IPCC Paper 6 Auditing and Assurance Chapter 4 CA.Kamal Garg

A mechanism to ensure the compliance with organisation policies and procedures;

In particular ensure that:

• Assets are safeguarded; • Frauds and errors are prevented & detected; • Recording all transactions in books of account

Control Environment: overall attitude, actions & awareness of Management towards Internal Control System (ICS);

Control Procedures: designed to achieve desired ICS objectives

Under SA 200(R), evaluation of ICS is one of the basic principles governing an audit

SA 315Title:

Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its Environment

Business Risk: A risk resulting from significant:

Conditions

Events

Circumstances

Actions, or

Inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies

Internal Control: 1. The process designed, implemented and

maintained by those charged with governance, management and other personnel;

2. To provide reasonable assurance about the achievement of an entity’s objectives with regard to: ◦ Reliability of financial reporting; ◦ Effectiveness and efficiency of operations; ◦ Safeguarding of assets; ◦ Compliance with applicable laws & regulations

Inherent Limitations: Management position to override controls;

Human error;

Circumvention through collusion;

Unusual transactions;

Nature of MIS (cost, skill etc.)

Letter of Weakness: A written communication to management made by the auditor about significant deficiencies in control system

A concept related to Organisational Independence; Employees perspective Essentials of Good Internal Check System: 1. Define authorities/ duties & responsibilities; 2. Division of responsibilities as per abilities; 3. Single work amongst different employees; 4. Regular job rotation; 5. Instruction manuals; 6. More usage of electronic system; 7. Various correspondence under proper authority; 8. Daily cash receipts for daily bank deposit Very Important Point = Everything under Authorisation(s)

These are the procedures which are performed to obtain understanding of entity’s environment and internal control;

Help in identifying and assessing risks of material misstatements at financial statements and/ or assertions levels;

However, they do not provide sufficient appropriate audit evidence to base the audit opinion (this means these procedures merely are indicators of presence of material risks)

Inquiry: 1. Those charged with Governance; 2. Internal Audit personnel; 3. Employees; 4. Legal Counsel; 5. Marketing & Sales personnel

Analytical Procedures (SA 520); Observation of entity’s operations, reports,

premises, etc.; Discussion with management and Obtaining

knowledge about the business

Sources of obtaining the Knowledge: 1. Previous experience with entity & industry; 2. Discussions with directors/ customers/ suppliers/

internal audit personnel/ legal advisors, etc.; 3. Visits to entity premises; 4. Industry or Entity publications, for example,

surveys, annual reports, etc.

Matters to be covered while obtaining knowledge of the business:

General Economic factors such as monetary and fiscal policy;

Industry factors such as technology, business risk, etc.;

Entity Factors such as: 1. Management and ownership; 2. Financial performance; 3. Regulatory requirements; 4. Business of the entity

Audit in CIS Environment/ EDP Audit; Documentation: Auditor should document 1. Discussions and significant decisions therein; 2. Key elements of understanding about entity

and its internal control environment; 3. Identified and assessed risk of material

misstatement; 4. Related controls for the risk identified

Audit Trail (i.e. tracing of sequence of transactions from beginning to end);

Visual Observation; Automatic execution of transactions; High Level Languages; Storage media vulnerability; Changes in programmes

EDP/ IT/ CIS Controls

General Controls Application Controls

Administrative Controls

System Development

Controls Procedural Controls

Ensure discipline in

routine operations and admin functions

Ensure the usage of updated

technology with

adequate people’s support

Clerical Controls

Programmed Controls

Ensure accurate and timely processing of

transactions

Input Processing Output

Black Box Approach

Input Processing Output

White Box Approach

Overall response include: Emphasizing the need to maintain professional

skepticism; 1. Assigning more experienced staff/ experts; 2. Incorporating unpredictability about further audit

procedures to be performed; 3. Widening the scope of audit 4. Changing the nature, timing and extent of audit

procedures

The nature timing and extent of planned audit procedures is a way of describing the contents of the audit program for an audit engagement.

Nature: The nature of a planned audit procedure refers to both the type of procedure and method used to gather the evidence.

Timing: The timing of a planned audit procedure refers to when the audit procedure is to be performed.

Audit procedures may be performed prior to balance date (e.g. during interim visits), on balance date or after balance date (e.g. during final visit).

Extent: The extent of planned audit procedures simply refers to the extent of the nature of the procedures.

For example, How many purchases invoices require

vouching? How many computations (e.g. quantity on hand

x unit cost) should be checked?

The internal audit function constitutes a separate component of internal control with the objective of determining whether other internal controls are well designed and properly evaluated;

To facilitate the accumulation of the information necessary for the proper review and evaluation of internal controls, the auditor can use one of the following to help him to know and assimilate and evaluate the same:

1. Narrative Record: a complete and exhaustive description of the system as found in operation by the auditor

2. Check List: a series of instructions or questions which a member of the auditing staff must follow to answer.

3. Internal Control Questionnaire: a comprehensive series of questions concerning internal controls. Most widely used

4. Flow Chart: a graphic presentation of each part of the company’s system of internal control.

Clause 4 (IV) : Internal Control System Commensurate with the size of the

company and nature of its business – Identify major weaknesses, if any.

Continuing failure to correct major weakness

Clause 4 (VII) : Internal Audit (Applicability??)

Commensurate with nature & size of business

1. Listed Company; 2. Other Companies having: Paid Up Capital (+) Reserves > Rs. 50 Lakhs

(as at the commencement of F.Y.); OR Past 3 yrs. Avg. Turnover > Rs. 5 Crores

Subjective concept and involves exercise of professional judgement;

Materiality can be applied both at planning level and performance level;

Judgement of materiality level helps in determining the nature, timing and extent of audit procedures

Benchmark = Percentage often applied as a starting point in determining materiality of Financial Statements (F.S.).;

Audit Risk vs. Audit Materiality = Inverse Relation Identification of Benchmark depends upon

the following factors: 1. F.S. elements (e.g. assets, liabilities, equity,

revenue, expense); 2. The purpose of evaluating financial performance; 3. Entity’s ownership and capital structure

Difference between:

Amounts, classification, presentation or disclosure of a reported F.S. item;

and

Amounts, classification, presentation or disclosure of a F.S. item as required

under applicable financial reporting framework

Misstatement can arise from error or fraud;

It also include those adjustments that in auditor’s opinion are necessary for True & Fair view;

The auditor shall accumulate misstatements identified during the audit, unless trivial;

Apply 320 (Revised);

Communicate and get corrected the misstatements;

Take written MR and do documentation

• when there is no doubt; Factual

• when differences are there on account of management estimates/ accounting policies vis-à-vis auditor’s judgement;

Judgemental

• when differences may arise due to sampling Projected

CAP RIDE: C = Compliance with regulatory and contractual

requirements; AP = Accounting Policies selection & application; R = Related parties transactions; I = Information in other documents accompanying

audited F.S. (like MDA Report, LR, etc.); D = Detailed analysis of F.S. (ratios etc.); E = Economic & Industry Conditions