rathore institute auditing & assurance - wordpress.com · rathore institute auditing &...

Rathore Institute Auditing & Assurance

1

Rathore Institute Auditing & Assurance by CA. Nitin Gupta

First 4 Chapters cover 40-50

Marks in every attempt. Here

these chapters are prepared in an

easy to learn approach.

Get these 4 chapters & 2 chapters vouching & verification in 10

days. Total coverage- 60-70 Marks

Batch Starting from 8 April 2014 (Regular). Timing- 12.00 PM to

4.00 PM

PH: 011-43073355, 8527336600


2

Chapter-1 Nature of Auditing

AUDITING – MEANING

The word “Auditing” has been derived from Latin word “audire” which means “to

hear”.

Audit is an independent examination of financial information of any entity whether

profit making or not irrespective of its size & legal structure, when such an audit is

conducted with a view to express an opinion thereon.

The audit is not confined to financial audit alone. It may be extended to other areas

also such as management audit, operational audit, internal audit and environmental

audit etc.

The audit is conducted for a stated purpose, for example, the financial audit may be

conducted to ascertain whether they present a true and fair view of the financial

position and the operating result of the enterprise.

Every audit has to be based on some evidence.

The audit findings have to be communicated to those who have appointed the auditor.

For example, in case of a company the audit report is made to the shareholders.

AUDITING – FEATURES

1- Examination of books & statements

The Preparation of financial statements is the responsibility of management of

entity.

The audit of financial statement does not relieve the management of its liability. Auditor's opinion is on financial statements. General purpose financial statement includes: [Nov 05- 4 Marks]

Statement of Profit & Loss: Which indicates profits earned or loss incurred during a particular financial year. Balance sheet: Which shows position of assets & liabilities at a particular date. Cash flow & fund flow Statement: Which shows movement of cash/funds during a particular financial year. (However these are not prepared by all entities). Notes to accounts: Disclosures or explanatory notes.


3

2- On the basis of proper evidence

An audit examination is to be made on the basis of evidential documents such as invoices, money receipts, and other records, including information and explanations

supplied by authorized representatives of the client. It is the duty of the auditor to carefully assess and evaluate every piece of evidence

relevant for his examination.

3- By a properly qualified person

In India, audit is to be conducted by a professional having good accounting & auditing background.

A chartered accountant having certificate of practice is eligible to conduct audit. 4- In a Systematic &Independent manner

Audit has to be conducted in a proper way. Auditor should be completely objective (unbiased) in his approach.

He should not be influenced by the client.

5- Entity His client can be any entity whatever is the legal form i.e., it proprietorship,

partnership trust or company etc. The entity may be profit oriented or a charitable one (For Example- Trust, Section 25

Companies)

6- Opinion His opinion is on 'true &fair view' of financial statements. For this, it is necessary that

(i) Financial statement have been prepared using acceptable policies which are consistently applied

(ii) Financial statements have" been prepared as per regulations, (iii) There is appropriate disclosure of all material items.

CONCEPT OF TRUE & FAIR [May 2005 -8 Marks, Nov 2012- 6 Marks] What Constitutes "true and fair", however, has not been defined in any legislation. Section 211(5) of the Companies Act provides that the accounts of a company shall be

deemed as not disclosing a true and fair view, if they do not disclose any matters are required to be disclosed by virtue of provisions of Schedule VI of that Act, virtue of a notification or an order of the Central Government modifying the disclosure requirements.

The concept of true and fair is a fundamental concept in auditing. The phrase “true and fair" in the auditor's report signifies his opinion as to whether the

state of affairs and the results are truly and fairly represented in the accounts under audit.

It is a matter of an auditor’s judgment in the particular circumstances of a case. An auditor has to see:

That the assets are neither undervalued nor overvalued,


4

No material assets are omitted;

The charge, if any, on assets are disclosed

The liabilities are not under or overvalued and the same are properly classified.

Material liabilities should not be omitted

The statement of profit and loss discloses all the matters required to be disclosed by Part II of Schedule VI and the balance sheet has been prepared in accordance with Part I of Schedule VI;

Accounting policies have been followed consistently.

All unusual, exceptional or non-recurring items have been disclosed separately. (Extra ordinary items)

INDEPENDENT AUDIT [RTP, Nov 89, May 92, May 93, Nov 91, May 97, May 01, May 07, May 05, May 08, Nov 09,May 10, May 2012 5-8 Marks]

The need for auditor independence is provided in Standard on auditing. The Companies Act, 1956 also contains specific provision to ensure auditor’s

independence. As per The chartered Accountants Act, 1949 as amended by The Chartered Accountants

(Amendment) Act, 2006, independence of auditor is required. Independence means that the judgment of a person is not subordinate to wishes of

another person. It requires that he should not act under any influence. If auditor maintains high degree of independence, credibility of financial statements is

enhanced. Independent audit report will be accepted and respected by all the stakeholders. Advantage of Independent Audit

It safeguards the financial interest of persons not associated with the management like shareholders.

It acts as a moral check on the employees from committing fraud.

It is helpful in setting tax liability.

It ensures maintenance of adequate books and records, statutory registers etc.

Audited financial statements are the basis for determining amount receivable or payable in certain circumstances.

ASPECTS TO BE COVERED IN AUDIT [May 96-6 Marks] The principal aspects to be covered in an audit concerning the final statements of accounts are as follows 1) Accounting and Internal Control System

The auditor should obtain an understanding of the accounting and the internal control system operating in the enterprise. Such an understanding will enable the auditor to ascertain the degree to which reliance can be placed on the information obtained during the audit.


5

The auditor should review the system from time to time to ascertain its adequacy and comprehensiveness.

2) Examination of books, records etc.

The auditor should check the arithmetical accuracy, authenticity and the validity of transactions entered in to the books of accounts.

He should ensure that the entries in the books of accounts are adequately supported by underlying papers, documents, and other audit evidences.

3) Compliance with the Generally Accepted Accounting Standards and Applicable Statutory Regulation

The financial statements should be prepared in accordance with the requirements of applicable laws and should comply with the relevant accounting standards, guidance notes issued by the ICAI etc.

4) Reporting Once the audit is carried out, the audit findings need to be communicated to the

appropriate person/body. An audit report states that the opinion of the auditor as to the true and fair view of the

financial position and operating results of the enterprise.

OBJECTIVE OF AUDIT

The objective of an audit may be classified into two categories (a) Primary Objective and (b) Secondary Objective.

Primary Objective (As per SA 200 Revised) Audit is conducted to express an opinion on financial statements. Thus primary

objective is Reporting. The auditor reports whether financial statements represent true and fair view. True and fair view can be examined by considering whether:

(a) Financial statements have been prepared using consistent & acceptable accounting policy.

(b) Financial statements comply with relevant rules & regulation and

(c) Financial statements contain disclosure of all material matters.

Secondary Objective [Nov 2004, 8 Marks]


6

Secondary objective is detection of misstatement in financial statements. These misstatements may be fraud and errors. SA 240 (Revised) on “The Auditor’s Responsibility to consider Fraud in an Audit of

Financial Statements” states that primary responsibility for the prevention and detection of fraud rest with both TCWG and management. For this purpose management must ensure for a culture of honesty and ethical requirement.

The term fraud refers to an intentional act by one or more individuals among management, those charge with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage.

Responsibility of Auditor

Auditor is concerned with those frauds that cause a material misstatement in the financial statement of the entity. For example- (a) Fraudulent financial reporting (b) Misappropriation of Assets.

The responsibility of the auditor is to obtain a reasonable assurance that the financial

statement of the entity are free from material misstatement.

Auditor should perform following risk assessment procedure to identify and assess the risk of material misstatement in financial statement

a) Inquiry with management b) Inquiry with TCWG c) Inspection d) Observation e) Evaluating of unusual relationship f) Discussion with engagement team

If Auditor finds misstatement as fraud, then auditor should communication at appropriate level on timely basis.

If Many Material Frauds as found, then consider whether to continue or not. If auditor continues he will consider the matter in Audit Report, if auditor does not continue then after discussing with Those Charged with Governance, he will withdraw and communicate the reason to appointing authority, incoming auditor and regulatory authority.

Auditor’s responsibility for failure to detect fraud: Auditor may not reveal all misstatement, but if auditor performs his work in accordance with basic principles governing an audit, he cannot be held liable for those misstatements in financial statements of client detected after submission of audit report.

Errors may be classified as follows

As per accounting aspects: 1. Errors of omission- It occurs when a transaction is not recorded in the books of

account, either wholly or partially. Full omission does not affect the trial balance

but partial omission does.

2. Errors of Commission- It may be committed either at the stage of recording a transaction in the books of original entry or while posting it to the ledger. Errors in totaling and balancing accounts or in carrying forward totals to the trial balance


7

are also called errors of commission. These types of errors may or may not affect the trial balance. [May 2001, 5 Marks]

3. Errors of principle- An error of principle occurs when the generally accepted

principles of accounting are not observed while recording any transaction in the books of account. These types of errors do not affect the trial balance.

4. Compensating errors- when there are two or more errors, but they compensate the

effect of each other. These problems do not affect the trial balance.

As per nature

1. Self revealing errors- The existence of these errors becomes apparent during compilation of accounts. A few illustrations of such errors are given hereunder,

showing how they become apparent

2. Non Self revealing error- The existence of these errors is not revealed automatically by routine accounting procedures. These can be revealed by detailed analysis and normal audit procedures. Example- Revenue expenditure is charged as capital expenditure.

3. Unintentional errors- These are unintentional mistake. Example- Wages paid to X; a casual laborer has not been recorded in the books of account.

4. Intentional errors- These are intentional mistakes / fraud. Example- Fictitious

purchases of Rs. 10,000 have been recorded by cashier to misappropriate cash. 5. Procedural errors- These are the errors in the implementation of procedures or

frauds. Example- Payment of a purchase invoice without sufficient purchase documents.

BASIC PRINCIPLES GOVERNING AN AUDIT [Nov 2000, Nov 2002, Nov 2003, Nov 2006, 10 Marks, May 2013-8 Marks] The basic principles govern the auditor’s professional responsibilities and should be complied with whenever audit is carried out. The basic principles as stated in this guideline are:

1 Omission to post a part of a journal entry to the ledger

Trial Balance is thrown out of agreement

2 A failure to record in the cash book paid into or withdrawn from the bank

Bank reconciliation statement will show up error

3 A mistake in recording amount received from X in the account of Y

Statement of account parties will reveal the mistake


8

1- Integrity, Objectivity, Independency

Auditor should be straightforward, honest and sincere in his professional work. He should be fair and must not be biased. He should maintain impartiality. He should be free of any interest

2- Confidentiality

He should maintain confidentiality of information acquired during his work. He should not disclose any such information to a third party without specific

permission of client or legal or professional duty to disclose.

3- Skills and competence

He should perform work with due professional care. Audit should be performed by persons having adequate training, experience and

competence.

4- Work performed by others [May 2000- 4 Marks] The auditor can delegate work to assistants or use work performed by other auditors

and experts. The Auditor is entitled to rely on work performed by others, provided he exercises

adequate skills and care and there is nothing to doubt. In respect of work delegated to assistants, auditor should carefully direct, supervise

and review the work. In respect of work performed by other auditors and experts, auditor should obtain

reasonable assurance that such work is adequate for his purpose. But he will continue to be responsible for his opinion on financial information.

5- Documentation

He should document matters relating to the audit (maintain working papers). Working papers are maintained to demonstrate that the audit was carried out in

Accordance with the basic principles.

6- Planning

He should plan his work to conduct audit in effective and timely manner. Plans should be based on knowledge of the clients business. Plans should be further developed and revised during audit if circumstance requires so.


9

7- Audit Evidence Auditor should obtain sufficient and appropriate audit evidence by performing

compliance and substantive procedures. Evidences enable the auditor to draw reasonable conclusion. Compliance procedures mean the tests designed to obtain reasonable assurance that

internal controls have been properly designed & operating effectively throughout the year.

Substantive Procedures are performed to obtain evidence as to the completeness, accuracy and validity of data produced by the accounting system.

8- Internal controls

Internal control system ensures that the accounting system is adequate and that all the accounting information has been duly recorded.

The auditor should understand the accounting system and related internal controls adopted by the management.

He should study and evaluate internal controls system to determine the nature, timing and extent of other audit procedures.

9- Audit conclusion and Reporting

The auditor should review and assess the conclusions drawn from the audit evidences

obtained through performance of procedures. The audit report should contain clear written expression of opinion on the financial

statements. His report is on whether:

The financial information has been prepared using acceptable accounting policies

which have been consistently applied; The financial information complies with relevant regulation and statutory requirements; and There is adequate disclosure of all material matters.

The report should be as per legal requirement. When other than opinion is given, the audit report should state the reasons thereof.

QUALITY OF AUDITOR [Nov 2004- 4 Marks]

1. Integrity: Auditor should be honest, sincere and straightforward while performing his professional duties.

2. Communication Skill: During the conduct of audit, he has to interact with various officers and staff of organization & third parties, thus he requires good oral & written communication abilities.


10

3. Confidentiality: He should not disclose confidential information acquired during conduct of his professional duties to any third party except when permitted by client

or required by law.

4. Independence: He should not be subordinates his judgment to the will of others. He should conduct the audit in unbiased way.

5. Knowledge: He should have general knowledge of client’s business and economic trends etc. He must continuously update his knowledge to conduct audit effectively.

6. Logical Skills: He must be able to analyses & interpret problem so that he can accordingly deal with the same.

7. Judgment: He should be capable to taking firm judgments as to which items are to be checked and what should be the sample size.

DIFFERENCE BETWEEN ACCOUNTING & AUDITING [May 99]

DIFFERENCE BETWEEN AUDITING & INVESTIGATION [RTP, May 99-10 Marks, Nov 2012- 8 Marks]

BASIS ACCOUNTING AUDITING

MEANING Accounting is the art of Recording, Classifying & Summarizing financial information.

It is independent Examination of financial information of an entity to express an opinion thereon

FUNCTION It records financial aspects of entity

It reviews the accounting system

BY WHOM Any person having good knowledge of accounting

Statutory audit can only be conducted by a chartered accountant.

PRINCIPLES As, per accounting standards. As per auditing standards. PRIMARY RESPONSIBILITY

To maintain accounts & prepare financial statements is the responsibility of management

To conduct audit in an effective way and form an opinion is the responsibility of auditor

EXPERTISE Accounting expertise Accounting & auditing Expertise

(both) TIME OF OCCURRENCE

Accounts are prepared by the Management prior to get them audited.

Auditing is examination of financial information, thus can’t be conducted prior to accounting

BASIC AUDITING INVESTIGATION


11

INHERENT LIMITATIONS OF AUDIT [Nov 1998, Nov 2001, May 2003, Nov 2005, May 2011 4-8 Marks] Meaning The limitations which cannot be overcome irrespective of the nature and extent of a

procedures. The limitations of audit arise from: 1. Involvement of judgement

Auditor’s work involves exercise of judgment, for example, in deciding the extent of

audit procedures and in assessing the reasonableness of the judgment and estimates made by the management in preparing the financial statements. The judgement by auditor may not always be correct.

2. Nature of evidences

MEANING It is Independent Examination of Financial information of an entity to Express an opinion thereon

Investigation implies systematic, critical and special examination of the records of a business for a specific purpose.

OBJECTIVE To ascertain the truthfulness and fairness of the state of affairs.

Aims at establishing a fact or is carried out for some particular purpose.

NATURE OF EXAMINATION

Conclusions are drawn on the basis of test checking of

accounts and records.

It is a detailed examination.

PERIOD UNDER EXAMINATION

An audit covers a period of one year.

Not necessarily restricted to a financial year. It can extend for a period consisting of a number of years.

SCOPE The scope of audit is very wide. In statutory audit the scope of audit is determined by the relevant law and in private audit, by the letter of

engagement.

However, the scope of investigation is limited as regards the activity or areas to be covered.

CONDUCTED BY

A CA within the meaning of CA Act 1949.

Any person, who need not necessarily be a CA.

FINANCIAL ASPECTS

Generally covers financial aspects only

Covers both financial and non financial aspects.

NATURE OF EVIDENCE

Audit is concerned only with prima facie evidence which is sufficient and appropriate

But in an investigation, conclusive

evidence is required.

SUBMISSION OF REPORT

The audit report is submitted to the owners of the business.

The investigation report is to be submitted to person (s) on whose behalf it is being conducted.


12

The evidences obtained by the auditor are persuasive rather than conclusive and they cannot ensure the auditor in a certain way.

Because of these factors, the auditor can only express an opinion and absolute certainty in auditing is rarely attainable.

There is also likelihood that some material misstatements of the financial information resulting from fraud or error, if either exists, may not be detected.

3. Test checking

Auditor uses sampling during performance of audit. It is not possible for him to conduct detailed checking due to time constraints. As he does not check each & every item, it's impossible for him to detect all fraud &

errors. 4. Inherent limitations of internal controls

Internal controls suffer from limitation such as collusion among employees or wrong use of authority by management etc.

It is clearly evident that there always is some risk of an internal control system failing to operate as designed.

If internal controls are weak, auditor may not be in a position to obtain assurance.

ACCOUNTING CONCEPT- FUNDAMENTAL ACCOUNTING ASSUMPTION [Nov 2003, May 2007, May 2008, 4 Marks]

Meaning- Certain fundamental accounting assumptions underlie the preparation & presentation of financial statements. Their use is assumed. Three fundamental accounting assumptions- Going Concern, Consistency and Accrual. Going Concern:

The enterprise is normally viewed as a going concern that is as continuing in operation for the foreseeable future. It is assumed that the enterprise has neither the intention nor the necessity of liquidation. Consistency:

It is assumed that accounting policies are consistent from one period to another. Accrual:

Revenues and costs are accrued, that is recognized as they are earned or incurred (and not as money is received or paid) and recognized in the financial statements of the periods to which they relate. Disclosure requirement as per AS-1 If the fundamental accounting assumptions, viz.,

Going concern, Consistency and Accrual are followed in financial statements specific disclosure is not require fundamental accounting assumption is not followed, the fact should be disclosed.


13

MEANING & DISCLOSURE OF ACCOUNTING POLICIES

[May 1999, Nov 2002- 4 Marks, Nov 2007 -5 Marks, Nov 2011- 6 Marks, Nov 2012 -10 Marks]

Meaning- It refers to specific accounting principles & methods of applying those principles, adopted by entity in preparation & presentation of financial statements. Examples- The following are example of the areas as given in AS 1, Disclosure of Accounting policies in which different accounting policies may be adopted by different enterprises.

Treatment of goodwill

Valuation of fixed assets

Methods of depreciation ,depletion and Amortization

Valuation of investments

Valuation of inventories

Treatment of deferred revenue expenditures

Treatment of retirement benefits

Treatment of provision

Treatment of contingent liabilities

Conversion or translation of foreign currency items

Recognition of profit on long-term contracts Requirement of AS-1 regarding disclosure of Accounting Policies

To ensure proper "understanding of financial statements, it is necessary that all significant accounting policies adopted in the preparation and presentation of financial statements should be disclosed

Such disclosure should form part of the financial statements. They should be disclosed at one place instead of being scattered over several

statements. Any change in an accounting policy which has a material effect should be disclosed

with the following disclosures:

Old policy

New policy

Reason of change

Impact on current financial year profit or loss (If it is material)

Accounting policy may be changed in the following circumstances:

If required by Law

For compliance with accounting standards

On the opinion of the management.

AUDITING AND BEHAVIOURAL SCIENCE

The field of auditing as a discipline involves review of various assertions both in financial as well as nonfinancial terms. Thus it is quite logical and natural that the function o audit can be performed if and only if the person also possess a good knowledge about the fields in respect of which he is conducting such a review.


14

The discipline of behavioural science is closely linked with the subject of auditing. While it may be said that the financial auditor deals basically with the figures

contained in the financial statements but he shall be required to interact with a lot of people in the organisation.

The knowledge of human behaviour is indeed very essential for an auditor so as to effectively discharge his duties.


15

State True or False with Reason

1) Auditor’s primary responsibility is to detect errors and frauds.

False- Auditor’s primary responsibility as per SA 200 is to express an opinion on financial statements.

2) The fundamentals accounting assumptions followed for preparing financial

statements should be disclosed. False- It is assumed that fundamental accounting assumptions have been followed while preparing financial statements. In case any one of these has not been followed specific disclosures should be made.

3) The primary responsibility for preparation of financial statement is of the

management. True- SA 200 has asserted this.

4) The scope of financial audit extends to all type of entity. True- The scope of audit extends to all entities commercial as well as non commercial.

5) Financial statements include P&L accounting and Balance Sheet but not notes to accounts.

False- Financial statements mean whole set of accounts including P&L account, Balance sheet and disclosure i.e. notes to accounts.

6) Auditor needs to be independent

True- Independence means that the judgment of a person is not subordinate to wishes of any person. Independent audit enhance credibility of financial statements of client.

7) Auditor does not need communication skills, as he is concerned only with financial

information. False – During conduct of audit, he has to interact with various officers and staff of client & third parties, which requires good written & oral communication skills.

8) Auditor must maintain confidentiality subject to certain exceptions. True- Auditor should not disclose any confidential information relating to client. However he can disclose if it is permitted by client or required by law.

9) Documentation is required to be kept by auditor

True- Auditor should document matters relating to the audit. Working papers are maintained to demonstrate that the audit was carried out accordance with the basic principles.

10) Sampling is a major inherent limitation of audit. True- Auditor uses sampling during performance of audit. It is not possible for him to conduct detailed checking due to time constraints and other practical problems. As he does not check each & every items. It is impossible for him to detect all fraud & errors.

11) Auditor is not an insurer. [Nov 2008]

True- The auditor does not insures the interest of users of accounts but only states his opinion after taking all reasonable care and skill that the statement show a true and fair picture.

12) Procedural error arises as a result of transactions having been recorded in a fundamentally in correct manner. [May 2008]

False- When transactions are recorded in fundamentally incorrect manner it is known as error of Principle. For e.g. a distinction not being made between capital and revenue income or expenditure.


16

13) When an auditor identifies a misstatement resulting from fraud, it is his responsibility to communicate it to the regulatory and enforcement authorities apart

from those charges with governance. [May 2010] True- According to SA-240 “The auditor Responsibilities Relating to Fraud in an Audit of Financial Statement” an auditor identifies a misstatement resulting from the fraud or error it is his responsibility to communicate the matter with those charged with governance and, in some circumstances, when so required by laws or regulation, to regulatory and enforcement authorities also.


17

Chapter-2 Basic Concepts in Auditing

CONCEPT OF MATERIALITY [Nov 86, Nov 96, May 2007, Nov 2007-4 Marks, Nov 2009-6 Marks, May 2013]

According to AS-1 Material items are those items, the knowledge of which might influence decisions of the user of financial statements.

SA 320 is applicable on “Materiality in Planning and Performing an Audit”. It deals with the auditor’s responsibility to apply the concept of materiality in planning and performing an audit of financial statement.

Materiality is therefore, an important and relevant consideration for an auditor who has constantly to judge whether a particular item or transaction is material or not.

The auditor’s determination of materiality is a matter of professional judgement. Judgement of materiality is affected by circumstances and size of the business. Both the amount and nature i.e. quantity and quality should be considered Material is a relative term and what may be material in one case may not be material in

another. Even insignificant items in terms of quality may also be material in special circumstances. For example:- In a company having turnover of Rs. 50 Lakhs p.a. and profit of Rs. 2 lakhs p.a. The damages paid of Rs. 1 lakhs may be material and may require separate disclosure because of quantity (size). However, the same information may not be material for a company having turnover Rs. 100 corers p.a. and profit of Rs. 12 Crore p.a. Here the materiality has been judged by its amount with reference to size of the company. However , in case of a company having the turnover of Rs. 100 Crore p.a. and profit of Rs. 10-12 Crore p.a. the violation of law even of small amount may be material , like- if company pays the remuneration to its managerial person in excess of section 198 of the Companies Act, 1956. Even excess managerial remuneration, in this case may be Rs. 50,000, will be material because of non-compliance of law.

Performance Materiality: It means the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatement exceeds materiality for the financial statements as a whole.

There is an inverse relationship between materiality and audit risk. Materiality decided earlier may be revised during the performance of the audit. Materiality should be considered by the auditor when:

Planning the audit (When establishing over audit strategy as per SA-300) Evaluating the effect of misstatement. (Regarding any revision in materiality which

was considered at the time of planning while evaluating the effect of misstatement as per SA-450)

Auditor should document the following: Material level considered for financial statement as a whole Performance material considered Any revision made in material level considered earlier.


18

AUDIT EVIDENCE [SA-500] The information, which may be oral or written obtained by the auditor for the purpose

of audit, is known as audit evidence. Auditor needs evidences to obtain information for arriving at his judgement. Audit evidence is necessary to support the auditor’s opinion and report. Audit evidence includes both information contained in the accounting records

underlying the financial statements and other information The auditor should obtain sufficient & appropriate audit evidence through the

performance of compliance and substantive procedures to enable him to draw reasonable conclusion there from on which to base his opinion on the financial information. Sufficiency refers to the quantum of audit evidence obtained. Appropriateness refers the relevance and reliability of the evidence. Followings are the factors to determine the sufficient and appropriate [RTP, May 90, May 07, May 09, Nov 2010-6 Marks]

The factors that influence the Auditor’s judgement as what is sufficient and appropriate audit evidence are- a) The materiality of the item. b) Type of information available.

c) Experience gained during previous audit.

d) Trends indicated by accounting ratios and analysis. e) The degree of risk of misstatement

Types of audit evidences

1. Depending upon Nature- a) Visual evidence- These are the evidences in the form of observation. Example-

Observing stock taking by the management.

b) Oral evidence- These are the evidences having no physical existence. Example- Discussion with management


19

c) Documentary evidence- These are the evidences in the form of written

documents. For example- Copy of invoices, agreement, vouchers.

2. Depending upon Source- Internal and External. [May 89, May 94, May 95, May 98, Nov 08]

Particulars Internal Evidence External Evidence

Meaning Internal Evidence is one that has been created used and retained within the client’s organisation

External Evidence originates outside the Client’s organisation

Examples Wage sheet, Inventory report, Minutes Book, Duplicate copy of sales invoice.

Purchase invoice, Lease Agreement, Bank Statement, Insurance Policies.

Auditor’s Role It is provided to the Auditor by the sources internal to the organisation

It may sometimes be obtained directly by the Auditor. For example- External Confirmation.

Reliability It is not reliable as external evidence

It is considered more reliable than internal evidence.

RELIABILITY OF AUDIT EVIDENCE [May 2008- 5 Marks, Nov 2011 -4 Marks, Nov 2013-5 Marks] The reliability of audit evidence is influenced by its source (Internal or External)

and by nature (Visual, Documentary or Oral) While the reliability of audit evidence is dependent on the circumstances under

which it obtained the following generalizations may be useful in assessing the reliability of audit evidence: 1. External evidence (e.g., confirmation received from a third party) is more reliable than internal evidence. 2. Internal evidence is more reliable when related internal control is satisfactory. 3. Evidence obtained by the auditor himself is more reliable than that obtained

from the entity. 4. Evidence in the form of documents and written representations is more reliable

than oral representation.


20

5. Evidence provided by original documents is more reliable than those provided by photocopies of documents

AUDIT PROCEDURES TO OBTAIN EVIDENCES

The audit procedures to obtain the audit evidence, to daw reasonable conclusion on which to base the auditor’s opinion, are acquired by performing: a) Risk assessment procedures; and b) Further audit procedure, which comprise

i. Test of controls (Compliance Procedure) ii. Substantive procedures

a) Risk Assessment procedure

As per SA-315, The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment including its internal control

Observation and inspection

Discussion among the engagement team

Inquiry of management and others within the entity

Analytical procedures To understand the entity and its environment the auditor shall obtain an

understanding of the following:

Nature of entity

Types of regulation applicable

Type of industry

Entity’s selection and application of accounting policy To understand the entity’s internal control the auditor shall obtain an

understanding of the following:

Information system

Control environment

Risk assessment procedure of entity

Activity relating to control

Monitoring of control b) Further audit procedure

i. Compliance Procedure- [May 2013- 2 Marks] Compliance procedures are tests designed to obtain reasonable assurance that

those internal controls on which audit reliance is to be placed are in effect.

Compliance tests are conducted in areas governed by the internal control e.g. Purchase, Sales etc.

In obtaining audit evidence from compliance procedures, the auditor is concerned with assertions that the internal control exists, the internal control is operating effectively and the internal control has so operated throughout the period of intended reliance. So the auditor is concerned with the existence, effectiveness and continuity of the control system


21

ii. Substantive Procedure- [May 2004, May 2007, May 2010, 4 Marks]

Substantive procedures are tests designed to obtain evidence as to the completeness, accuracy and validity of the data produced by accounting

system. They are of two types (1) Tests of details of transactions and balances. (2)Analysis of significant ratios and trends including the resulting

investigation of unusual fluctuations and items. (Analytical Review) In obtaining audit evidence from substantive procedures, the auditor is

concerned with following assertions. [Nov 2007, May 2008-6 Marks, June 2009-10 Marks, May 2013-4 Marks]

a) Assertion about classes of transactions and events for the period under audit:

i. Occurrence- Transactions and events that have been recorded have occurred and pertain to the entity

ii. Completeness- All the transactions and events that should have been recorded have been recorded.

iii. Accuracy- Amounts and other data relating to recorded transactions and events have been recorded appropriately

iv. Classification- Transaction and events have been recorded in the proper accounts

b) Assertions about account balances at the period end:

i. Existence- Assets, liabilities and equity interest exist ii. Rights and obligations- The entity holds or controls the rights to assets, and

liabilities are the obligations of the entity. iii. Completeness- All assets, liabilities and equity interest that should have been

recorded have been recorded. iv. Valuation- Assets, liabilities and equity interest are included in the financial

statement at appropriate amounts.

c) Assertions about presentation and disclosure

i. Classification- Financial information is appropriately presented and described, and disclosures are clearly expressed.

ii. Accuracy and valuation- Financial and other information are disclosed fairly and at appropriate amounts.

iii. Completeness-All disclosures that should have been included in the financial statements have been included.

METHODS (TECHNIQUES) TO OBTAIN AUDIT EVIDENCE [Nov 1997, Nov 2001, May 2003-8 Marks, May 2011- 8 Marks] One or more of the following methods: 1. Inspection 2. Observation


22

3. Inquiry and confirmation 4. Computation 5.Analytical review 6.Reperformance

1-Inspection

Inspection consists of examining records, documents or tangible assets.

Four major categories of documentary evidence which provide different degrees of reliability to the auditor are: Documentary evidence created and held by the third parties; Documentary evidence created and held by the entity.

Documentary evidence created by third parties and held by the entity; and Documentary evidence created by entity and held by third party.

Inspection of tangible assets provides reliable evidence with respect to their existence but not necessarily as to their ownership or value.

2-Observation

Observation consists of looking at a process a procedure being performed by the others. For example, the auditor may observe the counting of inventories by client


23

personnel. Observation provides audit evidence about the performance of a process or procedure.

3-Inquiry and confirmation [Inquiry- May 2013 4 Marks]

Inquiry consists of seeking appropriate information from knowledgeable

person inside or outside the entity. Queries may range from formal written inquires addressed to third parties to

informal oral inquires addressed to persons inside the entity.

Responses to inquiries may provide the auditor with information which he did not previously possess or may provide him with corroborative evidence. (Confirmatory evidence).

Confirmation consists of the response to an inquiry to corroborate (Confirm) information in the accounting records. For example, the auditor normally requests confirmation of receivable by direct communication with debtors.

External Confirmation- [Nov 2011, Nov 2012- 8 Marks] It means audit evidence obtained as a direct written response to the auditor from

a third party (the confirming party) in paper/ electronic/ other form. Auditor should carefully plan & control external confirmation

Generally external confirmation is used for the following:

Bank balances

Accounts receivables balances

Account payable balances

Property title deed held by third party

Loan from lenders While selecting items for confirmation the auditor should consider the materiality

of account balances. Procedure of external confirmation

Selection (To whom confirmation letter is to be sent)

Design the communication request (Positive Form or Negative Form)

Communicating the confirmation request to selected third party

Obtaining the response from third party


24

Evaluating the information Positive Form- In positive form external party always responds whether they agree with auditors

understanding or not. If auditor does not receive any reply, he may send an additional confirmation

request. If still request is not replied then he has to do additional procedure alternate

procedure. If alternate procedures do not provide sufficient evidence, he should determine its

effect on audit report (Qualify/Disclaimer) Positive form is more reliable than negative form.

Negative Form In negative form external party responds only when they disagree with auditor

understanding. This form is generally used when risk of misstatement is low because internal

controls are effective and low exception rate is expected. These are less reliable than positive form

Evaluation

If response indicating disagreement of third party, the auditor shall investigate exception to determine whether these are indicative of misstatement by performing

additional audit procedures. In case of positive form confirmation request there is no response by third party the

auditor should perform alternative procedures. If management request auditor not to seek external confirmation, auditor should ask management for written presentation. Auditor should consider whether there are valid ground for the same. If there are valid grounds then he may accept the management request and adopt alternative procedure. If there are not valid grounds then he may not accept the management request as it is a limitation on scope of his work.

4-Computation

Computation consists of checking the arithmetical accuracy of source documents,

accounting records or of performing independent calculations.

5-Analytical Review (SA-520)


25

Analytical procedures consist of evaluations of financial information made by a study of relationship among data. These relationships may be between financial data and between financial and non financial data.

Analytical review may be the followings: - Ratio analysis - Trend analysis - Comparison of actual with budget - Comparison of current year figure with corresponding figure of previous year.

Analytical review consists of studying significant ratios and trends and investigation unusual fluctuation and item.

Auditor may use analytical review at planning stage. The main purpose to use analytical procedures is to determine the nature, timing and

extent of other audit procedures. Its objective is to obtain evidences using substantive procedures. If auditor identifies fluctuation or a significant difference between recorded & expected

values, he shall investigate by inquiring of management and thereafter obtaining evidences to corroborate the same and performing other procedures as necessary in the circumstances

The extent of reliance on the results of analytical procedures will depend on factors like:

Materiality of items involved

- When inventory balances are material analytical reviews alone will not be

sufficient in forming the audit conclusion

- Where certain individual items of income or expenditure are not material,

comparison with previous year data may provide sufficient audit assurance.

Accuracy of prediction

- If the expected results of analytical procedures can be predicted with reasonable

accuracy, such procedure will be more reliable

- For example, the Gross profit percentage over various periods would be consistent

and give more audit reliance than R & D expenditure or Advertisement

expenditure etc.

Nature of risk

- If internal control over sales order processing is weak and hence control risk is

high, more reliance will have to be placed on test of details of transactions and

balances.

6. Reperformance- Re-performance involves the auditor’s independent execution of

procedure or controls that were originally performed as part of entity’s internal

control.

AUDITOR’S DUTIES WHEN AN INFORMATION TO BE USED AS AUDIT

EVIDENCE

When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence.


26

When information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall to the extent necessary, having regard to the

significance of that expert’s work for the auditor’s purpose a) Evaluate the competence, capabilities and objectivity of that expert. b) Obtain an understanding of the work of that expert c) Evaluate the appropriateness of that expert’s work as audit evidence for the

relevant assertion. When information to be used as audit evidence has been produced by the entity the

auditor should

a) Obtain audit evidence about the accuracy and completeness of the information b) Evaluate whether the information is sufficiently precise and detailed for the

auditor’s purpose.

AUDITOR’S DUTIES IN CASE OF INCONSISTENCY IN, OR DOUBT OVER

RELIABILITY OF AUDIT EVIDENCE

If audit evidence obtained from one source is inconsistent with that obtained from another or the auditor has doubts over the reliability of information to be used as audit evidence the auditor shall determine what modification and addition to audit procedures are necessary to resolve the matter.


27


1) Evidence should be sufficient and appropriate.

True- Auditor should obtain sufficient & appropriate evidence. Sufficiency refers to

quantum of audit evidence. Appropriateness refers to quality of audit evidences.

2) Auditor should consider consistency of evidence.

True- The audit evidences obtained through different sources or of different nature

should be consistent. If there is inconsistency among different evidences relating to a

single item, auditor should perform additional procedures to resolve inconsistency.

3) Compliance procedure is undertaken to check transaction and balances.

False- Compliance procedure is undertaken to check designing, operating effectiveness

and continuity of internal control system.

4) Substantive procedures are carried out to check data produces by accounting system.

True- Substantive procedures are undertaken to check completeness, accuracy and

validity of data produces by accounting system.

5) Auditor may use analytical review procedure at planning stage.

True The auditor should apply analytical procedures at planning stage for

understanding the business and in identifying areas of potential risk. It uses both

financial and non financial data.

6) Material items are only quantitative in nature.

False- Material items are those which may influence the judgement the judgement of

users of financial statements. It may be quantitative and qualitative as well.

7) There is inverse relation between materiality & audit risk.

True- Generally management / employees do not commit fraud in high value items.

Moreover, as a general practice, auditor checks high value items in detail. Thus it is less

risky that high value fraud and error may not be detected. So high materiality level

leaves audit risk at lower degree.

8) External confirmation means representation from management.

False- It is the process of obtaining and evaluating audit evidences through a direct

communication from a third party in response to a request for information about a

particular item.

9) Reply is required in all cases in positive confirmation request.

True- It asks the respondent to reply the auditor in all cases either by indicating the

respondent’s agreement/ disagreement with the given information or by asking the

respondent to fill in information.

10) Auditor should carefully plan & control external confirmation.

True- The auditor should maintain control the process of selecting those to whom a

request will be sent, the preparation and sending of confirmation request and responses

to those requests.


28

Chapter-3 Preparation for an Audit

AUDITOR’S ENGAGEMENT [May 2003, Nov 2009, Nov 2010, May 2012]

The conduct of the members of ICAI is governed by set of rules. One of these rules

forbids CA to solicit the client. Client must themselves find their auditors. It is important for both the auditors and the client that they should be clear about nature of engagement.

Letter of Engagement refers to the letter written by the auditor to his client

documenting and confirming his acceptance to the appointment, the objective, scope and extent of his responsibilities to his client. The auditor should send an engagement letter, preferably before the commencement of the engagement, to help avoid any misunderstanding with respect to the engagement.

In case of recurring audit, the auditor may decide not to send a new engagement letter each period. However, the auditor shall send a new engagement letter each year in the

following situations: Any indication that the client misunderstands the objective and scope of the audit. Any revised and special terms of engagement. Any recent change in BoD or senior Management. A change in legal or regularity requirement. Any change in the business of the client that is significant. Any change in reporting requirement.

If the auditor is of the opinion that change in terms of engagement is reasonable, he must issue the audit report according to the changed terms. However if the auditor is of the opinion that change in terms of engagement is unreasonable and is not allowed by the client to original engagement, he should withdraw and communicate the reason of withdrawal to the BoD or the shareholders.

QUALITY CONTROL FOR AUDIT WORK AT FIRM LEVEL [5 Marks, Nov 2007] SA 220 on Quality Control For Audit Work requires that the audit firm should

implement quality control policies and procedures to ensure that audits are conducted in accordance with SA. The requirements are:-


29

1) Professional requirements: Firms personnel should adhere to the principle of independence and professional competence.

2) Skill & Competence: Personnel should have attained and maintain technical standard and professional competence.

3) Assignment: Audit work is to be assigned to personnel who have degree of technical training as per the requirement.

4) Delegation: Direction, supervision and review of work at all level to meet standard

of quality.

5) Consultation: Consultation within or outside the firm with experts wherever necessary.

6) Acceptance and relation of clients: Evaluation of prospective clients and review of existing to accept or retain a client based on firm’s independence and ability to serve.

7) Monitoring: Adequacy and operational effectiveness of quality control policies to be continuously monitored.

Audit Process Audit process refers to the sequence of activities performed in the formulation of

audit opinion on the financial statement. It is a well defined methodology for organizing an audit and is adopted to

accomplish audit objectives. Audit process can be viewed as a four step exercise

Step-1 Planning (SA-300) Step-2 Performing procedures: Following 2 types of procedures are performed:

Risk Assessment Procedure (As per SA 315) Further audit procedures (As per SA 330)

Step-3 Obtaining audit evidence on the basis of procedures performed. Step-4 Concluding and Reporting (SA 700, 705, 706)


30

STEP 1- PLANNING AN AUDIT OF FINANCIAL STATEMENT [SA-300]

Audit planning refers to planning by the auditor to enable him to conduct an effective audit in an efficient and timely manner and includes planning about area, scope, depth of transaction to be audited, time to be devoted, person to be deployed for audit etc.

The engagement partner and other key members of the engagement team shall be involved in planning the audit. Need for audit planning/objective of audit planning Appropriate attention to important areas of audit.

Identification of potential problems

Timely completion of work

Utilization of assistants in a better way

Co-ordination of work done by other auditors and experts.

The auditor should follow the following steps to plan an audit:

Preliminary Engagement Activity

Planning Activity

Documentation requirements

Additional consideration to be undertaken in initial audit engagement.

Preliminary Engagement Activity The auditor shall undertaken the following activities at the beginning of current audit engagement

i. Performing procedures required by SA-220 “Quality Control of an audit of financial statements” regarding the continuance of the client and the specific audit engagement.

ii. Evaluating compliance with ethical requirements as required by SA-220. iii. Establishing an understanding of the terms of engagement as required by SA-210

“Agreeing the term of Audit Engagements”

Planning Activity There are 2 types of planning activities 1. The auditor shall establish an overall audit strategy to determine the Scope, Timing

and Direction of the audit. It may be establish by followings: i. Identify the characteristic of the engagement that define its scope.

ii. Ascertain the reporting objective of engagement iii. Consider the factors that are significant in determining the engagements team’s

efforts. iv. Consider the result of the preliminary engagement activity v. Ascertain the Nature, Timing and Extent of procedures proposed to be performed

2. The auditor shall develop an audit plan that:

i. The nature, timing and extent of planned risk assessment procedures as determined under SA-315 “Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its Related Environment”


31

ii. The nature, timing and extent of planned further audit procedures as determined under SA-330 “The Auditor’s Responses to Assessed Risks”

Documentation requirements: The auditor shall documents

- The overall audit strategy - The audit plan - Any significant changes made during the audit engagement to the overall audit

strategy or the audit plan, and the reasons for such changes.

Initial audit engagement: In case of first audit, the auditor should follow the

following activities before the above preliminary activities: - Communicating with the predecessor auditor - Knowledge of client’s business.

KNOWLEDGE OF CLIENT BUSINESS [May 2004-8 Marks, May 2005- 6 Marks, June 2009- 5 Marks]

Knowledge of client business can be obtained by the following sources: Client annual report to shareholders

Minutes of shareholders/board of directors

Internal financial management reports of current & previous year Previous year audit working paper.

Discussion with client


32

Client policy and procedure manual

Publication like trade journal, magazines, news papers and Visit to client’s premises.

STEP 2: PERFORMING PROCEDURES [REFER TO CHAPTER-2]

STEP 3: OBTAINING AUDIT EVIDENCES [REFER TO CHAPTER- 2]

STEP 4:- CONCLUDING & REPORTING Forming conclusion on the basis of Audit evidences. Providing report on True & Fair representation of financial statements. Ensuring that report complies with the statutory requirement, if any Communicating the Report to the appropriate authority.

AUDIT TECHNIQUES [May 2006, May 2007, May 2012]

For collection and accumulation of audit evidence, certain methods and means are available and these are known as audit techniques. Some of the techniques commonly adopted by the auditors are the following: 1. Posting checking 2. Casting checking


33

3. Physical examination and count 4. Confirmation. 5. Inquiry 6. Year-end scrutiny 7. Re-computation 8. Tracing in subsequent period 9. Bank Reconciliation

AUDIT PROGRAMME [May 88, Nov 92, Nov 2006, Nov 2008, Nov 2013] Audit programme is the auditor’s plan of action. Audit programme is a detailed plan of applying the audit procedures. It constitutes the plan of work and provides a basis for the supervision and control of

the audit work. There should be a periodic review of the audit programme to assess whether the same

continues to be adequate for obtaining requisite knowledge and evidence about the transaction.

An audit programme contains the following elements:

Study of relevant legal requirements

Area of auditing

Extent of checking

Analytical review of past performance

Study and evaluation of internal control

Analysis and review of financial statements

Finalization of audit report

Advantage of audit programme [May 81, May 88, May 91, Nov 06, Nov 07] A written audit programme provides the assistants with a clear set of instructions

about the work to be done by them. Selection of assistants for the jobs on the basis of capability becomes easier when the

work is properly planned and segregated. The principal can control the progress of the various audits in hand by examination of

audit programmes. A properly drawn audit programme serves as evidence in the event of any charge of

negligence brought against the auditors. It serves as a guide for carrying out the current audit and as a basis for drawing the

future audit programme.

Disadvantage of audit programme [May 81, May 91, Nov 06, May 07, May 2012]

A hard and fast audit programme may kill the initiative of efficient and enterprising assistants.

An audit programme can make the audit exercise rigid and mechanical. Inefficient assistants may take shelter behind the program saying that the matter does

not contain any instruction.


34

AUDIT NOTEBOOK [Nov 2001]

An audit notebook is a bound book containing the audit programme, significant audit observations, objections, queries etc.

It is a part of permanent record of the auditor, available for reference later on, if required.

Some of the important content recorded in the audit notebook are as follows:

Name of the business and its structure

List of books of accounts maintained by the enterprise

Errors and fraud discovered

List of missing vouchers and receipts

Matters to be specified in audit report

Date of commencement and completion of audit

Audit Program The audit note-book has great evidentiary value in case of any charge of negligence is

brought against the auditor by the client. Specimen of entries in an Audit Note Book to indicate the manner in which entries in

those books ought to be made: Voucher No. Account Amount (Rs.) Query How disposed of

38 Advertisement 1,600 MD sanction required Sanction obtained

107 Rent 1,500 Rent, bill & Receipt required Receipt & bill obtained

306 Das & Co. 3,474 Receipt required Party reminded

42 Machinery 1,49,160 Board’s sanction required Sanction obtained

89 Stores 7,403 Invoice required Party reminded

AUDIT DOCUMENTATION [SA- 230] [May 98, Nov 2003, Nov 2007, May 2008, May 2010, Nov 2010, May 2011, Nov 2011, Nov 2012, May 2013, Nov 2013]

SA 230 is applicable on “Audit Documentation.” Audit working papers comprise all documents prepared or obtained by the auditor and

retained by him in connection with the performance of his audit. Working paper should state

Client’s name


35

Type of engagement

Nature of client’s business

Degree of reliance on internal control

Sources of information

Conclusion reached

Supervision and review of work performed by assistant

Factors governing the form and content of working paper [May 2013-5 Marks]

Size and complexity of the entity

Nature of audit procedures to be performed

Significant of the audit evidence obtained

Identified risk of material misstatement

Nature and extent of exception identified

The auditor should document the matters which are important in providing evidence that the audit was carried out in accordance with the basic principles.

The audit working papers constitute the link between the auditor’s report and the client’s records.

Audit documentation may be recorded on paper, on electronic or other media Specific Documentation:

a) Documentation of discussion

The auditor should document discussion of significant matters with management and those charges with governance. These documents should give the following details:

Nature and particulars of the matters discussed

Date of discussion

With whom the matter was discussed

The auditor’s conclusion of the matter discussed. b) Documentation of departure from a relevant requirement

In case there is any departure from specific requirement of any standard on auditing, such reason of departure should be properly documented. This involves the auditor documenting how the alternative audit procedures performed.

c) Documentation of matters arising after the date of auditor’s report

If in exceptional circumstances, the auditor performs new or additional audit procedures, or draw new conclusion after the date of auditor’s report, the auditor

shall document:

The circumstances encountered

The new or additional procedures performed, audit evidences obtained and conclusion reached, and their effect on auditor’s report.

When and by whom the resulting changes to audit documentation were made and reviewed.


36

Working papers should be designed and properly organised to meet the circumstances of each audit.

Audit documentation serves a number of purpose including: [Nov 2013] Assessing the engagement team to plan and perform audit Enabling the engagement team to be accountable for its work To enable the engagement partner for direction, supervision and review the work

performed by engagement team members.

For quality control review.

For future reference in case of recurring audit

External inspection. (Peer Review)

The extent of documentation is a matter of professional judgement. It is neither necessary nor practical that every observation etc. pertaining to an audit is documented. However the working paper should be sufficiently complete and detailed for an auditor

to obtain an overall understanding of an audit. Auditor is the owner of working papers relating to audit. An auditor should retain the working paper for a period of time sufficient to meet the

requirement of practice. As per the ICAI auditor should retain the paper for 7 years. The auditor shall assemble the final audit file within 60 days after the date of auditor’s

report and after the assembly of the final audit file, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period of 7 years. If it is necessary to add new documentation after compilation the auditor will document the specific reason for making them and when and by whom they were made and reviewed.

Classification of working papers Working paper file may be classified as follows

Permanent Audit File: Permanent audit files are those which are of continuing

importance and will be required in future audits. It only needs to be updated from time to

time. A permanent audit file normally includes the following: (May 90, Nov 90, Nov 92,

May 97, Nov 97, Nov 05, Nov 07)

Memorandum and Article of association of the Company Record of study and evaluation of internal control Copies of audited financial statement of previous years Notes relating to significant accounting polices Record of communication with retiring auditor Important audit observation of earlier years

Current Audit File: Current audit files contain the information relating to audit of single

period. It includes the following: [Nov 90, Nov 07, Nov 2012]

Correspondence relating to acceptance of annual reappointment Audit programme Letters of representations and confirmation from clients Copies of communication with experts or other auditors


37

Analysis of transactions and balances Conclusion reached about significant aspects of audit Copies of financial information being reported along with related audit reports

AUDIT SAMPLING [SA-530] [May 98, May 99, Nov 2013]

The term test check stands for the method of auditing where instead of a complete

examination of all the transactions recorded in the book of account only some of the transactions are selected and verified.

Test checking is an accepted auditing procedure where in only a part of it is checked to form an opinion instead of checking all transactions.

Audit sampling means the application of audit procedures to less than 100% of items within a population

Population means the entire set of data from which a sample is selected.

Sampling risk means the risk that auditor’s conclusion based on a sample may be

different from the conclusion if the entire population were subjected to the same audit

procedure.

Non Sampling Risk means the risk that the auditor reaches an erroneous conclusion for

any reason not related to Sampling Risk. For example use of inappropriate audit

procedures, misinterpretation of audit evidences etc.

There may be two types of sampling risk:

Type-1 That controls are more effective than they actually are and no material

misstatement exist

Type-2 That controls are less effective than they actually are and material

misstatement exist.

The auditor shall evaluate the result of sample and whether the use of audit sampling

has provided a reasonable basis for conclusion about the population that has been

tested.

Precautions to be taken in Adopting Test Checking Techniques

a) The transaction of the concern should be classified under appropriate heads and

may be stratified if wide variations are there between transactions of same kind.

b) Internal control relating to transaction should be reviewed.

c) Examination in depth should be done

d) Auditor should identify the item not suitable for test checking.

e) The number of transaction to be selected for each test check plan should be

predetermined.


38

Circumstances under which test checks can be adopted

a) In case of a big concern where number of transactions are quite large

b) Where the auditor has very little time to check all the transactions c) Number of the transactions should be identical in nature d) Existence of satisfactory internal control system

Transactions not suitable for test checks [May 97, RTP]

a) Opening and closing entries b) Transactions involving calculations like depreciation, commission etc. c) Transactions of exceptional or non recurring nature d) Bank reconciliation statement e) Balance sheet items f) Compliance with statutory provisions

Test checking may either be judgemental or statistical. [May 2000] Auditor based on his judgement decides whether to use a statistical or non

statistical sampling method

Judgemental Sampling: Under this method, the sample size and its composition are determined on the basis

of the personal experience and knowledge of the auditor. This method has been in common application for many years because of its

simplicity in operation.

For example, March, June and September may be selected in year one and different months would be selected in the next year.

An attempt would be made to avoid establishing a pattern of selection year after year to maintain an element of surprise as to what the auditor is going to check.

It is a common practice to check large number of items towards the close of the year so that the adequacy of cut-off procedures can also be determined.

In judgement sampling the auditor’s opinion determine the sample size but it cannot be measured how far the sample size would fulfil the audit objective.

Statistical Sampling:

Statistical sampling is a method of audit testing which is more scientific than testing

based entirely on the auditor’s own judgement because it involves use of mathematical laws of probability in determining the appropriate sample size.

Statistical sampling has reasonably wide application where a population to be tested consists of a large number of similar items.

Advantages of statistical sampling are: a) It is more scientific. b) No personal bias


39

c) Sample selection is more objective as based on mathematical law of probability. Disadvantages of statistical sampling are:

a) It is complex to operate b) It is not suitable for the audit staff having no knowledge of statistical technique.

Selecting the Sample

The auditor should select the sample item in such a way that the sample can be expected to be representative of the population.

Samples can be selected either via random sampling or via systematically sampling.

Random Sampling

Random selection ensures that all items in the population or within each stratum have a chance of selection.

It may involve use of random number tables. Random sampling includes two very popular methods which are discussed below: Simple Random sampling [May 2012]

Under this method each unit of the whole population e.g. purchase or sales invoices has an equal chance of being selected.

The mechanics of selection of items may be choosing numbers from table of random numbers by computer or picking up numbers randomly drum.

It is considered that random number tables are simple and easy to use and also provide assurance that the bias does not affect selection.

Stratified sampling

This method involves dividing the whole population to be tested in a few separate groups called stratum and taking a sample from each of them.

Each stratum is treated as if it were a separate population. The number of groups into which the whole population has to be divided is

determined on the basis of auditor judgement.

For example debtor balance may be divided into four groups as follows:

Balance in excess of Rs. 1,00,000 Balance in the range of Rs. 75,000 to Rs. 1,00,000 Balance in the range of Rs. 25,000 to Rs. 75,000 Balance below Rs. 25,000


40

Systematic Sampling / Interval Sampling It involves selecting items using a constant interval between selections. The first interval having a random start. The interval might be based on certain number of items (for example every 20th

voucher). When using systematic selection, the auditor should determine that the population is

not structured in such a manner that the sampling interval corresponds with particular patterns in the population. For example if in a population of branch sales,

particular branch sales occur only as every 100th item and the sampling interval is 100. The result would be that either the auditor would have selected all or none of the sales of that particular branch.

To minimise the effect of the possible known buyers through a pattern in the population, more than one starting point may be taken.

Block Sampling This method involves the selection of a defined block of consecutive items. For example take the first 200 sales invoices from the sales day book in the month of

September; alternatively take any four blocks of 50 sales invoices. Selection of month may be on random basis. There is a close similarity between this method and judgemental sampling.

Cluster Sampling This method involves dividing the population into groups of items known as

clusters. A number of clusters are randomly selected from all the clusters rather than

individual items of the population. E.g. 600 invoices are divided into 15 clusters having 40 invoices each, then selecting

6th, 8th, and 13th cluster.

SURPRISE CHECK [May 2005, May 2013]

Surprise check refers to the out of routine check that is carried out in the normal course

of audit. Such checks are the important part of the audit procedures. The auditor in the circumstances of each audit may determine frequency of such checks. These checks preferably should be at least once during of the audit.


41

Surprise checks are mainly intended to ascertain whether the system of internal control is operating effectively.

Surprise check may be with respect to the [4 Marks, May 2008]

Verification of cash and investments.

Test verification of stores & stocks and records relating thereto

Verification of books of prime entry and statutory registers.

The result of surprise check should be communicated to the management if they reveal any weakness in the system of internal control or any fraud or error or deficiency in the

maintenance of records. The auditor should satisfy himself that an adequate action has been taken on the matter communicated by him to the management. It is not necessary in all cases for the result of surprise check to be included in the auditor report. They however should be included if in the opinion of the auditor they are material effect and affect the true & fair view of financial statement. EXAMINATION IN DEPTH [Nov 94, Nov 95, Nov 97, May 2000, Nov 2007, May 09, Nov 2012 4 Marks, Nov 2013] It implies examination of a few selected transactions from the beginning to the end

through the entire flow of transaction It involves studying the recording of transaction at the various stages through which

they have passed. At each stage, relevant records and authorities are examined, it also judged whether the

person who has exercised the authority in relation to the transaction is authorised to do so in terms of the prescribed procedure.

Examination in depth of the transaction relating to the payment of a creditor for goods supplied would involve verification of the following:

Purchase requisition

Invitations of the quotations and analysis of the same

Official purchase order

Receipts of goods along with delivery challan

Taking goods to store room after verification of quality and quantity

Entry into store records

Receipts of the suppliers invoices

Entries into purchase day book

Posting to purchase ledger and purchase ledger control account

Payment of cheque in settlement after discount, if any

Entries in cash book, ledgers.

AUDIT RISK [Nov 99, Nov 2002, May 2004, Nov 2013]

Audit risk means that the auditor may give an inappropriate audit opinion when the

financial statements are materially misstated.


42

Audit risk is a function of the risk of material misstatement (Inherent risk & Control risk) and detection risk.

Audit risk has three components:

Inherent Risk [Nov 2012, 4 Marks]

It is the susceptibility of account balances or class of transaction to misstatement that could be material, either individually or when taken together with misstatements in other balances or classes, assuming that there were no internal controls.

Such risk can only be assessed and not reduced The auditor should study and evaluate the degree of inherent risk in order to determine

the audit plan.

Control Risk- [Nov 2005]

Control risk means the risk that a material misstatement could occur but would not be prevented or quickly detected by the organisation’s control.

The preliminary assessment of control risk is the process of evaluating the likely effectiveness of an entity’s internal control system’s in preventing or detecting and correcting material misstatements.

Such risk can only be assessed and not reduced

Detection Risk

Detection risk means the risk that the auditor will fail to detect a material misstatement in the financial information.

Detection risk relates directly to the effectiveness of audit procedures. It is the risk relating to substantive procedure due to sample & test checking. Auditor can increase or decrease it by changing nature, timing and extent of audit. In the case where inherent and control risk are very low, the auditor should perform

some substantive procedures.


43


1) Term of engagement must not be decided in advance.

False Client and auditor should agree on terms of engagement by way of an audit

engagement letter to avoid any misunderstanding. Thus, auditor should send an

engagement letter, preferably before commencement of engagement.

2) Planning is indispensable part of audit process.

True- The auditor should plan his work to enable him to conduct an effective audit in

an efficient and timely manner. It should be based on knowledge of the client business.

3) Audit program helps the assistants in several ways.

True- It contains instruction for staff as to work to be done. Moreover due to properly

written program there is no chance of forgetting/ overlooking some important matter.

Program clearly sets out as to who is required to do a particular work, thus

responsibility can be fixed.

4) Audit program cannot be of any use in future.

False It serves as guide for audits to be carried out in succeeding years. Moreover, in

case auditor faces some case for negligence, he can defend himself by showing it.

5) Audit program does not suffer from limitations.

False The program often becomes rigid & inflexible. Assistants are not able to change it

as per requirements of specific case. Moreover hard and fast program hurts the

initiative & judgemental skills of hard working assistants.

6) Final audit reduces the chance of manipulation in accounts.

True- Final audit begins after the books have been closed at the end of accounting

period & then carried on continually till completion. Work is carried out in single

continuous sitting. Thus there will be no manipulation in accounts, once closed.

7) In continuous audit auditor goes to client site at end of year.

False When audit is conducted during the financial year i.e. accounts are checked the

whole year round it is termed as continuous audit. Usually audit staff is present at

client’s site almost during the entire accounting period.

8) Continuous audit does not have any limitation.

False Continuous audit has many limitations like alteration of records after being

checked, not suitable for small business etc.

9) Working paper should be kept up to four years.

False As per the ICAI, documentation is the property of auditor & he should maintain it

at least up to seven years from the date of signing of audit report.

10) Results of surprise checks are always included in auditor’s report.

False It is not necessary in all cases for the results of the surprise checks to be included

in the auditor’s report on the accounts. They should however be included if in the

opinion of the auditor, they are material and effect the true & fair view of the accounts.

11) Test checks refer to out of routine checks that are carried out in the normal course

of audit.


44

False Test checks refers to an audit procedure wherein only a part is checked to form an

opinion instead of checking all the transactions.

12) Audit procedures and audit techniques are not one and same thing.

True Audit procedures are two Compliance procedures and Substantive procedures. To

apply these procedure auditor uses some specific methods known as audit techniques.

13) Auditing in depth implies that the auditor vouches almost all transaction in a

manner that the chances of not checking any transaction are left at minimum.

False Auditing in depth does not mean the 100% vouching. It is checking selected

transaction from beginning to end to understand the entire system within which the

transaction passes through.

14) While auditing the accounts of a company, it is obligatory that the auditor must

adopt sampling technique.

False It is not obligatory that the auditor must adopt sampling technique while auditing

the accounts of a company.

15) The auditee firm has no right to compel the auditor to provide copies of the

working papers.

True Working papers are the property of the auditors so auditee has no right to compel

the auditor to provide copies of the working paper.

16) Analytical procedures are unable to help the auditor in determining the nature,

timing and extent of other procedures at the planning stage.

False- SA 520 “Analytical Procedure” puts forward that application of analytical

procedures helps the auditor to find the aspects of the business of which he was

unaware and it will also assist him in determining the nature, timing and extent of audit

procedures.


45

Chapter-4 INTERNAL CONTROL

INTERNAL CONTROL Internal control is the process designed, implemented and maintained by TCWG &

management to provide reasonable assurance about the achievement of entity’s objectives with regard to 1. Carry on the business in an orderly manner, 2. Safeguard of the assets 3. Secure as far as possible the accuracy and reliability of its record 4. Prevention and detection of fraud and error

Component of Internal Control

1. Information system

2. Control environment 3. Risk assessment procedure of the entity 4. Activity related to control 5. Monitoring of control

The internal control also includes the system of internal check and internal audit. The management is responsible for maintaining an adequate accounting system

incorporating various internal controls to the extent appropriate to the size and nature of the business.

The system installed should be reviewed by the management to ascertain whether the prescribed management policies are being properly interpreted by the employees and are faithfully implemented.

Followings are the aims of internal control so far as financial and accounting aspects are concerned [Nov 2003]

Providing the flow of work through various stages.

Segregation of accounting and custodian function.

Securing proper documentation at each stage.

Safeguard of the assets

Making the work simpler

Lowering the chances of occurrence of errors and frauds.

Minimising loss and wastage

Preparation of periodical accounting and financial report.

Encouraging employees to do willingly with best of this ability and knowledge

Discouraging employees from non- compliance with the prescribed procedures.

INHERENT LIMITATION OF INTERNAL CONTROLS [N0v 07-7 Marks, Nov 2013-8 Marks] The objective of internal control can only be reasonably, and not absolutely, achieved due to the following limitations:


46

Benefit expected from a control may not commensurate with cost of implementation.

The potential for human error such as due to careless, misunderstanding of instructions.

Possibility that a person responsible could misuse the authority.

Manipulations by the management in the preparation of financial statement.

Most internal controls do not tend to be directed at transactions of unusual nature. Possibility that procedures may become inadequate due to change in conditions.

REVIEW OF INTERNAL CONTROL BY THE AUDITOR [May 1995- 8 Marks]

To facilitate the accumulation of the information necessary for the proper view and

evaluation the auditor should use any one of the following: 1) Narrative Record: This is a complete and exhaustive description of the system as

found in operation by the auditors. It is suitable where: - No formal control system is in operation. - The size of the business is small.

2) Check list:

A checklist is a series of instructions and questions which the auditor should follow and answer.

The complete check list is studied by the principal/ manager/ senior to ascertain the existence of internal control and evaluate its implementation and efficiency.

Answer to checklist is usually in form of Yes, No or Not Applicable Example- Are tenders invited before placing order- Yes/ No. Are the purchases made on the basis of a written order? Is the purchase order form standardised? Are purchase order forms pre-numbered?

3) Questionnaire- [May 2007, Nov 2010, May 2013] Internal control questionnaire is a set of questions designed to provide a thorough

view of the state of internal control in an organisation. This is most widely used for collecting information about the existence, operation

of internal control in an organisation. The auditor may prepare a standard questionnaire to be used with suitable

modification in the case of all audit engagements or he may prepare a fresh one for each audit engagement.

The questionnaire is usually issued to the client and client is requested to get it filled by the concerned executives and employees.

The questions should be so designed that an answer can be provided by mere ticking of the word “YES” or “NO” or “NOT APPLICABLE”. Usually questions are framed in such a way that “NO” shows the weakness. Example- Do you keep invoice pre numbered? Yes/No


47

4) Flow Chart- [Nov 2013]

It is graphic presentation of each part of the company’s system of internal control. A flow chart is considered to be the most concise way of recording the auditor’s

review of the system. It minimizes the time involved in getting narrative explanations. It gives bird’s eye view of the system. Its disadvantages are (i) its time consuming (ii) technical knowledge is required.

For example- Stock control procedure can be depicted in the form of diagram.

INTERNAL CONTROL EVALUATION The ICE brings to light importance of those weakness disclosed by ICQ. ICQ incorporates a large number of detailed questions but not attempt to distinguish

their relation in materiality. ICE isolates the main control objectives within the area of

review of their materiality. ICE requires audit personnel to state whether, an apparent weakness may prove to be

material in relation to the account as a whole. ICE is further an extension of ICQ; it is not the substitute of ICQ.

COMMUNICATION OF WEAKNESS IN INTERNAL CONTROL [June 2009-5 Marks, May 2013-4 Marks] The auditor should make management aware at appropriate level of responsibility of

material weakness in the design or operation of accounting and internal control system, which has come to his attention.

This communication should be in writing through a letter of weakness or management letter.

Lapses in operation of internal control too are reported in the communication of weakness.

The communication of weakness is reported to management of such weakness in design and operation of internal control as have come to notice of auditor during his auditing.

INTERNAL AUDIT [RTP, May 88, May 92, Nov 2011]

Internal audit is an audit conducted on behalf of the management of an enterprise. Internal audit involves an examination and evaluation of various activities of an

enterprise. The exact scope of an internal audit in a particular situation is determined by the

management in the context of its specific requirements. Objectives of Internal audit are


48

To verify the accuracy of the financial accounting.

To establish that there is a proper authority for every acquisition, disposal of assets.

To facilitate the prevention and detection of fraud

To make special investigation for management.

To provide new ideas to the management

To confirm that liabilities have been incurred for the activities of the entity.

Review of compliance with laws and regulations. Internal audit is carried out by staff specially assigned for it.

INTERNAL CHECK [May 2001, May 2006- 8 Marks, Nov 2006-6 Marks, May 2012-8 Marks] It is type of control which focuses on drafting of procedures.

Internal check means the arrangement of duties of staff in such a manner that the work of one person is automatically checked by another during the course of carrying out, recording and processing of transaction.

The accounting of transactions has a number of processes such as posting to the concerned books of accounts, recording receipts and payments of cash etc. These processes are entrusted to various numbers of staff. Thus in an internal check practically a continuous internal audit is carried on by the staff itself.

Internal check is valuable part of internal control. Internal check is procedure oriented. General consideration in framing a system of internal check:

[RTP, Nov 89, May 09, Nov 06, May 2012]

No single person should have an independent control over any important aspects of

the business. The duties of the staff members should be changed from time to time without any

previous notice.

Every member of the staff should be encouraged to go on leave at least once in a year. Frauds successfully concealed by the employees are unearthed when they are

on leave. Persons having physical custody of the assets must not be permitted to have access

to the books of accounts.

Mechanical devices such as automatic cash counting machine may be employed.

Budgetary System should be implemented.

Internal Check Internal Audit

Internal check means the arrangement of duties of staff in such a manner that the work of one person is automatically checked by another during the course of carrying out, recording and processing of transactions

Internal Audit is an audit conducted on behalf of the management of an enterprise with the objective of assisting the management to discharge its responsibility effectively.

Objective is to minimize and detect errors and frauds.

Main objective is evaluating the effectiveness of organizational control.

It is an integral part of the regular operations Internal audit is carried out by staff specially assigned for it


49

It is merely an arrangement of book keeping and clerical duties.

It involves evaluating the quality and operation of the various other control

Internal checks are procedure oriented Internal audit is control oriented

INTERNAL CONTROL IN THE SMALL BUSINESS

The auditor needs to obtain the same degree of assurance in order to give an unqualified

opinion on the financial statements of both small and large entities.

However, many controls which would be relevant to large entities are not practical in the

small business. For example in small business accounting work may be performed by only

a few persons.

These persons may have both operating and custodial responsibilities.

Segregation of function may be missing or severely limited.

As segregation of duties is limited or evidence of supervisory control is lacking, there is

high control risk.

Due to high control risk he has to perform substantive procedures in details to reduce the

detection risk.

INTERNAL CONTROL FOR COLLECTION OF TUITION FEES FROM STUDENT

OF COLLEGE [June 2009- 6Marks]

There must be a clear cut tuition fee structure approved by the college council.

The challan or paying in slip should contain necessary fields for identifying the roll

numbers of the student, class and period for which fees is paid.

The paying in slip when filled by the students should be checked for its correctness as to

applicable amount etc by one clerk and the amount should be entered in a scroll.

The cashier scroll and authorising officers’ scroll should be checked by an officer daily.

All remittance should be banked each day.

Alternatively the fees may be directly remitted into bank and banker’s daily remittance

slip should be scrutinised by college officers.

Arrear list should be periodically prepared from the students rolls.

Delayed remittance should carry fines or compensating charges for delay.

INTERNAL CONTROL AND THE COMPUTERISED INFORMATION SYSTEM

(CIS) ENVIRONMENT

CIS Environment and audit in CIS Environment [Nov 2000, May 2004, Nov 2005]

CIS audit is the process of auditing in a computerised environment.


50

The overall objective and scope of an audit does not change in a CIS environment.

The use of a computer changes the processing and storage of financial information and

may affect the organization and procedure employed by the entity to achieve adequate

internal control.

CIS environment affect the procedures followed by the auditor to obtain audit

evidences.

The auditor should have an understanding of computer hardware, software and

processing system. Specialised skills and competence may be required to:

Determine the effect of CIS environment on the assessment of overall audit risk.

Design and perform appropriate compliance procedures and substantive

procedures.

Evaluate the result of procedures performed.

When the auditor delegates work to assistance or uses work performed by other

auditor or expert, the auditor should have sufficient knowledge of CIS to:

Direct, supervise and review the work of assistants with CIS skills.

Obtain a reasonable assurance that the work performed by other or expert with CIS

skills is adequate for his purpose.

The auditor should gather information about CIS environment that is relevant to audit

plan, including the information: [May 2013-4 Marks]

1) How the CIS function is organized. 2) The computer hardware and software used by the entity 3) Each significant application processed by the computer 4) Nature of processing (Batch, Online real time)

INTERNAL CONTROL IN CIS ENVIRONMENT

[Nov 98, Nov 2002, May 2003-8 Marks, May 2007- 4 Marks, May 2010-5 Marks]

The auditor should acquire the knowledge of accounting system to gain an understanding

of the overall control environment and the flow of transactions. The auditor should

consider:

General CIS Controls


51

CIS application controls

General CIS Controls The purpose of general CIS controls is to provide a reasonable level

of assurance that the overall objectives of internal control are achieved. It includes:

a) Organization and Management Controls: These are designed to establish an

organisational framework over CIS activities including

Policies and procedures relating to control functions

Appropriate segregate of incompatible functions

b) Application System Development and Maintenance Controls: These are designed to

provide reasonable assurance that system are developed and maintained in an

authorised and efficient manner. These are designed to control over

Changes to application system

Access to system documentation

Acquisition of application system from third parties

Testing, implementation and documentation of new or revised system.

c) Computer Operation Controls: These are designed to control the operation of the

system and to provide reasonable assurance that

Only authorized programs are used (Password control, personal identification No.)

Processing errors are detected and corrected

System are used for authorized purpose by authorized personnel

d) System Software Controls: These are designed to provide a reasonable assurance that

system software is acquired or developed in authorized and efficient manner, including:

Restriction of access to authorised personnel only

Authorization, approval, testing, implementation and documentation of new

system software and modifications.

e) Data Entry and Program Controls: These are designed to provide reasonable assurance

that

Access to data and programs is restricted to authorised personnel

An authorization structure is established over transactions being entered in to the

system.

There are other CIS safeguards that contribute to the continuity of CIS processing. These

may include:

Off site back up of data and computer programs

Provision of offsite processing in the event of disaster.

Recovery procedures for use in the event of theft, loss, destruction etc.


52

CIS Application Controls: The purpose of CIS application control procedure over the

accounting application in order to provide reasonable assurance that all transactions are

authorised and recorded and are processed completely, accurately and on a timely basis.

a) Control over Input: These controls provide reasonable assurance that

Transaction are properly authorised before being processed by the computer.

The system should devise controls to check that data input are accurate

Transactions are not lost, duplicated or improperly changed

Incorrect transactions are rejected or submitted after correction.

b) Controls Over Processing and computer data files: These are designed to provide

reasonable assurance that

Processing errors are identified and corrected on a timely basis

Transactions are not lost, added or improperly changed

Transactions are properly processed by the computers

c) Control over Output: These provide assurance that

Results of processing are accurate

Access to output is restricted to authorized personnel

Output is provided to appropriate authorised personnel on a timely basis.

AUDIT TRAIL [Nov 2004- 4 Marks]

An audit trail refers to a situation where it is possible to relate, the original input with

the final output (i.e. on an one to one basis)

In other words, audit trail means a link between few records or a path for audit

Example- Approval of a transaction, its documentation, entry in a book of original

entry, posting to ledger, ledger account balancing, trial balance, classification and

summarisation of balances and presentation of in a financial statement.

Hence for each transaction there is an audit trail.

When there is significant visible audit trail, the work of auditor is not affected and he

not changes his approach to audit.

In CIS environment there is absence of audit trail due to factors such as

Direct data entry into the system

Direct posting of transactions to master file

Elimination of reports as information is supplied on-line

The auditor may use special technique to overcome the loss or changes in audit trail.

Some measure to overcome the loss of audit trail may include

Programmed Interrogation Facilities

Arranging for special printouts containing additional information


53

Reliance on alternative tests.

Audit Software/ Computer Aided Audit Technique (CAAT).

AUDITING AROUND THE COMPUTER (BLACK BOX APPROACH)

[Nov 99, May 2002, May 2005,]

The auditor determines his audit procedures without taking into account the fact of

use of computer for processing of information.

In the Black box approach, the auditor concentrate on input and output and ignores the

procedure of how computer process the data or transactions.

The auditor carries out the audit more or less in the same manner as in manual system

except that instead of handwritten books of account, he examines computer printouts.

The auditor can usually audit around the computer when either of following situation

applies to application system existing in the installation

The system is simple.

The system uses generalised software that is well-tested and widely used by many

institutions.

The primary advantage of this approach is simplicity. Auditor having little technical

knowledge of computer can be trained easily to perform the audit.

The disadvantage of this system is that it is not beneficial for complex system and this

system follows the pattern of historical audit.

AUDITING THROUGH THE COMPUTER (WHITE BOX APPROACH)

[May 98, Nov 99, May 2002, Nov 2003, May 2005]


54

The auditor evaluates the internal controls relating to CIS and on the basis of this

evaluation, determines the nature, timing and extent of his substantive procedures.

Situation where it must be used (May 2007)

The computer processes a large volume of input and resultantly produces a large

volume of output.

The significant parts of the internal control system are embodied in the computer

system itself.

The logic of the system is complex.

The auditor takes the computer as a target of audit

The auditor can used the computer to test

The logic and controls existing within the system

The records produced by the system

The primary advantage of this approach is the auditor has increased power to

effectively test a computer system.

The primary disadvantage of this approach is it need for extensive technical expertise.

COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS)

[May 2006, Nov 2007, Nov 2011-8 Marks]

CAATs are those techniques which undertake assistance of computer for being applied

to an audit in a computerised environment.

The use of CAATs may be useful because of following reasons:

Internal Storage

Disappearance of Audit trail

Absence of input documents

Lack of visible output

CAATs can be used for both compliance procedures and substantive procedures

Benefit of CAAT

1) Time Saving: Auditor can check voluminous data in less time by using CAAT, so

there is a much time saving.

2) Audit effectiveness: The effectiveness and efficiency of auditing procedure will be

improved through the use of CAAT.

3) Effective test checking and examination in depth: CAAT permits effective

examination in depth of selected transactions.

CAAT's are very effective in performing ARP because the software can easily trace

unusual fluctuations and hard copy can be generated for auditor's ready reference.


55

When planning the audit, the auditor may consider an appropriate combination of

manual and computer assisted audit techniques.

Followings are CAATs :

Test Data: The auditor enters a set of data in to entity’s system and compares the

result with predetermined results. These test data are chosen by the auditor.

Audit programme: This implies that a processing run is undertaken using a tested

programme under the control of the auditor.


56


1) Maintenance of internal control system is responsibility of auditor.

False- Internal control system is the plan of organisation and all policies & procedures

adopted by management to ensure, orderly & efficient conduct of business. Thus it is

responsibility management.

2) Internal control questionnaire easily shows weakness in internal control system.

True- In internal control questionnaire usually questions are framed on such a way that

NO shows weakness. Thus weakness is easily located.

3) Preparation of flowchart can be time consuming.

True- Flowchart is graphic presentation of each part of entity’s internal control system.

It is time consuming to prepare a flowchart, which is concise yet showing every

important aspect of internal control.

4) Internal check is part of internal control system.

True- Internal check is check on day to day transaction, operating continuously as part

of routine system, whereby work carried out by one person is automatically checked by

another. Internal check is part of overall internal control system & operates as a built in

device.

5) Audit risk has three components.

True- Audit risk is the risk that auditor may give an inappropriate opinion when the

financial statements are materially misstated. Audit risk has three components viz

inherent risk, control risk, and detection risk.

6) Components of audit risk include sampling risk.

False- Audit risk is the risk that auditor may give an inappropriate opinion when the

financial statements are materially misstated. Audit risk has three components viz

inherent risk, control risk, and detection risk. It does not include sampling risk.

7) Inherent and control risk should be assessed on a combined level.

True- The auditor should make a combined assessment of the inherent risk and control

risk. This is because the management often reacts to inherent risk situation by designing

suitable internal control system to prevent or detect and correct material misstatement.

8) There is direct relationship between detection risk and combined level of inherent

risk and control risk.

False- There is an inverse relationship between detection risk and combined level

of inherent risk and control risk.

9) Auditor should not communicate weakness in the internal control system to the

management, as he checks only financial statement.

False- These should be communicated in writing to the management in a timely

manner.

10) Internal controls in CIS are of two types. True There are 2 types of control in CIS (1) General CIS control, (2) CIS application control.

11) Auditing around computer require computer expertise on part of auditor.


57

False Under this approach, the auditor determines his audit procedure without considering the fact of use of computers for processing of information. The auditor carries out the audit work more or less in the same manner as in manual system. Thus, he does not require computer expertise.

12) Auditing through the computer is required under many situations. True It is required due to online data entry, Real time file updation, Reduction of printouts.

13) Audit software is the property of client. False- It is a set of computer programs used by the auditor as part of his auditing

procedures to process data of audit significance from the entity accounting system. Thus it is the property of auditor.

14) Performing audit in CIS environment is always simpler than in manual

environment since trial balance always tallies. False- While auditing in CIS environment, auditor has to face many hurdles like loss of audit trail, unauthorised amendments to client’s data and program. Moreover, here auditor requires technical expertise also. Thus it is not simple to audit in CIS environment even if trial balance tallies.

rathore institute auditing & assurance - wordpress.com · rathore institute auditing &...

Documents