if a fraud did actually occur. For this reason, the
investigators are likely to avoid deliberately confronting the alleged
fraudster(s) until they have gathered sufficient evidence to extract a
confession. The interview with the suspect is a crucial part of evidence
gathered during the investigation.
Reporting
The client will expect a report containing the findings of the investigation,
including a summary of evidence and a conclusion as to the amount of loss
suffered as a result of the fraud. The report will also discuss how the
fraudster set up the fraud scheme, and which controls, if any, were
circumvented. It is also likely that the investigative team will recommend
improvements to controls within the organisation to prevent any similar
frauds occurring in the future.
Court proceedings
The investigation is likely to lead to legal proceedings against the suspect,
and members of the investigative team will probably be involved in any
resultant court case. The evidence gathered during the investigation will be
presented at court, and team members may be called to court to describe the
evidence they have gathered and to explain how the suspect was identified.
It is imperative that the members of the investigative team called to court
can present their evidence clearly and professionally, as they may have to
simplify complex accounting issues so that non-accountants involved in the
court case can understand the evidence and its implications.
 Forensic auditing is the verification (attestation) that the transactions are

valid and that the underlying documentation and other sources of
verification can support the reported amounts.
 The three categories of frauds are corruption, asset misappropriation and

financial statement fraud.
292 UEW/IEDE
AUDITING AND
 The ultimate goal of the forensic investigation team is to obtain a

confession by the fraudster, if a fraud did actually occur.
 The evidence gathered during the investigation may be presented at

court, and team could be subpoenaed by court to justify the allegations
and substantiate the evidence provided
Review Questions
 Outline the primary objectives of a forensic audit
 Describe the procedures in conducting a financial statement fraud
investigation
 Who can initiate a forensic audit exercise?
UEW/IEDE 293
VALUE FOR MONEY (VFM) AUDIT
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
4
Unit 6, section 4: Value for money (VFM) audit
This section is to explain the value for money concept and highlight the step
in reviews towards attaining the maximum benefit in every transaction.
By the end of this section, students will be able to:

 describe the concept of value for money
 identify the main benefit of promoting value for money
 determine the responsibility for ensuring value for money
Background
‘Value for money’ (VFM) is a term used to assess whether or not an
organisation has obtained the maximum benefit from the goods and services
it both acquires and provides, within the resources available to it. Some
elements may be subjective, difficult to measure, intangible and
misunderstood. Judgment is therefore required when considering whether
VFM has been satisfactorily achieved or not. It does not only measures the
cost of goods and services, but also takes account of the mix of quality, cost,
resource use, fitness for purpose, timeliness, and convenience to judge
whether or not, together, they constitute good value.
 Achieving VFM is also often described in terms of the 'three Es' -

economy, efficiency and effectiveness. The definition of the three Es
approved by the Value for Money Committee is as follows:
 Economy - careful use of resources to save expense, time or effort.
 Efficiency - delivering the same level of service for less cost, time
or effort.
 Effectiveness - delivering a better service or getting a better return
for the same amount of expense, time or effort.
 It is very interesting to know that in many areas of activity there is

recognised 'good practice' or 'best practice', although this may be
contested. In general terms, all organisations want to adopt such good
practice as appropriate to their own circumstances, as a recognised way
not only of achieving value for money but also of demonstrating that
value for money has been both sought and achieved. Good practice will
often require a well-planned, thorough and clear approach to an activity.
 The achievement of VFM requires an attitude and culture that seeks
continuous improvement in a business and the primary responsibility of
ensuring value for money lies with the Board and Management of an
organization. The VFM concepts must be narrowed down through all
operations within the organization.
The main benefits of promoting VFM principles include:

 The clarification of objectives. Rather than acting on assumptions about
what is required, VFM principles will give managers a proper
assessment of the objectives of an activity. This will maximise their
chance of achieving the desired ends without unnecessary expenditure
294 UEW/IEDE
AUDITING AND
Unit 6, section 4: Value for money (VFM) audit INVESTIGATION
and effort. An 'assessment' should also demonstrate that the proposed

activity fits in with the organisation's strategies and policies.
 Planning is an essential part of all well managed processes. Good
planning minimises the risk of an activity failing to deliver the intended
outcome, at the right time and at the right price.
 Openness and transparency of process. Through properly documented
planning and assessment, and the adoption of open processes involving
all interested parties, organisations can publicly demonstrate a
commitment to achieving propriety as well as VFM. This are
increasingly important in a world of growing accountability and
responsibility, and is absolutely essential for organisations that receive
public funds. Such organisations have a special responsibility to show
that they operate honestly, fairly and without bias.
 Compliance with statutes and regulations. All organisations need to
comply with legal and other associated requirements. By adopting good
practice, the risk of failing to identify and comply with such
requirements is significantly reduced.
 Risk assessment. All activities have risks attached. These include, for
example, a reputational risk, control risk, financial risk (including
financial health risk), health and safety risk, and a business risk. Risk
assessment is an area that can often be improved. Although it is often
not necessary to undertake a full risk assessment for every activity, an
inadequate risk assessment, particularly for significant activities, can
result in poor value for money.
Approach to VFM
 In achieving, and seeking to achieve, VFM, there are many objectives
for organisational behaviour and activity to be taken into account. These
include:
 the culture of the organisation, for example, continually striving to
do more at the appropriate quality for less money
 adopting good practice
 clearly defining the organisation's aims, strategies and policies
 providing an organisational structure which promotes accountability,
through placing power at the point where responsibility is required
to be taken, together with appropriate control and oversight
exercised at a higher level
 being committed to effective communication and staff development
so that the culture and aims of the organisation permeate to, and are
identifiable at, all levels within the organisational structure
 Providing an appropriate infrastructure in systems, resources and
training.
UEW/IEDE 295
AUDITING AND
INVESTIGATION Unit 6, section 4: Value for money (VFM) audit
 An assessment of VFM can be achieved in a number of ways, for

example:
 through benchmarking an activity against similar activities in other
organisations
 by using performance indicators
 through conducting VFM studies (possibly in conjunction with other
institutions)
 by seeking out and then adopting recognised good practice where
this can be adapted to the institution's circumstances
 Through internal audit work. Although internal audit has a primary
responsibility for assessing the internal control system, the auditor is
frequently well placed to assess and comment on VFM in the areas
reviewed. This should be reported in individual audit reports and in
the internal audit annual report
 through retaining both documents that show how an activity has
been planned to build in VFM, and evidence of the good practices
adopted
 By examining the results or outcomes of an activity.
 It is clear that conducting VFM studies is not the only way to show a
commitment to VFM. Existing management practices that seek to
integrate VFM principles and the active promotion of a culture of
continuous improvement are two alternative approaches. Conducting a
VFM study does not, in itself, demonstrate VFM: this is dependent on
the result of the study and on any action taken in response to its findings.
 VFM studies are frequently undertaken in conjunction with other
organisations. This enables comparisons to be made (including the use
of benchmarking techniques) and each can draw upon good practice
identified elsewhere.
 There is no right answer as to who should undertake a VFM study. The
people involved in a study should, between them, have a basic range of
skills, including an understanding of VFM study methodology and
project management, and knowledge of the subject. They may be
internal staff or external experts. Internal auditors also often have the
knowledge, skills and experience to contribute to such work. Routine
internal audit work should always keep in mind the arrangements for
VFM. Any issues identified can be reported as part of that routine work.
 Achieving VFM is also often described in terms of the 'three Es' -

economy, efficiency and effectiveness.
 Generally, an institution’s governing body is responsible for ensuring
value for money
 Effective planning minimises the risk of an activity failing to deliver the
intended outcome
 Existing management practices that seek to integrate VFM principles
and the active promotion of a culture of continuous improvement are
two alternative approaches.
296 UEW/IEDE
AUDITING AND
Unit 6, section 4: Value for money (VFM) audit INVESTIGATION
Review Questions
 Explain the concept of Value For Money
 Describe the 'three Es' in Value For Money
 Outline some objective in achieving VFM
UEW/IEDE 297
TAX AUDIT
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
5
Unit 6, section 5: Tax audit
Dear This Section is to highlight the need for tax reviews when conducting
audit in a company. Students will be taken through some offences and
penalties affecting companies and some test question useful to inform the
setting of audit objectives.
By the end of this section, students will cover:

 taxation
 types of Taxation
 how to carry out a review of some types of taxes relating to companies
In order to express an opinion on the financial statements of a company, it is

necessary to consider tax exposures the company may face. Additionally,
the company may face sanctions and penalties from statutory bodies like the
Ghana Revenue Authority (GRA), Social Security and National Insurance
Trust (SSNIT) etc if it defaults in complying with laws and regulations.
These reviews are necessary because in some cases, they may threaten the
going concern status of the company or result in significant liabilities.
Taxation
 Tax is a financial charge or other levy imposed on an individual or a
legal entity by a State. It is a compulsory payment for which no value or
service has to be rendered in return. It is based on a system of laws
passed by Parliament and interpreted by the Judiciary, giving effect to
what one must assume to be the democratic will of the citizens.
 It is not a voluntary payment or donation, but an enforceable
contribution and it is a contribution imposed by government. When
taxes are not fully paid, civil penalties (such as fines) or criminal
penalties (such as imprisonment) may be imposed on the non-paying
entity or individual.
 Taxation is a systematic (legal and administrative) process and a means
of mobilizing revenue from private sector to public sector treasury
through compulsory monetary payments on taxable persons and
transactions.
Direct Tax
Direct taxes are based on the notion that taxes on income and capital and are
levied directly on chargeable persons such as individuals and companies. In
this form of taxation both the impact and incidence of tax are on the person
to whom the incomes or gains accrue. Direct tax includes income tax on
individuals and companies, which are administered by the Domestic Tax
Revenue Division (DTRD) of the Ghana Revenue Authority (GRA).
Indirect Tax
Indirect Taxes are on expenditure through production and consumption.
They are levied on the ownership of goods and services. They are said to be
indirect because the impact is on the person immediately paying the tax
298 UEW/IEDE
AUDITING AND
Unit 6, section 5: Tax audit INVESTIGATION
whereas the incidence may be on a different person, say the consumer. For
example an importer and the consumer in which the impact of the tax is on
the importer, whereas the incidence of tax is on the consumer i. e. the person
who ultimately bears the burden of the tax.
A company typically faces these four major tax types.
 Company Income Tax (“CIT”)
 Payroll
 Withholding Tax (“WHT”)
 Value Added Tax (“VAT”)
Things to consider to review these taxes are discussed below.
Company Income Tax (“CIT”)

All companies are required to pay taxes on their income. These taxes are to
be paid four months after the end of the basis period of the companies.
Companies are also to file returns by the same deadline. A penalty of
GHS4.00 a day accrues for each day that the CIT return is outstanding. A
further penalty of 10% of tax payable if the default is within three months or
20% if the default exceeds three months accrues when the tax is not paid on
time. Some companies are supposed to file self-assessment estimates at the
beginning of the basis period and pay taxes quarterly. For audit purposes,
the auditor should:
 Re-compute CIT;
 Check if self-assessment returns have been filed;
 Check if quarterly taxes have been paid;
 Check if taxes have been paid on time;
 Check if there has been any tax audit report issued by the Ghana
Revenue Authority (“GRA”) and whether there are outstanding issues;
All tax auditors need to obtain reasonable assurance that tax returns are free
from any material misstatement, whether due to fraud or error.
Payroll
Employers are required to withhold taxes from payments to employees and
remit these taxes to the GRA on or before the 15th day of the month
following the month to which the tax relates to. A penalty of 20% of tax
payable is imposed if the period of default is within three months and 30%
if it exceeds. Additionally, employers are required to deduct SSF
contribution of 5.5% from the basic salaries of employees and make
additional contribution of 13%. These amounts are further split between
SSNIT and a private fund trustee. A cumulative monthly penalty of 3%
exists if there is a default on payment to SSNIT. There are other punitive
measures that could be brought against directors of the company. The
auditor should be concerned about whether:
 PAYE taxes are paid on time;
 PAYE taxes are accurately computed;
UEW/IEDE 299
AUDITING AND
INVESTIGATION Unit 6, section 5: Tax audit
 SSF deductions are remitted to the various bodies and on time
Withholding Tax (WHT)

Auditors should be able to identify taxes that are to be withheld at source
and plan reviews that will reduce their audit risk or be in a position to advise
the company on what to do. Per Section 88 of the Internal Revenue Act,
2003 (Act 592), a withholding agent who fails to withhold tax in accordance
with this Subdivision is personally liable to pay to the Commissioner the
amount of tax which has not been withheld, but the withholding agent is
entitled to recover this amount from the payee.
Value Added Tax (VAT)

A value added tax is to be charged on:
the supply of goods or services made in the country other than exempt
goods or services;
the import of goods or import of services other than exempt import.
The tax is charged on the supply of goods or services where the supply is:
 a taxable supply;
 made by a taxable person.
The Obligations of The Taxpayer

Auditors must understand axpayer’s obligations to be able to plan audits and
identify threats that could affect the going concern status of the company or
result in significant liabilities or increase their audit risk. These obligations
include:
 Truthfully inform Ghana Revenue Authority of all your business
transactions
 Having clear and accurate records
 Recording all your earnings accurately
 Recording all your day to day expenses truthfully
 Recording all capital expenditure accurately
 Recording all staff wages
 Paying all your taxes by the due dates
 Withholding and accounting for all withholding taxes by the due dates
 Filing all Tax Returns accurately by the due dates
Table on Offences and Penalties – (Under the Vat Law)

OFFENCES PENALTIES
Failure to register -deliberate & reckless – GH ¢1,000 or
5yrs or both
-other reason – GH ¢500 or 1yr or both
Failure to issue a tax invoice - GH ¢1,000 or 5yrs or both
Failure to file a return -pecuniary penalty of GH ¢500 + GH
¢10 for each day during which the
300 UEW/IEDE
AUDITING AND
default continues
Failure to account for tax Interest at BoG rate
collected
Evasion of tax payment 3x tax evaded + 5yrs imprisonment or
both
Falsification or alteration of GH ¢200 – GH ¢1,000 or 5yrs or both
documents & forfeiture of goods involved to State
Failure to maintain proper records -deliberate & reckless – GH ¢1,000 or
5yrs or both
Unauthorised collection of tax 10x amount of tax or 5yrs or both
Obstruction of an officer of GH ¢50 – GH ¢500 or 1yr
VATS in the performance of his imprisonment
duties
Making false or misleading -knowingly & recklessly – GH ¢1,000
statement or 5yrs or both
Table on Offences and Penalties (Under Internal Revenue Act)

OFFENCE PENALTY
IMPOSED BY COMMISSIONER-GENERAL
Failure to pay tax ≤3months 10% of amount due
Failure to pay tax >3months 20% of amount due
Failure to pay WHT ≤3months 20% of amount due
Failure to pay WHT >3months 30% of amount due
Failure to pay tax + penalty 5% of (tax + penalty) for every month
after notice has been served during which the default continues
Failure to furnish a return of 4 currency points (GH¢4.00) in respect of
income on due date – each day during which the default
(Company) continues
Failure to furnish a return of 2 currency point (GH¢2.00) in respect of
income on due date – each day during which the default
continues
Underestimating tax payable 30% [(90% Final Tax) – Estimated Tax)
(Self Assessed Persons)
Making false & misleading 2x the under payment of tax
statement
Making false & misleading 3x the under payment of tax
statement – (made knowingly
& recklessly)
Aiding & abetting 3x the under payment of tax
IMPOSED BY THE COURTS
Failure to furnish a return (tax 50PU ≤ fine ≤300 PU
>500 CP)
UEW/IEDE 301
AUDITING AND
INVESTIGATION Unit 6, section 5: Tax audit
Failure to furnish a return (tax 10PU ≤ fine ≤100 PU

≤500 CP)
Making false statements & 50PU ≤ fine ≤200 PU or
returns to reduce tax (tax >100 1yr ≤ imprisonment ≤2yrs or both
CP)
Making false statements & 10PU ≤ fine ≤50 PU or
returns to reduce tax (tax ≤100 6months ≤ imprisonment ≤1yr or both
CP)
Making incorrect returns (tax 25PU ≤ fine ≤100 PU or
>100 CP) 3months ≤ imprisonment ≤1yr or both
Making incorrect returns (tax 5PU ≤ fine ≤25 PU or
≤100 CP) 1 month ≤ imprisonment ≤3months or
both
Aiding & Abetting (tax >100 50PU ≤ fine ≤200 PU or
CP) 1yr ≤ imprisonment ≤2yrs or both
Aiding & Abetting (tax ≤100 10PU ≤ fine ≤200 PU or
CP) 6months ≤ imprisonment ≤1yr or both
Failure to comply with Act (tax 25PU ≤ fine ≤100 PU or
>100 CP) 3months ≤ imprisonment ≤1yr or both
Failure to comply with Act (tax 5PU ≤ fine ≤25 PU or
≤100 CP) 1month ≤ imprisonment ≤3months or both
Impeding Tax Administration 25PU ≤ fine ≤200 PU or
imprisonment ≤2yrs or both
Offences by Authorised & Fine ≥50 PU or
Unauthorised persons 1yr ≤ imprisonment ≤3yrs or both
Divulging official secrete Fine ≤100 PU or
imprisonment ≤1yr or both
NB: I PENALTY UNIT (PU) = GH ¢12.00
1 CURRENCY POINT = GH ¢1.00
Table on Sample Tax Risk Assessment Questions

Questions Higher Lower
Risk Risk
Is the entity’s tax function/department staffed by Yes No
without relevant tax and tax accounting
background, skills and experience? Is the entity’s
staff uninformed / not kept up-to-date with
changes in tax rules and legislation?
Does the entity carry out aggressive or tax- Yes No
motivated tax planning or maintain tax driven
structures or arrangements?
Does the entity have complex operations from a Yes No
tax perspective (eg. controlled foreign
companies, cross-border transactions/transfer
pricing, complex financial instruments,
operations in various overseas locations which
302 UEW/IEDE
AUDITING AND
may give rise to permanent establishment or

foreign branch exposures
Does the entity conduct significant receive Yes No
business with related parties
Does the entity have a history of tax issues Yes No
/disputes with tax authorities?
Does the company engage in an industry that has Yes No
complex, industry-specific tax issues? (eb.
Insurance, banking, mining sector, etc)
In order to express an opinion on the financial statements of a company, it is

necessary to consider tax exposures the company may face.
Employers are required to withhold taxes from payments to employees and
remit these taxes to the GRA on or before the 15th day of the month
following the month to which the tax relates to.
Review Questions
 Which tax types should an auditor focus on in reviewing a company
 List any two offences with their penalties that companies can be liable to
 Why should auditors focus on the tax impact on the companies they
audit?
UEW/IEDE 303
INFORMATION SYSTEM AUDIT
AUDITING AND
UNIT 6 SECTION
INVESTIGATION
6
Unit 6, section 6: Information system audit
This section is a specialised area relating to auditing the IT systems itself.
 what information system is

 auditable areas to cover to
 protect of information assets,
 deliver IT services and support
 in Systems and Infrastructure Life Cycle Management
Information system audit

Information System Audit concerns itself with an independent review and
evaluation (wholly or partly) of controls applied within an organisation on
information technology investments made. The function of the IS Audit is to
safeguard assets and maintain data integrity.
Audit programmes would need to be prepared and resources (human and

others) are required to ensure that the teams effectively and efficiently carry
out the audit in a professional manner. The overall direction for the IS Audit
would also need to consider risk management programmes to systematically
evaluate risk exposures.
A certified information system auditor should be familiar with the

following:
 The Process of Auditing Information Systems
 Governance and Management of IT
 Information Systems Acquisition, Development, and Implementation
 Information Systems Operations, Maintenance and Support
 Protection of Information Assets
The Process of Auditing Information Systems: This provides a review of

the knowledge required to comply with the information systems (IS) audit
standards, guidelines and best practices in the provision of IS audit services.
These services help organizations protect and control their information and
business systems.
Areas in which the IS Auditor must be knowledgeable include:

 IT Audit and Assurance Standards, Guidelines and Techniques
 Risk assessment in an audit context
 Control Objectives related to information systems
 Audit planning and management techniques
 Gathering information and preserving evidence
 Reporting and communication techniques
 Control Objectives and IS-Related Controls
 Risk Assessment in an Audit Context
 Audit Planning and Management Techniques
 Reporting and Communication Techniques
 Control Self-Assessment
304 UEW/IEDE
AUDITING AND
Unit 6, section 6: Information system audit INVESTIGATION
IS Auditor’s role in IT Governance

IT governance audits include reviews of the organization’s fiduciary
responsibility in satisfying the quality of IT delivery services while aligning
with the business objectives and establishing an adequate system of internal
controls. This provides a review of the development of sound control
practices and mechanisms for management oversight and review required of
an information systems (IS) audit/assurance professional who is responsible
for providing assurance that an organization has the structure, policies,
accountability mechanisms and monitoring practices in place to achieve the
requirements of IT governance.
IS Auditor must cover with include:
 IT Governance Frameworks
 IT strategy, policies, standards and procedures
 Organizational structure roles and responsibilities related to IT
 Quality Management systems
 Maturity and business process re-engineering models
 IT contracting strategies
 Enterprise risk management
 Process Improvement Models
 IT Contracting Strategies
 Monitoring and Reporting IT Performance
 IT Human Resource Management
 Business impact analysis
 Business continuity planning
Auditor’s Role in IT Service Delivery and Support

This provides a review of some of the methodologies and processes
organizations employ when they develop and change application systems
and infrastructure components. Also, this module will cover the practices
and knowledge required of an information systems (IS) audit/assurance
professional who is responsible for providing assurance that, in the event of
a disruption, the business continuity and disaster recovery processes will
ensure the timely resumption of IT services, while minimizing the business
impact.
Areas to be covered include:

 Service level management practices
 Operations management
 Technology concepts related to networks, system software and database
management systems
 System resiliency tools and techniques
 Database administration practices
 Capacity planning and monitoring techniques
 Problem and incident management practices
 Disaster recovery plans and testing methods
UEW/IEDE 305
AUDITING AND
INVESTIGATION Unit 6, section 6: Information system audit
Auditor’s Role in Systems and Infrastructure Life Cycle

Management
This provides a review of the methodologies and processes organizations
employ when they develop and change application systems and
infrastructure components.
The related topics for the auditor include:

 Benefits realization practices
 Project governance mechanisms
 Project management control frameworks, practices and tools
 Risk management practices
 Requirements analysis and management practices
 System development methodologies and tools
 Configuration and release management
 System migration and infrastructure deployment practices
 Post-implementation review objectives and practices
Auditor’s Role in IT Service Delivery and Support

This provides a review of some of the methodologies and processes
organizations employ when they develop and change application systems
and infrastructure components. Also, this module will cover the practices
and knowledge required of an information systems (IS) audit/assurance
professional who is responsible for providing assurance that, in the event of
a disruption, the business continuity and disaster recovery processes will
ensure the timely resumption of IT services, while minimizing the business
impact.
Areas to be covered include:

 Service level management practices
 Operations management
 Technology concepts related to networks, system software and database
management systems
 System resiliency tools and techniques
 Database administration practices
 Capacity planning and monitoring techniques
 Problem and incident management practices
 Disaster recovery plans and testing methods
IS Auditor’s Role in Protection of Information Assets

This provides a review of the key components an auditor must be aware of
to evaluate and ensure an organization's confidentiality, integrity, and
availability (CIA) of information assets including logical and physical
access controls, network infrastructure security, environmental controls and
306 UEW/IEDE
AUDITING AND
Unit 6, section 6: Information system audit INVESTIGATION
other processes and procedures used to maintain security of confidential

information assets.
Areas to cover include:

 Security controls
 Security incidents
 Logical access controls
 Network security controls
 Network and Internet security
 Attack methods and techniques
 Security testing techniques
 Encryption related technologies
 PKI components and digital signature techniques
 Security of mobile and wireless devices
 Voice communications security
 Data classification schemes
 Physical access controls
 Environmental protection devices
 Process and procedures for information assets
The process in IS Audit require the gathering of evidence, evaluation of the

strength and controls based upon the evidence gathered. Some examples of
IS audit activities are:
 This IS Auditor would need to consider preparing physical and
environmental control check-list on information based on the computer.
 A clear understanding of what the customer requires is the first step in
the development of a Service Level Agreement. An IS auditor would
cross-check during his review if this was done and the impact of this on
service provided.
 At the stage of preparing contracts the IS auditor should be able to draw
managements' attention to the need to incorporate certain provisions into
the contract which would provide the outsourcing institution leverage
over the service provider.
 An IT inactivity such as downtime is addressed by availability reports
which provide the time periods during which the computer was available
for utilization by users or other processes. A review would enable the IS
Auditor to report the abnormal downtimes for corrective action.
 Network monitoring devices may be used to inspect activities from
known or unknown users and can identify client addresses, which may
assist in finding evidence of unauthorized access. This serves as a
detective control.
 A review of system configuration files for control options used would
show which users have access to the privileged supervisory state and
these are detective in nature. This particular review also deals with the
management of configuration and monitoring performance.
UEW/IEDE 307
AUDITING AND
INVESTIGATION Unit 6, section 6: Information system audit
 To prevent exploitation, patch management would be preferred to log

monitoring, intrusion detection and virus protection since this method
eliminates identified vulnerabilities. An IS auditor should be able to
appreciate the methods used by the IT specialist and advice management
or give assurance according.
 To ensure confidentiality of data and prevent access to data during
disposal of computers and laptops for instance, there should be physical
destruction of hard disks or hard disks should be removed from
computers or laptops before their disposal. All these are issues which
could be raised in an IS audit for management decision and action.
 The process in IS Audit require the gathering of evidence, evaluation of

the strength and controls
 IS Auditor would need to consider preparing physical and environmental
control check-list on information based on the computer
Review Questions
List five aspects the IS auditors will need to look at under the following key
areas:
 The Process of Auditing Information Systems
 Governance and Management of IT
 Information Systems Acquisition, Development, and Implementation
 Information Systems Operations, Maintenance and Support
 Protection of Information Assets
308 UEW/IEDE

Merged - PDF Auditing and Investigation

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Merged - PDF Auditing and Investigation

Uploaded by

Copyright:

Available Formats

LEGAL AND PROFESSIONAL FRAMEWORK

By the end of this unit, you should be able to:

At the end of this session, you should be able to understand

International Federation of Accountants [IFAC]

profession committed to quality performance and in serving the public

Contributing to the Efficiency of the Global Economy

Providing Leadership and Spokesmanship

IFAC’s standard-setting boards follow a due process and actively support

Under the framework, all auditors are required to identify threats to

 Public Sector Accounting - IFAC’s International Public Sector

International Education Practice Statements and other guidance to assist

 Small and Medium-Sized Practices - IFAC is also focused on providing

 Developing Nations - IFAC’s Developing Nations Committee supports

 IFAC Member Body Compliance Program - As part of the Member

IFAC Structure and Operations

countries with different levels of economic development. IFAC is

The Institute of Chartered Accountants, Ghana (ICAG)

Council of the Institute

Qualification, Disqualification, Striking Off and Suspension of

The Council of the ICAG disqualifies any person adjudged by a court of

Striking off and Cancellation of Registration

Misconduct includes all and any of the following:

 A number of less serious instances of professional negligence that,

It is particularly important that the penalties include loss of professional

 IFAC contributes to the efficient functioning of the international

We are now on section 2 of unit 1. In this section, we would examine

Ghana Audit Service

Audit of public accounts generally

Audit of foreign exchange transactions

 The accounts have been properly kept;

Auditing of statutory corporation

Examination of Controller & Accountant-General’s public

Appointment of the Auditor-General

Disallowance and surcharge by Auditor-General

A person aggrieved by a disallowance or surcharge made by the Auditor-

Independence and powers of the Auditor-General

 Shall not be subject to the direction or control of any other person or

The Auditor-General may in addition to the audit of public accounts, carry

Adherence to international practices

Submission of Auditor-General's report to Parliament

Without limiting the scope, the Auditor-General in his report to Parliament

Debate by Parliament of the Auditor-General's reports

Auditing of the office of the Auditor-General

The Internal Audit Agency

Establishment and Functions of the Internal Audit Agency

The specific functions of the agency are as follows:

 The Agency shall ensure that

 Without limiting subsections (1) and (2), the Agency shall

 The Agency shall monitor, undertake inspections and evaluate the

Governing body of the Agency

Establishment of internal audit units

 A copy of an internal audit report of an MMDA shall be submitted to its

Exhibition of Professionalism and Competence

 Confidentiality - Internal auditors shall respect the value and ownership

Offences and penalties

Providing information which the person knows to be false or which the

 Any internal auditor who acts in breach of any of the provisions of

You have learnt about

 Discuss the Appointment, Powers and the Independence of the Auditor

You are welcome to section 3 of unit 1. In this section, we would have an

International Standards on Auditing (ISAs)

List of the Standards (ISAs)