Inter Audit Addendum

Ch-1 Intro to Audit

Inherent Limitation of Audit

Nature of FR
For eg,
• Mgt has devised a control that all purchase bills should reflect stamp & signatures of authorised
person in “Goods Receiving Section” of Co. stating the date & time of receiving goods in premises.
• It’s an internal control devised by Co. to ensure only those purchase bills are produced for
payment for which goods have been actually recd.
• Now, what if concerned accountant & authorised person in “Goods Receiving Section” collude.
• It’s a case of overriding of ICs due to collusion b/w 2 persons. Such a probable collusion is one of
limitations of internal controls itself.

Engagement & Quality Control Standards

Standards on Auditing (SA)
• SA apply in context of an audit of FS by an independent auditor.
• SA apply in audit of historical info.
• High quality benchmarks & are followed by auditors in audit of FS.
• Examples: - SA 200, SA 230, SA 315, SA 500, SA 700

Standards on Review Engagements (SRE)

• SRE apply in context of review of FS
• Review is a limited assurance engagement & provides assurance lower than audit.
• Review involves fewer procedures as compared to audit.
• It also involves obtaining sufficient appropriate evidence.
• Examples:
ü SRE 2400 (Revised) Engagements to Review Historical Financial Statements
ü SRE 2410 Review of Interim Financial Info. Performed by Independent Auditor of Entity

Note: Both SA & SRE apply to engagements involving historical financial info.

Standards on Related Services (SRS)

• Agreed Upon Procedures: Auditor to perform certain procedures concerning individual items of
financial data, say, a/c payable, a/c receivable, etc.

• Compilation Engg: Practitioner may be called upon to assist mgt with preparation & presentation
of historical financial info. without obtaining assurance on that info. Such type of compilation engg
fall in the category of related services & practitioner issues a report clearly stating that it is not
an assurance engg & no opinion is being expressed.
• Examples:
ü SRS 4400 Engagements to perform agreed-upon procedures regarding financial info.
ü SRS 4410 (Revised) Compilation engg.
CA Shubham Keswani 1
Inter Audit Addendum
Standards on Quality Control (SQCs)
• Establish standards & provide guidance regarding a firm’s responsibilities for its system of quality
control for conduct of engagements.
• SQC 1 has been issued in this regard.
• Requires auditors/practitioners
ü to establish system of quality control
ü so that firm & its personnel comply with professional standards & regulatory & legal
requirements &
ü reports issued are appropriate.

Note: SQCs are to be applied for all engagements.

Scope of Audit
Inclusions:
1. All Aspects of Entity: Audit should cover all aspects of entity relevant to FS being audited.

2. Reliability and sufficiency of financial information

• Auditor should ensure that info. contained in a/c records & other source data (like bills, vouchers,
documents etc.) is reliable & sufficient for preparation of FS.
• Auditor makes this judgment by study & assessment of a/c systems & internal controls and
carrying out appropriate tests, enquiries and procedures.

3. Proper disclosure of financial information

Auditor should decide whether relevant info. is properly disclosed in FS. Also keep in mind applicable
statutory requirements in this regard.

Summarise: Ensuring that FS properly summarize transactions & events recorded, considering
judgments made by mgt in preparation of FS.

Mgt Judgments: Mgt is responsible for preparation & presentation of FS.

• Makes many judgments in preparing and presenting FS. For eg, choosing of appropriate a/c policies
in relation to various a/c issues like choosing method of charging depreciation on fixed assets or
appropriate method for valuation of inventories.
• Auditor evaluates selection & consistent application of a/c policies by mgt; whether such a
selection is proper & whether chosen policy has been applied consistently on a period-to-period
basis.

Historical Financial Info: Understand that FS are prepared on historical financial info. basis. For eg,
when purchases & sales are reflected in FS, these are eg of historical financial info. Transactions
which have occurred in past.

CA Shubham Keswani 2
Inter Audit Addendum
What is doesn’t Include?

1. Responsibility of preparation and presentation of FS à Mgt (not of Auditor)

2. Audit is not Investigation (already covered in Inherent limitations topic)
3. Auditor is not expert in authentication of documents. Genuineness of documents cannot be
authenticated by him because he is not an expert in this field.
4. Not expected to perform duties outside his domain of competence. For eg, physical condition of
assets like sophisticated machinery. Also, not expected to determine suitability & life of civil
structures like buildings. These require different skillsets which may be performed by qualified
engineers.

Ethics

“Ethics” means moral principles which govern a person’s behaviour or his conducting of an activity.

Principles based approach vs Rules based approach to ethics (Ethical or Legal)

Principles Based Approach
ü Essence of principles-based approach is that it requires compliance with spirit of ethics.
ü It requires accountants to exercise professional judgment in every situation based upon their
professional knowledge, skill and expertise.
ü Evaluate every situation to arrive at conclusions.

Rules Based Approach

ü However, rules-based approach to ethics strictly follows clearly established rules.
ü It may lead to a narrow outlook & spirit of ethics may be overlooked while strictly adhering to
rules.
ü It’s somewhat rigid as it may not be possible to deal with every practical situation relying upon
rules.

Conclusion: Therefore, it is necessary that spirit of code is followed.

SA 210
If Auditor doesn’t agree with change in terms & mgt doesn’t permit to continue original audit engg?
Auditor shall:
a) Withdraw from audit engg. where possible under applicable law or regulation and
b) Determine whether any obligation to report other parties, such as TCWG, owners or regulators.

SQC-1/SA 220
Engg Performance
Consultation should take place in difficult or contentious matters pertaining to an engg.
• It includes discussion, at appropriate professional level, with individuals within or outside the
firm who have specialized expertise, to resolve a difficult or contentious matter.

CA Shubham Keswani 3
Inter Audit Addendum
Ch-2 Audit Planning
Extract of Sample audit programme pertaining to sales of an entity

Name of concern: Fine Industries

Financial year: 2021-22
Prepared by: P (with date)
Reviewed by: Q (with date)
Approved by: R (with date)

S No. Nature of procedures Extent of check Basis of sample Done by

a Vouch few sales invoices from copies
available in record of the concern.
b Trace invoices into books of concern
c Verify few invoices with e-way bills
generated on the e- way bill portal.
d Trace few sales invoices into the stock
records to ensure that sold quantities
have been reduced from stocks.
e Trace also few sales invoices into
accounts of buyers

Summary: Trace invoices with Copies/Accounts (Co./Buyers) /Stock records/E way bills

Ch-4 Risk Assessment & Internal Control

Examples of Extracts of Internal Control Questionnaire in respect of purchases, creditors,

inventories and fixed assets
A. Purchases
1. Are purchases centralised in the Purchase Department?
(a) Are purchases made only from approved suppliers?
(b) Is a list of approved suppliers maintained for this purpose?
(c) Does the master list contain more than one source of supply for all important materials?
2. Are POs based on valid purchase requisitions duly signed by authorised persons in this behalf?
3. Are purchases based on competitive quotations from two or more suppliers?
4. Are POs pre-numbered?
5. Are POs signed only by employees authorized in this behalf?
6. Are all materials received only in the Receiving Department?

B. Creditors
1. (a) Are suppliers’ invoices routed direct to Accounts Department?
CA Shubham Keswani 4
Inter Audit Addendum
(b) Are they entered in a Bill register before submitting them to other departments for check
and/or approval?
(c) Are advance & partial payments entered on the invoices before they are submitted to other
departments?
2. Does the system ensure that all invoices are duly processed?
3. In respect of raw material & supplies, are reconciliations made of quantities and/or values
received as shown by purchase invoices with receipt into stock records?
4. Does Accounts Department match invoices with Goods Received Notes & POs?
5. Do all invoices bear evidence of being checked for prices, freight, terms etc.?
6. Are all advance payments duly authorized by persons competent to authorize such payments?
7. Are duplicate invoices marked immediately on receipt to avoid payment against them?
8. Are all supplier’s statements compared with ledger accounts?
9. Is there any follow-up action to investigate difference, if any, between suppliers’ statements &
ledger accounts?
10. Is a list of unpaid creditors prepared & reconciled periodically?

C. Inventories
1. Are stocks stored in assigned areas?
2. Are stocks insured comprehensively against different risks? If some risk is not insured,
whether it is due to specific decision taken by a senior official?
3. Is a record maintained for the insurance policies?
4. Is the record reviewed periodically?
5. Is there an official who decides on the value for which stocks are to be insured?
6. Is the adequacy of insurance cover reviewed periodically?
7. Are perpetual stock records kept for raw materials, work-in-progress, finished goods and
stores?
8. Are stock records periodically reconciled with accounting records?

D. Fixed Assets
1. Are budgets for capital expenditure approved?
2. Is authority to incur capital expenditure restricted to specified officials?
3. Are purchases of capital expenditure subject to same controls as applicable to purchases of
raw materials, stores etc.?
4. Is there proper check to see that amounts expended do not exceed the amount authorized?
5. Are fixed assets verified periodically?
6. Is there a written procedure for such verification?
7. Are reports prepared on such verification?
8. Do such reports indicate damaged/obsolete items of fixed assets?

CA Shubham Keswani 5
Inter Audit Addendum
Internal Controls over Financial Reporting
Provision of Nature of Responsibility
Companies Act
Sec 134(5)(e) For listed Cos, Directors’ responsibility statement shall state that Directors had
laid down IFCs to be followed by Co. & such IFCs are adequate & operating
effectively.
Sec 143(3)(i) Auditor’s report shall state whether Co. has adequate IFCs system in place & also
on operating effectiveness of such controls.
This requirement shall not apply to–
(i) is OPC or Small Co. or
(ii) Pvt ltd Co. (T/o < ₹50 Cr (last audited FS) & Borrowings from Banks/FI (during
FY) < 25 Cr )
Sec 177(4)(vii) Every audit Committee shall act as per terms of reference specified in writing by
Board which shall, inter alia, include - evaluation of IFCs & risk mgt systems.
Sec 149(8) Co. & independent directors shall abide by Schedule IV which lays down Code for
independent Directors.
Independent directors shall satisfy themselves on integrity of financial info. &
that financial controls & systems of risk mgt are robust & defensible.

Ch-6 Sampling
Selecting Items for Testing to Obtain Audit Evidence
When designing TOCs & TODs, auditor shall determine means of selecting items for testing that are
effective in meeting purpose of audit procedure.

Means available to the auditor for selecting items for testing are:
a) Selecting all items (100% examination);
b) Selecting specific items; and
c) Audit sampling.

Application of any one or combination of these means may be appropriate depending on the auditors’
judgement to obtain audit evidence.

Selecting All Items

Examine entire population of items that make up a class of transactions or a/c balance (or a stratum
within that population). 100% examination is unlikely in case of TOCs; however, it’s more common for
TODs. 100% examination may be appropriate when,
For eg:
• Population constitutes a small no. of large value items
• There’s a significant risk & other means don’t provide SAAE or
• Repetitive nature of a calculation or other process performed automatically by an info. system
makes a 100% examination cost effective.
CA Shubham Keswani 6
Inter Audit Addendum

Selecting Specific Items

Auditor may decide to select specific items from a population.
In making this decision, factors that may be relevant include
• auditor’s understanding of entity,
• assessed RoMM, and
• characteristics of population being tested.

Judgmental selection of specific items is subject to non-sampling risk.

Specific items selected may include:

• High value or key items.
Select specific items within a population because they are of high value, or exhibit some other
characteristic. For eg. items that are suspicious, unusual, risk-prone or have a history of error.

• All items over a certain amount.

Examine items whose recorded values exceed a certain amount to verify a large proportion of
total amount of a class of transactions or a/c balance.

• Items to obtain info.

Auditor may examine items to obtain info. about matters such as nature of entity or transactions.

Q. What’s benefit of Correction of Misstatements? (SA 450)

Correction of enables mgt to
• maintain accurate accounting books & records &
• reduces RoMM of future FS because of cumulative effect of immaterial uncorrected
misstatements related to prior periods.

Ch-8 [SA 500-510]

Inclusions in letter of Inquiry to ELC [SA 501]

Letter of specific inquiry includes:
a) A list of litigation & claims
b) Where available, mgt’s assessment of outcome of each of identified L&Cs and its estimate of
financial implications, including costs involved &
c) A request that ELC confirm reasonableness of mgt’s assessments & provide auditor with further
info. if list is incomplete or incorrect.

Evaluating the Evidence Obtained [SA 505]

Auditor shall evaluate whether results of external confirmation procedures provide relevant and
reliable audit evidence, or whether performing further audit procedures is necessary.

CA Shubham Keswani 7
Inter Audit Addendum
When evaluating results of individual confirmation requests, may categorise such results as follows:
a) A response by appropriate confirming party indicating agreement with info. provided in
confirmation request, or providing requested info. without exception
b) A response deemed unreliable
c) A non-response or
d) A response indicating an exception.

Auditor’s evaluation, when taken into account with other audit procedures may assist in concluding
whether SAAE been obtained or performing FAP is necessary, as per SA 330.

Ch-9 [SA 550-580]

SA 550
Considerations specific to smaller entities by auditor
Control environment in smaller entities is likely to be different from larger entities.
• TCWG may not include an outside member & governance directly by owner-manager where no other
owner exists.
• Control activities shall be less formal & no documented processes for dealing with related party
relationships & transactions.
• An owner-manager may mitigate risks arising from RPTs, or potentially increase risks through
active involvement in all main aspects of transactions.

What Auditor can do?

Obtain understanding of
• related party relationships & transactions, &
• any controls that may exist over these,
through inquiry of mgt combined with other procedures, such as observation of mgt’s oversight &
review activities, & inspection of relevant documentation.

Ch-14 Bank Audit

Conducting an Audit
Audit of banks or their branches involves following stages –

1. Initial consideration by statutory auditor

i) Declaration of Indebtedness: RBI has advised, before appointing statutory central/branch
auditors, obtain a declaration of indebtedness. Indebtedness refers to owing money to bank.

ii) Internal Assignments in Banks by Statutory Auditors: Audit firms shouldn’t undertake statutory
audit assignment while they are associated with internal assignments in bank during same year, like
Concurrent audits (Internal Audit of Banks conducted monthly during the year)

CA Shubham Keswani 8
Inter Audit Addendum

iii) Planning: SA 300 requires auditor to undertake following prior to starting an initial audit:
a) Performing procedures as per SA 220 regarding acceptance of client relationship & specific
audit engagement and
b) Establish understanding of terms of engg. as per SA 210.

iv) Communication with Previous Auditor: As per Clause (8) of Part I of First Schedule to CA Act,
1949, a CA in practice can’t accept position as auditor previously held by another CA without first
communicating with him in writing. He should get a NO Objection Certificate (NOC) from previous
auditor to know whether he has any objections to such appointment, for any valid reasons.

v) Terms of Audit Engagements: SA 210 requires that for each period to be audited, auditor should
agree on terms of audit engg. with bank before beginning significant portions of fieldwork.

vi) Initial Engagements: Auditor perform audit procedures as per SA 510 & if concludes that opening
balances contain misstatements which materially affect FS for current period & effect is not
properly accounted & disclosed, express a qualified or adverse opinion.

vii) Assessment of Engg Risk: Critical part of audit & done prior to acceptance of audit engg since it
affects decision of accepting engg & planning if audit is accepted.

viii) Establish the Engg Team: Assignment of qualified & experienced professionals is important
component of managing engg risk.

ix) Understanding Bank and its Environment: SA 315 lays down that auditor should obtain
understanding of entity & its environment, including internal control, to identify & assess RoMM
whether due to fraud/error & design & perform further audit procedures.

2. Identifying and Assessing the RoMM: SA 315 auditor to identify & assess RoMM at FS & assertion
level for ABCD to provide basis for designing & performing FAP.

3. Understanding Bank & Its Environment including Internal Control: Understanding of bank & its
environment, including internal control, enables auditor:
• to identify & assess risk;
• to develop an audit plan determine operating effectiveness of controls and
• to address the specific risks.

4. Understanding Bank’s Accounting Process: Accounting process produces financial & operational info.
for mgt’s use & also contributes to bank’s internal control. Thus, understanding of accounting process
is necessary to identify & assess RoMM & design & perform FAP.

5. Understanding the Risk Mgt Process [Already Covered]

CA Shubham Keswani 9
Inter Audit Addendum

6. Engg Team Discussions: To gain better understanding of banks & its environment, including IC, &
also assess RoMM.

7. Establish Overall Audit Strategy

8. Develop Audit Plan

9. Audit Planning Memorandum: Auditor should summarise audit plan by preparing an audit planning
memorandum in order to:
• Describe expected scope & extent of audit procedures to be performed by auditor.
• Highlight all significant issues & risks identified during planning & risk assessment activities, &
decisions concerning reliance on controls.
• Provide evidence that they have planned audit engg & responded to engg risk, pervasive risks,
specific risks, & other matters affecting audit engg.

10. Determine Audit Materiality: It’s a matter of professional judgment & depends upon knowledge of
bank, assessment of engg risk & reporting requirements for FS.

11. Consider Going Concern

12. Assess the Risk of Fraud including Money Laundering: As per SA 240 “Auditor’s Responsibilities
Relating to Fraud in an Audit of FS”, auditor’s objective is to identify & assess RoMM in FS due to
fraud, to obtain SAAE on those identified misstatements & respond appropriately.
• Attitude of professional skepticism should be maintained by auditor to recognise possibility of
misstatements due to fraud.
• RBI has framed guidelines dealing with prevention of money laundering & “Know Your Customer
(KYC)” norms.
• Requiring banks to establish policies, procedures & controls to deter & recognise & report money
laundering activities.

13. Assess Specific Risks: Auditors should identify & assess RoMM at FS level which refers to risks
that relate pervasively to FS as whole & potentially affect many assertions.

14. Risk Associated with Outsourcing of Activities: Modern day banks use outsourcing as means of both
reducing costs & making use of services of an expert not available internally. No. of risks associated
with outsourcing of activities by banks & therefore banks should effectively manage those risks.

15. Response to Assessed Risks: SA 330 requires auditor to design & implement overall responses to
address assessed RoMM at FS level. Auditor should design & perform FAP whose NTE depend on
assessed RoMM at assertion level.

CA Shubham Keswani 10
Inter Audit Addendum
16. Stress Testing: It’s a software testing activity that determines robustness of software by testing
beyond the limits of normal operation.
• Particularly important for "mission critical" software, but is used for all types of software.
• RBI requires commercial banks to have a Board approved ‘Stress Testing framework’ which would
integrate into their risk mgt systems.

17. BASEL III framework: Basel norms or accords are International Banking regulations issued by
BCBS. Basel Committee on Banking Supervision (BCBS) & Financial Stability Board (FSB) has undertaken
an extensive review of regulatory framework in the wake of sub-prime crisis.
In document titled ‘Basel III: A global regulatory framework for more resilient banks & banking
systems’, released by the BCBS in December 2010, it has inter alia proposed certain minimum set of
criteria for inclusion of instruments in new definition of regulatory capital. Set of agreement by BCBS,
which mainly focuses on risks to banks & financial system are called Basel accord.

Ch-17
Audit of Sole Proprietor (SP)
• No legal obligation to accounts audited.
• Auditors shall be appointed by sole proprietor himself.
• In case of change of auditor à duty of incoming auditor to communicate with previous auditor.

CA Shubham Keswani 11