audit+practice+manual volume 2

8/7/2019 Audit+Practice+Manual Volume 2

1/491

Join us on uptodatearticles group to get more files of such type

http://finance.groups.yahoo.com/group/uptodatearticles/

Audit Practice Manual(Revised)

Volume 2
http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/


2/491

http://uptodatearticles.com/



CONTENTS

PRE ENGAGEMENT PHASE 1

1. Prospective Client Acceptance Memorandum 1

2. Existing Client Continuation/ Retention Memorandum 6

Part A Client relating matters 6

Part B Professional risk related matters 6

Conclusion 7

PLANNING PHASE 8

3. Suggested Engagement Letter 8

4. Audit Strategy and Planning Document 11

I Client Overview 12

(a) Client History and Background 12

(b) Client Business Objectives and Related Business Strategies 12

(c) Client Business Components 13

II External Business Forces 15

III Strategic Management Process 20

IV Business Control Environment 21

V Computer Information Systems (CIS) 24

VI Financial Reporting Environment 25

VII Critical Audit Areas / Significant Financial Statement Components 27

VIII Involvement of specialists and other parties 31

IX Audit programme overview 34

X Logistical plan 40

XI Management Span 42

XII Audit Materiality 43
http://uptodatearticles.com/http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/http://uptodatearticles.com/


3/491




5. Control Overview and Risk Assessment Document 45

I Introduction 45

II Risk 45

(a) Control environment 46

(b) Entitys risk assessment process 50

(c) Information system, and business processes for financial reporting, andcommunication 51

(d) Control activities 52

(e) Monitoring of controls 55

6. Fraud Risk Assessment Document 57

I Introduction 57

(a) Fraud 57

(b) Responsibilities 58

II Discussions with Management 58

(a) Results of enquiries of management 59

(b) Discussions with those charged with governance 60

III Fraud Risk Factors and Response 61

(a) Audit Team Discussions 61

(i) Fraudulent financial reporting 62

(b) Overall consideration 66

(c) Consideration at the account balance, class of transaction and assertion level 67

(d) Specific responses- Fraudulent financial reporting 67

(e) Specific responses- Misappropriation of assets 68

IV Procedures when Circumstances Indicate a Possible Misstatement 69

(a) Circumstances that may indicate the possibility of fraud or error 69

(b) Audit procedures 71

V Evaluation and Disposition of Misstatements 71


4/491




7. Computer Information Systems Questionnaire 72

I. Level of Dependence the Entity has on Computer Information Systems(include a list of the entitys computer information systems) 72

II. Application Controls (ERP, Supply Chain, CRM, Logistics) 73

III. Computer information systems skills and resources 74

VI. Information Security 75

V. Reliability of Computer Information Systems 77

VI. Degree and Rate of Change in Computer Information Systems 80

VII. Dependence on External Computer Processing 81

VIII. Direction and Operation of Computer Information Systems 82

8. General Purpose CIS Checklist 84

I Purpose 84

II Preparation and Staffing 84

III Questions 84

IV Conclusion 85

(a) Organisation and Management Policies 85

(b) Segregation of Duties 88

(c) Logical Access Controls 90

(d) Physical Access Controls 92(e) Systems Development and Program Change Controls 93

(f) Business Continuity and Computer Operations 96

(g) User Management e.g. Finance Director / Financial Controller / ChiefAccountant 99

V CIS Control Reliance 100

9. Analytical Review Ratio Analysis 104


5/491




10. Review of Financial Performance of the Client 108

Suggested Format of Financial Performance Review 109

(a) Summary Financial Data Period Ending (Indicate) 109

(b) Profitability of Operations 109

(c) Financial Leverage 109

(d) Asset Turnover 110

(e) Liquidity 110

11. Internal Audit Function Evaluation 111

Section IPreliminary assessment of the internal audit function 113

Section IIEvaluate and test the work of internal auditing 114

(a) Evaluate 114

(b) Test 115

Section IIIObtaining direct assistance 116

Conclusion 117

12. Using the Work of Another Auditor 118

Section I 119

Professional competence of the other auditor 119

Professional competence of the other auditor 120

Section II - Main areas of judgment 121

(a) Critical audit objectives and significant audit areas 121(b) Significant features of the years results 122

(c) Evaluation of internal control 123

(d) Errors and exceptions 125

(e) Matters of judgment brought to the partners attention 125

(f) Matters giving arise to a qualification in the audit report 126

(g) Other items attesting the accounts / disclosures 126

13. Minimum Hourly Charge Out Rates For Audit Work By PracticingMembers 128

ATR 14 (Revised) 128

14. Staff Planning and Time Allocation 131

15. Time Sheet 134


6/491




16. Client Profile 135

17. List of Authorised Signatories 136

18. Notes of Meeting With Client 137

Agenda for Meeting 138

19. Notes of Review of Correspondence File 144

20. Points Forward to Next Year 145

Assess Client Satisfaction and Team Debriefing 146

EXECUTION PHASE 147

21. General Instructions for Documentation of Audit Execution File 147

22. Sampling 148

I Definition of sampling 148

II Importance of sampling 148

III Risks 149

(a) Appropriateness of sample to the objective 149

(b) Completeness of sample population 149

IV Planning The Sample 149

(a) The Audit Objectives 149

(b) The Population 149

(c) The Sampling Unit 150

(d) Defining Tolerable Error 150

(e) Setting the sample size for substantive tests of transactions and balances 150

V Sampling methodology 151

VI Sampling techniques 151

(a) Statistical sampling 152

(b) Judgemental sampling 153

VII Using Sampling in Auditing 153

(a) Some Precautions before Undertaking Statistical Sampling 153

(b) Worksheet for Evaluation of Statistical Sample for Attributes 156


7/491




23. Sample Audit Programs 157

I Balance Sheet Assets 159

(a) Fixed assets (tangible, intangible & CWIP) 160

(b) Investment properties 169

(c) Investments (subsidiaries, associates, and others) 177

(d) Long term loans and advances 185

(e) Long term deposits and prepayments 191

(f) Stores, spares and stock-in-trade 196

(g) Advances, Deposits, Prepayments & Other receivables 203

(h) Trade debts 209

(i) Cash and bank balances 213

II Balance Sheet Liabilities 218

(a) Accrued Expenses 219(b) Contingencies & Commitments 231

(c) Deferred Liabilities 235

(d) Direct Taxation 240

(e) Dividend Payable 244

(f) Equity 246

(g) Liabilities Against Assets 256

(h) Long Term Debt 261

(i) Long Term Deposit 271

(j) Payables 273

(k) Short Term Borrowings 287

(l) Surplus on Revaluation 297

III Profit & Loss 302

(a) Sales 303

(b) Cost of Sales 306

(c) Admin Expense 309

(d) Financial Charges 312

(e) Other Income 315


8/491




IV Others 318

(a) WWF / WPPF 319

(b) Laws and Regulations 321

24. Leads 326

25. Leads Schedule 327

26. Format of Confirmation 328

I Bank Confirmation 328

II Debtors / Creditor Confirmation 332

III Lease Confirmation 333

IV Legal Confirmation 334

V Loan Confirmation 336

VI Tax Confirmation 338

27. Inventory Count Attendance Programe 339

I Guidelines for observation of physical inventories 339

II Production Costs and Inventories 342

(a) Observation of Physical Inventory Count Checklist 342

(b) Conclusions 345

28. Going Concern Assessment 347

29.

Related Party Transactions Checklist 35530. Companies Ordinance Compliance Checklist 360

I. Secretarial Formalities 360

II. Disclosure and Other Requirements Under The Companies Ordinance, 1984 364

31. Income Tax Provision Checklist 367

32. Labour Laws Compliance Checklist 393

I Gratuity 394

II Workers Profit Participation Fund 39733. Tax Position 403

34. Adjusting Entries 404


9/491




REPORTING PHASE 405

35. Financial Statements 405

36. Working of Cash Flow Statement 406

37. Final Analytical Review Procedures 407

38. Reclassification Entries 409

39. Manager Review Notes & Queries 410

40. Partner Review Notes & Queries 411

41. Audit Issues Control Document 412

42. Points for Next Year 415

43. Assess Client Satisfaction and Team Debriefing 416

44.

Summary Review Memorandum 41745. Audit Completion and Reporting 420

46. Audit Completion Checklist Part I 423

I Engagement Partner Sign-off 424

II Computer Information System (CIS) Specialist Sign-off 427

III Considerations and Procedures 428

47. Audit Completion Checklist Part II 440

48. Subsequent Events Review Checklist 443

49. Format of Representation Letter 448

50. Exceptions and Control Weaknesses 455

51. Suggested Letter to the Board of Directors (BOD) 460

52. Auditors Report To The Members - Form 35A 461

53. Auditors Report To The Members or Directors in Case of Branches ofForeign Banks - Form 35B 463

54. Auditors Report To The Members of a Non-Life Insurance Company 466

55.

Auditors Report To The Members of a Life Insurance Company 46856. Auditors Report To The Certificate Holders - Form No. XI 470


10/491




57. Auditors Report To The 1Trustees / Board of Governors / ManagementCommittee 472

58. Auditors Report To The 1Trustees / Board of Governors / ManagementCommittee 473

59.

Auditors Report on Consolidated Financial Statements - Form 35C 474


11/491




PRE ENGAGEMENT PHASE

Prospective Client Acceptance Memorandum WP Ref.:

Prepared by:Date:

Client:

Period

Purpose

The purpose of the prospective client acceptance memorandum is to assess whether the client is

one with which the auditor wishes to associate and to document a consideration of the issues

influencing the decision to accept or reject an invitation to act as auditor. The prospective clientevaluation process seeks to determine this through an examination of the professional risk that

may result from providing services to a client. The evaluation also seeks to identify higher-riskclients.

This memorandum should be filled and signed before accepting all new audit engagement.

i. Prospective client identity and source (consider following questions)

What has been auditors experience with the client or member of the same group?

Has the work been referred by a long-standing professional contract?

Is the prospective client a foreign-office referral?
http://uptodatearticles.com/http://uptodatearticles.com/http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/http://finance.groups.yahoo.com/group/uptodatearticles/http://uptodatearticles.com/


12/491




ii. Background information on the business (consider following questions)

What is known about the prospective business client?

What is known about the parties associated with the business?

What is the reason of auditor selection?

What is the business reputation of the prospective client, its owners, and its

management?

How capable is management?

What is known about the integrity of the principal owners and management ?

What is the financial status of the prospective client (particularly liquidity and

viability)?

What is known about the industry in which the prospective client operates and the

risks it presents?

What is the prospective clients relationship with other professional audit

firms/auditors?

Has the auditor contacted the predecessor auditor for information including any

reason for the change?

iii. Results of inquiries with third parties

Enter details of discussions with third parties.


13/491




iv. Auditors association with the prospective client (consider following questions)

Are there any relationship that may impair auditors objectivity or ability to meet

any relevant independence requirements?

Are there any potential conflict of interest affecting auditors ability to accept the

engagement?

Does the auditor has sufficient information about the clients expectations form

the engagement?

Are the relevant skills to carry out the work available with the auditor?

Have any relevant statutory or other regulatory provision been identified,

including any implications on the auditors ability to act for the client?

Consider that no conflict of interest arise in respect of services being provided as

a result of accepting audit of a listed company in view of listing regulations.

1. Conflicts of interest

Enter details of issues that might lead to potential conflict of interest.

2. Expertise

Enter details of the skills and experience the auditor has that makes it a suitable

for this client.


14/491




3. Fee recovery

Enter details of estimated fees, and confirm that an acceptable level of recovery is

expected.

4. Other services

Comment on the potential for providing other services to the client and suggest

actions for taking advantage of these.

v. Initial assessment of risk associated with the prospective client

Specify the areas of concern that the client presents and explain how the risk will be

managed.

vi. Result of enquiries with predecessor auditor

Document the results of enquiries with predecessor auditor and comment on the same.


15/491




vii. Other

Enter details of any other areas of concern or issues for consideration.

viii. Conclusion

On the basis of the above, we conclude that there is no reason to believe that the overalllevel of risk associated with__________________________-is sufficient to prevent the

client from being accepted and there are no other circumstances of which we are aware

associated with __________ _________________that suggest that the client should notbe accepted.

Signed

Engagement partner Date

Senior partner Date


16/491




Existing Client Continuation/ Retention Memorandum

Instructions

This section has to be completed by the engagement partner. However, the engagement partner

may delegate some of the evaluation procedures to other partner or professional staff. In case ofyes attach details.

Part A Client relating matters

1. Is there a significant change in the circumstances of the client or in the termsor conditions of the engagement? Yes/No

2. Is there a request by another partner for re-evaluation of the engagement? Yes/No

3. Is there any new legal, regulatory or professional requirements that alter thereporting responsibilities and the nature, timing or extent of the auditprocedures? Yes/No

4. Is there a significant change in the nature, size or structure of the client'sbusiness? Yes/No

5. Is there a significant change in management or other personnel? Yes/No

Part B Professional risk related matters

1. Is there any reason to question or be concerned about the reputation, character,or integrity of management and/or the owners of the prospective client? Yes/No

2. Would the member or representative firm's association with the client be likelyto affect the firm's image adversely either currently or in the future? Yes/No

3. Are there any features of the business generally or the way the particular clientoperates which present unacceptable professional risks or call for specialattention if the engagement is continued? Yes/No

4. Is there any known problem of independence by reason of activities orrelationships of partner or professional staff in relation to the client? Yes/No

5. Is there any potential for adverse publicity? Yes/No

6. Is the client involved in any significant current or possible litigation? Yes/No
http://uptodatearticles.com/http://uptodatearticles.com/http://uptodatearticles.com/


17/491




Conclusion

I believe the firm should / should not continue our client engagement and I have considered all the factors

mentioned.

Engagement Partner ________________________________________ _________(Signature) (Date)


18/491




PLANNING PHASE

Suggested Engagement Letter

Addressee (To the Board of Director or appropriate

Senior Management Person)

Date

Dear Sir

Sub: Audit for the year ending _____________

You have requested that we audit the financial statement of ________ comprising of balance

sheet as at ________, and the related profit and loss account, cash flow statement and statementof changes in equity for the year then ending together with the notes forming part thereof. We

are pleased to confirm our acceptance and our understanding of this engagement by means ofthis letter. Our audit will be made with the objective of our expressing an opinion on the

financial statements.

At the outset you agree that the responsibility for the preparation of financial statements

including adequate disclosure is that of the management of the company. This includes themaintenance of adequate accounting records and internal controls, the selection and applicationof accounting policies, and the safeguarding of the assets of the company. Our responsibility is

to express an opinion on these financial statements based on our audit.

We will conduct our audit in accordance with International Standards on Auditing as applicable

in Pakistan with the objective of expressing an opinion whether the financial statements conformwith approved accounting standards as applicable in Pakistan, and, give the information requiredby the Companies Ordinance, 1984, in the manner so required and respectively give a true and

fair view of the state of the Corporations affairs as at ------ and of the profit, its cash flows and

changes in equity for the year then ended. Those standards require that we plan and perform theaudit to obtain reasonable assurance about whether the financial statements are free of material

misstatements. An audit includes examining, on a test basis, evidence supporting the amountsand disclosures in the financial statements. An audit also includes assessing the accountingprinciples used and significant estimates made by management, as well as evaluating the overall

financial statement presentation.

Because of the test nature and other inherent limitations of an audit, together with the inherent

limitations of any accounting and internal control system, there is an unavoidable risk that evensome material misstatements may remain undiscovered.

In addition to our report on the financial statements, we expect to provide you with a separateletter concerning any material weaknesses in accounting and internal control systems, whichcome to our notice during the course of our normal audit work. We are not required by auditing

standards to make an examination of internal controls beyond that which we make in

determining the nature, extent and timing of our other audit procedures, and we have not beenengaged to report on the company's internal control structure. As part of our audit process, we

will request from management written confirmation concerning representations made to us inconnection with the audit.


19/491




As part of our audit, we are also required by the Companies Ordinance, 1984 to form our opinionon whether:

a) proper books of account have been kept by the company as required by the CompaniesOrdinance, 1984;

b) the balance sheet and profit and loss account together with the notes thereon have beendrawn up in conformity with the Companies Ordinance, 1984 and are in agreement with

the books of account and are further in accordance with accounting policies consistently

applied;

c) the expenditure incurred during the year was for the purpose of the companys business;

d) the business conducted, investments made and the expenditure incurred during the yearwere in accordance with the objects of the company; and

e) zakat deductible at source under the Zakat and Ushr Ordinance, 1980, was deducted by thecompany and deposited in the Central Zakat Fund established under section 7 of that

Ordinance.

In addition, International Standard on Auditing ISA 240, The Auditor's Responsibility to

consider Fraud and Error in an Audit of Financial Statements, requires that we obtain specificwritten representations from management that:

it acknowledges its responsibility for the implementation and operations of accounting andinternal control systems that are designed to prevent and detect fraud and error,

it believes the effects of those uncorrected financial statements misstatements aggregated by

us during the audit are immaterial, both individually and in the aggregate, to the financialstatements taken as a whole,

it has disclosed to us all significant facts relating to any frauds or suspected frauds known tomanagement that may have affected the entity, and

it has disclosed to us the results of its assessments of the risk that the financial statementsmay be materially misstated as a result of fraud.

These specific items will be included in our request for written confirmation concerning

representations made to us in connection with the audit. In addition to the above management

also is responsible for identifying and ensuring that the Company complies with laws andregulations applicable to its activities.

If you require us to complete our work under this engagement contract or, any part of it, by aspecific date or time, you will inform us in writing of your requirement. Whilst we will make

every effort to complete such work by the date specified, you acknowledge that meeting any

such requirement will rely on you providing reasonable notice of your requirement and thetimely provision of such information, as we may need to complete the work concerned.


20/491




We agree that we will treat as such all confidential proprietary information obtained from you

and will not disclosed such information to others, except to those persons engaged in providingservices to you, or use such information except in connection with the performance of theservices agreed to this letter. This undertaking shall not apply to any of the information that we

are required by law or by the requirements of any regulators or by specific professional standardsto disclose, that is in, or hereafter enters the public domain. We wish to inform you that ourworking papers files for the audit of the financial statements of your company would be subject

to review by the Institute of Chartered Accountants of Pakistans Quality Control ReviewCommittee without any further reference to you.

We look forward to full cooperation with your staff and we trust that they will make available tous whatever records; documentation and other information including minutes of all management,board of directors, committees and shareholders meetings are requested in connection with our

audit. We shall request sight of all documents or statements, including the Chairmans statement

and directors report (if any) required to be issued with the financial statements.

Our fees, which will be billed as work progresses, are based on the time required by theindividuals assigned to the engagement plus out-of-pocket expenses. Individual hourly rates varyaccording to the degree of responsibility involved and the experience and skill required.

This letter will be effective for future years unless it is terminated, amended or superseded.Unless we hear from you to the contrary, we will assume your concurrence with the contents of

this letter.

Please sign and return the attached copy to indicate that it is in accordance with your

understanding of the audit arrangements.

Yours truly

Firms Name


21/491




Audit Strategy and Planning Document WP Ref.:Prepared by:

Date:

Client:Period:

Purpose

The purpose of this working paper is to obtain an understanding of the entitys business. It

documents:

the entitys objectives, strategies and the components of its business (i.e., markets,

products/services, customers, alliances)

the entitys relevant external business drivers (i.e., general business environment, specificindustry characteristics and managements response to the expectations of significantconstituencies).

how the entity formulates and implements its objectives and strategies (strategicmanagement process)

the business control environment management has created to support its objectives andstrategies

how computer information systems facilitate business processes and are utilised by theentity

the financial reporting environment

Critical Audit Areas / Significant Financial Statement Components

Involvement of specialists and other parties

Logistical plan

This understanding will assist in understanding business risks that threaten the entitysobjectives. Such as understanding should be reviewed with the entitys management.


22/491




I Client Overview

(a) Client History and Background

Provide a description of relevant client background

(b) Client Business Objectives and Related Business Strategies

Management responds to external business drivers by developing objectives and

strategies to achieve those objectives. Provide a summary of the objectives,strategies and method of implementing the strategies.

Business Objectives Related Business Strategies

1.

2.

3.


23/491




(c) Client Business Components

Feasible objectives and strategies need to reflect a clients existing circumstances

and take into account its markets, products and services, relationship with customers

and alliances (including relationship with suppliers). Provide a description of thesecomponents

(i) Major Markets

(ii) Major Products and Services


24/491




(iii) Major Customers

(iv) Major Competitors

(v) Alliances (including suppliers) and other relationships


25/491




(vi) SWOT Analysis (entity's and competitors')

Entity Competitors

Strengths

Weaknesses

Opportunities

Threats

II External Business Forces

External business drivers are forces created by a clients:

general business environment (PEST) and specific industry characteristics (PortersFive Forces);

significant stakeholders.


26/491




General business environment and specific industry characteristics (PEST and Porters

Five Forces)

Provide a discussion of current forces facing the client that may have an impact on the

client achieving its objectives and the relevance of those aspects of the environment to the

client, given its chosen strategies. Consider the following forces in analysing the generalbusiness environment and specific industry characteristics

PEST - political, economic, social, and technology forces;

Porters Five Forces - threat of new entrants, bargaining power of suppliers,

bargaining power of buyers, substitute products or services, rivalry amongstexisting competitors.

General Business Environment (PEST Analysis)

1. Political

Forces Relevance to the Client

2. Economic



27/491




3. Social


4. Technological


Specific Industry Characteristics (Porter's Five Forces)

1. Threat of New Entrants



28/491




2. Bargaining Powers of Suppliers


3. Bargaining Powers of Buyers


4. Substitute Services/ Products



29/491




5. Rivalry Among Existing Competitors


Significant Constituencies

Management may have incentives to manipulate the results of the business and theimpression given by the financial statements considering significant stakeholders.Provide a discussion of individual stakeholders that management perceives as

significant and discuss how management responds to expectations of significantstakeholders.

Constituency/Stakeholders

Management Response to the Expectations


30/491




III Strategic Management Process

When analysing the clients strategic management process understand how management:

sets the overall direction for the client;

monitors the external environment and assesses the strategic implications of potential

opportunities and threats;

monitors the extent to which strategies have been implemented;

understands the strategies and capabilities of the major competitors;

analyses the clients strengths and weaknesses;

allocates resources, including capital, people and facilities to its business processes;

aligns process objectives with strategic objectives.


31/491




IV Business Control Environment

When analysing the business control environment understand the clients:

business structure;

culture and ethics;

remuneration management;

personnel profiles;

communication of information;

risk assessment process;

control environment

monitoring and control activities

Business structure


32/491




Culture and ethics

Remuneration management

Personnel profiles


33/491




Communication of information

Risk Assessment Process

Control Environment

Monitoring and Control Activities


34/491




V Computer Information Systems (CIS)

Business processes are often facilitated by computer information systems. Obtain an

understanding of the:

level of dependence the client has on computer information systems (include a list

of the clients computer information systems);

computer information systems personnel structure and skills;

security of computer information systems;

reliability of computer information systems;

degree and rate of change in computer information systems;

dependence on external computer processing;

direction and operation of computer information systems.


35/491




VI Financial Reporting Environment

Financial reporting environment involves understanding what management does to bring

together financial information to prepare the financial statements. Obtain anunderstanding of the:

accounting policies applied by the entity and applied within the industry;

potential impact of managements reporting strategy upon specific aspects of the

financial statements.

Financial Reporting Issues

Consider the following for identification of financial reporting issues to beaddressed while carrying out research or consulting with coleagues, experts:

client's accounting practices and policies;

new accounting pronoucements;


36/491




the going concern assumption;

legal and regulatory changes

Financial reporting issue Reason for identification


37/491




VII Critical Audit Areas / Significant Financial Statement Components

Critical audit areas are generally those where judgment is involved and significantestimation is used. The approach to those areas and resulting impact on thefinancial statements relating to the audit is documented. It also includesconsideration of previous years brought forward issues. Following are some of thecritical areas for only guidance purposes. Other critical areas may be included inthis section as per the auditor's assessment.

Critical Audit

Areas/ Objective

Reason for

identification

Management

Response

Proposed Audit

Approach

V of Receivables

VP of Investments

CEA of Taxation

VP of Definedbenefit plans

VP of Litigation &

Claims

V of Inventories

CVP of Related partytransactions

V Impairment ofassets


38/491




Examples of other major critical areas may include:

Review of other significant estimates made

New borrowings with extra-ordinary terms and conditions


39/491




Discontinuation of major suppliers

Acquisition of a significant asset


40/491




Discontinuation of a major customer

Loss of a significant market share


41/491




VIII Involvement of specialists and other parties

Description iclude a summary of the issue, why it is considered significant and its

potential financial statement effects. Depending on the phase of the audit workflow inwhich the issue is identified, the financial statement assertion to which the issue relatesmay or may not have been combined into an audit objective yet. As a result, the issue

may be included as a significant issue on the basis that the potential financial statement

effect may be a significant non-routine transaction, requires a great deal of judgement oris complex, and not necessarily that it has been confirmed as a critical audit objective.

Involvement of: Computer Information System (CIS) Specialist

Description of basis, nature, extent and conclusions related to the involvement of

CIS Specialist:

[Description]

Findings


42/491




Involvement of: Taxation

Description of basis, nature, extent and conclusions related to the involvement of

taxation:

[Description]

Findings


43/491




Involvement of: Other specialist or other party involved in the audit e.g.Actuary,

Valuers, Internal audit, Co-auditor

Description of significant issue and decision related to the involvement of others:

[Description]

Findings


44/491




IX Audit programme overview

Financial

Statement

Caption

Principal

Audit

Objectives

Risk Assessment Principal substantive

procedures

IR CR ROSM

Fixed assets VOP Inspect assets & trace to

records

Vouch additions & deletions

with supporting documents.

Examine documents of title.

Recompute gain/loss on

disposals.

Check/recalculatedepreciation charge.

Check impairment.

Capital work inprogress

EAV Review board minutesregarding significant

additions.

Verify cost incurred withsupporting documents.

Borrowing cost capitalized

are directly attributable to

construction, acquisition orproduction.


45/491




Financial

Statement

Caption

Principal

Audit

Objectives


procedures

IR CR ROSM

Long term loans CEAP Review agreements

Circularise direct

confirmations.

Recompute interest and

exchange loss.

Check subsequent repayment

Check disclosure.

Investments EVP Inspect securities in hand and

evidence for title of securitiesheld.

Review investments forincome reconciliation.

Vouch sale and recomputegain/loss.

Review classification and

description.

Vouch purchases made duringthe year.

Cash & Bank

Balances

CEA Perform physical cash count.

Circularize directconfirmations.

Obtain reconciliation

statements.

Review age analysis of longoutstanding cheques.


46/491




Financial

Statement

Caption

Principal

Audit

Objectives


procedures

IR CR ROSM

Long termdeposits

EP Vouch deposits made duringthe year.

Review classification anddescription.

Store & Spares CEV Perform physicalcount/inspection.

Investigate reasons for anydifference between thephysical and records.

Check valuation as percompanys policy.

Identify slow moving items.

Trade Debtors CAV Circularise direct

confirmations.

Check subsequent clearance.

Perform age analysis.

Commitment andContingencies

CEA Obtain list of commitmentand contingencies

Circularise directconfirmations to legaladvisors.

Review legal fees.

Review minutes of Board ofDirectors meeting.


47/491




Financial

Statement

Caption

Principal

Audit

Objectives


procedures

IR CR ROSM

Creditors CEA Circularise directconfirmations.

Check subsequent clearance.

Perform age analysis.

Loans CEAP Review agreements

Circularise directconfirmations.

Check interest and exchange

effects.

Check subsequent repayment

Check disclosure.

DeferredLiabilities-

Gratuity/ Pension

CEAP

Obtain actuarial report andassess reasonableness of

assumptions

Vouch payments during the

period to ensure completeness

Ensure disclosure requirement

of IAS 19


48/491




Financial

Statement

Caption

Principal

Audit

Objectives


procedures

IR CR ROSM

Taxation-Current& deferred

CEAP Review updated tax position

Check working of provision

for taxation

Vouch payments.

Check working of deferred

taxation

Ensure disclosure with IAS12

Sales CEA Perform analytical review

Vouch sales on sample basis

Cost of sales CEA Perform analytical review

Vouch purchases on sample

basis

Ensure classification in

appropriate heads

Vouch consumptions made

during the period

Ensure calculation of

overhead on reasonable basis

Ensure appropriate treatment

of difference of actual costwith standard cost


49/491




Financial

Statement

Caption

Principal

Audit

Objectives


procedures

IR CR ROSM

Admin & GeneralExpenses

CEA Perform analytical review

Ensure classification in

appropriate heads

Vouch expenses incurred

during the period

Perform reasonableness teston salary expense


50/491




X Logistical plan

Engagement team

Engagement Partner

Engagement Manager

Job-in-Charge

Team members

Key management personnel

Chief Executive

Finance Director/CFO

Manager Finance

Factory Manager

Sales Manager

Staff and allocation ofwork

Staff Allocated area


51/491




Key dates and deadlines

Activity Date

Kick off meeting

Initial meeting with client

Confirmation circularisation

Manager review

Partner review

Covering letter/Management Letter

Board meeting and Audit report

Reportings/ deliverables:

Location of client:Telephone:

Fax:

Email:Web site:


52/491




XI Management Span

Board of Directors

(BOD)

President and

Chief Executive

Compliance

and InternalAudit

In-house

LegalAdvisor

GM Credit

CardO erations

GM

CentralisedO erations

Financial

Controller

IT

Executive

HR

Execut-ive

Manager

Disburse-ments

Manager

UnderwritingCentralised

Operations

Manager

CollectionsCentralised

Operations

Manager

UnderwritingCredit Cards

Operations

Manager

CollectionsCredit Crads

Operations

Manager

Payments

Finance

Manager

Planning

Manager

Manager

Operations

Manager

Administra-tion


53/491




XII Audit Materiality

There are two aspects to materiality - Planning materiality, and Reporting materiality.

Planning materiality is concerned with whether a misstatement, or an aggregation ofmisstatements, in an underlying financial statement item, account balance or class of

transaction, is likely to result in a material misstatement in the financial statements as a whole.

Auditors use planning materiality to determine which financial statement items, accountbalances and transactions to test and which to not test. Financial statement items, account

balances and transactions, which equal or exceed their materiality level are selected for testing.

Level of Aggregation Materiality Level Evaluation

Financial statement level A misstatement of a financial

statement item is material

when the misstatement,aggregated with

misstatements of otherfinancial statement items, islikely to equal or exceed the

level of reporting materiality.

Materiality at the financial

statement level may be

evaluated by reference to (i)reporting materiality and (ii)

the expected nature, numberand value of financialstatement items included in

the financial statements.

Account balance level A misstatement of an account

balance underlying a financial

statement item is materialwhen the misstatement,

aggregated with

misstatements in otheraccount balances underlying

the financial statement item,is likely to result in a materialmisstatement of the financial

statement item.

Materiality at the account

balance level is evaluated by

reference to (i) materiality atthe financial statement level

and (ii) the expected nature,

number and value of accountbalances underlying the

financial statement item.

Class of transaction level A misstatement of atransaction underlying an

account balance is material

when the misstatement,aggregated with

misstatements in othertransactions underlying theaccount balance, is likely to

result in the materialmisstatement of the accountbalance.

Materiality at the class oftransaction level is evaluated

by reference to (i) materiality

at the account balance leveland (ii) the expected nature,

volume and value oftransactions underlying theaccount balance.

Whereas planning materiality is primarily concerned with the judgments of the auditor,

reporting materiality is primarily concerned with the auditor's evaluation of the judgments ofusers of financial statements.

Reporting materiality refers to the extent of a misstatement.


54/491




Reporting materiality is concerned with whether a misstatement of a financial statement item, oran aggregation of such misstatements, is likely to affect the judgments of users of financial

statements. It requires an evaluation by the auditor in both the client acceptance/ retention stageand the opinion formulation stage.

In the client acceptance stage the auditor evaluates whether, if the client is accepted or retained,

the audit risk (the risk of a materialmisstatement in the audited financial statements) can bereduced to an acceptable level. In this, the initial audit stage, "a material misstatement" refers tothe level of reporting materiality. Similarly in the final opinion formulation stage, the auditor

evaluates the likelihood of the audited financial statements containing a material misstatement.Again, this evaluation is based on the level of reporting materiality.

Auditors to assess reporting materiality use the following materiality guidelines:

Pre-tax income 5-10% Net (or after-tax) income 5-10%Gross revenue 0.5-1%Equity 5-10%

Total assets 0.5-1%

(This chart is only for guidance purposes)

Where an entity's results are expected to be "normal", then reporting materiality is based onafter tax income amounts. However, where the entity incurs losses, has potential going concernproblems or the results are in other ways unusual, materiality may be based on one or more of

the other factors referred to above. For example, if the entity is incurring losses, both before andafter tax, the auditor may use total assets or total revenue, whichever is the greater. The finalassessment of reporting materiality is subjective and depends on the auditor's perception of, forexample, what information is relevant, who the users of the financial statements are, whatdecisions the users may make and what would influence those decisions.

Note that financial statements may be materially misstated as a result of either a quantitativemisstatement (in relation to its monetary value) or a qualitative misstatement (in relation to itsaccuracy of presentation, disclosure, description).


55/491

Planning Phase

Control Overview and Risk Assessment



Control Overview and Risk AssessmentDocument

WP Ref.:Prepared by:

Date:

Client:

Period:

I Introduction

The purpose of this document is to:

obtain an understanding of client and its environment

document the assessment of risk of material misstatement

Documentation may be included in this working paper, or other working papers (with

cross-reference to the Control Overview and Risk Assessment Document).

Summary of our understanding of internal control

Does the control environmentappear to be satisfactory? YES NO

Does the entity's risk assessment process appear to be satisfactory? YES NO

Does the information system, and business processes for financialreporting, and communication appear to be satisfactory?

YES NO

Does control activities appear to be satisfactory YES NO

Does monitoring of controls appear to be satisfactory YES NO

II Risk

Audit risk means the risk that the auditor gives an inappropriate audit opinion when thefinancial statements are materially misstated.

Control risk is the risk that a misstatement, that could occur in an account balance or class

of transactions and that could be material individually or when aggregated withmisstatements in other balances or classes, will not be prevented or detected and correctedon a timely basis by the accounting and internal control systems.


56/491

Planning Phase




Internal control system means all the policies and procedures adopted by the managementof an entity to assist in achieving management's objective of ensuring, as far as practicable,

the orderly and efficient conduct of its business, including adherence to management

policies, the safeguarding of assets, the prevention and detection of fraud and error, theaccuracy and completeness of the accounting records, and the timely preparation of

reliable financial information.

Control procedures means those policies and procedures in addition to the controlenvironment which management has established to achieve the entity's specific objectives.

(a) Control environment

The control environment includes the attitudes, awareness, and actions ofmanagement and those charged with governance concerning the entitys internal

control and its importance in the entity. The control environment also includes the

governance and management functions and sets the tone of an organization,influencing the control consciousness of its people. It is the foundation for effectiveinternal control, providing discipline and structure.

Communication and enforcement of integrity and ethical values

Consider

What are entitys ethical and behavioral standards

How they are communicated

How they are reinforced in practice.


57/491

Planning Phase




Commitment to competence

Consider

Managements consideration of the competence levels for particular jobs

How those levels translate into requisite skills and knowledge

Participation by those charged with governance

Consider

Independence from management

Their experience and stature

The extent of their involvement and scrutiny of activities

The appropriateness of their actions

The information they receive

The degree to which difficult questions are raised and pursued with

management

Their interaction with internal and external auditors


58/491

Planning Phase




Managements philosophy and operating style

Consider

Managements approach to taking and monitoring business risks

Managements attitudes and actions toward financial reporting (conservative

or aggressive selection from available alternative accounting principles, and

conscientiousness and conservatism with which accounting estimates aredeveloped)

Managements attitudes toward information processing and accounting

functions and personnel

Organizational structure

Consider

Key areas of authority and responsibility

Appropriate lines of reporting


59/491

Planning Phase




Assignment of authority and responsibility

Consider

How authority and responsibility for operating activities are assigned

How reporting relationships and authorization hierarchies are established.

Human resource policies and practices

Consider

Standards for recruiting the most qualified individuals

Training policies that communicate prospective roles and responsibilities

Promotions driven by periodic performance appraisals


60/491

Planning Phase




(b) Entitys risk assessment process

An entitys risk assessment process is its process for identifying and responding tobusiness risks and the results thereof. For financial reporting purposes, the entitys

risk assessment process includes how management

identifies risks relevant to the preparation of financial statements

estimates their significance,

assesses the likelihood of their occurrence, and

decides upon actions to manage them.

Once risks are identified, management considers their significance, the likelihood of

their occurrence, and how they should be managed. Management may initiate plans,programs, or actions to address specific risks or it may decide to accept a risk

because of cost or other considerations.

When documenting the entitys risk assessment process risks can arise or changedue to circumstances such as the following

Changes in operating environment

New personnel

New or revamped information systems

Rapid growth

New technology

New business models, products, or activities

Corporate restructurings

Expanded foreign operations

New accounting pronouncements


61/491

Planning Phase




(c) Information system, and business processes for financial reporting, andcommunication

An information system consists of infrastructure (physical and hardware

components), software, people, procedures, and data. Infrastructure and software

will be absent, or have less significance, in systems that are exclusively or primarilymanual.

An information system encompasses methods and records that:

Identify and record all valid transactions.

Describe on a timely basis the transactions in sufficient detail to permit properclassification of transactions for financial reporting.

Measure the value of transactions in a manner that permits recording theirproper monetary value in the financial statements.

Determine the time period in which transactions occurred to permit recording

of transactions in the proper accounting period.

Present properly the transactions and related disclosures in the financial

statements.


62/491

Planning Phase




(d) Control activities

Control activities are the policies and procedures that help ensure that managementdirectives are carried out. Control activities, whether within IT or manual systems,

have various objectives and are applied at various organizational and functionallevels.

Certain control activities may depend on the existence of appropriate higher-level

policies established by management or those charged with governance. For example,authorization controls may be delegated under established guidelines, such asinvestment criteria set by those charged with governance; alternatively, non-routine

transactions such as major acquisitions or divestments may require specific high

level approval, including in some cases that of shareholders

Performance reviews

Consider how management:

Reviews and analyses of actual performance versus budgets, forecasts, andprior period performance

Relating different sets of data operating or financial to one another,

Analyses of the relationships and investigative and corrective actions

Comparing internal data with external sources of information

Review of functional or activity performance


63/491

Planning Phase




Information processing

Controls are performed to check accuracy, completeness, and authorization of

transactions.

Application controls apply to the processing of individual applications. These

controls help ensure that transactions occurred, are authorized, and are

completely and accurately recorded and processed. Examples of applicationcontrols include checking the arithmetical accuracy of records, maintainingand reviewing accounts and trial balances, automated controls such as edit

checks of input data and numerical sequence checks, and manual follow-up of

exception reports.

General IT-controls are polices and procedures that relate to many

applications and support the effective functioning of application controls byhelping to ensure the continued proper operation of information systems.General IT-controls commonly include controls over data center and network

operations; system software acquisition, change and maintenance; accesssecurity; and application system acquisition, development, and maintenance.


64/491

Planning Phase




Physical controls

These activities encompass the physical security of assets, including adequate

safeguards such as secured facilities over access to assets and records; authorization

for access to computer programs and data files; and periodic counting andcomparison with amounts shown on control records (for example comparing the

results of cash, security and inventory counts with accounting records).

Segregation of duties

Ensure that following three activities are separately assigned:

authorizing transactions

recording transactions, and

maintaining custody of assets


65/491

Planning Phase




This would reduce the opportunities to allow any person to be in a position to bothperpetrate and conceal errors or fraud in the normal course of the persons duties.

(e) Monitoring of controls

It is management responsibility is to establish and maintain internal control on an

ongoing basis. Managements monitoring of controls includes considering whetherthey are operating as intended and that they are modified as appropriate for changesin conditions.

Examples are:

managements review of whether bank reconciliations are being prepared on a

timely basis

internal auditors evaluation of sales personnels compliance with the entityspolicies

legal departments oversight of compliance with the entitys ethical orbusiness practice policies.

Consider:

assessment and reassessment of design and operation of controls on a timely

basis

necessary corrective actions


66/491

Planning Phase




ongoing monitoring activities (activities are built into the normal recurringactivities)

separate evaluations


67/491

Planning Phase

Fraud Risk Assessment Document



Fraud Risk Assessment Document WP Ref.:Prepared by:

Date:

Client:

Period:

I Introduction

The purpose of this document is to:

obtain an understanding of managements assessment of the risk that the financial

statements may be materially misstated as a result of fraud, and the accounting andinternal control systems in place to address such risk and prevent and detect error

document the results of team discussions and enquiries with managementconcerning fraud and error

document the fraud risk factors identified that indicate the possibility of either

fraudulent financial reporting or misappropriation of assets, and our response

document circumstances that we have encountered that may indicate that there is amaterial misstatement in the financial statements resulting from fraud or error and

the audit procedures performed to determine whether the financial statements arematerially misstated.

Documentation may be included in this working paper, or other working papers (with

cross-reference to the Fraud Risk Document).

Preparation of this document is started when fraud risk factors are initially identifiedduring the planning phase of the audit and updated during the substantive procedures,

evaluation and reporting stage if additional fraud risk factors are identified thatcause us tobelieve that additional audit procedures are necessary.

(a) Fraud

Fraud refers to an intentional act by one or more individuals among management

(management fraud), those charged with governance, employees (employee fraud), or thirdparties involving the use of deception to obtain an unjust or illegal advantage. Two types

of intentional misstatements are relevant to the auditor's consideration of fraud (a)fraudulent financial reporting involves intentional misstatement or omission of amountsand disclosures in financial statement to deceive financial statement users (b)

misappropriation of assets involves the theft of an entity's assets.

Fraud involves (a) motivation to commit fraud; and (b) a perceived opportunity to commitfraud.


68/491

Planning Phase




(b) Responsibilities

The primary responsibility for the prevention and detection of fraud rests with thosecharged with governance and the management of an entity by setting the proper tone,

creating and maintaining a culture of honesty and high ethics, and establishing appropriatecontrols to prevent and detect fraud within the entity. However, systems of accounting and

internal control system may reduce but cannot eliminate the risk of misstatements caused

by fraud hence management assumes responsibility for any remaining risk.

An audit conducted in accordance with ISAs is designed to provide reasonable assurance(not absolute assurance) that the financial statements taken as whole are free from material

misstatement hence an auditor is not and cannot be held responsible for the prevention (notdetection) of fraud. An auditor plans and performs an audit with an attitude of professional

skepticism, which is necessary for the auditor to identify and evaluate matters that

increases the risk of fraud, circumstances that make the auditor suspect that the financialstatements are materially misstated and evidence obtained that brings into question thereliability of management representation. Discovery of a fraud subsequent to an audit does

not, in and itself, indicate (a) a failure to obtain reasonable assurance, (b) inadequate

planning, performance or judgment (c) absence of professional competence and due care,or (d) failure to comply with ISAs. Whether an auditor has performed an audit in

accordance with ISAs is determined by the (a) adequacy of the audit procedures performedin the circumstances and (b) the suitability of the auditor's report based on the results of

those procedures.

II Discussions with Management

During the planning phase of an audit, auditor makes enquiries of management concerning

fraud and error. We may also seek the views of those charged with governance.

Matters that may be discussed as part of these enquiries include:

whether there are subsidiary locations, business segments, types of transactions,

account balances or financial statement categories where the possibility of error may

be high, or where fraud risk factors may exist, and how they are being addressed bymanagement

the work of the entitys internal audit function and whether internal audit hasidentified fraud or any material weaknesses in the system of internal control

how management communicates to employees its view on responsible business

practices and ethical behaviour, such as through ethics policies or codes of conduct.


69/491

Planning Phase




If the entity has established a programme that includes steps to prevent and detect fraud,we enquire of those persons overseeing such programmes as to whether the programme

has identified fraud risk factors.

(a) Results of enquiries of management

Document the results of our enquiries below. State which member of management we

enquired of and the date of the enquiry.

Managements fraud risk assessment

Document our understanding of managements assessment of the risk that the financial

statements may be materially misstated as a result of fraud.

Accounting and internal control systems

Document the results of our enquiries of management concerning the accounting and

internal control systems management has put in place to address the risk of material

misstatement due to fraud, and to prevent and detect error.


70/491

Planning Phase




Fraud and error

Document the results of our enquiries to determine whether management is aware of any

known or suspected fraud and discovered any material errors.

(b) Discussions with those charged with governance

Following our enquiries, consider whether there are matters of governance interest to

discuss with those charged with governance of the entity


71/491

Planning Phase




III Fraud Risk Factors and Response

(a) Audit Team Discussions

During the audit, the team should discuss the susceptibility of the entity to material

misstatements in the financial statements resulting from fraud or error.

Based on these discussions, we:

consider where errors may be most likely to occur or how fraud may by perpetrated

gain a better understanding of the potential for material misstatements in thefinancial statements resulting from fraud or error in the specific areas of the auditassigned to team members

gain a better understanding of how the results of the audit procedures that areperformed may affect other aspects of the audit

decide which members of the audit team will conduct certain enquires or auditprocedures

decide how the results of our enquiries and audit procedures will be shared.

We may also discuss matters that were taken into consideration during our Client

Acceptance or Client Continuance procedures as they relate to fraud risk.

Fraud risk factors

During the audit, we consider whether events or conditions that provide an opportunity, amotive or a means to commit fraud, or indicate that fraud may already have occurred, are

present. Such events or conditions are referred to as fraud risk factors. We identify fraudrisk factors that may indicate the possibility of either fraudulent financial reporting ormisappropriation of assets.

Response

Our response to fraud risk factors is influenced by their (a) nature and (b) significance. Insome cases, our judgment may be that the audit procedures, including both tests of controland substantive procedures already planned, are sufficient to respond to the fraud risk

factors. In other circumstances we may need to modify the nature, timing and extent ofsubstantive procedures to address fraud risk factors present. In these circumstances,

consider whether the assessment of the risk of significant misstatement calls for (a) an

overall response, (b) a response specific to a particular account balance, class oftransactions or assertion, or (c) both types of responses.


72/491

Planning Phase




(i) Fraudulent financial reporting

Fraud risk factors

Fraud risk factors relating to fraudulent financial reporting may be grouped as

follows:

(a) Management Characteristics and Influence over the Control Environment

Significant portion of management compensation contingent upon

achieving aggressive targets etc.

Excessive interest by management in maintaining or increasing theentity's share price or earning trends through the unusual practices

Domination by single person/ small group without compensating

controls

Setting of unduly financial target and expectations for operating

personnel

Display of significant disregard for regulatory authorities

Employing ineffective accounting, IT or internal auditing staff

Participation of non-financial management in selection of accounting

principles etc.

High turnover of management staff or board members

Strained relationship with existing/ predecessor auditor including

frequent disputes, unreasonable demands, restriction on auditors and

domineering management behaviour

Weak or ineffective corporate governance structure

(b) Industry Conditions

New regulatory etc. requirements, which may impair entity's stability or

performance

Increasing competition and market saturation and declining margins/

customer demands


73/491

Planning Phase




Declining industry with increasing business failures

Rapid changes in in

audit+practice+manual volume 2

Documents