Académique Documents
Professionnel Documents
Culture Documents
An audit plan specifies on how you intend to conduct a particular audit. It describes the
activities you intend to carry out in order to achieve your audit objectives.
The objective of the auditor is to plan the audit so that the audit is conducted effectively.
Audit planning
It helps the auditor obtain sufficient appropriate evidence for the circumstances
Helps keep audit costs at a reasonable level
It helps the auditor obtain sufficient appropriate evidence for the circumstances
It helps to keep audit costs at a reasonable level.
It helps to avoid misunderstandings with the client.
It helps to ensure that potential problems are promptly identified
It helps to know the scope of audit program by an Auditor.
Understating the client
Consider the background of the clients business, and attempt to ascertain any problem for that
sector of industry or commerce, which may affect the audit work. This is more important in
case of a new client and is done during the initial visit.
Consider an outline of the plan of the audit including the extent to which he may wish to rely
upon internal controls and extent to which work can be allocated to interim of final audit
stages where appropriate.
Review matters raised in the audit of the previous years, by examining the audit files and
discussing points with staff previously involved in the audit to ascertain those facts which
may have relevance to the current year.
Assess the effect of any changes in legislation or accounting practice on the financial
statements of the client.
Review any management or interim accounts the client may have prepared as these may
indicate areas of concern in his audit.
Meet the senior management of the client to identify problem areas e.g. variances between
structure etc.
Discuss the management the extent to which the clients employees will assist in the audit
work.
The auditor will need to determine the number of audit staff required, their experience and
special skills they need to possess and the timing of their audit visits.
The auditor should establish an overall audit strategy that sets the scope, timing, and direction
of the audit and guides the development of the audit plan.
In establishing the overall audit strategy, the auditor should take into account:
a. The reporting objectives of the engagement and the nature of the communications
required by standards.
b. The factors that are significant in directing the activities of the engagement team.
c. The results of preliminary engagement activities and the auditor's evaluation of the
important matters in accordance with paragraph 7 of this standard, and The nature,
timing, and extent of resources necessary to perform the engagement
Risk-based auditing
Auditors are required by ISA 315, Understanding the Entity and its Environment and
Assessing the Risks of Material Misstatement, or its local equivalents to assess and develop
responses to risks.
Use that understanding to identify the business risks facing their clients.
Assess the risks of material misstatement arising from the business risks.
Design suitable responses to the risks of material misstatement, ie decide what audit
work to do.
Business risks are risks that could affect an entity's ability to achieve its objectives and
execute its strategies.
Since the objective of the vast majority of businesses is to maximize profits, business risks
are essentially risks which if, if left unmanaged, could reduce the company's profits and
eventually could mean that the company is not a going concern.
In the current economic circumstances it seems clear that, for many companies, there are
more business risks and therefore increased risks of going concern problems which must be
addressed by auditors.
There may be specific numbers in the financial statements which may be misstated as
a result of a business risk. For example, poor economic conditions in an industry
could increase the risk that customers will not be able to pay their debts. This means
that for the supplier there is a risk that receivables are overstated.
There may be many numbers that could be affected. For example, the management of
a listed company facing scrutiny of its profits may be tempted to manage its earnings
by the use of creative accounting techniques.
A thorough risk analysis is obviously a crucial part of the audit process in the current
economic circumstances, focusing parti
Audit Risk is the risk that an auditor expresses an inappropriate opinion on the financial
statements.
Audit risk may be considered as the product of the various risks which may be encountered in
the performance of the audit. In order to keep the overall audit risk of engagements below
acceptable limit, the auditor must assess the level of risk pertaining to each component of
audit risk.
Inherent Risk Inherent risk is generally considered to be higher where a high degree of
judgment and estimation is involved or where transactions of the entity are highly complex.
Or is the risk of a material misstatement in the financial statements arising due to error or
omission as a result of factors other than the failure of controls (factors that may cause a
misstatement due to absence or lapse of controls are considered separately in the assessment
of control risk).
Control Risk. is the risk of a material misstatement in the financial statements arising due to
absence or failure in the operation of relevant controls of the entity.
Organizations must have adequate internal controls in place to prevent and detect instances of
fraud and error. Control risk is considered to be high where the audit entity does not have
adequate internal controls to prevent and detect instances of fraud and error in the financial
statements.
Detection Risk .is the risk that the auditors fail to detect a material misstatement in the
financial statements.An auditor must apply audit procedures to detect material misstatements
in the financial statements whether due to fraud or error. Misapplication or omission of
critical audit procedures may result in a material misstatement remaining undetected by the
auditor. Some detection risk is always present due to the inherent limitations of the audit such
as the use of sampling for the selection of transactions.
Detection risk can be reduced by auditors by increasing the number of sampled transactions
for detailed testing.
When performing an audit, you use risk assessment procedures to assess the risk that material
misstatement exists. This step is very important because the whole point of a financial
statement audit is finding out if the financial statements are materially correct..
Interviewing employees,
There may be specific numbers in the financial statements which may be misstated as
a result of a business risk. For example, poor economic conditions in an industry
could increase the risk that customers will not be able to pay their debts. This means
that for the supplier there is a risk that receivables are overstated.
There may be many numbers that could be affected. For example, the management of
a listed company facing scrutiny of its profits may be tempted to manage its earnings
by the use of creative accounting techniques.
A thorough risk analysis is obviously a crucial part of the audit process in the current
economic circumstances, focusing parti
After you run through all applicable risk-assessment procedures, you use the results to figure
out how high the chance is that your client has material financial-statement mistakes. Not
every mistake is important.
Recognizing the nature of the company: Here are some crucial questions to ask the client
during your risk assessment procedures:
Whats the companys market overview? For example, if the client is a bank, in
how many states does it operate?
Who (if anyone) regulates the client? Many businesses dont have an outside
regulatory agency, but any publicly traded company is required to file its financial
statements with the Securities and Exchange Commission (SEC).
Whats the companys business strategy? Most business strategies are to maximize
shareholder value by increasing profitability and serving the community in which
theyre located. The answer may lead you to more probing follow-up questions.
If key personnel such as the president, chief financial officer, and chief executive officer have
been with the company for many years, thats usually an indication of quality management.
Another good sign is if prior audits have required few, if any, accounting adjustments and
there have been no financial statement restatements. Heres why:
Asking employees for information: When asking for information, you should talk to many
different employees in the organization besides management. To get a well-rounded idea of
the business, talk with individuals holding different levels of authority, from low-level clerks
all the way up to the board of directors.
You need to look at problems that can prevent a company from reaching its desired
objectives. Each of your clients functioning departments has different objectives and risks,
and understanding them can help you identify potential sources of inadvertent errors or fraud
that may affect the financial statements. Here are two real-life examples to consider:
Analyzing processes and paperwork: Put simply, analytical procedures test to see if
relationships exist in both financial and nonfinancial data.
Here are three common analytical procedures you do while assessing audit risk:
Trend analysis: You compare current financial figures to the same figures in the prior
year.
Ratio analysis: Some common ratios are the current ratio, and inventory turnover.
Reasonableness: Does what youre seeing make sense based on other facts? For
example, does the depreciation expense appear accurate when you consider the book
value of all fixed assets on the balance sheet?
Observing the client at work: One common type of observation is to watch the staff take a
count of physical inventory. Visiting the companys business locations is another. Doing so
gives you the opportunity to view the companys operations beyond whats in the books and
records and to find out about the companys internal controls.
Audit risk model is used by the auditors to manage the overall risk of an audit
engagement.
Auditors proceed by examining the inherent and control risks pertaining to an audit
engagement while gaining an understanding of the entity and its environment.
Detection risk forms the residual risk after taking into consideration the inherent and
control risks pertaining to the audit engagement and the overall audit risk that the auditor
is willing to accept.
retaining customers,
Risks are stumbling blocks along the path to achieving those objectives.
A control is any action taken by management, the board, and other parties to manage risk
and increase the likelihood that established objectives and goals will be achieved.
Management plans, organizes, and directs the performance of sufficient actions to provide
reasonable assurance that objectives and goals will be achieved.
Materiality and risk underlie the application of all generally accepted auditing standards,
Must consider materiality and risk in:
1. Planning
2. Evaluation of F/S
7. May ultimately differ from materiality levels used in evaluating audit findings
AUDIT PROGRAM
Definition
An audit program is a set of policies and procedures that dictate how an evaluation of a
business is done.. These types of programs are used to check up on things like a business'
performance, finances, economy, and efficiency, and are generally tailored to a specific
business or purpose.
The auditor can handle audit of many concerns at the same time. Every aspect of financial
activities require audit program. The combination of all such programs is considered as
master audit programme. The auditor can make changes from time to time in order to meet
the requirements of nature and size of business.
Purpose
Audit programs are important because they standardize the data collection and evaluation
process. By setting out a specific list of steps to be followed and data to be collected, the
program ensures that auditors collect all the information they need in an efficient manner
while under appropriate supervision.
Keeping the process standardized also means that all the data collected can be used to make
useful comparisons between businesses, departments, and previous years' inspections, since
the same set of data is collected each time. Additionally, having a program like this in place
makes sure that any problems are discovered promptly and reported to the correct person.
1. Supervision of Work
The editor can judge the efficiency of his audit team with the held of an audit program. He is
in a position to know the progress of the work. He can see at any time that what part of the
work has been completed and what remains to be done.
2. Division / Distribution of Audit Work
The division of audit works is very useful for the audit staff for maintaining the difference of
works among senior or junior clerks according to their ability and skill so that the work is
divided to get better results.
3. Systematic and Uniformity of Work
Audit program helps in setting all the things in advance. So the systematic and uniformity of
work is necessary to achieved the desire.
4. Basic Instrument of Training
Audit program is infact a training instruments for the audit staff and also very useful for the
new auditors. It provides training and guidance to him. So, it is rightly called the basic
instrument for training for the staff at the right time of need.
5. Fixation of Responsibility
Audit programmes fixed the responsibilities of the staff. If any error or fraud remains
undetected the responsibility of negligence will fall on that particular assistant who has
performed that job and no one can blame on each other.
7. Easy Transfer
The principle auditor can transfer to any other person easily. If one assistant is unable to
continue the work given to him it can be given to another person. Audit program guides him
that what is done and what is remaining.
8. Final Review
Before signing the report, Final Review is made and for this purpose also auditing program is
very useful and any deficiency or missing in steps can be identified and completed.
9. Useful For Future
The audit programme is very useful in the future. On completion of an audit. It serves the
purpose of audit record that may be useful for future reference. In case of auditor is appointed
for the same concern in any future time the auditor can use the same audit programmes with
some changes.
10. Progress of Audit Work
Audit programme is useful to note the progress of work. Audit programme is a timetable,
which can show the work done on any particular date. The pace of work is going on with the
passage of time. The adjustment can be made if there is more work and less time and vice
versa. In this way work can be completed in time.
11. Supervision of Audit Staff
Audit programme is beneficial for auditor. He can supervise the activities of audit staff. He
can use the audit programme as basic of supervision. Every part of audit work can be
complete as per schedule. He can control the activities of audit staff through observation and
direction when the audit work can be complete in time.
3. No Initiative
It kills the initiative of capable persons. The assistant cannot suggest any improvement in the
plan.
4. Too Mechanical
Such audit program is too mechanical that it ignores many other aspects like internal control.
5. Large Concerns / Not Suitable for Small Concerns
Audit programme is helpful in large business concerns. It has been proved that audit program
is not suitable for small business concerns.
#6. New Problems Over Looked
In the audit programme there is no chances to accept the changes with the passage of time
new problems arise that may be over looked.
7. Changes
The drawback of audit programme is that changes in it are not acceptable. The nature of
activities of concern may change. There is a need to adjust the changes in the programme. A
master programme cannot be drafted.
8. Revision
The demerit of audit programme is that there is no revision in it. The business changes from
year to year. The working may expand or contract. The audit programme requires adjusting
itself to the changing circumstances.
9. Types
The demerit of audit programme is that is not suitable for all types of business concerns. A
small business may have few books of accounts. It is not necessary to prepare audit
programming for small concerns.
10. Staff
The accounting staff can know the working of audit. The auditor applies various methods for
checking the accounting books. Having knowledge of auditing the accounting staff can devise
means to record the transaction. In this way they can avoid their responsibility.
11. Negligence
The demerit of audit programme is that it provides protection to inefficient audit assistant.
The junior auditors can protect themselves due to weakness of audit programme. The clerks
feel responsibility for the duties stated in the programme.
12. Errors
The drawback of audit programme is that it may fail to located error. The errors of principles
cannot be detected, as the double entry is complete in such case. No doubt the location of
errors and fraud is the responsibility of management. But owner depends upon auditors to
protect their rights.
These are the management consequences/problems faced by the internal audit and iam going
to discuss some of them in the following:
Complex Business Models: The board and management are responsible for ensuring the
integrity of the business, while the internal auditor is responsible for validating, directly or
indirectly, whether the company's business model is sound. Internal audits confront issues
like: Will the company be able to survive, or compete in the market? Does it adhere to
sound business practices?
Risk Quantification: Risk is an integral part of any endeavor. The risk management unit and
the risk management committee are responsible for risk management, but it is the internal
auditor's task to ensure the risk management program works
Complex Financial Disclosures: The board shoulders the ultimate responsibility for the
integrity of the corporation's financial disclosure. The challenge for internal auditors is to
identify if there are discrepancies in companys financial statements, confirm whether they
are abiding by the financial reporting standards, verify whether sufficient controls are in
place, and affirm whether shareholders or potential investors or lenders have sufficient
information to make informed decisions
Monitoring and Oversight: Most organizations expect internal audits department to provide
additional input to management, the board of directors, and the audit committee in form of
monitoring and oversight; ensuring compliance monitoring and enforcement of essential
requirements
Overcoming Challenges
To address the rising expectations of chief stakeholders, internal audit needs to find new ways
to deploy its risk and control-based skills to help the organization achieve its strategic
objectives and enable value creation. That effort extends to activities such as:
Risk Identification and Assessment: The audit should examine whether the risk assessment
process synchronizes with latest changes in the organization, addresses all activities
conducted by the company, includes all applicable regulatory requirements, and documents
the methodology used to conduct the risk assessment.
Role Accountability and Responsibility: During this part of the evaluation, it is important
to consider the credibility, qualifications, and experience of key personnel who have been
assigned the critical tasks. Internal auditors are charged with the responsibility of assuring the
board of directors that management, financial systems, and processes are working effectively.
Policies and Procedures: Internal Auditors assessment should focus on the companys
process for ensuring that policies and procedures are comprehensive, reviewed and updated
on a periodic and reasonably frequent basis as well as accessible and understandable. This
should also verify that the company has a process in place for communicating important
changes between periodic updates.
Reporting and Record Keeping: how the company manages the myriad of reporting and
record keeping requirements faced by financial services companies. This requires validating
that all such applicable requirements have been identified, responsibilities are assigned, and
controls are put into place to ensure required information is retained and retrievable for
prescribed periods.
Need of the hour is an internal audits framework that provides a strategic model, for internal
auditors and stakeholders, to understand the elements necessary to achieve a high quality and
effective internal audit function.
Structure and Resources: Before embarking upon the auditing process, internal auditors
establish the structure of the internal audit function and assess the key internal audit
personnel to be audited, and their respective roles and responsibilities. Where the function is
outsourced, the focus includes the terms of the outsourced arrangement and how this is
monitored.
Independence: The board should ensure that the independence of the internal audit function
is maintained. The internal auditor should maintain dual reporting relationship to
management and the organization's most senior oversight group. The internal auditor should
report to executive management for assistance in establishing support, and administrative
interface; and typically to the audit committee for strategic direction, reinforcement, and
accountability.
Approach: The approach taken by internal audit should be clear and may be one, or a
combination of risk-based focus on the high-risk areas of the institution; and review-based
focus on reviews of various parts of the institution. The board should endorse the approach
and it should be scalable to future change, such that it adapts agilely to issues requiring
internal audit involvement.
Policies and Procedures: Written policies and procedures codify management's criteria for
executing an organization's operations. They document business processes, personnel
responsibilities, departmental operations, and promote uniformity in executing and recording
transactions. Thorough policies and procedures serve as effective training tools for
employees. Having a documented repository of your standard operating procedures at the
operational, financial, manufacturing unit levels, ensures consistency of processes and
reduces audit failures.
Internal Audit Plan: The internal audit plan, which usually details the proposed internal
audit work for the next 12 months, should be documented and endorsed by the board.
Importantly, the plan should be consistent with the type of approach to be taken and should
be adequate for the scale and complexity of the institutions operations.
Audit Data: The internal audit should capture audit-related data on a single database for the
entire enterprise, so that all data mining, benchmarking, and trend analysis processes are
significantly improved.
Reviews and Approvals: When a process is performed within a department, there should
always be another level of review and approval performed by a knowledgeable individual
independent of the process. The approval should be documented to verify that a review was
done. Review and approval are controls that help management gauge whether operational and
personnel goals and objectives are being met..
Reporting: Internal auditor should report findings to the Audit Committee (or board)
regularly. Serious issues should be elevated to senior management and the Audit Committee
(or board) without delay. The reporting infrastructure is not just a way to create visibility into
the status of key processes and activities, it also enables the management and the auditors a
way to get possibly real-time visibility into the key indicators of your organization. Reporting
of key Corrective Actions and Preventive Actions, Process KPI's, employee training status to
key processes, supplier and partner scorecards, quality maintenance reports on critical
equipments and plants is a simple example of a well-designed management reporting system.