ABFA 3114 Principle of Audit

School of Business Studies
ABFA 3114
PRINCIPLES OF AUDITING
TABLE OF CONTENT
Syllabus and Course Strategy Unit Plan Assessment Format Chapter 1: Introduction to Auditing 2: Regulatory Framework and Professional Ethics 3: Auditors Report 4: Accounting and Internal Control Systems 5: Audit Evidence 6: Audit Procedures 7: Audit Risk and Materiality 8: Audit Planning and Control 9: Auditing Cash & Bank System 10: Auditing Property, Plant & Equipment 11: Computer in Auditing
ABFA3114 Principles of Auditing
Page 2
Course Strategy and Syllabus Unit title Unit code Level of study Credit point :4 : Principles of Auditing : ABFA 3114 :3
School offering this unit : School of Business Studies Class contact Hours Average Weekly -Lecture -Tutorial -Practical Semester Assessment mode Pre-requisite unit Co-requisite unit :4 :3 : 1.5 : none :7 : Examination (60%) Coursework (40%) : none : none
Rationale The unit introduces students to the role of external audit, a core activity in the accountancy profession. Accounting students at this level must have an understanding of the role and responsibility of the external auditor in relation to an independence audit and the principles that bind the auditor.
Aims 1. To provide students with a basic understanding of the nature, purpose and scope of a statutory audit
Page 3
2. To equip students with basic knowledge of an audit process and the general auditing procedures an external auditor undertakes to achieve the audit objectives 3. To enable students to apply their knowledge in the audit of Property, Plant and Equipment (PPE) and Cash and Bank systems.
Anticipated Learning Outcomes On completion of this unit, students should be able to : 1. Explain the development, nature, purpose and scope of an audit in relation to the regulatory framework that affects or binds the auditor 2. Demonstrate an understanding of audit risk assessment. 3. Apply the internal control systems in PPE and cash and Bank system 4. Explain the key audit procedures to be performed in relation to a given audit objective 5. Demonstrate an understanding of the elements and types of audit report.
Syllabus Content 1. Nature, purpose, scope and regulatory framework of auditing (20%) 2. An understanding of audit planning and audit strategy and audit evidence (25%) 3. Accounting system and internal control (20%) 4. Audit procedures (20%) 5. Audit report (15%)
Skills Integration Skills developed in the unit include identifying auditing issues in a given scenario and applying the appropriate auditing procedures
Page 4
Teaching and Learning Strategy Topics will be introduced by ways of lectures and developed through tutorials. During tutorials, Q&A sessions are held to assess students understanding of th e concepts, principles and procedures of auditing. In addition, students are also grouped into smaller groups of 5-6 students per group where they work together on a given scenario to identify key auditing issues and apply the appropriate procedures.
Core text 1. Auditing and Assurance Service in Malaysia, Messier/Glover/Prawitt Margaret Boh, 3rd Edition, Mc Graw Hill (ISBN978-983-3850-075) 2007. Other references 2. Auditing In Malaysia- An Integrated Approach, Alvin A. Arens, 11th Edition.
Page 5
SCHOOL OF BUSINESS STUDIES
Week Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9
Topic Introduction to Auditing
Reference AAS-Chapter 1 & 2
Regulatory Framework and Professional AAS- Chapter 1,2 & 19 Ethics Auditors Report AAS- Chapter 18 Accounting and Internal Control System Audit Evidence Audit Procedures (I) Audit Procedures (II) Audit Risk and Materiality Audit Planning and Control (I) AAS- Chapter 6 AAS- Chapter 4 AAS- Chapter 4 AAS- Chapter 4 AAS-Chapter 3 AAS- Chapter 5 AAS- Chapter 5 AAS-Chapter 16 AAS- Chapter 14 AAS- Chapter 7 AAS- Chapter 7
Week 10 Audit Planning and Control (II) Week 11 Auditing Cash and Bank System Week 12 Auditing Property, Plant & Equipment Week 13 Computer in Auditing Week 14 Computer in Auditing
Reference Core text 1. Auditing and Assurance Service (AAS) in Malaysia, Messier/Glover/Prawitt Margaret Boh, 3rd Edition, Mc Graw Hill (ISBN978-983-3850-075) 2007. Other references 2. Auditing In Malaysia- An Integrated Approach, Alvin A. Arens, 11th Edition.
Page 6
Assessment Format There are 2 parts of your assessment of the course: group assignment and final examination.
Component Course 40% work
Threshold Group Assignment Mid-term Test 40 marks 60 marks 100 marks x 50% 0.4 100 marks x 40% 0.6
Final Exam 60%
Written Exam
Total
100%
Group Assignment You will be required to form a group and carry out a specific research on the subject topics.
Format of Final Examination The final examination will be of THREE (3) hours long and comprise two parts: Part A: One Compulsory question (25%). You are given a case study and you are required to analyse the case and apply the theories to the scenario. Part B: You are required to answer THREE (3) questions out of FOUR (4) questions. You are given some short questions to work on. Each question constitutes 25%.
Page 7
CHAPTER 1 INTRODUCTION TO AUDITING ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Understand the nature, purpose and scope of audit Distinguish between accounting and auditing Understand different types of audits and auditors Understand the concept of true and fair view
Reference text: Auditing and Assurance Services in Malaysia- Chapter 1 & 2
Page 8
1,1 Nature, Purpose and Scope of Audit 1.1.1 A statutory audit simply means a legally required examination of an organisations annual accounts and financial records. 1.1.2 The objective/purpose of an audit is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. 1.1.3 Auditors do not certify or guarantee the correctness of financial statements; they report whether in their opinion they give a True and Fair View of the financial position. True and Fair View (UK) = Present Fairly (US). Express opinion is different from guarantee or certification of 100% correctness. Auditor just obtains reasonable assurance that the financial statements do not contain material misstatement (serious mistakes). 1.1.4 Reasonable assurance means the auditor obtains certain degree of comfort that the financial statements do not contain material misstatement. 1.1.5 Why reasonable (less than 100%) assurance? Or why not absolute (100%) assurance? This is because auditing has some inherent limitations. These inherent limitations are: Use of sampling testing. Auditors use samples to test the transactions because it is impossible for auditor to check every transaction. When applying sampling, there is always a risk of taking the wrong samples. Inherent limitations of internal control. There is always possibility of employee collusion, management override or human errors. Audit evidence is persuasive, not conclusive. Persuasive means giving evidence to believe; whereas, conclusive means 100% correct or wrong. Use of auditors judgement. Auditors often use professional judgement to make decision where there is always a risk that the judgement may be inappropriate.
ABFA3114 Principles of Auditing Page 9
1.1.6 In Malaysia, external audit of financial statements is mandatory (i.e. mandatory audit is also known as Statutory Audit) for every company, regardless of size, that is registered under Malaysias Companies Act 1965. 1.1.7 The concept of agency (Principals and Agents) Modern auditing has developed since the concept of a company as a separate legal entity came into existence. It means the separation of ownership and the management of the company. For listed companies the owners of company are its shareholders and they may not be involved in the daily operation of company. The company will be run by directors, who are elected by shareholders. The shareholders expect a return on investment, while the directors expect to be paid for salary. Thus shareholders need to have confidence that accounts prepared by directors are accurate and comply with the required standards and regulations. To ensure that the financial statements are drawn accurately, they employ auditors to check its financial statements. The job of external auditors is to report whether the financial statements show True & Fair view. By having this independence check the shareholders gain confidence in terms of money is being handled properly.
Page 10
Principal provides capital and hires agent to manage it.
Agents are hired to manage the Company on behalf of principals. Agents are paid for their services
Principals (Owners)
Conflicts of interest lead to information risk for the principal
Agents (Directors)
Auditor reports the financial position to the principal
Auditor is appointed by principal to review the performance of agents
Agent is accountable to principals. Agent need to manage the company as entrusted.
Page 11
An overview of the Principal-Agent relationship leading to the demand for auditing 1.1.8 The concepts of accountability, stewardship and agency. Accountability means that people in positions of power can be held to account for their action. For example, they are compelled to explain their decision/action or be punished if they have misuse their power. Stewardship is the responsibility to take good care of resources. A steward is someone employed to manage another person's property. A fiduciary relationship is a relationship of good faith such as between directors and shareholders. The directors must take their decisions in the interests of the shareholders rather than in their own personal interest. Agents are people employed or used to provide a particular service. In the case of a company, the people being used to provide the service managing the business also have the second role of being people in their own right trying to maximise their personal wealth Directors Accountability and Responsibilities Directors are accountable to the shareholders for the assets that they control on their behalf. It means that the directors are responsible for the preparation of the accounts of the company. If the directors ask accounting firm to perform its accounting functions, they could not escape their responsibilities to the shareholders. The directors are responsible for the proper set up of accounts. 1.1.9 Advantages of a statutory audit a. Dispute between management may be more easily settled b. Major changes in ownership may be facilitated if the past accounts contain an unqualified audit report c. To enhance the loan application d. To improve efficiency of the business operation by improving internal control system or control procedures e. To serve as a basis for preparation of tax returns
1.1.10 Disadvantages of an Audit a. Audit fee is incurred b. Disruption of work to the clients staff
1.2 Distinction between Auditing and Accounting 1.2.1 These activities are closely related but separated activities. It is very common that some companies engage the same accountant from the same accounting and audit firm to prepare the accounts. It should make clear that the directors are still responsible for the preparation of accounts. 1.2.2 A is the recording, classifying and summarising of transactions in a systematic manner for the purpose of providing financial information for decision making. 1.2.3 A is a process of reviewing the transactions and balances of accounting records to project a true and fair view of the financial position of the company. 1.3 Different types of audits and auditors 1.3.1 Types of audit a. F Audit. It is conducted to determine whether the overall financial statements are prepared according to the acceptable accounting principles. The financial statement audit covers the audit on Statement of Financial Position, Statement of Comprehensive Income, statement of changes in shareholders equity and cash flow statement together with the accounting policies and explanatory notes to the financial statements. b. O.. Audit. It is conducted on the operating procedures and process of the organisation to determine whether it is operating in effective and efficient manner. At the end of the operational audit, auditor will recommend how to improve effectiveness and efficiency of the whole organisations operation system.
c. C Audit. It involves checking whether the organisation follows the specific laws, regulations, specific procedures set by the authority. For example, a compliance audit for a listed company may focus on whether the company follows the stock market ruling and pays the appropriate taxes. d. F. Audit. It is a special investigation audit that mainly focuses on fraud, criminal cases, shareholders dispute or negligence. It requires high investigation skills, knowledge and experience to obtain and develop information as legal evidence or for use by expert witnesses in the court of law.
1.3.2 Types of auditors a. I Auditors. They are employees of organisation whose activity set by management to examine and evaluate the organisations risk management processes and systems of control, and to make recommendations for the achievement of company objectives. The focus of internal audit now is on adding value to an organisation through improvements in controlling risk and looking at all types of risk and control. It functions by, amongst other things, examining, evaluating and reporting to management and the directors on the adequacy and effectiveness of components of the accounting and internal control systems. The Roles of Internal Audit (IA) IA is part of the organisational control of a business; it is one of the methods used to ensure the orderly and efficient running of the business. A properly function of IA is part of a good corporate governance, as recognised by national and international codes on corporate governance IA procedures meet the needs of good corporate governance of meeting the needs of all stakeholders. IA enable management exercises proper risk management
Page 14
b. E.. Auditors (or Public Accounting Firm). They are external parties who conduct auditing services for both public and private companies. For example, Ernst & Young, KPMG, PriceWaterhouseCoopers, Delloite, Crowe Horwarth and so on. It is an exercise whose objective is to express an opinion whether the financial statements give a true and fair view of the organisation 's activities have been properly prepared in accordance with the applicable reporting framework. c. G.. Auditors (also known as Auditor General) are responsible for auditing all the Federal government, State government, public authorities and the statutory bodies accounts. At the Federal level, the Auditor General reports to the King (Yang Di-Pertuan Agong) and presents his audit reports to the House of Parliament. d. F.. Auditors. They are specially trained to detect, investigate and deter fraud and crime. e. Inland Revenue Assessment Auditor. These auditors are responsible for enforcing the Income Tax Act. They audit tax payers returns to determine whether the computation of taxes is complied with the laws. 1.3.3 Difference between internal audit and external audit (SAROL) Internal Audit Scope (S) External Audit
Cover all areas Financial focus including operation and finance Risk based, assess risk, evaluation on control system, test on operations of system, and make recommendations for improvement. Risk based, test on transactions that form the basis of the final financial statement
Approach (A)
Page 15
Responsibility ( R) Advise and make Form opinion on recommendations on financial statements. internal control and corporate governance. Objectives (O) Advise to protect Provide opinion on organisation against financial statement loss due to weak whether provide True & internal control Fair view Not legal requirement. Legal requirement to But recommended to have an audit on their have internal audit dept financial statement for good corporate governance practice
Legal (L)
1.4 The concept of true and fair view 1.4.1 External auditors give an opinion on the truth and fairness of financial statements. It does not mean that the financial statements are free from error. 1.4.2 It is generally understood that the presentation of accounts are drawn up according to accepted accounting principles using accurate figures as far as possible and reasonable estimates and arranging them so as to show a true picture of accounts that free from material bias, distortion, manipulation or concealment of material facts. 1.4.3 True - Information is factual and conforms to the reality, not false. In addition the information must conform to the required standards and laws. And, the accounts have also been correctly extracted from the books and records.
Page 16
1.4.4 Fair - Information is free from discrimination and bias and in compliance with expected standards and rules. The accounts should reflect the commercial substance of the company's underlying transactions. Fairness depends on the following factors: Relevance of the information to the users needs Free from bias Facts can be verified by evidence Materiality of item. A transaction is material if its disclosure would change the users view on the accounts.
1.4.5 Why the concept of true and fair is important to auditor? This is because: Auditor certainly cannot certify/guarantee the accounts are 100% accurate and free from mistakes. This is because auditor uses sampling method to draw audit evidence to support the opinion. Moreover, there many different accounting interpretations and presentation such as depreciation, goodwill, inventory etc. The concept of truth and fairness is more important than 100% accurate. In reaching his opinion whether accounts show true and fair view, the auditor is required to exercise his skills and judgment. 1.5 The Chronology of an audit Determine audit approach Stage 1. Determine the ..................... of the audit and the auditors' approach. For statutory audits the scope is laid down by legislation and expanded by Auditing Standards. The auditors should prepare an audit plan, which should be placed on file.
Ascertain the system and controls Stage 2. Determine the flow of ....................... and extent of .................... in existence in the client's system.
Page 17
This is a fact finding exercise which is achieved by discussing the accounting system and document flow with all the relevant departments (for example, sales, purchases, cash, inventory and accounts personnel). It is good practice to make a rough record of the system during this fact finding stage which will be converted to a formal record at Stage 3. Stage 3. Prepare a comprehensive record of the system to facilitate evaluation of the systems. The records may be in various formats (for example, charts, narrative notes, internal control questionnaires and flowcharts). Confirm that the system recorded is the same as that in operation. This is achieved by performing walk-through tests. These involve tracing a handful of transactions through the system and observing the operation of controls over them. This check is useful because sometimes client staff will tell the auditors what they should be doing rather than what is actually done. Assess the system and internal controls Stage 5. Evaluate the .................. to determine their reliability and formulate a basis for testing their effectiveness in practice.
Stage 4.
Test the system and internal controls Stage 6. (This should only be carried out if the controls are evaluated as effective at Stage 5. If not, Steps 6 and 7 should be omitted.) If controls are effective, tests should are designed to establish compliance with the system should be selected and performed. Tests of controls, which cover a larger number of items than walkthrough tests and cover a more representative sample of transactions through the period, should be carried out. If controls are strong, the records should be reliable and the amount of detailed testing can be reduced. If controls are ineffective in practice, more extensive substantive procedures will be required.
Stage 7.
After evaluating the systems and testing controls, auditors normally send an interim report to management identifying weaknesses and recommending improvements.
Test the financial statements Stages These tests are concerned with substantiating the figures given in the final financial statements 8 and 9. Substantive tests also serve to assess the effect of errors, should errors exist. Before designing a substantive procedure it is essential to consider whether any errors produced could be significant. If the answer is no, there is no point in performing a test. Review the financial statements Stage 10. The financial statements should be reviewed to determine the overall reliability of the account by making a critical analysis of content and presentation.
Express an opinion Stage 11. The auditors evaluate the evidence that they have obtained and they express their .............................. to members in the form of an audit report. The final report to .................................... is an important end product of the audit. The purpose of it is to make further suggestions for improvements in the systems and to place on record specific points in connection with the audit and the accounts.
Stage 12.
Page 19
CHAPTER 2 REGULATORY FRAMEWORK AND PROFESSIONAL ETHICS ________________________________________________________________ Learning Outcomes
When you have completed this lesson you will be able to: Understand the provision of Companies Act in audit Explain the duties, power and responsibility of auditor Explain the responsibility of auditor in detecting fraud and errors and illegal activities Understand the professional ethics. Reference text: Auditing & Assurance Services in Malaysia- Chapter 1,2 & 19
Page 20
2.1 Understand the provision of Companies Act in audit 2.1.1 Section 169 of the Companies Act 1965 requires the directors of every company to present the audited financial statements that give true and fair view of the activities of the company in its annual general meeting. 2.1.2 Under Section 174 of the Companies Act, 1965, there are two main requirements relating to the auditors reporting duties: The auditor must state, whether in his opinion, the financial statements have been properly drawn up in accordance with the provisions of the Act and applicable approved accounting standards, so as to give a true and fair view of the companys state of affairs and result of operations; and matters required by section 169 to be dealt with in the financial statements; and The auditor must state, whether in his opinion, the accounting and other records and the registers required by the Act to be kept by the company, have been properly kept in accordance with the Act.
2.1.3 Under the Companies Act, 1965, the statutory duties of company directors in relation to accounting functions are: Ensuring proper accounting records are kept. Directors are required to design the accounting system and keep all the accounting records of the companies in a proper manner. Taking reasonable steps to safeguard the assets of the company and prevent and detect fraud and errors. Directors are responsible for designing an effective internal control system to protect the companies assets from any possibility of fraud and error. Preparing financial statements that give true and fair view . Though, directors may delegate the preparation of financial statements to accountant, they are still responsible for ensuring the financial statements are drawn up in accordance with the standards and regulation. Adopting good accounting policies and establish adequate internal control. Directors are responsible for compliance to the best practice of accounting standards and effective internal control system.
File in annual return of the company to Companies Commission of Malaysia (CCM). Directors are responsible for preparing an annual return to the regulators. 2.1.4 Appointment of Auditors. Appointed by Members (Shareholders) When Shareholders can appoint the first auditors of the company or to fill a casual vacancy and the auditor will hold office until the end of first annual general meeting. In an Annual General Meeting (AGM), shareholders can reappoint retiring auditor, appoint a new auditor or appoint an auditor who has been appointed by directors previously. Directors can appoint the companys first auditor between the date of incorporation (establishment) and the first AGM. Directors can also appoint an auditor to fill in a causal vacancy.
Directors
If a company does not appoint an auditor as requested by Companies Commission of Companies Act-section 172, the CCM can appoint an auditor. Malaysia (CCM)
2.1.5 Disqualification of Auditors. Under section 9(1) of the Companies Act, a person is prohibited from acting or accepting an appointment as the auditor of company if he is: Indebted to the company or its related company in an amount exceeding RM2,500. An officer of the company. A partner, employer or employee of an officer of the company. A partner, employee of an employee of an officer of the company. A shareholder of the company whose employee is an officer of the company or Responsible for or if he is the partner, employer or employee of a person responsible for keeping companys assets or the register of debenture holders of the company
Page 22
2.1.5 Departure from auditors office. Auditors can leave office by one of the following reasons: Resignation Not seeking reappointment Being removed at a general meeting before their term of office is expired. Being removed at a general meeting at which their term of office is expired. 2.1.6 Resignation usually requires written notice by the auditor to the company and to the CCM. It also requires a statement of circumstances. The auditor concerned is permitted to speak and communicate in writing with shareholders and other stakeholders. RESIGNATION OF AUDITORS 1 Resignation procedures Auditors deposit written notice together with statement of circumstances or statement that no circumstances exist relevant to members/creditors Sent by company to regulatory authority of Sent by: (a) Auditors to regulatory authority (b) Company to everyone entitled to receive a copy of accounts
2 Notice of resignation 3 Statement circumstances
4 Convening of general Auditors can require directors to call meeting extraordinary general meeting to discuss circumstances of resignation Directors must send out notice for meeting within 21 days of having received requisition by auditors 5 Statement prior to Auditors may require company to circulate general meeting (different) statement of circumstances to everyone entitled to notice of meeting 6 Other rights of auditors Auditors can receive all notices that relate to: (a)A general meeting at which their term of office would have expired
Page 23
RESIGNATION OF AUDITORS (b) A general meeting where casual vacancy caused by their resignation to be filled (c) Auditors can speak at these meetings on any matter which concerns them as auditors 2.1.7 Removal of auditor Any removal or resignation of auditor before end of the audit contract implies serious disagreement b/w auditor and client. If auditors disagree with the fee or accounting practices, they simply do not offer themselves to be reappointment. Removal must usually be notified to regulatory authority. 2/3 majority resolution is required to remove an auditor. The concerned auditor is given the right to make written representations and speak at the meeting or AGM. Removal procedures. The reasons to have removal procedures are to ensure that the auditors are not removed for improper reasons without the knowledge of the shareholders and auditors do not seek to avoid their responsibility by going quietly. Removal Procedure Notice of removal Description Either special notice (28 days) with copy sent to auditor Or if elective resolution in place, written resolution to terminate auditors' appointment Directors must convene meeting to take place within reasonable time. Auditors can make representations on why they ought to stay in office, and may require company to state in notice representations have been made and send copy to members. is (a) Company must notify regulatory authority (b) Auditors must deposit statement of circumstances at company's registered office
Page 24
Representations
If resolution passed
Removal Procedure
Description within 14 days of ceasing to hold office. Statement must be sent to regulatory authority.
Auditor rights
Auditor can receive notice of and speak at: (a) General meeting at which their term of office would have expired (b) General meeting where casual vacancy caused by their removal to be filled
The auditor will have to issue a written statement either: (i) Statement of ............................ (Some disagreement issues need to be highlighted to the attention of the shareholders. E.g. Fraud, severe disagreement over accounting practice) OR (ii) Statement of ............................. (No issues need to be brought to the attention of the shareholders. E.g. Disagreement over auditor fee) 2.2 Explain the duties, power and responsibility of auditor 2.2.1 Auditors rights and duties The audit is primarily a statutory concept, and eligibility to conduct an audit is often set down in statute. Similarly, the rights and duties of auditors can be set down in law, to ensure that the auditors have sufficient power to carry out an effective audit. Auditors Duties The duties of the auditors are:(a) To report the shareholders/directors on whether the financial statements show true and fair view and have been properly prepared, in all material respect, in accordance with legislation and applicable accounting standards. (b) To consider whether the information in the management report is consistent with the audited financial statement
(c) To give various details required by legislation in their report. Common details are directors transactions & emoluments. (d) To form opinion on the financial statements whether they are presented in true and fair view. (e) To report on any violation of law or the companys constitution. (f) To make a statement of circumstance when they cease to hold office for any reason. Auditors Rights The principal rights auditors should have, excepting those dealing with resignation or removal, are set out in the table below, and the following are notes on more detailed points. Access to records Information explanations A right of access at all times to the books, accounts and vouchers of the company and A right to require from the company's officers such information and explanations as they think necessary for the performance of their duties as auditors
Attendance at/notices of A right to attend any general meetings of general meetings the company and to receive all notices of and communications relating to such meetings which any member of the company is entitled to receive Right to speak at general A right to be heard at general meetings meetings which they attend on any part of the business that concerns them as auditors Rights in relation written resolutions to A right to receive a copy of any written resolution proposed
Right to require laying of A right to give notice in writing requiring accounts that a general meeting be held for the purpose of laying the accounts and reports before the company (if elective resolution dispensing with laying of accounts in force)
2.3 Explain the responsibility of auditor in detecting fraud and errors and illegal activities 2.3.1 Auditors Responsibility for the Prevention & Detection of Fraud & Error ISA 240 The Auditors Responsibility to Consider Fraud in an Audit of Financial Statements states that:Fraud is to intentional acts which may involve the falsification of documents or misappropriation of assets. Error is the unintentional misappropriation of accounting policies, oversights or misinterpretations of facts. In the new audit engagement, auditors should be very careful to avoid accepting responsibility for detection of fraud that they cannot discharge.
2.3.1 Management responsibility in preventing fraud & error Management is responsible for the prevention and detection of fraud. They should implement and operate adequate internal control system to safeguard the assets.
2.3.2 Internal Auditors responsibility in preventing fraud and error. Internal auditor is to REVIEW the measures that designed by management to ensure adequate control is in place. Internal auditor can help management manage risks in relation to fraud and error by 1. commenting on the process used by management to identify fraud and error risks. 2. commenting on the appropriateness and effectiveness of actions taken by management to manage the risks identified 3. periodically auditing or reviewing systems or operations to determine whether the risks of fraud and error are being effectively managed;
4. monitoring the incidence of fraud and error, investigating serious cases and making recommendations for appropriate management responses
2.3.3 External Auditors responsibility in preventing and detecting fraud and error. 1. External Auditors responsibility is to ASSESS the risk that fraud or error may cause the financial statements to contain material misstatement. 2. The objective of an audit is to report on the truth and fairness of the financial information but not purposely to detect fraud and errors. However, in the course of conducting audit if the auditor discovers the fraud and material misstatements affecting the financial statements, auditor should investigate further.
3. Auditor must perform the auditing with an attitude of......................................... i.e. it requires that the auditor objectively evaluate audit evidence. This means the auditor should constantly maintain a critical and questioning mind in assessing the validity of audit evidence he accumulates during the audit process. 4. An attitude of professional scepticism is necessary for the auditor to identify circumstances that increase the risk of a material misstatement resulting from fraud or error, and suspicious circumstances that indicate that the financial statements are materially misstated. If the auditor suspected that there might be a material misstatement due to fraud or error, the auditor would be more sensitive to the selection and type of evidence examined. 2.3.4 Limitation of statutory audits As per ISA 200, the inherent limitations of statutory audits are: 1. The use of sampling testing. Auditors could not able to conduct 100% checking on all the transactions. Due to sampling selection, some items may not be checked if not being selected in a sample. Due to this sampling test basis, it may happen that misstatement may remain undetected.
2. The inherent limitations of internal control system. Auditor relies on the internal controls if they are effective. But by nature, internal control of the company has its inherent limitations such as human error. Therefore, the auditor cannot give absolute assurance but only reasonable assurance. 3. The fact that most audit evidence is persuasive rather than conclusive. The auditors opinion is based on the evidence gathered which is not conclusive to draw a conclusion. 4. Limitations of the reporting framework. The auditor report given is fixed format which may not be understandable and readable by all the users. 5. Audit does not provide up-to-date position. The financial statements provide past information. The auditors opinion given on the past information sometime is not relevant. 2.4 Understand the professional ethics. 2.4.1 Definition of ethics. Ethics refers to code of conduct based on moral duties and obligations that indicate how an individual should behave in society. For example, businessman should be ethical not to produce harmful products for consumers. 2.4.2 Fundamental Principles of Ethics C.O.B.I.C. The Fundamental PrinciplesError! Bookmark not defined. Integrity (I) Members should behave with integrity in all professional, business and personal financial relationships. Integrity implies not merely honesty but fair dealing and truthfulness. Members should strive for objectivity in all professional and business judgements, (objectivity is the state of mind which has regard to all considerations relevant to the task in hand but no other, it presupposes intellectual honesty).
Objectivity (0)
Page 29
The Fundamental PrinciplesError! Bookmark not defined. Professional Competence (C) Members should not accept or perform work which they are not competent to undertake unless they obtain such advice and assistance as will enable them competently to carry out the work.
Confidentiali Members should carry out their professional work with confidentiality. Information obtained in a business ty (C) relationship should not disclose outside the firm unless there is a proper and specific authority or duty to disclose. Professional Behaviour (B) Members should behave with courtesy and consideration towards all with whom they come into contact during the course of performing their work.
2.4.3 Ethical Threats Threats The potential threats that may lead to conflict of interest are: Self- interest threat. It occurs when auditor could benefit from a financial interest in an audit client. Examples of self interest threats are - if the auditor has a ownership of shares in client company or any joint venture with the audit client. - having personal relationship with senior members of client company. - providing loan or guarantee to or from an audit client. - highly depending on total fees from one audit client Self- review threat. It occurs when the audit firm or member of audit team put itself in a position of reviewing the subject that previously the member is responsible. Examples are: - Auditor offers accounting services and other non audit services and auditor audit his own work. - Custodian for and ownership of assets of audit client. - Assist /supervise employees of audit client
- Performing valuation / internal audit service for statement - Recruiting senior management for audit client - Advise / assist in securing source of finance.
financial
Advocacy threat. It occurs when the audit firm or a member of the audit team promotes or may be perceived to promote, an audit clients position or opinion. Examples are: - promoting clients shares or IPO - acting on behalf of client in litigation case or in resolving disputes with other 3rd party. Familiarity threat. It occurs when by virtual of a close relationship with an audit client. Examples are - having a close family member who as a director, officer or employee of the audit client. - Long outstanding business relationship with the client. - Become close friend of the audit client - Acceptance of an expensive gifts - Auditor is ex-employee of audit client. Intimidation threat. It occurs when a member of the audit team may be deterred from acting objectivity and exercising professional judgement due to pressure given by the audit client to terminate the service, dominant personality in a senior position at the audit client. Examples are: - Disagreement with client, auditor is being threatened to be removed from service. - Threat to reduce fees due to pressure applied in order to reduce the scope of an audit. - Litigation situation in between auditor and client 2.4.4 Safeguards to Address Threats Safeguards can be grouped under 3 categories. Category 1- Safeguarded by Prohibition of providing non-auditing services by auditors. Auditor should be prohibited to carry out services such as internal audit,
Page 31
bookkeeping, management functions, designing control services or legal advices. Category 2- Safeguarded by This safeguard is by preparing its own code of ethics for the entire audit firm or a specific client/assignment. Category 3- Safeguarded by .. This safeguard is by the client itself. Safeguard could be: appointment of auditor is by the audit committee; verifying the qualification of auditor by the client, monitoring auditors work by audit committee. 2.4.5 Confidentiality of Information. Information confidential to a client should not be disclosed, except where consent has been obtained, or where there is a public duty or a legal or professional right or duty to disclose. Accountant should only act for a client on the understanding that the client will make full disclosure to them. There are circumstances in which auditor is free to disclose information regardless of the clients wishes and circumstances in which the auditor has an obligation to do so. Auditors have an obligation to disclose: (1) where the courts order them to do so; (2) where they suspect their client of offences of terrorism; (3) they suspect the client to be a drug trafficker; (4) where under banking, insurance and financial services, they consider the client is either acting recklessly or is not fit or proper to manage such business. 2.4.6 Basic principles of independence a) It states that a members objectivity must be beyond question if they are to report as auditor. The followings are the enforcement mechanisms to maintain its integrity, objectivity and independence. (Note: Independence means an attribute of the relationship between 2 parties. It is said that 2 parties are independent if neither has any obligation to the other)
Guideline 1: Undue dependence on an audit client for dependence on Income. Recurring fees paid by one client or group of connected clients should ............................... of the gross practice income- (10% for public companies).
Guideline 2: Family and other personal relationship. A family or other close relationship may pose a threat to independence and safeguards should be in place to preserve independence. Auditor should ensure personal relationship do not affect their objectivity
Guideline 3: Beneficial interests in shares and other investment .An auditor should ensure that it does not have as an audit client a company in which any partner or anyone closely connected with a partner holds shares or has a beneficial interest in shares. Guideline 4: Loans. An auditor or anyone closely connected with it should not make or accept loans to or guarantee from an audit client. This also applies to a partner in a practice or spouse or minor child. Guideline 5: Goods & services- hospitality. Goods and services should not be accepted by an auditor or by anyone closely connected with it unless the value of any benefit is modest. Guideline 6: Provision of other services. There is no objection in practice to the provision of other services to audit clients, but care must be taken not to perform management functions or to make management decision. Guideline 7: Overdue fees. The existence of significant overdue fees can be a threat to objectivity. Guideline 8: Litigation. Objectivity may be threatened (or appear to be) where there is actual or threatened litigation between auditor and clients. Guideline 9: Associated firms influence outside the practice. Pressure may arise from outside the practice form associated practices or organisation.
Guideline 10: Auditor should not perform management functions or take executive decision. Auditors involvement is only advisory.
Page 34
CHAPTER 3 AUDITORS REPORT ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Understand the standard unqualified audit report Understand the implication of unqualified audit report Explain the departure from standard report and deciding appropriate auditors report.
Reference text: Auditing & Assurance Services in Malaysia- Chapter 18
Page 35
3.1 The Auditors Report 3.1.1 What is an audit report? Audit report is the principal channel of communication between the auditor and the user of the financial statements. Audit report is the review and evaluation report resulted from the test of control and substantive procedures that auditor has performed. Before issuing an audit report, auditor should assess the types of audit reports to be issued. The two main reporting requirements under the Companies Act are: The auditor should state in his opinion whether the financial statements give a true and fair view, and are in compliance with the Act and applicable approved accounting standards. Auditor's opinion on whether the accounting and other records and the registers required by the Act have been properly kept in accordance with Act. 3.1.2 Users of audit report. The followings are the users of an audit report: Potential investors- To evaluate the performance of company before investing. Shareholders of a company- To know the profitability of the company they owned. Employees of a company- To know the performance of company. Bankers- To evaluate the credit worthiness of the borrower before lending. Suppliers- To evaluate the liquidity of the company before supplying goods. 3.1.3 ISA 700 Forming an Opinion and Reporting on Financial Statements indicates the basic elements that will ordinarily be included in the audit report. The basic elements of an auditors report include the followings:-
Page 36
No 1
Audit report Reason for that element/feature element/feature Title of independent To identify this as an audit report and auditor distinguish it from other reports on financial statements that might be issued by others, directors, etc Addressee To identify the person(s) who may use or rely on the report.
Introductory paragraph It states that when an audit was conducted and identifies which financial statements are covered by the auditors report. Managements To explain the responsibility of management responsibility for the for the preparation of financial statements in financial statements accordance with the applicable financial reporting framework Auditors responsibility To state that the auditors responsibility is to express an opinion on the financial statements based on the audit To explain the scope of the audit so that the standards of the auditors work is clear and other factors such as limitation of audit testing is known
Auditors Opinion paragraph referring to the financial reporting framework followed and expressing the auditors opinion.
To provide the auditors opinion on the financial statements in terms of true and fair view, to assure the reader that the audit has been carried out in accordance with established principles and practices
Other reporting responsibility Auditors signature This is normally the signature of the audit firm as the firm assumes responsibility for the audit, not the individual engagement partner. Date of the report
To inform the reader that the auditor has considered effects of transactions that the
Page 37
No
Audit report element/feature
Reason for that element/feature auditor became aware of on the financial statements up to that date.
Auditors address
This is normally the city where the auditor responsible for the audit is located so he/she can be contacted, if necessary.
3.1.4 Types of audit reports. (Exam focus) Unmodified report. This report is a standard good report that does not require any change/modification on certain issues. A standard unqualified auditor's report contains the standard wording in terms of format and contents in compliance with the requirements under the auditing standard and the provisions of the Companies Act, 1965 and/or other statutory requirements Modified unqualified report. This report has an emphasis of matter paragraph. A modified unqualified report contains an unqualified opinion but the wording of the report is modified normally by the inclusion of an additional explanatory paragraph that highlights or makes reference to a matter such as going concern uncertainty. Except for report. This report is a qualified audit report with limitation of scope or disagreement but the effect of misstatement on financial statement only material but not pervasive. Adverse report. This report is a qualified audit report with disagreement and the effect of misstatement on financial statement is material and pervasive. Disclaimer of opinion report. This report is a qualified report with limitation of scope and the effect of misstatement on financial statement is material and pervasive.
Page 38
3.1.5 Meaning of terms a. Unqualified report = .......................... b. Qualified report = ........................ c. Emphasis of matter means auditor wishes to highlight certain issues to the users attention provided that the directors have disclosed all the information. d. Limitation of scope means auditor does not have full information when conducting an audit. In other words, auditor faces some limitations to access all the necessary information (evidence) to support his audit opinion. For example, lack of accounting records that have been destroyed or lack of explanation from directors. e. Except for means ...................... a certain item. Except that particular item, the rest of the items are true and fair. f. Disagreement means auditor does not agree with the management about matters such as accounting treatment or disclosure in the financial statements such as provision of bad debt, depreciation etc. g. Adverse opinion means that auditor .................... in the accounting / disclosure matters because they affect all the areas of financial statements. The financials as a whole do not give true and fair view. h. Disclaimer of opinion means the auditor does not provide any opinion on the financial statements because the financial statements are material and pervasive misstatement. i. Material. An item is said material means that omission of it will change the audit opinion. It can say that the transaction has a significant impact to the financial statements. j. Pervasive. An item is said pervasive means that the item seriously affects ALL the areas of the whole financial statements. The users view on the financial statements will be affected. 3.1.6 Date of audit report The date of auditors report should be appropriate because it indicates to the users the last day of auditors responsibility in reviewing significant post Statement of Financial Position events. The date should not be dated before the date of directors reports.
Page 39
3.1.7 Matters that an auditor should report in the auditors report on the accounts presented at the annual general meeting of a company. i. ii. iii. iv. v. Whether or not the financial statements are true and fair. Whether or not the financial statements have been properly prepared in accordance with the Companies Act 1965. Whether the financial statements are in accordance with the applicable accounting standards. Whether the accounting and other records are properly kept in accordance with the Companies Act, 1965. Whether the auditor has not received sufficient information or explanations necessary for his auditing.
3.1.8 Conditions that have to be met before a standard unqualified auditors report can be issued. i. ii. iii. iv. v. vi. Auditors has obtained without restriction all information and explanation he required. Financial statements have been prepared in accordance with the approved accounting standard and present a true and fair view. Adequate disclosure of all matters to present a true and fair view of the financial statements. All reporting duties under Companies Act have been satisfied. There are no circumstances requiring additional explanatory or modification of wording of the annual report. the importance of auditors adopting a conventional and uniform wording in auditors report.
3.1.9 Use of standardised wording in audit report The reason for using standardised wording in audit report is to avoid confusion to the readers and prevent misunderstanding in the message being communicated to the users of FS.
Page 40
3.1.10 Audit Reporting
Audit Report
Limitation of scope
Disagreement
Qualified Except For
An overview of audit evidence gathered to form an audit opinion 3.2 Unmodified audit report An unmodified audit report is a good report that provides true and fair view and the financial statements have been prepared in accordance with the financial reporting framework and statutory requirement. An unqualified audit report should include the following content (as per 3.1.3 above) A title identifying the person to whom the report is addressed. An introductory paragraph identifying the financial statements audited and the respective responsibilities of directors and auditors Managements responsibilities in respect of the financial statements
The auditors responsibilities in forming their audit opinion The scope paragraph detailing the nature of the audit The auditors opinion on the financial statements The manuscript or printed signature of the auditors. The date of the auditors report The auditors address.
3.3 Modification To The Standard Auditors Report 3.3.1 Modified audit reports Modified audit reports arise when auditors do not believe that they can state without reservation that the accounts give a true and fair view. ISA 701 Modifications to the independent auditors report states that there are 2 types of modified report i. Matters that do not affect the auditors opinion: Emphasis of matter paragraph (just wish to highlight to the attention of users) Matters that do affect the auditors opinion Qualified Disclaimer Adverse opinion.
ii.
3.4 Modified Unqualified Auditors Report- Emphasis of Matter 3.4.1 Emphasis of matter paragraph Emphasis of matter paragraph is used where the auditor wishes to draw attention to an important item in the financial statements . The conditions to use this report are the directors must fully disclose all the information and the item is significant. An emphasis of matter does not constitute a qualified opinion. It is usually situated after the opinion paragraph and states that the opinion is not qualified with regard to that matter. It is used when there is a significant uncertainty or going concern issue that has been fully disclosed in the notes to the financial statements and the outcome of the issue is dependent on events yet to happen.
Page 42
3.5 Departures From An Unqualified Auditors Report 3.5.1 Qualified audit opinion Qualifications may be material and pervasive. The difference between them is a matter of degree of effect and materiality. A pervasive qualification (very serious) is one that affects the view given by the financial statements AS A WHOLE. For example, if the auditors are not able to collect evidence from whatever sources to form audit opinion, it is said to be pervasive. Qualified audit opinions arise where there are either i. disagreement on accounting matters such as accounting treatment and disclosure. It is used where the auditor disagrees concerning the accounting treatment, amount or disclosure of an item in the financial statements.
OR ii. limitations in the scope of the audit that unable the auditors to carry out their duties. It is used where the audit cannot obtain sufficient evidence regarding an item in the financial statements.
Common circumstances that may give rise to a disagreement with the management of the company are: Non compliance with Companies Act or other legislations. No compliance with approved accounting standards. Disagreement with the facts or amounts included in the Financial Statements Inadequate disclosure.
Page 43
Qualification Matrix (Students should have a clear understanding on this matrix). Two levels of Limitation of scope qualified (auditors could not access opinion full information in the respect of the audit) Disagreement (auditors disagree with management on accounting policies selected, method of application or disclosure requirements) QUALIFIED EXCEPT QUALIFIED EXCEPT FOR Level 1 MATERIAL FOR (e.g. Difference of opinion ONLY NOT (e.g. No inventory count between directors and auditor pervasive carried out) as to whether to provide for a (less serious & doubtful debt. affect only a particular area) Level 2 BOTH MATERIAL & PERVASIVE (Very serious & affect the whole financial statements) Summary i. ii. iii. iv. Limitation of scope (material) = Except For Limitation of scope (material & pervasive) = Disclaimer of opinion Disagreement (material) = Except For Disagreement (material & pervasive) = Adverse opinion DISCLAIMER OF ADVERSE OPINION OPINION (e.g. (e.g. Auditors state that the Destruction of accounting accounts do not give true and records) fair view)
Page 44
3.5.2 A disclaimer of opinion should be expressed when the possible effect of a limitation of scope is so material and pervasive that the auditor could not able to obtain appropriate and sufficient evidence to express opinion on the financial statements. Example of disclaimer of opinion, Example: Due to the significant of the matters above, we (audito r) do not express an opinion on the financial statements.
3.5.3 An adverse opinion should be expressed when the effect of a disagreement is so material and pervasive that the auditor concludes a qualification of the report. Adverse and Disclaimer opinions do not support credibility of the financial statements. Example, In our opinion, because of the effects of the matters above, the financial statements do not give a true and fair view of the financial position
3.5.4 Except for opinion is used when the disagreement or limitation of scope is not so serious or not due to fundamental errors. Except for opinions are generally less extreme because they are positively supporting other matters other than those matters being highlighted. Example, In our opinion, except for the effect of adjustments, we had been able to satisfy ourselves as to the physical inventory quantities. How to decide which modified opinion is appropriate in the exam? Follow these rules
i.
ii.
iii. iv.
If accounting records have been destroyed or gone missing and affect the WHOLE financial statements, then Disclaimer of Opinion is appropriate. If only part of the accounting records have been destroyed or gone missing such as only receivable records; the rest of the accounting records are still complete, then Except for is appropriate. If the disagreement is fundamental and affects the WHOLE financial statement, then Adverse opinion is appropriate. If only a small portion such as depreciation treatment, then use Except for.
Page 45
Auditors normally would not issue a qualified report unless it is absolutely necessary to do so. In practice, issuing qualifying report is avoided by discussion and negotiation with the directors. Management will usually make whatever changes necessary in order to avoid a qualified report.
3.5.5 Other information disclosed in the annual report a) Other information disclosed in the annual report includes: i. ii. iii. Opening balance Prior year figures Other information issued with audited financial statements.
b) ISA510 Initial Audit Engagements- Opening Balances requires that an auditor obtains sufficient appropriate evidence about whether the opening balances contain misstatements that materially affect the current periods financial statements by: i. ii. determining whether the prior periods opening balances have been correctly brought forward to the current period, (or restated) determining whether the opening balances reflect the application of appropriate accounting policies.
c) ISA710 Comparative Information requires that comparatives comply in all material respects with the identified financial reporting framework. Two categories of comparatives exist are:i. ii. Corresponding figures. Comparative financial statements.
d) ISA720 The Auditors Responsibility in Relation to Other Information Documents Containing Audited Financial Statements requires that the auditor should read the other information to identify material inconsistencies with the audited financial statements. This may include items such as employee reports, five-year summaries and management commentaries on operations. Thus, auditors should have full access to other information.
CHAPTER 4 ACCOUNTING AND INTERNAL CONTROL SYSTEM ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Define the objective and types of internal control Understand the limitations of internal control Ascertain the internal control Evaluating the internal controls Understand the audit strategy and internal controls.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 6
Page 47
Within an organisation, internal control provides a way to meet managements stewardship or agency responsibilities. Management also needs a sound internal control system that generates reliable information for decision-making purposes.
4.1 Accounting Systems 4.1.1 Definition of Accounting System: It is a series of tasks and records of an entity by which transactions are processed as a mean of maintaining financial records. Such system identify, assemble, analyse, calculate, classify, records, summarise and report transactions and other events. 4.1.2 Managements/Directors responsibility on accounting system Management/directors of the organisation is/are supposed to: Set up and maintain an adequate accounting and internal control system in the company. Deliver a copy of company audited annual report to Companies Commission of Malaysia (CCM). Prepare annual financial statements to show true and fair view of the company. Ensure company keeps proper accounting records as required by Companies Act. Safeguard the companys assets and to prevent fraud and errors in the company. 4.1.3 Auditors responsibility on accounting system Auditors responsibility is to assess and review the effectiveness of accounting system to ascertain its adequacy as a basis of preparation of financial statements. 4.2 Internal Control 4.2.1 Definition of Internal control It is a process designed and implemented by the management to provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It is also designed and implemented to address identified business risks that threaten achievement of any of these objectives
Page 48
4.2.2 Objectives of Internal Control System Validity. To ensure business is carried out in an orderly, effective and efficient manner. Timeliness. To ensure all the transactions are recorded on a timely basis. Compliance. To ensure compliance with laws and regulations. Valuation. To ensure assets are properly safeguarded and valued. Authorisation. To prevent and detect fraud and errors. Completeness. To secure the completeness an accuracy of the records and the timely preparation of reliable financial information. Classification. To ensure all the transactions are classified into the proper account. Posting and summarisation. To ensure all transactions are properly recorded in journals and posted to the General Ledger. [Note to students: Not all the objectives of internal control mentioned above are relevant to external audit on financial statements; for example, control over the product design. Only those items that related to financial statements are likely to be relevant to external audit such as internal control over compliance with the laws and regulations because any violating the laws is subject to financial losses.]
4.2.3 Reasons for understanding the accounting & internal control systems In a financial statement audit, the auditor should understand the clients accounting and internal control systems in order to: i. ii. iii. iv. assess their reliability for the presentation of financial statement and design suitable audit procedures. identify the types of potential misstatements. determine the control risk level. determine the audit strategy and plan audit tests
4.2.4 To gain understanding on the internal control system, auditor will perform the following: i. Review the previous audit files for recurring engagement. Auditor can obtain great deal of information about the clients internal controls
Page 49
developed prior years. Because systems and controls usually dont change frequently; this information can be updated and carried forward to current year. ii. Inquiry of the clients personnel. Interview the key staff to obtain some information. iii. Read the relevant documentation of client such as policy, system manuals, documents, reports and records. By examine the actual, completed documents and records, auditor can obtain evidence that the control policies and procedures have been run effectively. iv. Visit the clients office to have physical inspection on the existence of assets. Auditor will gain the information on condition of the physical assets and control system in safeguarding the physical assets. v. Observe the clients activities. Auditor can observe staff to carry out the process of preparing the documents, records and accounting system. This observation will enhance the understanding of auditor towards the control that has been in place. -The knowledge gained from the above procedures on internal control system, auditor will use this knowledge to : Identify the types of potential misstatements. Determine control risk which in turn affects the detection risk. Assist in the designing further audit procedures such as substantive procedures. - In deciding the nature (types) and extent (depth) of the understanding of the internal control required to carry out audit engagement, auditor should consider the following factors: The materiality level. Knowledge gained from the previous audit. Auditors knowledge on the clients industry. The size of entity and the ownership. The complexity of the clients operations and system.
Page 50
4.2.5.1The relationship between control risk and the clients internal control system is that if the internal control system is weak, the control risk is high. The effectiveness of internal control system will directly influence the control risk. 4.2.6 The difference between managements and auditors concern on internal control system. Managements concern on internal control system is to ensure the effectiveness of internal control system so that organisation is able to achieve the corporate objectives. Management is concerned whether the internal controls established and implemented are effective enough to provide them with reasonable assurance that the company would able to achieve its objectives. Auditors concern on internal control is towards the impact of internal control to the financial reporting and safeguarding of assets. The main reason auditor is interested in internal control is that reliance on internal control will reduce the amount of substantive testing of transactions. If auditor is satisfied that the internal control system is functioning effectively, there is a reduced risk of error in the accounting records.
4.3 5 Components of an internal control system.
1.Control Environment Components of Internal Control 2.Control Procedures
5.Monitoring
4.Information & Communication
3.Risk Assessment
Page 51
4.3.1 Component 1- Control environment. It is concerned an overall attitude of directors and management towards internal control system. . It is the framework (background) within which controls operate. Factors that affect the control environment are: Integrity and ethical values. An entity needs to establish ethical and behavioural standards that are communicated to employees and are reinforced by daily practice. Commitment to Competences. Management must specify the competence level for a particular job and translate it into the required level of knowledge and skills. Participation of the Board of Directors or Audit Committee. The board of directors and its audit committee significantly influence the control consciousness of the entity. They must take their fiduciary responsibilities seriously and actively oversee the entitys accounting and reporting policies and procedures. Managements Philosophy and Operating Style. Establishing, maintaining and monitoring the entitys internal controls are managements responsibility. Managements philosophy and operating style may significantly affect the quality of internal control. Organizational Structure. The organizational structure defines how authority and responsibility are delegated and monitored. It provides a framework for planning, executing, controlling and monitoring operations. Assignment of Authority and Responsibility. This factor includes how authority and responsibility for operating activities are assigned and how reporting relationships and authorization structure are established. Human Resource Policies and Procedures. The entity should have personnel policies for hiring, training, evaluating, counselling and compensation policies and procedures.
Page 52
4.3.2 Component 2- Control procedures (Types of control procedures). Control procedures are the policies and procedures that help to ensure that necessary actions are taken to address the risks involved in achieving the entitys objectives. Examples of specific control activities include those relating to the following: (P2.A.R2.I.S2) Physical controls. (P) -The physical security of assets, including adequate safeguards such as secured facilities over access to assets and records. -This concerns custody of assets and involves procedures designed to limit access to authorised personnel only. Controls are important in the case of valuable and moveable assets. Example: only supervisor can access the inventory. Personnel. (P) Procedures should be designed to ensure that personnel operating a system are competent and motivated to carry out the tasks assigned to them, as the proper functioning of a system depends upon the competence and integrity of the operating personnel. Example: Only authorised person with competency can perform the task. Authorisation & Approval (A). Seeking a higher authority to approve is one of the control activities. All transactions should require authorization or approval by an appropriate person. The limits of approval should be clearly specified. Example: Sales invoices need to be authorized. Performance Reviews. (R) These control activities include reviews and analyses of actual performance versus budgets, forecasts, and prior period performance; relating different sets of data operating or financial, to one another, together with analyses of the relationships and investigative and corrective actions; comparing internal data with external sources of information; and review of functional or activity performance.
Page 53
Recording of transactions (R) To control the transactions and system, recording must be in placed to ensure the completeness of all the transactions. Information processing. (I) The two broad groupings of information systems control activities are (i) application controls, which apply to the processing of individual applications, and (ii) general IT-controls, which are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems Segregation of duties. (S) -Assigning different people the responsibilities of authorising transactions, recording transactions, and maintaining custody of assets. Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the nor mal course of the persons duties. Supervision. (S) All actions by all levels of staff should be supervised. The responsibility for supervision should be clearly laid down and communicated to the person being supervised. Example: Bank reconciliation must be checked by supervisor. 4.3.3 Component 3-Risk assessment. It is a process of identifying and analysing risk factors that affect the business entity and managing the risks. The clients business risks can arise or change as a result of the following circumstances: Change in the operating environment New personnel Change in information system Rapid growth including foreign country expansion. New products or service. Corporate restructuring. New or change in accounting standards
Page 54
4.3.4 Component 4-Information and communication. This is concerning the understanding of individual role in the internal control system and open communication channel for reportable events. There are 2 categories of information systems control procedures: Category 1-General Controls. They relate to the overall information processing environment over data maintenance, access security and hardware protection. Category 2- Application controls. They relate to software application that ensure the information processed is complete, accurate and authorised. 4.3.5 Component 5-Monitoring. It involves monitoring and managing the internal control system to ensure its effectiveness and efficiency in operation as well as recommendation for improvement. It also involves appropriate personnel assessing the design and operation of controls on a timely basis and taking necessary action. 4.4 The effect of entity size on internal control Small organisation. Due to limited resources, small entity could not able to implement expensive and complex internal control system. Thus, the owners are directly involved in day to day monitoring of business. Often, the owners in small organization override the control procedures. In term of communication channel, due to fewer levels of management, the communication channel is effective. Large organisation. Large organisation may have resources to implement sophisticated control system and employ professionals to monitor the operation process. Often the internal control system is formal and well structured. Due to many levels of management, communication process may be slower and subject to communication bottleneck problem.
Page 55
4.5Limitations of Internal Control 4.5.1 Describe four inherent limitations of an internal control system. i. ii. There is potential for human error due to carelessness, mistakes of judgment and misinterpretation of instructions. There is possibility that a person responsible for exercising an internal control could abuse his power by overriding the internal control. Fraudulent collusion to circumvent internal controls can happen both within the company and outside the company. Cost and benefit analysis. Internal control system costs money. To be effective, the benefits should be more than cost of implementing a control system. Company will give normally give priority to implement internal controls that are routine and recurring transactions. In fact, more controls must be in place for non routine transactions that are normally high risk. Some of the internal control procedures are inflexible to change quickly.
iii. iv.
v.
vi.
4.6 Consideration of Internal Control in Planning and Performing an Audit ISA 300 Planning states that the auditor should plan the audit so that the engagement will be performed in an effective manner. So, in the planning stage, auditors need to consider whether they should rely on the clients internal control system or not. They are 2 audit strategies: 1) Non Reliance Strategy (also known as substantive strategy). If the internal controls system is weak and poor, definitely the auditors do not want to rely on them. When the internal control system is weak, the control risk is said at high level. Therefore, auditors will directly collect the evidence by themselves. Auditors will carry out a lot of detailed testing to collect more evidence to support the audit opinion. This detailed testing is called substantive testing. In short, if the internal controls system is weak and control risk is assessed as HIGH, substantive procedures will be used because auditors cannot rely on the system.
2) Reliance Strategy. If the internal control system is strong and effective, the control risk is assessed as LOW. Then, auditors will rely on the system by reducing the substantive testing. Summary: WEAK IC HIGH CONTROL RISK NON RELIANCE MORE SUBSTANTIVE TESTING. STRONG IC LOW CONTROL RISK RELIANCE LESS SUSBSTANTIVE TESTING 4.7 Types of procedures used to assess the operation of internal control system No 1 Procedures Explanation
Examining previous Looking at the previous audit records to form an audit work understanding on the internal control system. If it is the first audit, a detailed system examination is carried out. Clients own Examine the clients manuals of accounting documentation of the procedures. These provide a valuable source of system information Interview clients staff with Interview the staff on how they carried out their tasks and ascertain that unauthorized personnel are not allowed to access the records/ system. It involves taking a transaction through the system from original sources of documents (e.g. sales order) to final destination (e.g. Statement of Comprehensive Income). Auditors perform such tests to check their understanding on internal control and documentation.
Walk through test
Examining/Inspecting Examining the clients relevant documentations clients documents. to ensure they are complete and properly matched. All the supporting documents must
Page 57
No
Procedures Records and reports exist.
Explanation
Re-performance on Auditors follow the clients procedures and client procedures determine whether they obtain the same results as per the clients records. For example, auditors calculate depreciation by using the clients depreciation rate and method to check whether the results are the same or not. Observation of Just observe how clients carrying out clients procedures procedures such as how staff segregating their duties, the ways staff performs duties that do not have any documentation.
4.8 Documenting System & Control 4.8.1 Types of recording No 1 Recording Narrative notes Explanation Advantages Disadvantages 1) It is cumbersome & takes up large amount of storage; 2) notes may be difficult to interpret & review; 3) difficult to make changes in the system; 4) difficult to spot any omission of data.
Use -simple & convenient narrative or to record descriptive statements to record. -fast approach
Organisati Use chart to -convenient way of -Do not deal with on chart present the showing the informal relationships relationship relationship
Page 58
No
Recording
Explanation
Advantages
Disadvantages
between -Useful to show who -Do not indicate individuals should report to. the reporting in an procedure organisation -Cannot replace other recording methods but just supplement them 3 Internal control question (ICQ) or checklist ICQs are used to ask whether controls exist, which meet specific control objectives. The major question which internal control questionnair es are designed to answer is 'How good is the system of controls?' It is a diagrammati cal representatio n of a system. Symbols are -A standardised Questions checklist to record formed might be too standardised - Easy to use as cross that not taking the reference to other special working paper. environment of a particular client
Flowchart
-Provide a clear -time consuming diagrammatic picture to draw up -Enable the systems to be recorded in a standardized format which is easily
Page 59
No
Recording
Explanation
Advantages
Disadvantages
used to show understood. the flow of -Highlight documentati relationships between ons. different parts of a system. Provide an overview of a flow of system and weaknesses are more easily identified. encourage a disciplined approach to the recording of a system in that the originator of a flowchart must have a good understanding of the system being recorded.
4.7.2 Internal Control Questionnaires (ICQs) & Internal Control Evaluation Questionnaires (ICEQs) Two types of questionnaire are:
Internal Control Questionnaires (ICQs) are used to ask whether controls exist which meet specific control objectives. Internal Control Evaluation Questionnaires (ICEQs) are used to determine whether there are controls which prevent or detect specified errors or omissions.
Page 60
Internal Control Questionnaires (ICQs) The major question which internal control questionnaires are designed to answer is 'How good is the system of controls?' Where strengths are identified, the auditors will perform work in the relevant areas. If, however, weaknesses are discovered they should then ask:

What errors or irregularities could be made possible by these weaknesses? Could such errors or irregularities be material to the accounts? What substantive procedures will enable such errors or irregularities to be discovered and quantified?
An example would be:
Are purchase invoices checked to goods received notes before being passed for payment? YES/NO/Comments
A 'NO' answer to that question clearly indicates a weakness in the company's payment procedures. The ICQ questions below dealing with goods inward provide additional illustrations of the ICQ approach. Goods inward (a) (b) (c) (d) Are supplies examined on arrival as to quantity and quality? Is such an examination evidenced in some way? Is the receipt of supplies recorded, perhaps by means of goods inwards notes? Are receipt records prepared by a person independent of those responsible for: (i) Ordering functions (ii) The processing and recording of invoices
ICQs: advantages
(a) If drafted thoroughly, they can ensure all controls are considered. (b) They are quick to prepare. (c) They are easy to use and control. ICQs: disadvantages (a) The client may be able to overstate controls. (b) They may contain a large number of irrelevant controls. (c) They may not include unusual controls, which are nevertheless effective in particular circumstances. Internal Control Evaluation Questionnaires (ICEQs) In recent years many auditing firms have developed and implemented an evaluation technique more concerned with assessing whether specific errors (or frauds) are possible rather than establishing whether certain desirable controls are present. This is achieved by reducing the control criteria for each transaction stream down to a handful of key questions (or control questions). The characteristic of these questions is that they concentrate on the significant errors or omissions that could occur at each phase of the appropriate cycle if controls are weak.
Page 62
Internal control evaluation questionnaire: control questions The sales (revenue) cycle Is there reasonable assurance that: (a) (b) (c) (d) (e) (f) (g) (h) (i) (j) (k) (l) (m) Sales are properly authorised? Sales are made to reliable payers? All goods despatched are invoiced? All invoices are properly prepared? All invoices are recorded? Invoices are properly supported? All credits to customers' accounts are valid? Cash and cheques received are properly recorded and deposited? Slow payers will be chased and that bad and doubtful debts will be provided against? All transactions are properly accounted for? Cash sales are properly dealt with? Sundry sales are controlled? At the period end the system will neither overstate nor understate trade accounts receivable?
The purchases (expenditure) cycle Is there reasonable assurance that: (a) (b) (c) Goods or services could not be received without a liability being recorded? Receipt of goods or services is required in order to establish a liability? A liability will be recorded: (i) Only for authorised items (ii) At the proper amount? All payments are properly authorised? All credits due from suppliers are received? All transactions are properly accounted for? At the period end liabilities are neither overstated nor understated by the system? The balance at the bank is properly recorded at all times? Unauthorised cash payments could not be made and that the balance of petty cash is correctly stated at all times?
(d) (e) (f) (g) (h) (i)
Wages and salaries Is there reasonable assurance that: (a) (b) (c) (d) Employees are only paid for work done? Employees are paid the correct amount (gross and net)? The right employees actually receive the right amount? Accounting for payroll costs and deductions is accurate?
Inventory Is there reasonable assurance that: (a) (b) (c) (d) (e) (f) (g) (h) Inventory is safeguarded from physical loss (eg fire, theft, deterioration)? Inventory records are accurate and up to date? The recorded inventory exists? The recorded inventory is owned by the company? The cut off is reliable? The costing system is reliable? The inventory sheets are accurately compiled? The inventory valuation is fair?
Non current tangible assets Is there reasonable assurance that: (a) (b) (c) (d) (e) (f) Recorded assets actually exist and belong to the company? Capital expenditure is authorised and reported? Disposals of non current assets are authorised and reported? Depreciation is realistic? Non current assets are correctly accounted for? Income derived from non current assets is accounted for?
Investment
Page 63
ICEQs: advantages (a) Because they are drafted in terms of objectives rather than specific controls, they are easier to apply to a variety of systems than ICQs. (b) Answering ICEQs should enable auditors to identify the key controls which they are most likely to test during control testing. (c) ICEQs can highlight areas of weakness where extensive substantive testing will be required. ICEQs: disadvantage (a) They can be drafted vaguely, hence misunderstood and important controls not identified.
Page 64
CHAPTER 5 AUDIT EVIDENCE ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Understand the basic concept of audit evidence Explain the financial statement assertions Reference Text: Audit & Assurance Services in Malaysia- Chapter 4
Page 65
5.1 The Concept of audit evidence 5.1.1 Definition of audit evidence Audit evidences are information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. It is any information used by the auditor to determine whether the information being audited is stated in accordance with the established criteria. The concept of audit evidence is influenced by: The nature of audit evidence The appropriateness of audit evidence The sufficiency of audit evidence The evaluation of audit evidence.
5.1.2 ISA 500 Audit Evidence requires auditors to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. Sufficiency means adequacy in term of quantity of evidence. Appropriateness means the quality or reliability of audit evidence.
5.1.3 Factors which will influence the auditors judgement concerning the sufficiency of audit evidence obtained. Factor 1- Assessment of inherent risk As inherent risk increases, then more audit evidence will be required to reduce detection risk. Factor 2- Materiality of the item An increase in materiality means that more audit evidence will be required to ensure that no material error has occurred. Factor 3- Nature of the accounting and control systems Where the accounting and control systems are poor, then more audit evidence is necessary as less reliance can be placed on those systems.
Factor 4- Control risk Determine the extent to which the directors have implemented a sound system of internal control; poor internal controls increase control risk, decreasing reliance that can be placed on those controls. Factor 5- Experience from previous audits Good experience from previous audits will decrease the amount of evidence required as the auditor can place reliance on previous review of clients systems. Factor 6- Result of audit procedures Where the results of different audit procedures agree with each other, then overall less evidence is needed overall the evidence is more persuasive; however, where results are in conflict then more evidence is required. Factor 7- Quality of information available Some sources of audit evidence are more reliable than others meaning, less evidence is needed when relying on those sources. For example; documentary evidence is more reliable than oral evidence. 5.1.4 Four determinants/characteristics of the persuasiveness of evidence. (Or appropriateness of audit evidence) 1) Relevance. Evidence must pertain to the audit objective that the auditor is testing before it can be persuasive. If the auditor relies on evidence that is unrelated to the audit objective, he may reach an incorrect conclusion about a management assertion. 2) Reliability. Reliability is concerned with worthy of trust. The degree of reliability depends on the following factors: Evidence is reliable if the sources are independent such as external third partys evidence or confirmation- e.g. bank confirmation letter/receivables confirmation letter is more reliable than internal sources such as bank reconciliation statement/sales invoices. Evidences collected by auditors themselves are more reliable than clients internally generated reports e.g. auditors perform their own bank reconciliation.
Strong internal control system will produce more reliable evidence. Qualified experts and skilful professionals are able to produce more reliable evidence than unskilful parties- e.g. qualified engineers advice is more reliable than non-qualified engineers. Objective evidence is better than subjective judgement. Written documentation is more reliable than oral ones. Original document is more reliable than photocopied ones. 3) Sufficiency of the evidence- sufficiency is referring to quantity of evidence. 4) Timeliness. The timeliness of audit evidence can refer either to when it is accumulated or to the period covered by the audit. Audit evidence is usually persuasive rather than convincing for two reasons. First, since an audit must be completed in a reasonable amount of time and at a reasonable cost, the auditor examines only a sample of the transactions that compose the class of transactions or account balance. Second, due to the nature of evidence, auditors must often rely on evidence that is not perfectly reliable. The types of audit evidence examined by the auditor have different degrees of reliability, and even highly reliable evidence has weaknesses. Therefore, the evidence obtained by the auditor seldom provides absolutely convincing evidence about a financial statement assertion. 5.1.5 Three ways/sources of gathering audit evidence: 1. ................... generated evidences- They are generated inside the company itself such as purchase orders, payment vouchers, good received notes etc. Internal generated evidences are less reliable. 2. ................... generated evidences- They are generated outside the company such as third party confirmation, purchase invoices of suppliers. Reliability of external evidence is higher. 3. ..................... generated evidences- They are generated by auditors themselves such as auditors re-performing calculation on depreciation. Auditors collection of evidences is more reliable compared to clients generated evidence.
5.1.6 Procedures to obtain audit evidence
Page 68
Audit evidence can be obtained by Analytical Procedures, Enquiry, Inspection, Observation, Computation & re-performance and Confirmation (A.E.I.O.U + C) Procedures Analytical procedures (A) Explanation -This is the analysis of significant ratios and trends such as evaluating and comparing financial and non- financial data for relationship that is inconsistent with other information. For example, comparing total gross salary against number of employees. Enquiry (E) -This involves seeking information from Existence clients staff or external sources. Strength of Occurrence evidence depends on the knowledge and Accuracy integrity of source of information. Normally, inquiry will support corroborative evidence. For example, auditors enquire the management on the obsolete, slow moving stock which has lower value. Physical inspection assets (I) -Inspection of assets that are recorded in the Existence, of accounting records is to confirm the valuation, existence, give evidence of valuation, but completeness does not confirm the right & obligation. -Conformation that assets seen are recorded in accounting records gives evidence of completeness For example, counting cash in hand, counting stock quantity, inspecting the condition of assets. Inspection of -Inspection of documentation is to confirm Existence documentation an asset exists or a transaction occurred. Occurrence (I) Completeness -Confirmation that items recorded in Cut off supporting documentation are recorded in Valuation accounting records tests completeness. Right & Obligation
Assertion Completeness Occurrence Existence Classification
Procedures
Explanation -Cut-off can be verified by checking transactions recorded after Statement of Financial Position date to supporting document to confirm they occurred after the Statement of Financial Position date. -Inspection of documentation provides evidence of valuation/measurement, rights and obligations and nature of items. It can also be used to compare documents and confirm authorisation. For example, inspecting the land title to ascertain the ownership.
Assertion
Observation (O)
-Just watching how a procedure being Completeness performed. Observation can just confirm Classification that the procedure took place. For example, auditor observed the segregation of duties between the person receiving payments from customers and the person recording those payments in the accounts receivable ledger.
CompUtation and reperformance (U)
-Computation involves checking arithmetic Accuracy accuracy such as cross casting, testing addition and subtraction. For example, compute the depreciation amount. -Re-performance involves auditor applying the clients procedures and check for accuracy. It is normally viewed as highly reliable because the auditors collect the evidence themselves.
Confirmation
-This involves seeking confirmation from Occurrence another source of details in clients Existence accounting records such as obtain bank Accuracy confirmation on the bank statement balance.
Page 70
Audit Opinion
Audit Evidence (Gathering evidence)
1. Risk Assessment Procedures P
2.
3.
Substantive Analytical Procedures
Examples- inspection, observation, enquiry etc
Examples- Verify original rd documents, 3 party confirmation
An overview of audit evidence gathered to form an audit opinion 5.1.7 Quality of evidence
High quality of evidence -Independent external evidence -Internal evidence with strong control system -Evidence obtained directly by auditor -Written document -Original document Low quality of evidence - Internally generated evidence - Internal evidence with poor control system - Evidence obtained indirectly by others - Oral - Photocopied document
Page 71
5. 2 Management Assertions (Financial Assertions) (EXAM FOCUS AREA) Management is responsible for the true and fair presentation of the financial statements. ASSERTIONS are expressed or implied representations by management in the financial statements. For example, when the Statement of Financial Position has an item of receivable of RM5 million, management asserts that the receivables actually exist and related transactions occurred. Thus, management assertions can be grouped into 3 categories: Category 1- Assertions about transactions and events for the period under audit. Category 2- Assertions about account balances at the period end. Category 3- Assertions about presentation and disclosure.
IMPORTANT! When you design audit tests/procedures for specific areas, you should focus on the management (financial) assertions.
1. Transactions & events 2. Account Balances 3. Presentation & Disclosure
1. Completeness 2. Accuracy 3. Cut off 4. Classification 5. Occurrence CACCO
1. Completeness 2. Obligation 3. Valuation & allocation 4. Existence 5. Rights COVER
1. Completeness 2. Classification & understandability 2. Occurrence & right 3. Valuation & Accuracy 5. Rights CCOVR
Page 72
Remember this: A.C.C.A. C.O.V.E.R. for management assertions 1. Accuracy- amounts and other data relating to recorded transactions have been recorded precisely. 2. Completeness- all transaction/disclosure that have been recorded/ disclosed. 3. Cut off- transactions have been recorded in the correct accounting period 4. Allocation-A transaction or event is recorded at the proper amount and revenue or expense is allocated to the proper period. 5. Classification/understandability- transactions have been recorded in the proper account. Understandability means the financial information is appropriately presented and described and disclosed clearly. 6. Occurrence- transactions and events that have been recorded actually occurred and relate to the entity. 7. Valuation- assets, liabilities and equity are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. 8. Existence- assets, liabilities and equity interest do exist. 9. Rights and obligation-the entity holds or controls the rights to assets. Liabilities are the obligation of the entity. 5.3 Audit Objectives 5.3.1 In obtaining evidence to support the assertions contained in the financial statements, auditor develops specific audit objectives that relate to each management assertion. 5.3.2 Audit objectives test the category (transactions, account balances & disclosure) of each management assertions. 5.3.3 Some audit objectives and their related assertions are more important than others. For example, audit objective to test assets will be on its validity; while, a test of a liabilities will place more emphasis on completeness.
Page 73
5.3.4 Relationship between management assertions and their related audit objectives Management Assertions Existence Rights and obligations Occurrence Completeness Valuation Presentation and disclosure Audit Objectives Validity Ownership Validity Completeness and cut off Accuracy Classification and disclosure
The relationship between the management assertion of existence and audit objective is to verify the validity of the transactions in the financial statements by performing a physical inspection on the assets. The relationship between the management assertion of right and obligation and audit objective is to verify the ownership of the assets/liabilities in the financial statements by inspecting the title deed of the assets or agreement. The relationship between the management assertion of occurrence and audit objective is to verify the validity of the transactions in the financial statements. The relationship between the management assertion of completeness and audit objective is to verify the completeness and proper cut off of the transactions, assets and liabilities in the financial statements. The relationship between the management assertion of valuation and audit objective is to verify the accuracy of the amount of transactions, assets and liabilities in the financial statements. The relationship between the management assertion of presentation and disclosure and audit objective is to verify the proper classification and disclosure of the transactions, assets and liabilities in the financial statements.
Page 74
5.3.6 The following are the discussion of audit objectives Validity. It relates to the existence or occurrence assertion and is concerned with whether the transactions included in the financial statements are valid or in existence. The auditors main concern is that the account balances are not overstated. Ownership. It addresses whether the assets and liabilities belong to the entity and relates directly to managements assertions about rights and obligations. If the entity does not have rights to an asset or liability, it should not be included in the financial statements. Completeness. It relates to the management assertion of completeness and address whether all transactions are included in the accounts. Cut-off. It relates to the completeness assertion and is concerned with the transactions included in the account are recorded in the proper accounting period. Accuracy. It relates to the valuation or allocation assertion and addresses proper accumulation of transactions and amounts. Classification. It relates to the presentation and disclosure assertion. It is important that transactions be included in the correct account and that accounts be properly presented in the financial statements. Disclosure. It relates directly to the presentation and disclosure assertion and is concerned with that all financial statement disclosures are made in accordance with approved accounting standards and regulations.
Page 75
5.4 The relationship of audit evidence to the audit report
Financial Statements
Audit report
Management assertions about components of financial statements
Audit procedures
Evidences on the true and fair view of financial statements
An overview of the relationships between the financial statements, management assertions, audit procedures and the audit report In order to form an opinion whether the financial statements prepared show true and fair view, auditors need to carry out audit procedures to obtain evidences. These evidences would support the audit opinion. The audit procedures designed by auditors are derived from management assertions. The audit opinion expressed in the audit report is to provide reasonable assurance that the financial statements are free from material misstatement.
5.4.1 Relationship of the types of evidence to audit objectives Audit Objectives

Type of evidence Analytical Procedures Enquiry Inspection physical assets Validity Complete -ness Cut off Ownership Accuracy Valuation Classification Disclosure
Page 76
Type of evidence Inspectiondocumentatio n Observation Computation Reperforman ce Confirmation
Validity
Complete -ness
Cut off
Ownership
Accuracy
Valuation
Classification
Disclosure
5.5Management Representation (Letter of Representation) 5.5.1 ISA 580 Written Representations requires auditors to obtain written confirmation of appropriate representations before the audit report is issued, when other sufficient appropriate audit evidence cannot reasonably be expected to exist.
5.5.2 The purposes of Management Representation are: To allow directors to acknowledge their responsibilities for FS To confirm matter material to financial statements where representation is the audit evidence. Used as audit evidence when other audit evidence is expected to be not available Requirement of ISA580 to obtain management representation Acknowledges representations previously made verbally by management Minimises the misunderstandings between management and auditor Reasonable assurance about effective working of internal control system
Page 77
CHAPTER 6 AUDIT PROCEDURES ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Explain the audit objectives and audit procedures Describe the types of audit tests. Reference Text: Audit & Assurance Services in Malaysia- Chapter 4
Page 78
6.1 Audit Procedures 6.1.1 Audit procedures are specific actions performed by the auditor to gather evidence to draw conclusions on which to base the audit opinion. Audit procedures can be grouped under the following 3 main categories: 1. Risk assessment procedures. 2. Tests of controls. 3. Substantive procedures.
Audit Opinion
Audit Evidence (Gathering evidence)
1. P
2.
3.
Tests of details
Substantive Analytical Procedures
Examples- inspection, observation, enquiry etc
Examples- Verify original rd documents, 3 party confirmation
An overview of audit evidence gathered to form an audit opinion
Page 79
6.1.2 Risk Assessment Procedures ISA 315 Understanding an Entity and Its Environment requires the auditor to perform risk assessment procedures and obtain an understanding of the entity and its environment including its internal control in order to assess the risks of material misstatement at the financial statement and assertion level. The auditors always perform risk assessment procedures to obtain understanding of the entity and its environment. By performing these procedures, auditors are able to assess the risk of material misstatement at the financial statement and assertion levels. Examples of risk assessment procedures are inspection of records/documents, examination of physical assets, observation, inquiries, confirmation and others. 6.1.3 Tests of Control (TOC) TOC are performed to obtain audit evidence about the suitability of design and effectiveness of operation of the accounting and internal control systems in the organisation. They are based on the auditors understanding of the entitys internal control. The auditor may perform tests of controls to test the operating effectiveness of controls in preventing or detecting and correcting material misstatements at the assertion level. TOC consist of procedures directed toward testing the operating effectiveness of controls to prevent, detect or correct material misstatement. TOC include obtaining audit evidence about how controls were applied, the consistency with which they were applied, and by whom or by what means they were applied. The auditor can use the following procedures to test the control system: i. Inquiries of appropriate management, supervisor and staff personnel.
Page 80
ii. iii. iv. v.
Inspection of documents, reports and electronic files Observation of the application of specific control. Walkthroughs, which involve tracing a transaction from its original source to its inclusion in the financial statements. Re-performance of the application of the control by the auditors.
After performing the tests of control, if the control risk is LOW (it means the control system is very good), then auditor will perform LESS substantive procedures because the auditor can rely on the internal control system. Conversely, if the control risk is ..........., the auditor has to perform ............. substantive procedures to collect more evidences because they cannot rely on the internal control system. 6.1.4 Substantive Procedures A substantive procedure is a procedure designed to test for misstatements in a transaction class, account balance and disclosure components that directly affect the financial statements. Substantive procedures include detailed testing on account balance and transaction, disclosure and analytical procedures. Based on the assessed risk of material misstatement, the auditor performs substantive procedures to detect material misstatement at the assertion level. Under substantive procedures, there are 2 categories of substantive procedures:i. Tests of details of class of transactions, account balances and disclosure. These procedures are testing individual transaction for fraud or errors. For example, auditor may verify a large purchase invoices (one by one checking) to collect evidence about the occurrence, completeness and accuracy assertions. Substantive analytical procedures (AP). AP can be used as substantive procedures at the assertion level by comparison of recorded value with the expectations developed by the auditor
ii.
Page 81
6.2 Types of audit procedures The following are the different types of audit procedures: i. Documentation or records inspection: It involves examination of documentary evidence both internal and external sources such as examine the sales invoices a few days before the year end.
Source documents
Ledger or journal
Tracing refers to first select a transaction and then follow it to the journal or ledger. The direction is from source documents to ledger or journals. Testing this direction ensures that the transactions are completely recorded in the accounting records. For example, auditor selects a sample of shipping documents and traces to the sales invoices and to the sales journals. Then, auditor would have an evidence of completeness of sales.
Vouching refers to first select an item from ledger or journals and then examining back the original source documents. The direction is from ledger / journals to source documents. This direction testing is to ensure the transaction is actually occurred or valid. For example, auditor select a sales transaction in sales ledger to vouch to customer sales order to ensure a genuine sales transaction.
ii.
Physical assets inspection: It is conducted by inspecting the condition or counting the tangible assets such as physical count of year end stock, cash count, inspecting plant and machinery, examining share certificates and so on. Physical inspection provides a highly reliable type of evidence. It satisfies the assertion of existence and condition of assets. However, physical inspection on assets cannot satisfy the right and obligations assertion.
Page 82
iii.
Observation: by looking at the process or activity that leaves no audit trial such as observation of segregation of duties in the accounts department. For example, observing how staff personnel carry out the procedures. Observation does not provide very reliable audit evidence and normally require additional corroborating evidence to support it.
iv.
Enquiries: Seeking information of knowledgeable persons inside or outside the company such as legal advice from a lawyer. Inquiry alone does not provide sufficient audit evidence and the auditor will gather additional corroborative evidence to support the response. In conducting inquiry, the auditor should: Consider the knowledge, objectivity, experience, responsibility and qualification of the person to be questioned. Ask clear, concise and relevant questions. Use open or closed questions appropriately. Listen actively and effectively. Consider the reactions and responses and ask follow up questions. Evaluate the response. Confirmation: Obtain a written representation from an independent party to justify the clients information such as obtain a bank confirmation for bank balance and receivable confirmation from customers. The reliability of confirmation depends of the following factors: Written or oral confirmation. Past experience with the entity The nature of the information being confirmed. The person /party giving the confirmation. Scanning: Scanning is the review of accounting data to identify significant or unusual items. It can be performed either manually or using computer.
v.
vi.
Page 83
vii.
Computation: It consists of checking the mathematic accuracy of source documents and accounting records such as casting the depreciation calculation.
viii.
Re-performance: Re-perform the procedures or controls that were part of the entitys internal control system such as re -perform the bank reconciliation. Analytical procedure: Conduct a study of comparison and relationships among both financial and non-financial information such as compare actual capital expenditure with the budget.
ix.
6.3 Relationship of audit procedures to assertions 6.3.1 Audit programme is a set of audit procedures prepared to verify assertions for a component of the financial statements. Audit programme will be designed to meet the assertions. The following is an example of audit procedures for account receivable to meet the various assertions.
Management assertions about the Audit procedures accounts receivables component of receivable the financial statements Existence Rights and obligations
for
account
Confirm accounts receivable Inquire of management receivables have been sold.
whether
Completeness
Agree total of accounts receivable subsidiary ledger to accounts receivable control account. Test the adequacy of the allowance for doubtful debts. Examine listing of accounts receivable for amounts due from related parties.
Valuation or allocation
Presentation and disclosure
Page 84
6.4 Reliability of the types of audit procedures 6.4.1 Hierarchy of the reliability of evidence from audit procedures. Level of reliability High Type of procedures Physical examination Computation Documentation inspection Confirmation Analytical procedures Inquiries of /management Observation clients personnel
Medium
Low
6.4.2 Physical examination and computation are generally considered as high reliability because the auditor has direct knowledge about them, 6.4.3 Inspection of documentation, confirmation and analytical procedures are generally considered to be medium reliability. 6.4.4 Inquiries of clients personnel or management and observation provide generally low reliability because both require further corroboration evidence to verify.
6.5 Analytical procedures (AP) 6.5.1 Definition of Analytical Procedures ISA 520 Analytical Procedures defines AP as evaluations of financial information made by a study of plausible relationship among both financial and non-financial data. The important concept of AP is the comparison of figures. 6.5.2 Analytical procedures include the consideration of comparisons with, for example, the following: a. Comparison of current year financial information with comparable prior period by calculating ratio analysis, trend analysis.
Page 85
b. Comparison of current year financial information with budgets, projections and forecasts. c. Predictive estimate prepared by the auditors, such as an estimation of the depreciation charge for the year. d. Comparison of companys results to the industrial standards. e. Comparison between financial information against non-financial information. 6.5.2 Purposes of AP- Analytical procedures are used by the auditor: a. To assist in planning the nature, timing and extent of other audit procedures. It is also known as PRELIMINARY Analytical Procedures. (BEFORE AUDITING) b. As substantive procedures when their use can be more effective and efficient than other procedures in reducing detection risk for specific financial statement assertions. It is also known as SUBSTANTIVE Analytical Procedures. (DURING AUDITING) c. As part of the overall review of financial statements when completing the audit. It is also known as FINAL Analytical Procedures or Analytical Review Procedures. (AFTER AUDITING). The objective of AP at the overall review stage of an audit is to assist the auditor in assessing the conclusions reached and evaluating the overall financial statement presentation. This requires reviewing the trial balance, financial statements, explanatory notes in order to: Judge the adequacy of the evidence gathered to support any unusual balances during the audit. Determine if any other unusual balances or relationships have not been investigated.
Page 86
6.5.3 Selected financial ratios that normally used as AP 1. Current ratio 2. Quick ratio 3. Days outstanding in accounts receivable 4. Inventory turnover 5. Days of inventory on hand 6. Gross profit percentage 7. Profit margin 8. Return on equity 9. Debt to equity 10. Time interest earned
Page 87
CHAPTER 7 AUDIT RISK AND MATERIALITY ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Understand the concept of audit risk. Learn the form and components of the audit risk model. Understand how to use the audit risk model in a risk based approach. Understand the audit risk assessment procedures. Understand the concept of materiality and steps in applying materiality.
Page 88
7.1 Audit Risk 7.1.1 An auditors face two major types of risk: 1. Audit risk. This is the risk that the auditors express an inappropriate (wrong) audit opinion when the financial statements are materially misstated. In other words, audit risk is the risk that auditor will issue an unqualified opinion when the financial statements contain material misstatement. 2. Auditors business risk. This is the auditors exposure to loss or injury to his professional practice from litigation, adverse publicity or other events arising in connection with financial statements audited and reported on. For example, an auditor may conduct an audit in accordance with established auditing standards and still be sued by the client or third party. Although the auditor has complied with professional standards and may ultimately win the lawsuit, his professional reputation may be damaged in the process by the negative publicity. Auditors business risk cannot be eliminated completely but it can be reduced by exercising quality controls of the audit works or by avoiding engagement of client that lacks integrity or is in the financial difficulty. 7.1.2 The audit risk model. The auditor should use professional judgement to assess audit risk and to design audit procedures to ensure it is reduced or restricted to acceptable low level. 7.1.3 The auditors consider risks of material misstatement at 2 levels:1. The overall financial statement level. Risk at this level frequently relates to an entitys control environment. The auditors response to address such risks may include the use of more experienced audit staff, use of experts to minimize the risk. 2. The assertion level for individual account balances and classes of transactions. [ Assertions mean expressed or implied representations by management or a responsible party in an accountability relationship that pertain to economic actions and events ].At this level, risk consideration directly assists the auditor in determining the scope of auditing procedures or a particular account balance or class of transactions, ie.
Page 89
Determine whether the use of more tests of control or substantive procedures is appropriate to address the risk. 7.1.4 Audit risk model can be expressed as the following: (EXAM FOCUS POINT) AR = IR x CR x DR where AR = Audit risk IR = Inherent risk CR = Control risk DR = Detection risk
A U D IT R ISK = + D R ISK O FM A TER IAL M ISST A TEM EN T ETEC TIO NR ISK .... .... .... .... .... .... .... .... .... .... .... .... .... .... ........ .... .... .... .... . ....
Inherent risk C ontrol risk C O M P AN Y
D etection risk
FIN AN C IAL ST A TEM EN TS
Audit risk (AR) is the risk that the auditor may fail to modify the opinion when the financial statements contain material misstatement. Inherent risk (IR) is the susceptibility of an assertion to material misstatement in the financial statements in the absence of internal controls. It is a native risk that cannot be eliminated. This risk will be affected by such items as how much the company is subject to market forces, the cash situation of the company, the trading history of the company, and the nature and incidence of unusual transactions. Inventory, for example, is more inherently risky than cash items because there is greater scope for manipulation and error. A construction company is more risky than a food retailer because construction company is subject to volatility of economic situation. External factors such as political, economic, social, technological, competitive factors can influence inherent risks.
...
A U D IT O R S
Page 90
Control risk (CR) is the risk that material misstatements will not be prevented, detected and corrected on a timely basis by an entitys internal control. This risk will be affected by such factors as control environment in the company including policies and procedures applied in particular areas. When the control risk is assessed as high, auditor can use the following strategies to reduce it: Use substantive testing strategy. Not to use test of control Carry out extensive substantive procedures.
Detection risk (DR) is the risk that the auditors procedures will not detect a material misstatement that exists in an account balance or class of transactions. Detection risk is a function of the effectiveness of auditing procedures and their application by the auditor. Detection risk made up by two sources of risks- sampling risk and non sampling risk. - Sampling risk is the risk that auditors procedures select the wrong sample which is not representative of the population and as a result auditor draws an inappropriate conclusion. - Non sampling risk is the risk that auditor may use inappropriate audit procedures, and fail to detect a misstatement when applying audit procedures or misinterpret an audit result. 7.1.6 Relationship among inherent risk, control risk and detection risk. Detection risk has an inverse relationship to the risk of material misstatement arising from inherent risk and control risk. The higher the risk of material misstatement, the lower the acceptable detection risk. For example, if an entitys inherent risk and control risk are high, the auditor sets a lower level of detection risk in order to meet the planned level of audit risk.
Page 91
AR = IR x CR x DR
DR =
_____AR____ IR x CR
Example 1 2 3
AR Very low Low Moderate
IR High Low High
CR High High Low
DR Low Moderate Moderate
7.2 The auditors risk assessment procedures 7.2.1 ISA 315 Understanding the entity and its environment and assessing the risks of material misstatement provide guidance to auditors on understanding of the firm business and its environment. The auditor should obtain an understanding of the entity and environment including internal control, sufficient to identify and assess the risks of material misstatement of the financial statements and sufficient to design and perform audit procedures.
7.2.2 The auditors understanding of the entity and its environment consists of an understanding of the following aspects: (a) Industry, regulatory, and other external factors, including the applicable financial reporting framework. (b) Nature of the entity, including the entitys selection and application of accounting policies. (c) Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements.
Page 92
(d) Measurement and review of the entitys financial performance. (e) Internal control systems. 7.2.3 Risk Assessment Procedures The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control: (a) Inquiries of management and others within the entity; (b) Analytical procedures; and (c) Observation and inspection. 7.2.4 Assessing the Risks of Material Misstatement The auditor should identify and assess the risks of material misstatement at the financial statement level, and at the assertion level for classes of transactions, account balances, and disclosures. For this purpose, the auditor: - Identifies risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements; - Relates the identified risks to what can go wrong at the assertion level; - Considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements; - Considers the likelihood that the risks could result in a material misstatement of the financial statements.
Page 93
7.2.5 Auditors response to the results of the risk assessment In the response to the results of the risk assessment, auditor will: Firstly, determine the overall responses to address the risks of material misstatement at the financial statement level-i.e. assessment of control environment. Secondly, the auditor has to consider how to respond to the risks of misstatement at the assertion level- i.e. the nature, timing and extent of the audit procedures. Nature of audit procedures refers to ..................... (e.g. tests of control or substantive procedures) and ...............(e.g. inspection, observation, confirmation, analytical procedures). If the risk of misstatement is considered as high, auditor will perform detailed substantive procedures to obtain more evidence. Extent of audit procedures refers to the ...................or ....................... of a specific audit procedure. If the risk of misstatement is high, the auditor will increase the extent of audit procedure such as increasing the size of sample. Timing refers to ...............audit procedures are performed or the period or date to which the audit evidence applies. Audit can be conducted at an interim period or year end. If the risk of misstatement is high, auditor will plan for unpredictable times of checking. 7.3 Materiality 7.3.1 Materiality can be defined in the following terms: Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. 7.3.2 Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement. Thus, materiality provides a threshold or cut off point rather than being primary qualitative characteristic which information must have if it is to be useful.
Page 94
7.3.3 An item is material if it affects the truth and fairness of the financial statement as a whole. But, truth and fairness is a matter of opinion (judgement). Therefore, an item is judged to be material if it is of sufficient size and/ or importance that its disclosure or non- disclosure is likely to affect or influence the opinions/ judgement of users of the financial statements. 7.3.4 ISA 320 Audit Materiality states that the assessment of what is material is a matter of professional judgement. Materiality can be expressed in both qualitative and quantitative aspects.
7.3.5 Factors affecting judgement of materiality: a. Materiality is a ..................... rather than an absolute concept. A misstatement of an amount might be material for a small company but immaterial for a large company. For example, a total of misstatement of RM500,000-00 would be material for a small company but it would be immaterial for a large company. Hence, it is not possible to set a specific Ringgit-value guideline for all the audit client- i.e. different client has different materiality level. b. Bases are needed for evaluating materiality. Since materiality is a judgemental matter, it is necessary to have bases for setting the materiality level. Normally, auditor uses the following quantitative bases to set materiality: Total assets Total revenues Net income before tax Equity (e.g. 0.5% x total assets) (e.g. 0.5% x total revenue) (e.g. 5% x net income before tax) (e.g. 1% of equity)
Example: Statement of Financial Position Assets Liabilities Equity $10,000,000 $7,000,000 $3,000,000 $10,000,000
Statement of Comprehensive Income

Revenue COS GP Indirect expenses Net Income before tax Income tax Net Income after tax
$14,000,000 ($12,000,000) $2,000,000 ($1,200,000) $800,000 ($300,000) $500,000
So, the materiality level for each item (used as base) is Net income before tax: Total assets: Revenue: Equity: c. Qualitative factors also affect materiality. Certain types of misstatements are likely to be more important to users than others, even if the amounts are the same. For example: Amounts involving fraud are usually considered more important than unintentional errors even though both are the same amounts, because fraud reflects on the honesty and reliability of management or personnel involved. Misstatements can be material as a result of not meeting the contractual obligations. For example, illegal payment (i.e. under table money) may be immaterial (small amount of money) to the financial statements, but once the disclosure of such illegal act to the public it may result huge loss. Thus, it is said to be material. The auditors need to consider both the quantity (amount) and the quality (nature) of the misstatement. For example, a qualitative misstatement would be the inadequate or improper description of an accounting policy which is likely to mislead the users. If a small amount of error repeated, it can cumulate to become material effect. For example, a small error in a month end procedures, can cumulatively have a material effect, if repeated.
Page 96
7.3.6 Steps in applying materiality on an audit.

Establish a preliminary judgement about materiality
Step 1
Step 2
Determine Tolerable Misstatement
Step 3
Estimate likely misstatements and compare totals to the preliminary judgement about materiality
Step 1- Establish a preliminary judgement about materiality The preliminary judgement about materiality is the maximum amount by which auditor believes the financial statements could be misstated and still not affect the decisions of reasonable users. In designing the audit plan, the auditor establishes an acceptable materiality level so as to detect quantitatively material misstatements. By quantifying the estimate about materiality, the audit team is able to plan the scope of audit and evaluate the results of the audit procedures. In the planning materiality, auditor should concern about the qualitative factors that may affect establishing and evaluating materiality such as the following factors: Material misstatements in prior years. Potential for fraud or illegal acts. Violation of covenants in a loan agreement. Trend in earning. Miss forecasted revenue or earning.
Page 97
Materiality may be increased based on favourable qualitative factors as mentioned above, such as no material misstatement in the previous years, no fraud or breach of laws or regulations, no violation of covenants in a loan agreement, increasing in earnings and meeting the forecasted revenue. Materiality will be lowered if unfavourable qualitative factors exist such as many misstatements in the previous years, high potential of fraud case, violation of loan covenant, decreasing trends in earnings and failure to meet the forecasted results. Step 2- Determine tolerable misstatement or tolerable error (TE) Tolerable misstatement or tolerable error is the amount of planning materiality that is allocated to an account balance or class of transactions. Some common tolerable misstatement or tolerable error is 2%- 15% of the account or 50%-75% of planning materiality. TE must be less than materiality amount. For example Planning Materiality of revenue = 0.5% x $14,000,000 (revenue) = $70,000 Tolerable error = $70,000 (planning materiality) x 50% = $35,000-00
Account balance represents an individual line of item such as accounts receivables. A class of transactions refers to a type of transactions processed by the clients accounting system such as purchase or revenue transactions. The purpose of allocating a portion of the preliminary judgement about materiality is to plan the scope of audit procedures for the individual account balance or class of transactions.
For example, if a small amount of materiality were allocated to a specific account, such as receivable, more evidence would be gathered. If a larger amount of materiality were allocated, then less evidence would be gathered.
Page 98
Summary:
Small Materiality,
More Evidence
Example A Materiality Level
Example B Materiality Level Material High Material RM35k TE RM70k (High ML)
Immaterial Low RM1k (Low ML) Immaterial
In allocating materiality, the auditor should consider the following factors: The magnitude (degree) of the account relative to the financial statements; The expectation of error The relative cost to audit the account balance or class of transactions.
Step 3- Estimate likely misstatements and compare totals to the preliminary judgement about materiality Step 3 is done near the end of the audit, when the auditor review all the evidence that has been gathered. In this step, based on the results of the audit procedures conducted, the auditor aggregates misstatements from each account or class of transactions. Auditor compares this aggregate misstatement to the preliminary judgement about
materiality established in step 1 and may revise the planning materiality, if necessary. If the misstatements are less than the preliminary judgement about materiality, the auditor can conclude that the financial statements are true and fair. If the misstatements are greater than the planned judgement about materiality, the auditor will ask the client to adjust the financial statements. If the client refuses to correct the financial statements, the auditor should issue a qualified or an adverse opinion because the financial statements do not present a true and fair view. 7.3.7 Roles of materiality concept i. In the audit planning, auditor needs to set preliminary materiality level, plan audit procedures to detect misstatement that is above materiality level. ii. During the auditing process, auditor will carry out audit procedures as planned, focus on transactions above material level. Auditor will revise materiality level and carry out additional audit procedure, if necessary. iii. At the final audit, auditor will evaluate the impact of misstatement on the true and fairness of financial statements and consider the appropriateness of the audit report to be issued. 7.3.8 Significance of the concept of materiality to the auditor. a. The concept of materiality is extremely important to the auditor because: - It assists the auditor to determine whether true and fair view has been distorted. - It indicates the amount of audit work should be done on a specific area. - It enables the auditors to restrict the scope of audit work, and hence to make the most efficient use of time and staff and also avoiding unnecessary testing of those immaterial items. b. Materiality is an important consideration in deciding the appropriate type of audit report given in different circumstances.
Page 100
c. Without setting a materiality level, auditors have to find all the misstatements which are impossible. By nature of audit, auditors are responsible for obtaining reasonable assurance that this materiality threshold has been satisfied. d. However the use of predetermined materiality level has some drawbacks such as: The choice of materiality is subjective- there is nothing to decide what figure is appropriate in any given case. The use of a materiality level implies errors below a certain size may not be detected by the auditors work. Individual immaterial errors may in total become material misstatement.
7.3.9 Relationship between materiality and audit risk. The relationship between materiality and audit risk is inverse. The higher the materiality level, the lower the audit risk and vice versa. If the auditor determines that the acceptable materiality level is lower, audit risk is higher. The auditor would have to compensate this by either: a. Reducing the level of assessed control risk b. Reducing the detection risk by modifying the nature, timing and extent of substantive procedures (ISA320 requirement). High AR, low material level, thus auditor needs to .................. the volume of checking Low AR, high material level, thus auditor ..................... the volume of checking
Audit Risk Level
Page 101
High
Low Low Materiality High
CHAPTER 8 AUDIT PLANNING AND CONTROL ________________________________________________________________ Lesson Learning Outcomes When you have completed this lesson you will be able to: Understand the pre engagement planning The content and purpose of engagement letter Understand the flow of audit planning Documentation of working papers and files.
Page 102
8.1 The Process of Auditing

1. Engagement letter 2. Planning 3. Ascertainment of system 4. Testing transactions
9. Auditor reelected at AGM
5. Verifying assets & liabilities
8. Signing audit report
7. Obtain management representation
6. Review of financial statement
Step 1
Process Description Engagement letter Every auditor should send his client an engagement letter which sets out the auditors duties and responsibilities before commencement of audit work. If the client requires other services, the scope of these services should be set out clearly. Planning The auditor must plan and control the audit work if the audit work is to be done to a high standard of skill and care.
Ascertainment of An auditor must enquire information and ascertain system the clients system of accounting and internal control system in order to understand the effectiveness and reliability of the system. Testing transactions The auditor should test the controls if he intends to rely on them and he must test the records in order to obtain evidence that they are reliable basis for the preparation of accounts.
Verifying assets The auditor must verify the figure appearing in the and liabilities financial statements.
Page 103
Step 6
Process Review of financial statements Obtaining management representation Signing audit report
Description The auditor reviews the financial statement to see if overall they appear sensible. The auditor asks the management to formally confirm the correctness of the financial statements. The auditor signs the audit report once the directors have approved the accounts. Audited accounts are laid before the members at the companys AGM.
Auditor re-elected The end of AGM signifies the end of the auditors at AGM term of office. The members of the company may decide by a majority to re-elect the auditor if he wishes to continue to act for the company.
8.2 Preliminary Engagement Activities

Preliminary engagement activities
Obtain understanding of the entity
Establish materiality & assess risks
Planning: Set overall audit strategy & develop audit plan
Phases of an audit that relate to audit planning Preliminary engagement activities help the auditor to consider events or circumstances that may adversely affect the auditors ability to plan and perform the audit engagement to reduce audit risk to an acceptable low level.
Page 104
8.2.1 Issues to consider before accepting an engagement a. Qualification to act as an auditor. Determine if the auditors are independent of the client and able to provide the desired service. b. Technical competence. Determine whether the auditors have the necessary expertise, technical skills and knowledge of the industry to carry out an effective audit especially if the client business is in a specialised industry. c. Resources available. Auditors should determine whether they have resources (e.g. audit staff, audit techniques) to perform the audit work and complete the audit engagement within the deadline. d. Ethical matters. Auditors should determine if they accept the client would violate any applicable regulations and standards or face any ethical threats to the independence of the auditor. e. Risk assessment. Auditors should consider if they accept the client and the risk associated to the client would pose a significant danger to the auditors reputation. When auditors assess the risk, they need to consider the following: The viability and stability of the clients business The character and involvement of management The effectiveness of accounting system and internal control system The application of accounting standards and policies Whether is there any unusual item or going concern problem faced by the client
f. Replacement of previous auditors. If this is the first year audit, auditors should consider the reasons for resignation of the previous auditor. Auditors should contact the previous auditor to find out is there any serious disagreement with directors over accounting matters. g. Procedures for obtaining information. When considering accepting appointment, auditors should obtain and review the available financial information (e.g. annual reports, interim management reports etc.) and inquire third parties (e.g. banks, solicitors) about any information concerning the integrity of the management.
Page 105
8.2.2 Upon acceptance of an appointment, a contract is entered into. Terms of the contract can be both implied or expressly agreed. Implied terms include: Preserving clients confidentiality Caring of clients books and documents Compliance of rules and laws affecting his appointment Expressed terms are set out in writing in the ................................ 8.2.3 Engagement Letter a. Engagement letter is a letter that formalises the contract between the auditor and the client and outlines the responsibilities of both parties. b. Purposes of engagement letter To clearly define the objective, scope of audit and the form of report To clearly define the extent of the auditors responsibilities To minimise the risk of misunderstandings between auditor and client To confirm acceptance by the auditor of his engagement To confirm acceptance by the auditor of his engagement To inform and educate the client on the limitation of the engagement
c. Procedures to issue engagement letter Discuss with the directors on the terms of engagement on or before acceptance of a new client. Draft and sign the letter before commencing any part of the assignment. Receive the clients written resolution on acceptance to confirm to engage the auditor. Review the engagement letter every year to make any change.
d. Major terms/contents of engagement letter The objective of the audit of financial statements. Managements responsibility for the financial statements. The scope of the audit, including reference to applicable legislation, regulations or professional standards. The form of reports. The inherent limitations of an audit and the risk that material misstatements may remain undiscovered. Unrestricted access to whatever records, documentation and other information requested in connection with the audit. The basis of calculation of audit fees.
e. Other terms that auditor may include in the engagement letter are: Arrangements regarding the planning of the audit. Expectation of receiving from management written confirmation concerning representations made in connection with the audit. Request for the client to confirm the terms of the engagement by acknowledging receipt of the engagement letter. Description of any other letters or reports the auditor expects to issue to the client. Basis on which fees are computed and any billing arrangements. Arrangements concerning the involvement of other auditors and experts in some aspects of the audit. Arrangements concerning the involvement of internal auditors and other client staff. Arrangements to be made with the predecessor auditor, if any, in the case of initial audit. Any restriction on the auditors liability when such possibility exists. A reference to any further agreements between the auditor and the client.
Page 107
8.2.4 Regular review of engagement letter a. Engagement letter should be regularly reviewed (usually on an annual basis) and be updated in response to the changes in the terms of engagement. b. Auditors should send a new engagement letter to client when: Any indication that the client misunderstands the objective and scope of the audit. Any revised or special terms of the engagement. A recent change of senior management, board of directors or ownership of company. A significant change in nature or size of the clients business. There is a legal requirement. 8.3 Overall Audit Strategy 8.3.1 The auditor should plan the audit work so that the audit will be performed in an effective manner. 8.3.2 Planning involves developing an overall audit strategy and an audit plan that detailed the nature, timing and extent of the planned audit procedures. 8.3.3 Objectives/ /advantages/importance/purposes of audit planning are: Establish the means of achieving the objectives of the audit. Direct and control the audit work by delegation and coordination of work Ensure the auditor focuses on high risk or important areas. Ensure the potential problem areas are identified such as material misstatement, control weaknesses. Ensure the audit work can be completed in time. Audit work is completed in efficient manner. To facilitate the direction, supervision and review of their work. 8.3.4 Overall audit strategy determines the scope, timing and direction of the audit, and guides the auditor in developing a more detailed plan. In developing the overall audit strategy, auditor should consider the following
Page 108
The results of preliminary engagement activity (i.e. preliminary risk assessment) and experience gained from other services provided. The reporting framework, reporting requirement and its objectives. The materiality level. The high risk areas where material misstatements do exist.
8.4 Planning Considerations 8.4.1 ISA 300 Planning an Audit of Financial Statements states that audit planning is a continual process. Planning must be completed before the commencement of detailed audit procedures. 8.4.2 Issues and considerations relevant to the audit planning process. a. Staffing requirements and use of experts. Auditors should determine the number and grade of audit staff to be allocated to each stage of the audit. More experience audit staff are required for high risk areas or involvement of experts on complex matters. In some cases, auditor may require the assistance of an expert (e.g. engineer/doctor/lawyer/valuer) in particular field of specialization. b. Considerations of materiality and risks When planning the audit, the auditor considers what would make the financial statements materially misstated. The auditors assessment of materiality helps to answer questions relating to nature of audit procedures. Auditor uses his knowledge about the entity and its environment as a basis for identifying and assessing the risks of material misstatements in the financial statements. Auditor should assess the inherent risks and control risks that affect the financial assertions. In evaluating the effect of information technology on the clients accounting systems, the auditor needs information on the following:
Page 109
The extent to which information technology is used in each significant accounting system. The complexity of the clients technology activities. The organisational structure of the information technology activities. The availability of data. The need for information technology assisted techniques to father data and conduct of audit procedures. c. Understand the applicable laws and regulations. The auditor should recognise that non-compliance of laws and regulations by the client entity may materially affect the financial statements and he should obtain a general understanding of the legal and regulatory framework applicable to the client entity. The auditor should primarily be concerned with the following laws and regulations: Legal provisions that determine the form and content of the clients financial statement. Laws and regulations that affect the continuing operation of the entity Non-compliance of which can result in financial losses. d. Identify related parties. The auditor should identify all related parties during the planning phase of the audit so that the auditor will be alert for related party transactions during the audit. The related parties are holding company, subsidiaries, associates, close family members, substantial shareholders, joint venture, major suppliers and buyers. e. Going concern issue. In the planning of audit, auditor should consider whether there are events or conditions and related business risks which may cast significant doubt on the entitys ability to continue as a going concern. f. Considering the internal audit function. Auditor should assess the effectiveness, competence and objectivity of internal audit function. The important criteria for this assessment are:
Organisation status of internal audit department. Internal auditor should report to audit committee, not finance director. Scope of function. The nature and extent of functions performed by internal auditors will affect the usefulness and relevance of their work to external audit objective. Technical competence such as skills and knowledge of internal auditor. Due professional care requires work to be properly planned, reviewed and documented by internal auditors. g. Review audit strategy with audit committee. The auditor should review the audit planning with audit committee. Audit committee is a subcommittee from the board of directors whose responsibilities are to assist the board of directors in meeting corporate governance practice. h. Additional value-added services. As part of the planning process, the auditor may look for opportunities to recommend additional value-added services such as risk assessment, business performance measurement, and electronic commerce.
8.5 Documenting Overall Audit Strategy and Audit Plan 8.5.1 The auditor should document the overall audit strategy and the audit plan including any significant changes to the strategy or audit plan made during the audit engagement. 8.5.2 The form and extent of documentation would depend on the size and complexity of the entity, materiality and the circumstances of the specific audit engagement. 8.5.3 An audit plan will set out the overall strategy while the detailed procedures will be given in the audit program. 8.5.4 An audit program consists of detailed instructions (detail audit procedures) that instruct the auditor to collect the evidence.
8.5.5 Advantages of using audit programs Provide a clear set of instructions on the work to be done. Provide clear record of the audit work carried out and by whom they were carried out. They facilitate the review of audit work by the audit manager/partner. Duplication of work can be avoided. Omission of important audit work can be avoided. 8.5.6 Disadvantages of using audit programs Audit may be too rigid and not able to tailor to different situation. Audit program may be outdated against the change in clients business. A standardised audit program limits the auditor from probing any matter concerning audit. Too standardised audit program may restrict the auditors innovation in performing audit. 8.6 The Audit Testing Hierarchy 8.6.1 Audit testing hierarchy starts with tests of controls and substantive analytical procedures (AP) before substantive tests of details. Auditor begins the audit with test the effectiveness of internal control. If the tests of control indicate that internal control system is strong, less substantive analytical procedures and substantive tests of details will be performed; and vice versa.
Tests of control Substantive Analytical Procedures Substantive tests of details
Page 112
8.6.2 An Assurance Bucker Analogy. Assurance bucker is a mixture of audit procedures and evidence. The assurance bucker must be filled with evidence to obtain the level of assurance to support the auditors opinion.
Min 95% Confidence

Remaining SUBSTANTIVE TESTS OF DETAILS
95%
Desired assurance
SUBSTANTIVE ANALAYTICAL PROCEDURES TESTS OF CONTROLS RISK ASSURANCE PROCEDURES
80%
50%
20%
Assurance Bucker 8.6.3 Auditor first begins with fill the bucker with evidence from the risk assessment procedures. After completing risk assessment procedures, the auditor will conduct tests of control, followed by substantive analytical procedures and finally substantive tests of details. If the evidence collected from tests of control is sufficient, then the auditor will reduce the volume of substantive analytical procedures and substantive detail testing. 8.7 Audit Documentation 8.7.1 Audit documentation is the auditors principal record of the work performed and the basis for the conclusions in the auditors report. Sometime, audit documentation is also described as working papers or audit files. Audit documentation can be prepared and stored in hard copy format or soft copy format in the computer.
Page 113
8.7.2 Audit documentation or working papers serve 2 functions/objectives:1. As sufficient and appropriate record of the basis for the auditors report; 2. As evidence that the audit was performed in accordance with ISAs and applicable legal and regulatory requirements.
8.7.3 The content of working papers is affected by: 1. Nature of engagement. 2. Form of the auditors report. 3. Nature and complexity of the business. 4. Nature and condition of the entitys accounting and internal control system. 5. Needs in the particular circumstances for directors, supervision and review of work performed by audit staff. 6. Specific audit methods and techniques used in the auditing. 8.7.4 Benefits that the auditors will obtain from working papers. 1. Working papers can help in the supervision of the audit work. The engagement partner needs to supervise the work delegated by him has been properly performed. Hence, by asking audit staff to produce detailed working papers, he is able to monitor the process of auditing. 2. Working papers will provide, for future reference details of audit problems encountered. 3. Working papers serve as evidence of work performed and conclusions drawn in order to form opinion. This can be invaluable sources of evidence in the litigation case where the Court orders the auditor to produce evidence. 4. Good working papers can help in planning and control the process of auditing.
Page 114
5. The preparation of working papers encourages the auditors to adopt a high quality of auditing. 8.7.5 Ownership and custody of working papers. The working papers are the auditors property and should maintain the confidentiality and safe custody. Confidential information concerning the client should not be released to a third party without getting consent from the client. If the client requests for the auditors working papers, auditor may at his discretion to release the extraction of the working papers. 8.7.6 Standardisation of working papers. Usually the working papers used are standardised such as standard referencing, sequence of papers, symbols, flowcharts, checklists for disclosure and crossreferencing.
8.7.7 Benefits of using standardised working papers. 1. Improve the efficiency in preparation and review of audit work. 2. Help to instruct audit staff and facilitate the delegation of work. 3. Provide a mean to control the quality of auditing. 8.7.8 Benefits of using electronic automated working papers. 1. The risk of human errors may be reduced. 2. The working paper will be neater and easier to review. 3. Any adjustment can be made easily to all the working papers since change of one figure will automatically be adjusted in other figure. 4. Hard copy of standard forms does not have to be carried to clients premise. 5. Electronic working papers can be transmitted from client office to audit partner in the audit firm for review via Internet.
8.7. 9 Audit files can be separated into 2 types:- (1) permanent audit file (PAF) & (2) current audit file (CAF). 8.7.10 Permanent audit files (PAF) are used to:1. document information which is of recurring value regarding items appearing in the financial statements such as equity, number of issued shares etc. 2. document information of a permanent nature regarding the clients business. 3. give audit staff who are new to the audit information regarding the clients affairs and the nature of audit. 8.7.11 Information stored in the Permanent Audit File (PAF) includes: Statutory regulations governing the company. Memorandum and Articles of Association. Letter of auditor engagement. Trade licences, agreements, debenture deeds, guarantees, and etc. Address of the registered office. Organisation chart and responsibility of key personnel. Organisations background information on history, principal activities, share capital, types of businesses, subsidiaries. Accounting policies used. A list of the directors, companys bankers, solicitors, insurance companies, and etc. 8.7.12 Current audit files (CAF) are audit files contain information relating primarily to the audit of a single (current) period. The objectives of the current audit file are to: Provide a record of the work planned. Detail the work performed including audit procedures performed, information obtained and conclusion reached. Enable the audit partner to review the audit. 8.7.13 Current Audit File (CAF) contains the following information:
Page 116
A copy of the accounts being audited. An index to the file. Information related to the understanding of internal control and assessment of risk including ICQ & ICEQ. An audit program performed including audit work carried out, results of the test, conclusion drawn from them. A schedule for each item in the Statement of Financial Position such as non-current assets schedule, current assets schedule, liability schedules and equity schedule. A checklist for compliance with statutory disclosure. Working trial balance that links the amount in the financial statements to the audit working papers. Account analysis that analyse the activity of a particular account for the period such as legal fees. Account listing of items in an account such as a trade payable listing.
Page 117
CHAPTER 9 AUDIT ON CASH AND BANK ________________________________________________________________ Learning Outcomes When you have completed this lesson you will be able to: Understand internal control on cash & bank system Explain the audit of cash and bank balances. Reference Text: Audit & Assurance Services in Malaysia- Chapter 16
Page 118
9.1 Cash 9.1.1 Cash is reported in the financial statements under Cash and Bank Balance or Cash and cash equivalents. Cash includes certificates of deposit, current accounts and fixed deposits. 9.1.2 Cash and bank balances usually have high inherent risk and therefore are normally a critical audit area due to the following reasons: It is highly liquid and therefore susceptible to fraud. Most of the business transactions go through cash and bank Because of its residual nature, cash does not have a predictable relationship with other financial statement accounts. As a result, analytical procedures could not be used in the audit of cash and its equivalent. 9.2 Types of bank accounts 9.2.1 Cash management is an important function in all organisations because proper management of cash allows company to earn interest on excess of cash and reduce the cost of borrowing. To maximise the cash position, an entity implements procedures for fast collection of cash receipts and delaying the payment of cash disbursement. 9.2.2 The following types of bank accounts are used by an entity to aid in controlling cash: General cash accounts Imprest cash accounts Branch accounts 9.2.3 General cash account The general cash account is the principal cash account for most entities. The major source of cash receipts for this account is revenue cycle. The major sources of cash disbursements are purchasing cycle and payroll cycle. For many small entities, this general cash account is the only cash account maintained in the book.
Page 119
9.2.4 Imprest cash account An imprest bank account contains a stipulated amount of money and the account is used for limited purposes such as distribution of payroll and petty cash. For example, before the disbursement of wages and salaries, a cash transfer is made from general cash account to the payroll account for the amount of the net payroll. Then, wages and salaries are drawn from this account. Use of imprest account such a payroll account can minimise the time required to reconcile the general cash account.
Cash Transfer
General cash account
Imprest account (e.g. payroll account)
Salary
9.2.5 Branch account Companies that operate branches in multiple locations may maintain separate account at local banks. This allows each branch to pay local expenses and to maintain a banking relationship in the local community. For proper control, the branch should be required to submit periodic cash reports to head office and the entitys management should carefully monitor the cash balances in the branch accounts.
Page 120
HEAD OFFICE
BRANCH ACCOUNT
BRANCH 1
BRANCH 2
BRANCH 3
9.3 Risk areas, internal control objectives, internal control procedures and test of control.
1. Risk Areas Internal control objectives are to address the risk areas
2. Internal Control Objectives
Internal control procedures are to achieve the internal control objectives
3. Internal control procedure
Tests of control are to ensure the internal control procedures are effective
4. Test of Control
Page 121
9.4 Cash Receipts Transactions Internal control objectives Cash receipts Validity recorded but not received or deposit Risk area Internal control procedures -Segregation of duties between cash receipts and recording. -Perform monthly bank reconciliation to tally the receipts and recording. Cash receipts Completeness being stolen or lost before recording Tests of control
-Observe and evaluate the process of segregation of duty.
-Review monthly bank reconciliation to ensure no unexplained item exists. -Reconcile daily -Testing of the cash receipts with reconciliation of posting to accounts daily cash receipts receivable with posting to subsidiary ledger. accounts receivable ledger to ensure it is completely recorded. -Prepare and send the customer / receivable statements periodically basis. -Inquiry of client personnel about handling of monthly statements and examination of resolution of -Any customer complaints. complain should be handled by an independent party
Cash receipts are Timeliness recorded in the wrong period
Control procedures must be in placed to ensure cash receipts should be deposited on daily basis.
Examine the cash receipts and agree to the bank deposit slips.
Cash discounts Authorisation are not properly taken into

Procedures should Select a sample of be in place to cash receipts authorize cash transaction and
Page 122
Risk area
Internal control objectives
Internal control procedures discount.
Tests of control
account
examine the approval of discount given.
Cash receipts Valuation recorded at the wrong amount
Reconcile the daily Review and testing of remittance report to reconciliation. control listing of remittance advice. Prepare monthly bank reconciliation and having independent review.
Cash receipts Classification recorded in the wrong account
Prepare a chart of Tracing of cash accounts to avoid receipts from listing confusion. to cash receipts journal for proper classification. Review of cash receipts journal for unusual items.
Cash receipts Posting and posted to the summarisation wrong customers account. Cash receipts are not properly posted to general ledger accounts
Reconcile daily remittance report with postings to cash receipts journal and accounts receivable ledger. Review the monthly customer statements and complaints.
Review and testing of reconciliation; its IT application, testing of programmed controls of posting.
Review and testing of client procedure for mailing statements and handling complaints from customers.
Page 123
9.5 Cash Disbursement Transactions Risk Areas Internal control objectives Validity Internal control procedures Test of controls
Cash disbursement recorded but not made.
-Proper segregation -Observe and of duty evaluate proper segregation of duties. -Supplier statements independently reviewed and reconciled to accounts payable records. -Review clients procedures for reconciliation vendor statements.
-Prepare and review -Review monthly monthly bank bank reconciliations reconciliations. for indication of independent review. Cash Completeness disbursement made but not recorded. -Proper segregation -Observe and of duty. evaluate proper segregation of duties. -Accounting for the -Review and test numerical sequence clients procedures of cheques. for numerical sequence of cheques; if IT application, test programmed controls. -Reconcile daily -Review procedures cash disbursements for reconciliation of to account payables. daily cash disbursement to account payable. Cash Timeliness disbursement recorded in wrong period.
-Reconcile daily Review daily cheques issued with reconciliation. posting to the cash disbursements
Page 124
Risk Areas
Internal control procedures
Test of controls
Cash disbursement not authorised.
Authorisation
journal and accounts payable subsidiary records -Proper segregation -Evaluate the process of duties. of segregation of duty. -Cheques prepared only after all source documents have been independently approved. -Reconcile the daily cash disbursement to cheques issued. -Examine indication approval vouchers. the of on
Cash Valuation disbursement recorded in incorrect amount.
-Review all the reconciliations including cash reconciliation, -Reconcile supplier supplier statement statements to reconciliation and account payable bank reconciliation. records and independently reviewed. -Reconcile monthly bank statements and independently reviewed.
Cash Classification disbursement charged to wrong account.
-Prepare a chart of -Review cash accounts. disbursement journal for reasonableness of account distribution. -Having independent approval and review of general ledger account on vouchers. -Review general ledger account code on voucher for reasonableness.
Page 125
Risk Areas
Internal control procedures
Test of controls
Cash Posting & disbursement Summarization posted to the wrong supplier account. Cash disbursements journal not summarized properly or not properly posted to GL accounts
-Reconcile the -Review supplier statements reconciliation. to account payable and independently reviewed.
the
-Review posting -Agree the monthly from cash cash disbursements disbursements journal to general journal to the general ledger posting. ledger.
-Reconcile account -Review payable to general reconciliation. ledger control account 9.6Substantive procedures for cash transactions Audit Objectives Cash Receipts Validity Trace a sample of entries in the cash receipts journals to remittance advices, receipts, daily deposit slips and bank statement to ensure all the cash receipts are accounted for.
the
Cash Disbursement Trace a sample of entries from the cash disbursement journal to voucher and bank statement. Examine a sample of payment vouchers for authorised signature and proper approval to ensure all the disbursements are valid. Trace a sample of payment vouchers to the cash disbursement journal to ensure the payments are completely recorded.
Completeness
Trace a sample of remittance advices to cash receipts journal and deposit slips to ensure they are completely recorded. Compare the dates
Cut off
for Compare the dates for a

Page 126
Audit Objectives Cash Receipts recording a sample of cash receipt transactions in the cash receipt journal with the dates the cash was deposited in the bank to ensure they are recorded in the right accounting period. Accuracy Calculate cash receipts journal and agree posting to the general ledger to ensure the accuracy of cash receipts.
Cash Disbursement sample of cheque payments from disbursement journal with the dates the cheques cleared in the bank statement to ensure they are recorded in the right accounting period. Calculate cash disbursements journal and agree posting to the general ledger to ensure the accuracy of disbursement. Compare a sample of cheque payments & payment voucher with amounts in the cash disbursements journal to ensure the amount is tally.
Valuation
Compare a sample of remittance advices with amount in cash receipts journal to ensure the amount is tally.
Classification
Examine a sample of Examine a sample of remittance advice for proper payment vouchers for proper account classification. account classification.
9.7 Substantive procedures for cash/bank balances Audit objectives Completeness, validity & accuracy Audit procedures 1. Obtain the cash and bank schedule from client and ensure the opening balance is agree to the financial statements and also ensure the closing balances are agree to the trial balance. 1. Perform analytical procedures and test reasonableness of closing balances.
Completeness, validity & accuracy Cut-off, Completeness, validity & accuracy
1. Obtain bank reconciliation prepared by client. 2. Ensure balances agree to the lead schedule. 3. Select long outstanding unpresented cheques and uncredited deposit.
Page 127
Audit objectives
Audit procedures 4. For unpresented cheques, trace to the following month bank statement and ensure they are cleared at the year end. 5. For uncredited deposit, select deposit from bank reconciliation and ensure it appear in bank statement prior to year end. 1. Obtain direct confirmation from bank on the bank account balance as well as name of account number, balances of account, bank loan, any credit facilities and charges of assets. 1. Discuss with management on the reason for opening new account and closure of account. 2. Discuss with management on the new facilities or credit applied for the bank account. 1. Scrutinise the cash book and bank statement before and after Statement of Financial Position date for exceptional entries and transfers which have material effect on the balance. 1. Review BOD minutes and loan agreement. 2. Identify whether any account i secured on assets of the company. 3. Determine whether the bank accounts are subject to any restrictions. 4. Consider legal right of set off of overdraft against positive bank balance. 1. Investigate any unusual or large payments to related parties. 2. Evaluate financial statement presentation.
Completeness, validity & accuracy
Completeness, validity & accuracy
Cut-off
Ownership
Presentation and disclosure
Page 128
9.8 Auditing the cash account 9.8.1 To audit a cash account, the auditor should obtain the following documents: A copy of the bank reconciliation. A standard letter request information from the bank (also known as bank confirmation letter) Bank statements. 9.8.2 Bank reconciliation working paper. Auditor will normally obtain a copy of the bank reconciliation prepared by the client. The working paper reconciles the balance per the bank with the balance as per the book. The major reconciliation items are deposit in transit, outstanding cheques and other adjustment such as bank charges and interest. 9.8.3 Bank confirmation letter. The auditor will send a letter to all the banks that the client is dealing with. The bank confirmation is a reliable third party confirmation. The objective of getting bank confirmation is to ascertain the existence and amount of balance / liabilities; the existence, ownership and proper custody of assets. 9.8.4 The procedures of getting bank confirmation are as follows: a) Auditor must obtain an authorization letter from the client to permit their banks to release / disclose information concerning audit to the auditor. b) The request should be sent to the banks branch manager stating both the clients year end date. c) The auditor must follow up the bank response and review all the information released by the bank. 9.8.5 Tests of the bank reconciliation that prepared by client. The auditor uses the following audit procedures to test the bank reconciliation: 1. Test the mathematical accuracy of the bank reconciliation working paper and agree the balance per the book to the general ledger. 2. Agree the bank balance on the bank reconciliation with the balance shown on the bank confirmation. The balance should correspond to the balance per bank statement at the end of the period.
Page 129
3. Trace the deposits in transit on the bank reconciliation to subsequent bank statements. Any deposit in transit shown on the bank reconciliation should be listed as a deposit shortly after the end of the period. 4. Compare the outstanding cheques on the bank reconciliation working paper with the cheques cleared contained in the subsequent bank statement for cheque number, date and amount. The auditor should ensure that no cheques dated prior to the financial year end are included with the subsequent bank statements that are not included as outstanding cheques on the bank reconciliation. 5. Agree any charge included on the bank statement to the bank reconciliation. These bank charges may result in an adjustment to the clients book. 6. Agree the adjusted book balance to the cash account lead schedule. The adjusted book balance would be part of the amount included in the financial statements for cash. 9.8.6 Fraud related audit procedures for cash In the event that auditor suspects that some form of fraud involving cash has occurred, the auditor should extend the normal audit procedures for cash transactions and balances. Three audit procedures can be used to detect fraudulent activities in the cash account are: Extended bank reconciliation procedures. Auditor will extend the coverage period to investigate the outstanding cheques and have a detailed examination of the outstanding items. Proof of cash. Reconcile the receipts and payments in the cash book with bank statement for a specific period to ensure all the transactions in the cash book and bank statement agreed and no transactions have been omitted from the book Tests of kiting. When cash has been stolen by an employee, it is possible to cover the cash shortage by following a practice known as kiting. This involves an employee covering the cash shortage by transferring money from one bank account to another and recording the transactions improperly in the entitys book. Test of kiting involves the preparation of an inter bank transfer schedule to ensure proper cut off for the cash transactions.
Page 130
9.8.7 Auditing a petty cash fund Control procedures for petty cash 1. A petty cash fund should be maintained on an imprest basis by an independent petty cash cashier. 2. Pre-numbered petty cash vouchers should be used for withdrawal of cash from the fund and a limit should be placed on the size of reimbursements made from petty cash. 3. Accounts payable clerk should review the vouchers of payment before replenishing the petty cash fund. 4. Surprise cash count should be conducted by an independent officer. Audit tests for petty cash 1. The auditor should gain understanding of the clients control procedures over petty cash to assess the adequacy which in turn determine the nature and extent of the auditor work. 2. The auditor should focus on both the transactions processed through the fund during the period and the balance in the fund. 3. The auditor selects a sample of petty cash reimbursements and examines the particulars of payments. 4. The auditor should test count the physical cash to ensure it is tally to the petty cash book balance.
Page 131
CHAPTER 10 AUDIT ON PROPERTY, PLANT AND EQUIPMENT ________________________________________________________________ Lesson Learning Outcomes When you have completed this lesson you will be able to: Develop an understanding of the management process for property, plant and equipment. Understand the internal control on property, plant and equipment Audit of Property, Plant & Equipment. Reference Text: Audit & Assurance Services in Malaysia- Chapter 14
Page 132
10.1 Auditing property, plant and equipment (PPE) 10.1.1 For most business entities, property, plant and equipment often represent a material portion of the total assets and hence they are significant in the financial statements.
10.1.2 If the client is a small entity with a few asset acquisitions during the period, it is more cost effective for the auditor to follow a substantive strategy. Following this strategy, the auditor conducts substantive analytical procedures and substantive test of the account balances.
10.1.3 For large entities are likely to have formal capital budgeting procedures for authorisation and purchasing non-current assets. While routine purchase might be processed through the purchase cycle, acquisition or construction of specialized property, plant and equipment may be subject to different requisition and authorization procedures. When the entity has a formal control system over non-current assets, the auditor may follow a reliance strategy and test the internal control. 10.2 Types of transactions 10.2.1 Four types of PPE transactions may occur: Acquisition of non-current assets for cash or other non-monetary considerations. Disposal of non-current assets through sale, exchange, retirement or abandonment. Depreciation of non-current assets over their useful economic life. Leasing of non-current assets. 10.3 Inherent risk assessment of PPE 10.3.1 The assessment of inherent risk for the purchasing cycle provides a starting point for assessing inherent risk for PPE. The reasons for auditor focus on PPE due to the following three inherent risk factors:
Page 133
Complex accounting issues. FRS 116 sets the standards for the accounting treatment of PPE. Some of the PPE transactions can give rise to complex accounting issues, for example, lease accounting, self constructed assets and capitalisation of interest. Difficult to audit transactions. When assets are purchased directly from suppliers, initial measurement of costs can be verified by examining the invoice and purchase contracts. However, the transactions involving donated assets, non monetary exchanges and self constructed assets are more difficult to audit. Misstatements detected in prior audits. If the auditor has detected misstatements in prior audits, the assessment of inherent risk should be set higher than if few or no misstatements have been found in the past. 10.3.2 Due to the complexity of PPE transactions as mentioned above, a non current asset register will be maintained. The advantages of maintaining non-current asset register are Complete information for each PPE such as description, location and serial number, date of purchase, installation cost, depreciation method, residual value and estimated useful economic life are completely recorded. Any addition or disposal of PPE could be easily identified and managed. It facilitates the calculation of depreciation or amortization. 10.4 Control risk assessment- PPE 10.4.1 The following are the major 4 internal control objectives, control procedures and test of control for PPE. Control Objectives 1.Occurrence Control procedures Test of Control
1. The purchase of PPE Analytical review must pass through a 1. General review specific capital between current and budgeting process prior year figures to which should require
Page 134
Control Objectives
Control procedures higher approval authority. 2. Review of suppliers invoices to satisfy the 2. assertion of occurrence.
Test of Control ascertain any unexplained differences Review of sensitive codes in the general ledger such as repairs or maintenance
2.Authorisation Purchase requisitions are initiated in relevant departments and authorized at the appropriate level within the entity.
1. Internal control procedures should be in 1. Discuss the level of place to ensure that the capital purchases in authorisation to the year with the purchase PPE is purchasing manager consistent with the authorization. 2. Review the board 2. Control procedures minutes for authorisation of must be in place for authorising the sale or capital purchases disposal of non- current assets. 3. All major maintenance or improvement transactions should be properly authorised by an appropriate level of management.
3.Completeness The detailed PPE ledger should includes complete information for each PPE such as description, location and serial number, date of purchase,
1. Perform monthly 1. Review of the reconciliation of the movements on the PPE subsidiary ledger non-current asset to general ledger codes control account. 2. Compare budgeted capital purchases with 2. Periodically compare actual capital the details recorded in PPE subsidiary ledger purchases with the existence of physical assets. Obtain
Page 135
Control Objectives installation cost, depreciation method, residual value and estimated useful economic life.
Control procedures or prepare a summary of tangible non-current assets showing how gross book value, accumulated depreciation, and net book value reconcile with the opening position. 3. Compare non-current assets in the general ledger with the noncurrent assets register and obtain explanations for differences. 4. Check whether assets which physically exist are recorded in noncurrent asset register. 5. If a non-current asset register is not kept, obtain a schedule showing the original costs and present depreciated value of major non-current assets. 6. Reconcile the schedule of non-current assets with the general ledger.
Test of Control
Page 136
4. Segregation of duty. The existence of adequate segregation of duties for PPE within an entity depends on the volume and significance of the transaction processed. The table below shows the key segregation of duties for PPE transactions and possible errors/fraud resulting from conflict of duties. Possible Errors/Fraud Resulting from Conflict of Duties The initiation function should be If one individual is responsible for segregated from final approval initiating a PPE transaction and also has function to avoid unauthorised or authority to approve the transaction, it is unnecessary purchase likely unauthorised purchases of assets can occur. This can result in purchase of unnecessary assets that do not meet the companys quality control standards; or illegal payments to supplier or contractors. The PPE records function should If an individual is responsible for the PPE be segregated from the general records and also for the general ledger ledger function. functions, that individual can conceal any defalcation that would normally be detected by reconciling subsidiary records with the GL control account. The PPE records function should If an individual is responsible for the PPE be segregated from the custodial records and also has custodial function. responsibility for the related assets, tools and equipment can be stolen and the theft can be concealed by adjustment of the accounting records. If a periodic physical inventory of PPE is taken, the individual responsible for the inventory should be independent of the custodial and record keeping functions. If an individual who is responsible for the periodic physical inventory of PPE is also responsible for the custodial and record keeping functions, theft of the entitys physical assets can be concealed. Segregation of duties
Page 137
10.5 Substantive procedures for PPE 10.5.1 Analytical procedures Compare prior year balances in PPE and depreciation charges with current year balances after consideration of any changes in conditions or asset composition. Example Property, plant & equipment (o/s) Depreciation charged 20x9 compared to 20x8 xxx yyy xxx yyy
Compute the ratio of depreciation charges to the related PPE account and comparison to prior years ratios. Example Depreciation / PPE 20x9 compared to 20x8 x ratio y ratio
Compute the ratio of repairs and maintenance expense to the related PPE account and comparison to prior years ratios. Example 20x9 compared to 20x8 Repair & maintenance expense/PPE x ratio ratio
Compute the ratio of insurance expense to the related PPE account and comparison to prior years ratio. Example Insurance expense/PPE 20x9 compared to 20x8 x ratio y ratio
Review capital budgets and comparison of the amounts spent with amounts budgeted. Example: Compare actual expense on PPE to budgeted amount.
10.5.2 Substantive procedures for testing transaction- PPE Assertions about classes of transactions (Objective of procedure) Occurrence Substantive procedures
1. Vouch significant additions and disposals to vendor invoices or other supporting documents. 2. Review lease agreements to ensure that lease transactions are accounted for properly. 1. Trace a sample of purchase requisitions to loading dock reports and to the PPE records i.e. transaction and master file. 2. Vouch a sample of PPE additions to documentation indicating proper authorisation.
Completeness
Accuracy
1. For assets written off, test amounts charged against income and accumulated depreciation. 1. Examine the purchases /sales of capital assets for a few days before and after year end. 2. Inquiry of client personnel and a review of lease transactions for the same period can provide evidence on proper cut off for leases. 1. Vouch transactions included in repairs and maintenance for items that should be recognised as PPE. 2. Review lease transactions for proper classification between operating and finance leases.
Cut-off
Classification
Page 139
10.5.3 Substantive procedures for testing account balances- PPE Assertions about account balances (Objective of procedures) Existence Substantive procedures
1. Verify the existence of major additions by physically examining the property, plant & equipment. 2. Confirm that the company physically inspects all items in the non-current asset register each year 3. Inspect assets, concentrating on high value items and additions in year. Confirm items inspected exist, are in use, are in good condition and have correct serial numbers 4. Review records of income yielding assets 5. Reconcile opening and closing vehicles by numbers as well as amounts 1. Examine or confirm deeds or title documents for proof of ownership. 1. Obtain a lead schedule of property, plant & equipment and agree the total to the general ledger. 2. Obtain detailed schedules for additions and disposals of PPE and agree the amount to total shown on lead schedule. 3. Physically examine a sample of capital assets and trace them into the PPE subsidiary ledger. 1. Evaluate fixed assets for significant write off by performing the following procedures: Identify the event or change in circumstance indicating that the carrying value of the asset may not be recovered. Verify written off loss by determining the sum of expected future cash flows and comparing that sum to the carrying value. Examine entitys document supporting such as directors minutes on the written off.
Page 140
Rights and obligations
Completeness
Valuation & allocation
10.5.4 Audit procedures in respect of additions, disposal and self constructed assets-PPE. Additions of assets (Assertions are to confirm rights and obligation, valuation and completeness) 1. Audit procedures Verify additions by inspection of architects certificates, solicitors completion statements, suppliers invoice etc. Check capitalisation of expenditure is correct by considering for non-current assets additions and items in relevant expense categories. For example, capital or revenue must be distinctively differentiated. Capitalisation must be consistently applied. Check purchases have been properly allocated to correct non-current asset accounts. Check purchases have been authorised by directors/senior management. Check additions have recorded in PPE subsidiary ledger and general ledger. Agree the addition of PPE to the suppliers invoices or purchase agreement to ensure the accuracy and validity of transaction.
2.
3. 4. 5. 6.
Self-constructed assets
1. Verify material and labour costs and overheads to invoices, wage records etc. 2. Ensure expenditure has been analysed correctly and properly charged to capital. 3. Check no profit element has included in costs. 1. Verify disposals with supporting documentation, checking transfer of title, sales price and dates of completion and payment. 2. Check calculation of profit or loss. 3. Check that disposals have been authorized. 4. Consider whether proceeds are reasonable. 5. If the property was used as security, ensure release from security has been correctly made. 6. For significant disposals, consider impact upon other areas of business and whether disposal should be disclosed.
Disposals Assertions are to confirm rights and obligations, valuation and completeness)
Page 141
10.5.5 Evaluating the audit finding- PPE. If the aggregate likely misstatement is less than the tolerable misstatement, the evidence indicates that the PPE accounts are not materially misstated. If the likely misstatement were greater than tolerable misstatement, the auditor would either require adjustment to the accounts or issue a qualified auditors report.
Page 142
CHAPTER 11 COMPUTER IN AUDITING ________________________________________________________________ Lesson Learning Outcomes When you have completed this lesson you will be able to: Understand the effect of IT on elements of control environment and control procedures Understand the meaning and importance of general controls in an IT environment. Learn the audit process in an IT environment. Understand the concept of CAAT. Reference Text: Auditing and Assurance in Malaysia- Chapter 7
Page 143
11.1 The effect of information technology on internal control components 11.1.1 The usage of IT can affect any 5 components of internal control. The information system in an IT environment includes computer hardware, software, automated controls and procedures, and data in electronic format. 11.1.2 There are potential benefits to an entitys internal control arising from using the IT. The potential benefits of IT on internal control include: Consistent application of predefined business rules and performance of complex calculations in processing large volume of transactions or data. Enhancement of the timeliness, availability and accuracy of information. Facilitation of additional analysis of information. Enhancement of the ability to monitor the performance of the entitys activities and its policies and procedures. Reduction in the risk that controls will be circumvented. Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases and operating system. 11.1.3 The potential risks of usage of IT to internal control include: Reliance on systems or programmes that inaccurately process data, process the wrong data or both. Unauthorised access to data that may result in destruction of data or improper changes to data, including the recording of unauthorised or nonexistent transactions or inaccurate recording of transactions. Unauthorized changes to data in master files. Unauthorized changes to systems or programmes by unauthorized person. Failure to make necessary changes to systems or programmes when control environment has changed. Inappropriate manual intervention / override by management. Potential loss of data if non protection (or firewall) is in place on the database. 11.1.4 The effects of IT on an organisations internal controls are: IT affects all the factors that affect the control environment. IT affects the business risks that influence the achievement of entity objectives.
It affects the control procedures that ensure managements directives are carried out. IT affects the information and communication requirement It affects the monitoring activities.
11.1.5 The control environment factors and control procedures affected by IT are: 11.1.5.1 Control environment factors Assignment of authority and responsibility. A clear line of authority and responsibility is important so that the entity is able to achieve its objectives. Human resource policies and practices. It is important to have personnel who possess the skills and expertise needed to oversee and operate the information system. 11.1.5.2 Control procedures Information processing. Two areas in which control procedures can be affected by the use of IT in processing are (1) authorisation of transactions; and (2) the keeping of adequate documents and records. Proper segregation of duties. In an IT environment, the programmes within the system may assume the responsibilities of all the functions relating to the initiation, authorisation and recording of transactions as well as the custody of assets. Physical controls. Physical control over the computer terminals and access the database must be protected against unauthorised access and stealing the private information. Entity should have a disaster recovery plan including backup copies of programme and storage of database in different locations.
Page 145
11.2 Types of controls in an IT environment There are 2 broad categories of information systems control procedures: (i) General controls; (ii) Application controls. Category 1- General Controls i. General controls are related to the overall information processing environment and have pervasive effect on the entitys computer operations. It relates to the overall environment within which computer base accounting systems are developed, maintained and operated to all the applications. General controls are sometimes referred to as supervisory, management or information technology controls. Objective: General controls are to ensure proper development and implement of applications and the integrity of programme and data files and of computer operations. General controls can be either manual or programmed. [Manual control means control procedures are performed by personnel; programmed control procedures are executed by computer software]. General controls include controls over: (i) Data Centre and Network Operations Controls include controls over computer and network operations, data preparation, work flow control and library function control. It prevents unauthorised access to the network programs, files and systems documentation by computer operators. The operating system log should record all the computing activities. System software acquisition, change and maintenance; systems software are the computer programmes that control the computer functions and the application programmes to run. Any installation, change or modification of software must be controlled.
(ii)
(iii) Access security; Security and access controls are Restricting access to computers to authorised users only such as locked doors, authorized cards.
Password to restrict access to programmes and data files. Logging or trail to record and monitor access to computer files and programmes. Secure storage of backup data in a safe and separate location. (iv) Application system acquisition, development and maintenance. Policies and procedures for planning, acquiring or developing and implementing new systems should be controlled.
Category 2- Application Controls. Application controls apply to the processing of individual accountings, such as sales or payroll and help ensure the completeness and accuracy of transaction processing, authorisation and validity. It applies to the processing of individual accounting applications such as payroll or sales system Objective: Application controls are to ensure the completeness and accuracy of the accounting records and validity of the entries made therein resulting from both manual and programmed processing. Application controls cover the following (i) Data Capture Controls. Data capture controls must ensure that all transactions are recorded in the application system; transactions are recorded only once (it means no double recording) and any rejected transactions are identified, controlled, corrected and re-entered into the system. Therefore data capture controls are concerned the assertions of occurrence, completeness and accuracy. Batch processing procedures should be used to control the data capture. [Batch processing is an input and processing method whereby data are accumulated by classes of transactions and are entered and process in batches.] Data Validation Controls. Data can be validated for its existence and accuracy by the following controls.
(ii)
Page 147
Limit test. A test to ensure that a numerical value does not exceed some predetermined value, such as Not exceeding RM1,000-00. Range test. A check to ensure that the value in a field falls with an allowable range of value; such as Between 1 to 10 units Sequence check. A check to determine if input data are in proper numerical or alphabetical sequence; such as #20001, 20002, 20003....... 20009 Existence test. A test of an account number or account code by comparison to a file or table containing valid account number or code. For example, Account code for receivables D10020, Account code for credit sale A10010 Field test. A check on a field to ensure that it contains either all numerical or alphabetic character. For example, 20 units. Sign test. A check to ensure that the data in a field have the proper arithmetic sign. For example, decimal 21.point 19 Check digit verification. A numeric value computed to provide assurance that the original value was not altered. Processing Controls. These are the controls that ensure a proper processing of transactions. For example, file labels control whereby internal and external file labels should be assigned. Output Controls. Outputs are reports and printed documentation. Only authorized persons would be able to access the reports. Error Controls. Errors can be identified at any point in the system. Once the errors are identified, they should be corrected immediately.
(iii)
(iv) (v)
11.3 The audit process in an IT environment 11.3.1 The auditors understanding of the entitys internal control information system must include the following issues: The extent to which IT is used in each significant accounting application. The complexity of the entitys IT applications and operations.
The organisational structure of the IT processing activities. The availability of data for audit evidence. 11.3.2 Low complexity system. A low complexity system would be composed of a stand-alone PC or a small network of computers. In a low complexity system environment, auditor will concern the manual control elements in the information processing rather than control over computer programme. Two types of audit approach in an IT environment. i. ii. Audit around the computer: it is concerning only the input and output Audit through the computer: it is concerning about the input, output and also the processing routines of the computer.
11.3.3 Advanced system. Advanced systems comprise the mixture of online, real time processing, extensive database system, distributed data processing, electronic data interchange (EDI) and e-commerce. 11.3.4 Depth of understanding of internal control. When the entitys information system becomes more complex with the use of IT, the auditor may need to devote more effort to understanding internal control in order to conduct tests of control and substantive procedures. 11.3.5 The use of IT specialist. In the advanced IT environment where auditor is lack of expertise in the IT knowledge, auditor may seek the assistance from the IT specialist to test the control system and collect the audit evidence. 11.3.6 The use of IT can provide an audit trail for the purpose of auditing. Audit trail is a chain of evidence provided by documentation or other cross referencing that connects account balances and other summary results with original transaction data. 11.4 Computer Assisted Audit Techniques (CAATs) 11.4.1 CAATs are techniques that involve the auditor using the computer in the performance of the audit. They include the use of test data and computer software to test an entitys files and databases. Test data is the auditor created simulated transaction data to be used for testing the control system.
Page 149
11.4.2 CAATs may be used by the auditor to execute substantive procedures or in testing application controls. An auditor would find it necessary to use CAATs in advanced IT systems when the validation and processing controls for routine transaction are embedded in the application programmes. Use of CAATs for substantive procedures may be efficient when the entitys data files are maintained in software format. 11.4.3 In determining whether to use CAATs, the auditor should consider the following factors (or factors influencing the choice between CAATs and manual technique): The IT knowledge, expertise and experience of the auditor in IT. The availability of CAATs The availability of computer facilities and data. The impracticality of manual test. The effectiveness and efficiency of using CAATs. The timing of applying CAATs.
11.4.4 The common audit procedures that can be performed with CAATs include substantive procedures for transactions and balances, analytical procedures and tests of controls. 11.4.5 Advantages of CAATs to the auditor In a computer based system the large volume of transactions is likely to force the auditor to rely upon programmed controls. CAATs are likely to be the only effective way of testing programmed controls. CAATs are able to audit a large volume of items quickly and accurately and therefore increase the assurance. CAATs enable the auditor to test the accounting system and its records in the soft copy rather than relying on testing printouts which can easily amended by client. Once CAATs are set up, it will be cost effective way of obtaining audit evidence.
Page 150
The results of CAATs can be used to compare the traditional clerical audit work to increase the auditor confidence. 11.4.5 Major steps in applying CAATs o o o o Set the objective of the CAATs application; Identify the specific files or database to be examined; Determine the accessibility of the entitys files; Define the specific tests or procedures and related transactions and balances affected; Define output requirements; Identify the personnel who will participate in the application of the CAATs. Ensure the use of CAATs is properly controlled and documented; Reconcile data to be used for the CAAT with the accounting records; Evaluate the results after execution of the CAAT application.
o o o o o o
Page 151

ABFA 3114 Principle of Audit

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

ABFA 3114 Principle of Audit

Transféré par

Droits d'auteur :

Formats disponibles

School of Business Studies

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

SCHOOL OF BUSINESS STUDIES

Topic Introduction to Auditing

Reference AAS-Chapter 1 & 2

ABFA3114 Principles of Auditing

Component Course 40% work

Final Exam 60%

ABFA3114 Principles of Auditing

Reference text: Auditing and Assurance Services in Malaysia- Chapter 1 & 2

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

Principal provides capital and hires agent to manage it.

Conflicts of interest lead to information risk for the principal

Auditor reports the financial position to the principal

Auditor is appointed by principal to review the performance of agents

Agent is accountable to principals. Agent need to manage the company as entrusted.

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

CHAPTER 2 REGULATORY FRAMEWORK AND PROFESSIONAL ETHICS ________________________________________________________________ Learning Outcomes

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

2 Notice of resignation 3 Statement circumstances

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

Reference text: Auditing & Assurance Services in Malaysia- Chapter 18

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

Audit report element/feature

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

3.1.10 Audit Reporting

Qualified Except For

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

Reference Text: Audit & Assurance Services in Malaysia- Chapter 6

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

4.3 5 Components of an internal control system.

1.Control Environment Components of Internal Control 2.Control Procedures

4.Information & Communication

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

ABFA3114 Principles of Auditing

Walk through test

ABFA3114 Principles of Auditing

Procedures Records and reports exist.