Post on 01-Dec-2015
description
ABFA3114 Principles of Auditing Page 2
TABLE OF CONTENT
A Syllabus and Course Strategy
Unit Plan
Assessment Format
B Chapter
1: Introduction to Auditing
2: Regulatory Framework and Professional Ethics
3: Auditor‟s Report
4: Accounting and Internal Control Systems
5: Audit Evidence
6: Audit Procedures
7: Audit Risk and Materiality
8: Audit Planning and Control
9: Auditing Cash & Bank System
10: Auditing Property, Plant & Equipment
11: Computer in Auditing
ABFA3114 Principles of Auditing Page 3
Course Strategy and Syllabus
Unit title : Principles of Auditing
Unit code : ABFA 3114
Level of study : 3
Credit point : 4
School offering this unit : School of Business Studies
Class contact Hours
Average Weekly : 4
-Lecture : 3
-Tutorial : 1.5
-Practical : none
Semester : 7
Assessment mode : Examination (60%) Coursework (40%)
Pre-requisite unit : none
Co-requisite unit : none
Rationale
The unit introduces students to the role of external audit, a core activity in the
accountancy profession. Accounting students at this level must have an
understanding of the role and responsibility of the external auditor in relation to
an independence audit and the principles that bind the auditor.
Aims
1. To provide students with a basic understanding of the nature, purpose and
scope of a statutory audit
ABFA3114 Principles of Auditing Page 4
2. To equip students with basic knowledge of an audit process and the
general auditing procedures an external auditor undertakes to achieve the
audit objectives
3. To enable students to apply their knowledge in the audit of Property,
Plant and Equipment (PPE) and Cash and Bank systems.
Anticipated Learning Outcomes
On completion of this unit, students should be able to :
1. Explain the development, nature, purpose and scope of an audit in
relation to the regulatory framework that affects or binds the auditor
2. Demonstrate an understanding of audit risk assessment.
3. Apply the internal control systems in PPE and cash and Bank system
4. Explain the key audit procedures to be performed in relation to a given
audit objective
5. Demonstrate an understanding of the elements and types of audit report.
Syllabus Content
1. Nature, purpose, scope and regulatory framework of auditing (20%)
2. An understanding of audit planning and audit strategy and audit evidence
(25%)
3. Accounting system and internal control (20%)
4. Audit procedures (20%)
5. Audit report (15%)
Skills Integration
Skills developed in the unit include identifying auditing issues in a given
scenario and applying the appropriate auditing procedures
ABFA3114 Principles of Auditing Page 5
Teaching and Learning Strategy
Topics will be introduced by ways of lectures and developed through tutorials.
During tutorials, Q&A sessions are held to assess students‟ understanding of the
concepts, principles and procedures of auditing. In addition, students are also
grouped into smaller groups of 5-6 students per group where they work together
on a given scenario to identify key auditing issues and apply the appropriate
procedures.
Core text
1. Auditing and Assurance Service in Malaysia, Messier/Glover/Prawitt
Margaret Boh, 3rd
Edition, Mc Graw Hill (ISBN978-983-3850-075) 2007.
Other references
2. Auditing In Malaysia- An Integrated Approach, Alvin A. Arens, 11th Edition.
ABFA3114 Principles of Auditing Page 6
SCHOOL OF BUSINESS STUDIES
Week Topic Reference
Week 1
Introduction to Auditing AAS-Chapter 1 & 2
Week 2
Regulatory Framework and Professional
Ethics
AAS- Chapter 1,2 & 19
Week 3
Auditor‟s Report AAS- Chapter 18
Week 4
Accounting and Internal Control System AAS- Chapter 6
Week 5
Audit Evidence AAS- Chapter 4
Week 6
Audit Procedures (I) AAS- Chapter 4
Week 7
Audit Procedures (II) AAS- Chapter 4
Week 8
Audit Risk and Materiality AAS-Chapter 3
Week 9
Audit Planning and Control (I) AAS- Chapter 5
Week 10
Audit Planning and Control (II) AAS- Chapter 5
Week 11
Auditing Cash and Bank System AAS-Chapter 16
Week 12
Auditing Property, Plant & Equipment AAS- Chapter 14
Week 13
Computer in Auditing AAS- Chapter 7
Week 14
Computer in Auditing AAS- Chapter 7
Reference
Core text
1. Auditing and Assurance Service (AAS) in Malaysia, Messier/Glover/Prawitt
Margaret Boh, 3rd
Edition, Mc Graw Hill (ISBN978-983-3850-075) 2007.
Other references
2. Auditing In Malaysia- An Integrated Approach, Alvin A. Arens, 11th Edition.
ABFA3114 Principles of Auditing Page 7
Assessment Format
There are 2 parts of your assessment of the course: group assignment and final
examination.
Component Threshold
Course
work
40% Group Assignment 40 marks
Mid-term Test 60 marks
100 marks x
0.4
50%
Final Exam 60% Written Exam 100 marks x
0.6
40%
Total 100%
Group Assignment
You will be required to form a group and carry out a specific research on the
subject topics.
Format of Final Examination
The final examination will be of THREE (3) hours long and comprise two
parts:
Part A: One Compulsory question (25%). You are given a case study and you
are required to analyse the case and apply the theories to the scenario.
Part B: You are required to answer THREE (3) questions out of FOUR (4)
questions. You are given some short questions to work on. Each question
constitutes 25%.
ABFA3114 Principles of Auditing Page 8
CHAPTER 1
INTRODUCTION TO AUDITING
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand the nature, purpose and scope of audit
Distinguish between accounting and auditing
Understand different types of audits and auditors
Understand the concept of true and fair view
Reference text: Auditing and Assurance Services in Malaysia- Chapter 1 & 2
ABFA3114 Principles of Auditing Page 9
1,1 Nature, Purpose and Scope of Audit
1.1.1 A statutory audit simply means “a legally required examination of an
organisation‟s annual accounts and financial records”.
1.1.2 The objective/purpose of an audit is to enable the auditor to express an
opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework.
1.1.3 Auditors do not certify or guarantee the correctness of financial
statements; they report whether in their opinion they give a “True and
Fair View” of the financial position. True and Fair View (UK) = Present
Fairly (US). Express opinion is different from guarantee or certification
of 100% correctness. Auditor just obtains reasonable assurance that the
financial statements do not contain material misstatement (serious
mistakes).
1.1.4 Reasonable assurance means the auditor obtains certain degree of
comfort that the financial statements do not contain material
misstatement.
1.1.5 Why reasonable (less than 100%) assurance? Or why not absolute (100%)
assurance? This is because auditing has some inherent limitations.
These inherent limitations are:
Use of sampling testing. Auditors use samples to test the
transactions because it is impossible for auditor to check every
transaction. When applying sampling, there is always a risk of
taking the wrong samples.
Inherent limitations of internal control. There is always
possibility of employee collusion, management override or human
errors.
Audit evidence is persuasive, not conclusive. Persuasive means
giving evidence to believe; whereas, conclusive means 100%
correct or wrong.
Use of auditor’s judgement. Auditors often use professional
judgement to make decision where there is always a risk that the
judgement may be inappropriate.
ABFA3114 Principles of Auditing Page 10
1.1.6 In Malaysia, external audit of financial statements is mandatory (i.e.
mandatory audit is also known as Statutory Audit) for every company,
regardless of size, that is registered under Malaysia‟s Companies Act
1965.
1.1.7 The concept of agency (Principals and Agents)
Modern auditing has developed since the concept of a company as a
separate legal entity came into existence. It means the separation of
ownership and the management of the company.
For listed companies the owners of company are its shareholders and they
may not be involved in the daily operation of company. The company
will be run by directors, who are elected by shareholders. The
shareholders expect a return on investment, while the directors expect to
be paid for salary.
Thus shareholders need to have confidence that accounts prepared by
directors are accurate and comply with the required standards and
regulations. To ensure that the financial statements are drawn accurately,
they employ auditors to check its financial statements.
The job of external auditors is to report whether the financial statements
show True & Fair view. By having this independence check the
shareholders gain confidence in terms of money is being handled
properly.
ABFA3114 Principles of Auditing Page 11
Principal provides capital and hires agent to manage it. Agents are hired to manage the
Company on behalf of principals.
Agents are paid for their services
Conflicts of interest lead to
information risk for the
principal
Principals
(Owners)
Agents
(Directors)
Auditor is appointed by principal
to review the performance of
agents Auditor reports the
financial position to
the principal
Agent is accountable to
principals. Agent need to
manage the company as
entrusted.
ABFA3114 Principles of Auditing Page 12
An overview of the Principal-Agent relationship leading to the demand for
auditing
1.1.8 The concepts of accountability, stewardship and agency.
Accountability means that people in positions of power can be held to
account for their action. For example, they are compelled to explain their
decision/action or be punished if they have misuse their power.
Stewardship is the responsibility to take good care of resources. A
steward is someone employed to manage another person's property.
A fiduciary relationship is a relationship of good faith such as between
directors and shareholders. The directors must take their decisions in the
interests of the shareholders rather than in their own personal interest.
Agents are people employed or used to provide a particular service. In
the case of a company, the people being used to provide the service
managing the business also have the second role of being people in their
own right trying to maximise their personal wealth
Directors’ Accountability and Responsibilities
Directors are accountable to the shareholders for the assets that they
control on their behalf. It means that the directors are responsible for the
preparation of the accounts of the company. If the directors ask
accounting firm to perform its accounting functions, they could not
escape their responsibilities to the shareholders. The directors are
responsible for the proper set up of accounts.
1.1.9 Advantages of a statutory audit
a. Dispute between management may be more easily settled
b. Major changes in ownership may be facilitated if the past accounts
contain an unqualified audit report
c. To enhance the loan application
d. To improve efficiency of the business operation by improving internal
control system or control procedures
e. To serve as a basis for preparation of tax returns
ABFA3114 Principles of Auditing Page 13
1.1.10 Disadvantages of an Audit
a. Audit fee is incurred
b. Disruption of work to the client‟s staff
1.2 Distinction between Auditing and Accounting
1.2.1 These activities are closely related but separated activities. It is very
common that some companies engage the same accountant from the same
accounting and audit firm to prepare the accounts. It should make clear
that the directors are still responsible for the preparation of accounts.
1.2.2 A………………… is the recording, classifying and summarising of
transactions in a systematic manner for the purpose of providing financial
information for decision making.
1.2.3 A……………… is a process of reviewing the transactions and balances
of accounting records to project a true and fair view of the financial
position of the company.
1.3 Different types of audits and auditors
1.3.1 Types of audit
a. F…………………………… Audit. It is conducted to determine
whether the overall financial statements are prepared according to the
acceptable accounting principles. The financial statement audit covers
the audit on Statement of Financial Position, Statement of
Comprehensive Income, statement of changes in shareholders‟ equity
and cash flow statement together with the accounting policies and
explanatory notes to the financial statements.
b. O………………….. Audit. It is conducted on the operating
procedures and process of the organisation to determine whether it is
operating in effective and efficient manner. At the end of the
operational audit, auditor will recommend how to improve
effectiveness and efficiency of the whole organisation‟s operation
system.
ABFA3114 Principles of Auditing Page 14
c. C……………… Audit. It involves checking whether the organisation
follows the specific laws, regulations, specific procedures set by the
authority. For example, a compliance audit for a listed company may
focus on whether the company follows the stock market ruling and
pays the appropriate taxes.
d. F………………. Audit. It is a special investigation audit that mainly
focuses on fraud, criminal cases, shareholders dispute or negligence. It
requires high investigation skills, knowledge and experience to obtain
and develop information as legal evidence or for use by expert
witnesses in the court of law.
1.3.2 Types of auditors
a. I………………… Auditors. They are employees of organisation
whose activity set by management to examine and evaluate the
organisation‟s risk management processes and systems of control, and
to make recommendations for the achievement of company objectives.
The focus of internal audit now is on adding value to an organisation
through improvements in controlling risk and looking at all types of
risk and control. It functions by, amongst other things, examining,
evaluating and reporting to management and the directors on the
adequacy and effectiveness of components of the accounting and
internal control systems.
The Roles of Internal Audit (IA)
IA is part of the organisational control of a business; it is one of the
methods used to ensure the orderly and efficient running of the
business.
A properly function of IA is part of a good corporate governance,
as recognised by national and international codes on corporate
governance
IA procedures meet the needs of good corporate governance of
meeting the needs of all stakeholders.
IA enable management exercises proper risk management
ABFA3114 Principles of Auditing Page 15
b. E……………….. Auditors (or Public Accounting Firm). They are
external parties who conduct auditing services for both public and
private companies. For example, Ernst & Young, KPMG,
PriceWaterhouseCoopers, Delloite, Crowe Horwarth and so on. It is
an exercise whose objective is to express an opinion whether the
financial statements give a true and fair view of the organisation 's
activities have been properly prepared in accordance with the
applicable reporting framework.
c. G……………….. Auditors (also known as Auditor General) are
responsible for auditing all the Federal government, State government,
public authorities and the statutory bodies‟ accounts. At the Federal
level, the Auditor General reports to the King (Yang Di-Pertuan
Agong) and presents his audit reports to the House of Parliament.
d. F………………….. Auditors. They are specially trained to detect,
investigate and deter fraud and crime.
e. Inland Revenue Assessment Auditor. These auditors are responsible
for enforcing the Income Tax Act. They audit tax payers‟ returns to
determine whether the computation of taxes is complied with the laws.
1.3.3 Difference between internal audit and external audit (SAROL)
Internal Audit External Audit
Scope (S) Cover all areas
including operation and
finance
Financial focus
Approach (A) Risk based, assess risk,
evaluation on control
system, test on
operations of system,
and make
recommendations for
improvement.
Risk based, test on
transactions that form
the basis of the final
financial statement
ABFA3114 Principles of Auditing Page 16
Responsibility ( R) Advise and make
recommendations on
internal control and
corporate governance.
Form opinion on
financial statements.
Objectives (O) Advise to protect
organisation against
loss due to weak
internal control
Provide opinion on
financial statement
whether provide True &
Fair view
Legal (L) Not legal requirement.
But recommended to
have internal audit dept
for good corporate
governance practice
Legal requirement to
have an audit on their
financial statement
1.4 The concept of true and fair view
1.4.1 External auditors give an opinion on the truth and fairness of financial
statements. It does not mean that the financial statements are free from
error.
1.4.2 It is generally understood that the presentation of accounts are drawn up
according to accepted accounting principles using accurate figures as far
as possible and reasonable estimates and arranging them so as to show a
true picture of accounts that free from material bias, distortion,
manipulation or concealment of material facts.
1.4.3 True - Information is factual and conforms to the reality, not false. In
addition the information must conform to the required standards and
laws. And, the accounts have also been correctly extracted from the
books and records.
ABFA3114 Principles of Auditing Page 17
1.4.4 Fair - Information is free from discrimination and bias and in
compliance with expected standards and rules. The accounts should
reflect the commercial substance of the company's underlying
transactions. Fairness depends on the following factors:
Relevance of the information to the user‟s needs
Free from bias
Facts can be verified by evidence
Materiality of item. A transaction is material if its disclosure would
change the user‟s view on the accounts.
1.4.5 Why the concept of true and fair is important to auditor? This is
because:
Auditor certainly cannot certify/guarantee the accounts are 100%
accurate and free from mistakes. This is because auditor uses
sampling method to draw audit evidence to support the opinion.
Moreover, there many different accounting interpretations and
presentation such as depreciation, goodwill, inventory etc.
The concept of truth and fairness is more important than 100%
accurate.
In reaching his opinion whether accounts show true and fair view,
the auditor is required to exercise his skills and judgment.
1.5 The Chronology of an audit
Determine audit approach
Stage 1. Determine the ..................... of the audit and the auditors' approach.
For statutory audits the scope is laid down by legislation and
expanded by Auditing Standards. The auditors should prepare an
audit plan, which should be placed on file.
Ascertain the system and controls
Stage 2. Determine the flow of ....................... and extent of .................... in
existence in the client's system.
ABFA3114 Principles of Auditing Page 18
This is a fact finding exercise which is achieved by discussing the
accounting system and document flow with all the relevant
departments (for example, sales, purchases, cash, inventory and
accounts personnel).
It is good practice to make a rough record of the system during this
fact finding stage which will be converted to a formal record at
Stage 3.
Stage 3. Prepare a comprehensive record of the system to facilitate
evaluation of the systems. The records may be in various formats
(for example, charts, narrative notes, internal control
questionnaires and flowcharts).
Stage 4. Confirm that the system recorded is the same as that in operation.
This is achieved by performing walk-through tests. These involve
tracing a handful of transactions through the system and observing
the operation of controls over them.
This check is useful because sometimes client staff will tell the
auditors what they should be doing rather than what is actually
done.
Assess the system and internal controls
Stage 5. Evaluate the .................. to determine their reliability and
formulate a basis for testing their effectiveness in practice.
Test the system and internal controls
Stage 6. (This should only be carried out if the controls are evaluated as
effective at Stage 5. If not, Steps 6 and 7 should be omitted.)
If controls are effective, tests should are designed to establish
compliance with the system should be selected and performed.
Tests of controls, which cover a larger number of items than
walkthrough tests and cover a more representative sample of
transactions through the period, should be carried out.
If controls are strong, the records should be reliable and the
amount of detailed testing can be reduced. If controls are
ineffective in practice, more extensive substantive procedures will
be required.
ABFA3114 Principles of Auditing Page 19
Stage 7. After evaluating the systems and testing controls, auditors normally
send an interim report to management identifying weaknesses
and recommending improvements.
Test the financial statements
Stages These tests are concerned with substantiating the figures given in the
final financial statements
8 and 9. Substantive tests also serve to assess the effect of errors, should
errors exist.
Before designing a substantive procedure it is essential to consider
whether any errors produced could be significant. If the answer is
no, there is no point in performing a test.
Review the financial statements
Stage 10. The financial statements should be reviewed to determine the
overall reliability of the account by making a critical analysis of
content and presentation.
Express an opinion
Stage 11. The auditors evaluate the evidence that they have obtained and
they express their .............................. to members in the form of
an audit report.
Stage 12. The final report to .................................... is an important end
product of the audit. The purpose of it is to make further
suggestions for improvements in the systems and to place on
record specific points in connection with the audit and the
accounts.
ABFA3114 Principles of Auditing Page 20
CHAPTER 2
REGULATORY FRAMEWORK AND PROFESSIONAL ETHICS
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand the provision of Companies Act in audit
Explain the duties, power and responsibility of auditor
Explain the responsibility of auditor in detecting fraud and errors and
illegal activities
Understand the professional ethics.
Reference text: Auditing & Assurance Services in Malaysia- Chapter 1,2 & 19
ABFA3114 Principles of Auditing Page 21
2.1 Understand the provision of Companies Act in audit
2.1.1 Section 169 of the Companies Act 1965 requires the directors of every
company to present the audited financial statements that give true and fair
view of the activities of the company in its annual general meeting.
2.1.2 Under Section 174 of the Companies Act, 1965, there are two main
requirements relating to the auditor‟s reporting duties:
The auditor must state, whether in his opinion, the financial statements
have been properly drawn up in accordance with the provisions of the Act
and applicable approved accounting standards, so as to give a true and
fair view of the company‟s state of affairs and result of operations; and
matters required by section 169 to be dealt with in the financial
statements; and
The auditor must state, whether in his opinion, the accounting and other
records and the registers required by the Act to be kept by the
company, have been properly kept in accordance with the Act.
2.1.3 Under the Companies Act, 1965, the statutory duties of company directors
in relation to accounting functions are:
Ensuring proper accounting records are kept. Directors are
required to design the accounting system and keep all the accounting
records of the companies in a proper manner.
Taking reasonable steps to safeguard the assets of the company
and prevent and detect fraud and errors. Directors are responsible
for designing an effective internal control system to protect the
companies‟ assets from any possibility of fraud and error.
Preparing financial statements that give true and fair view.
Though, directors may delegate the preparation of financial
statements to accountant, they are still responsible for ensuring the
financial statements are drawn up in accordance with the standards
and regulation.
Adopting good accounting policies and establish adequate
internal control. Directors are responsible for compliance to the
best practice of accounting standards and effective internal control
system.
ABFA3114 Principles of Auditing Page 22
File in annual return of the company to Companies Commission
of Malaysia (CCM). Directors are responsible for preparing an
annual return to the regulators.
2.1.4 Appointment of Auditors.
Appointed by When
Members
(Shareholders)
Shareholders can appoint the first auditors of the
company or to fill a casual vacancy and the auditor will
hold office until the end of first annual general meeting.
In an Annual General Meeting (AGM), shareholders can
reappoint retiring auditor, appoint a new auditor or
appoint an auditor who has been appointed by directors
previously.
Directors Directors can appoint the company‟s first auditor between
the date of incorporation (establishment) and the first
AGM. Directors can also appoint an auditor to fill in a
causal vacancy.
Companies
Commission of
Malaysia (CCM)
If a company does not appoint an auditor as requested by
Companies Act-section 172, the CCM can appoint an
auditor.
2.1.5 Disqualification of Auditors. Under section 9(1) of the Companies Act, a
person is prohibited from acting or accepting an appointment as the auditor
of company if he is:
Indebted to the company or its related company in an amount
exceeding RM2,500.
An officer of the company.
A partner, employer or employee of an officer of the company.
A partner, employee of an employee of an officer of the company.
A shareholder of the company whose employee is an officer of the
company or
Responsible for or if he is the partner, employer or employee of a
person responsible for keeping company‟s assets or the register of
debenture holders of the company
ABFA3114 Principles of Auditing Page 23
2.1.5 Departure from auditor’s office. Auditors can leave office by one of the
following reasons:-
Resignation
Not seeking reappointment
Being removed at a general meeting before their term of office is
expired.
Being removed at a general meeting at which their term of office is
expired.
2.1.6 Resignation usually requires written notice by the auditor to the company
and to the CCM. It also requires a statement of circumstances. The auditor
concerned is permitted to speak and communicate in writing with shareholders
and other stakeholders.
RESIGNATION OF AUDITORS
1 Resignation procedures Auditors deposit written notice together with
statement of circumstances or statement
that no circumstances exist relevant to
members/creditors
2 Notice of resignation Sent by company to regulatory authority
3 Statement of
circumstances
Sent by:
(a) Auditors to regulatory authority
(b) Company to everyone entitled to receive a
copy of accounts
4 Convening of general
meeting
Auditors can require directors to call
extraordinary general meeting to discuss
circumstances of resignation
Directors must send out notice for meeting
within 21 days of having received requisition
by auditors
5 Statement prior to
general meeting
Auditors may require company to circulate
(different) statement of circumstances to
everyone entitled to notice of meeting
6 Other rights of auditors Auditors can receive all notices that relate to:
(a) A general meeting at which their term of
office would have expired
ABFA3114 Principles of Auditing Page 24
RESIGNATION OF AUDITORS
(b) A general meeting where casual vacancy
caused by their resignation to be filled
(c) Auditors can speak at these meetings on
any matter which concerns them as auditors
2.1.7 Removal of auditor
Any removal or resignation of auditor before end of the audit contract
implies serious disagreement b/w auditor and client. If auditors disagree
with the fee or accounting practices, they simply do not offer themselves
to be reappointment. Removal must usually be notified to regulatory
authority. 2/3 majority resolution is required to remove an auditor. The
concerned auditor is given the right to make written representations
and speak at the meeting or AGM.
Removal procedures. The reasons to have removal procedures are to
ensure that the auditors are not removed for improper reasons without the
knowledge of the shareholders and auditors do not seek to avoid their
responsibility by going quietly.
Removal
Procedure
Description
1 Notice of removal Either special notice (28 days) with copy sent to
auditor
Or if elective resolution in place, written
resolution to terminate auditors' appointment
Directors must convene meeting to take place
within reasonable time.
2 Representations Auditors can make representations on why they
ought to stay in office, and may require company to
state in notice representations have been made and
send copy to members.
3 If resolution is
passed (a) Company must notify regulatory authority
(b) Auditors must deposit statement of
circumstances at company's registered office
ABFA3114 Principles of Auditing Page 25
Removal
Procedure
Description
within 14 days of ceasing to hold office. Statement
must be sent to regulatory authority.
4 Auditor rights Auditor can receive notice of and speak at:
(a) General meeting at which their term of office
would have expired
(b) General meeting where casual vacancy caused
by their removal to be filled
The auditor will have to issue a written statement either:
(i) Statement of ............................ (Some disagreement issues need to be
highlighted to the attention of the shareholders. E.g. Fraud, severe disagreement
over accounting practice)
OR
(ii) Statement of ............................. (No issues need to be brought to the
attention of the shareholders. E.g. Disagreement over auditor fee)
2.2 Explain the duties, power and responsibility of auditor
2.2.1 Auditor’s rights and duties
The audit is primarily a statutory concept, and eligibility to conduct an audit is
often set down in statute. Similarly, the rights and duties of auditors can be set
down in law, to ensure that the auditors have sufficient power to carry out an
effective audit.
Auditor’s Duties
The duties of the auditors are:-
(a) To report the shareholders/directors on whether the financial statements
show true and fair view and have been properly prepared, in all material
respect, in accordance with legislation and applicable accounting standards.
(b) To consider whether the information in the management report is
consistent with the audited financial statement
ABFA3114 Principles of Auditing Page 26
(c) To give various details required by legislation in their report. Common
details are directors‟ transactions & emoluments.
(d) To form opinion on the financial statements whether they are presented in
true and fair view.
(e) To report on any violation of law or the company‟s constitution.
(f) To make a “statement of circumstance” when they cease to hold office for
any reason.
Auditor’s Rights
The principal rights auditors should have, excepting those dealing with
resignation or removal, are set out in the table below, and the following are
notes on more detailed points.
Access to records A right of access at all times to the books,
accounts and vouchers of the company
Information and
explanations
A right to require from the company's
officers such information and explanations
as they think necessary for the performance
of their duties as auditors
Attendance at/notices of
general meetings
A right to attend any general meetings of
the company and to receive all notices of
and communications relating to such
meetings which any member of the
company is entitled to receive
Right to speak at general
meetings
A right to be heard at general meetings
which they attend on any part of the
business that concerns them as auditors
Rights in relation to
written resolutions
A right to receive a copy of any written
resolution proposed
Right to require laying of
accounts
A right to give notice in writing requiring
that a general meeting be held for the
purpose of laying the accounts and reports
before the company (if elective resolution
dispensing with laying of accounts in force)
ABFA3114 Principles of Auditing Page 27
2.3 Explain the responsibility of auditor in detecting fraud and errors and
illegal activities
2.3.1 Auditors’ Responsibility for the Prevention & Detection of Fraud &
Error
ISA 240 The Auditor’s Responsibility to Consider Fraud in an Audit of
Financial Statements states that:-
Fraud is to intentional acts which may involve the falsification of documents
or misappropriation of assets.
Error is the unintentional misappropriation of accounting policies,
oversights or misinterpretations of facts.
In the new audit engagement, auditors should be very careful to avoid accepting
responsibility for detection of fraud that they cannot discharge.
2.3.1 Management responsibility in preventing fraud & error
Management is responsible for the prevention and detection of fraud. They
should implement and operate adequate internal control system to safeguard the
assets.
2.3.2 Internal Auditor’s responsibility in preventing fraud and error.
Internal auditor is to REVIEW the measures that designed by management to
ensure adequate control is in place.
Internal auditor can help management manage risks in relation to fraud and
error by
1. commenting on the process used by management to identify fraud and error
risks.
2. commenting on the appropriateness and effectiveness of actions taken by
management to manage the risks identified
3. periodically auditing or reviewing systems or operations to determine
whether the risks of fraud and error are being effectively managed;
ABFA3114 Principles of Auditing Page 28
4. monitoring the incidence of fraud and error, investigating serious cases and
making recommendations for appropriate management responses
2.3.3 External Auditor’s responsibility in preventing and detecting fraud
and error.
1. External Auditor‟s responsibility is to ASSESS the risk that fraud or error
may cause the financial statements to contain material misstatement.
2. The objective of an audit is to report on the truth and fairness of the
financial information but not purposely to detect fraud and errors. However,
in the course of conducting audit if the auditor discovers the fraud and
material misstatements affecting the financial statements, auditor should
investigate further.
3. Auditor must perform the auditing with an attitude
of......................................... i.e. it requires that the auditor objectively
evaluate audit evidence. This means the auditor should constantly maintain a
critical and questioning mind in assessing the validity of audit evidence he
accumulates during the audit process.
4. An attitude of professional scepticism is necessary for the auditor to identify
circumstances that increase the risk of a material misstatement resulting from
fraud or error, and suspicious circumstances that indicate that the financial
statements are materially misstated. If the auditor suspected that there might
be a material misstatement due to fraud or error, the auditor would be more
sensitive to the selection and type of evidence examined.
2.3.4 Limitation of statutory audits
As per ISA 200, the inherent limitations of statutory audits are:
1. The use of sampling testing. Auditors could not able to conduct 100%
checking on all the transactions. Due to sampling selection, some items may
not be checked if not being selected in a sample. Due to this sampling test
basis, it may happen that misstatement may remain undetected.
ABFA3114 Principles of Auditing Page 29
2. The inherent limitations of internal control system. Auditor relies on the
internal controls if they are effective. But by nature, internal control of the
company has its inherent limitations such as human error. Therefore, the
auditor cannot give absolute assurance but only reasonable assurance.
3. The fact that most audit evidence is persuasive rather than conclusive.
The auditor‟s opinion is based on the evidence gathered which is not
conclusive to draw a conclusion.
4. Limitations of the reporting framework. The auditor report given is fixed
format which may not be understandable and readable by all the users.
5. Audit does not provide up-to-date position. The financial statements
provide past information. The auditor‟s opinion given on the past
information sometime is not relevant.
2.4 Understand the professional ethics.
2.4.1 Definition of ethics.
Ethics refers to code of conduct based on moral duties and obligations that
indicate how an individual should behave in society. For example, businessman
should be ethical not to produce harmful products for consumers.
2.4.2 Fundamental Principles of Ethics “C.O.B.I.C.”
The Fundamental PrinciplesError! Bookmark not defined.
Integrity (I) Members should behave with integrity in all
professional, business and personal financial
relationships. Integrity implies not merely honesty
but fair dealing and truthfulness.
Objectivity
(0)
Members should strive for objectivity in all
professional and business judgements, (objectivity is
the state of mind which has regard to all
considerations relevant to the task in hand but no
other, it presupposes intellectual honesty).
ABFA3114 Principles of Auditing Page 30
The Fundamental PrinciplesError! Bookmark not defined.
Professional
Competence
(C)
Members should not accept or perform work which
they are not competent to undertake unless they
obtain such advice and assistance as will enable them
competently to carry out the work.
Confidentiali
ty (C)
Members should carry out their professional work with
confidentiality. Information obtained in a business
relationship should not disclose outside the firm unless
there is a proper and specific authority or duty to
disclose.
Professional
Behaviour
(B)
Members should behave with courtesy and
consideration towards all with whom they come into
contact during the course of performing their work.
2.4.3 Ethical Threats
Threats
The potential threats that may lead to conflict of interest are:
Self- interest threat. It occurs when auditor could benefit from a
financial interest in an audit client. Examples of self interest threats are
- if the auditor has a ownership of shares in client company or any
joint venture with the audit client.
- having personal relationship with senior members of client
company.
- providing loan or guarantee to or from an audit client.
- highly depending on total fees from one audit client
Self- review threat. It occurs when the audit firm or member of audit
team put itself in a position of reviewing the subject that previously the
member is responsible. Examples are:
- Auditor offers accounting services and other non audit services and
auditor audit his own work.
- Custodian for and ownership of assets of audit client.
- Assist /supervise employees of audit client
ABFA3114 Principles of Auditing Page 31
- Performing valuation / internal audit service for financial
statement
- Recruiting senior management for audit client
- Advise / assist in securing source of finance.
Advocacy threat. It occurs when the audit firm or a member of the audit
team promotes or may be perceived to promote, an audit client‟s position
or opinion. Examples are:
- promoting client‟s shares or IPO
- acting on behalf of client in litigation case or in resolving disputes
with other 3rd
party.
Familiarity threat. It occurs when by virtual of a close relationship with
an audit client. Examples are
- having a close family member who as a director, officer or
employee of the audit client.
- Long outstanding business relationship with the client.
- Become close friend of the audit client
- Acceptance of an expensive gifts
- Auditor is ex-employee of audit client.
Intimidation threat. It occurs when a member of the audit team may be
deterred from acting objectivity and exercising professional judgement
due to pressure given by the audit client to terminate the service,
dominant personality in a senior position at the audit client. Examples
are:
- Disagreement with client, auditor is being threatened to be
removed from service.
- Threat to reduce fees due to pressure applied in order to reduce the
scope of an audit.
- Litigation situation in between auditor and client
2.4.4 Safeguards to Address Threats
Safeguards can be grouped under 3 categories.
Category 1- Safeguarded by …………………
Prohibition of providing non-auditing services by auditors. Auditor
should be prohibited to carry out services such as internal audit,
ABFA3114 Principles of Auditing Page 32
bookkeeping, management functions, designing control services or
legal advices.
Category 2- Safeguarded by …………………
This safeguard is by preparing its own code of ethics for the entire
audit firm or a specific client/assignment.
Category 3- Safeguarded by ………..
This safeguard is by the client itself. Safeguard could be:
appointment of auditor is by the audit committee; verifying the
qualification of auditor by the client, monitoring auditor‟s work by
audit committee.
2.4.5 Confidentiality of Information.
Information confidential to a client should not be disclosed, except where
consent has been obtained, or where there is a public duty or a legal or
professional right or duty to disclose. Accountant should only act for a client on
the understanding that the client will make full disclosure to them.
There are circumstances in which auditor is free to disclose information
regardless of the client‟s wishes and circumstances in which the auditor has an
obligation to do so.
Auditors have an obligation to disclose:
(1) where the courts order them to do so;
(2) where they suspect their client of offences of terrorism;
(3) they suspect the client to be a drug trafficker;
(4) where under banking, insurance and financial services, they consider the
client is either acting recklessly or is not fit or proper to manage such
business.
2.4.6 Basic principles of independence
a) It states that a member’s objectivity must be beyond question if they are
to report as auditor. The followings are the enforcement mechanisms to
maintain its integrity, objectivity and independence.
(Note: Independence means an attribute of the relationship between 2 parties. It
is said that 2 parties are independent if neither has any obligation to the other)
ABFA3114 Principles of Auditing Page 33
Guideline 1: Undue dependence on an audit client for dependence on
Income. Recurring fees paid by one client or group of connected clients should
............................... of the gross practice income- (10% for public companies).
Guideline 2: Family and other personal relationship. A family or other close
relationship may pose a threat to independence and safeguards should be in
place to preserve independence. Auditor should ensure personal relationship do
not affect their objectivity
Guideline 3: Beneficial interests in shares and other investment .An auditor
should ensure that it does not have as an audit client a company in which any
partner or anyone closely connected with a partner holds shares or has a
beneficial interest in shares.
Guideline 4: Loans. An auditor or anyone closely connected with it should not
make or accept loans to or guarantee from an audit client. This also applies to
a partner in a practice or spouse or minor child.
Guideline 5: Goods & services- hospitality. Goods and services should not be
accepted by an auditor or by anyone closely connected with it unless the value
of any benefit is modest.
Guideline 6: Provision of other services. There is no objection in practice to
the provision of other services to audit clients, but care must be taken not to
perform management functions or to make management decision.
Guideline 7: Overdue fees. The existence of significant overdue fees can be a
threat to objectivity.
Guideline 8: Litigation. Objectivity may be threatened (or appear to be) where
there is actual or threatened litigation between auditor and clients.
Guideline 9: Associated firm’s influence outside the practice. Pressure may
arise from outside the practice form associated practices or organisation.
ABFA3114 Principles of Auditing Page 34
Guideline 10: Auditor should not perform management functions or take
executive decision. Auditor‟s involvement is only advisory.
ABFA3114 Principles of Auditing Page 35
CHAPTER 3
AUDITOR’S REPORT
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand the standard unqualified audit report
Understand the implication of unqualified audit report
Explain the departure from standard report and deciding appropriate
auditor‟s report.
Reference text: Auditing & Assurance Services in Malaysia- Chapter 18
ABFA3114 Principles of Auditing Page 36
3.1 The Auditor’s Report
3.1.1 What is an audit report?
Audit report is the principal channel of communication between the
auditor and the user of the financial statements.
Audit report is the review and evaluation report resulted from the test of
control and substantive procedures that auditor has performed. Before
issuing an audit report, auditor should assess the types of audit reports to
be issued.
The two main reporting requirements under the Companies Act are:
The auditor should state in his opinion whether the financial statements
give a true and fair view, and are in compliance with the Act and
applicable approved accounting standards.
Auditor's opinion on whether the accounting and other records and the
registers required by the Act have been properly kept in accordance with
Act.
3.1.2 Users of audit report. The followings are the users of an audit report:-
Potential investors- To evaluate the performance of company before
investing.
Shareholders of a company- To know the profitability of the company
they owned.
Employees of a company- To know the performance of company.
Bankers- To evaluate the credit worthiness of the borrower before
lending.
Suppliers- To evaluate the liquidity of the company before supplying
goods.
3.1.3 ISA 700 Forming an Opinion and Reporting on Financial Statements
indicates the basic elements that will ordinarily be included in the
audit report. The basic elements of an auditor‟s report include the
followings:-
ABFA3114 Principles of Auditing Page 37
No Audit report
element/feature
Reason for that element/feature
1 Title of „independent
auditor”
To identify this as an audit report and
distinguish it from other reports on financial
statements that might be issued by others,
directors, etc
2 Addressee To identify the person(s) who may use or rely
on the report.
3 Introductory paragraph It states that when an audit was conducted and
identifies which financial statements are
covered by the auditor‟s report.
Management‟s
responsibility for the
financial statements
To explain the responsibility of management
for the preparation of financial statements in
accordance with the applicable financial
reporting framework
Auditor‟s
responsibility
To state that the auditor‟s responsibility is to
express an opinion on the financial statements
based on the audit
To explain the scope of the audit so that the
standards of the auditor‟s work is clear and
other factors such as limitation of audit testing
is known
5 Auditor‟s Opinion
paragraph referring to
the financial reporting
framework followed
and expressing the
auditor‟s opinion.
To provide the auditor‟s opinion on the
financial statements in terms of true and fair
view, to assure the reader that the audit has
been carried out in accordance with
established principles and practices
Other reporting
responsibility
Auditor‟s signature This is normally the signature of the audit firm
as the firm assumes responsibility for the
audit, not the individual engagement partner.
Date of the report To inform the reader that the auditor has
considered effects of transactions that the
ABFA3114 Principles of Auditing Page 38
No Audit report
element/feature
Reason for that element/feature
auditor became aware of on the financial
statements up to that date.
Auditor‟s address This is normally the city where the auditor
responsible for the audit is located so he/she
can be contacted, if necessary.
3.1.4 Types of audit reports. (Exam focus)
Unmodified report. This report is a standard good report that does not
require any change/modification on certain issues. A standard unqualified
auditor's report contains the standard wording in terms of format and
contents in compliance with the requirements under the auditing standard
and the provisions of the Companies Act, 1965 and/or other statutory
requirements
Modified unqualified report. This report has an emphasis of matter
paragraph. A modified unqualified report contains an unqualified opinion
but the wording of the report is modified normally by the inclusion of an
additional explanatory paragraph that highlights or makes reference to a
matter such as going concern uncertainty.
“Except for” report. This report is a qualified audit report with
limitation of scope or disagreement but the effect of misstatement on
financial statement only material but not pervasive.
Adverse report. This report is a qualified audit report with disagreement
and the effect of misstatement on financial statement is material and
pervasive.
Disclaimer of opinion report. This report is a qualified report with
limitation of scope and the effect of misstatement on financial statement
is material and pervasive.
ABFA3114 Principles of Auditing Page 39
3.1.5 Meaning of terms
a. Unqualified report = ..........................
b. Qualified report = ........................
c. Emphasis of matter means auditor wishes to highlight certain issues to
the user‟s attention provided that the directors have disclosed all the
information.
d. Limitation of scope means auditor does not have full information when
conducting an audit. In other words, auditor faces some limitations to
access all the necessary information (evidence) to support his audit
opinion. For example, lack of accounting records that have been
destroyed or lack of explanation from directors.
e. Except for means “......................” a certain item. Except that particular
item, the rest of the items are true and fair.
f. Disagreement means auditor does not agree with the management about
matters such as accounting treatment or disclosure in the financial
statements such as provision of bad debt, depreciation etc.
g. Adverse opinion means that auditor .................... in the accounting /
disclosure matters because they affect all the areas of financial
statements. The financials as a whole do not give true and fair view.
h. Disclaimer of opinion means the auditor does not provide any opinion
on the financial statements because the financial statements are material
and pervasive misstatement.
i. Material. An item is said material means that omission of it will change
the audit opinion. It can say that the transaction has a significant impact
to the financial statements.
j. Pervasive. An item is said pervasive means that the item seriously affects
ALL the areas of the whole financial statements. The users view on the
financial statements will be affected.
3.1.6 Date of audit report
The date of auditor‟s report should be appropriate because it indicates to
the users the last day of auditor‟s responsibility in reviewing significant
post Statement of Financial Position events.
The date should not be dated before the date of director‟s reports.
ABFA3114 Principles of Auditing Page 40
3.1.7 Matters that an auditor should report in the auditor’s report on the
accounts presented at the annual general meeting of a company.
i. Whether or not the financial statements are true and fair.
ii. Whether or not the financial statements have been properly
prepared in accordance with the Companies Act 1965.
iii. Whether the financial statements are in accordance with the
applicable accounting standards.
iv. Whether the accounting and other records are properly kept in
accordance with the Companies Act, 1965.
v. Whether the auditor has not received sufficient information or
explanations necessary for his auditing.
3.1.8 Conditions that have to be met before a standard unqualified
auditor’s report can be issued.
i. Auditors has obtained without restriction all information and
explanation he required.
ii. Financial statements have been prepared in accordance with the
approved accounting standard and present a true and fair view.
iii. Adequate disclosure of all matters to present a true and fair view of
the financial statements.
iv. All reporting duties under Companies Act have been satisfied.
v. There are no circumstances requiring additional explanatory or
modification of wording of the annual report.
vi. the importance of auditors adopting a conventional and uniform
wording in auditor‟s report.
3.1.9 Use of standardised wording in audit report
The reason for using standardised wording in audit report is to avoid confusion
to the readers and prevent misunderstanding in the message being
communicated to the users of FS.
ABFA3114 Principles of Auditing Page 41
3.1.10 Audit Reporting
An overview of audit evidence gathered to form an audit opinion
3.2 Unmodified audit report
An unmodified audit report is a good report that provides true and fair view and
the financial statements have been prepared in accordance with the financial
reporting framework and statutory requirement.
An unqualified audit report should include the following content (as per 3.1.3
above)
A title identifying the person to whom the report is addressed.
An introductory paragraph identifying the financial statements audited
and the respective responsibilities of directors and auditors
Management‟s responsibilities in respect of the financial statements
Audit Report
Disagreement Limitation of scope
Qualified “Except For”
ABFA3114 Principles of Auditing Page 42
The auditors‟ responsibilities in forming their audit opinion
The scope paragraph detailing the nature of the audit
The auditors‟ opinion on the financial statements
The manuscript or printed signature of the auditors.
The date of the auditors‟ report
The auditors‟ address.
3.3 Modification To The Standard Auditor’s Report
3.3.1 Modified audit reports
Modified audit reports arise when auditors do not believe that they can state
without reservation that the accounts give a true and fair view. ISA 701
Modifications to the independent auditor’s report states that there are 2 types of
modified report
i. Matters that do not affect the auditor’s opinion: “Emphasis
of matter paragraph (just wish to highlight to the attention of
users)
ii. Matters that do affect the auditor’s opinion
Qualified
Disclaimer
Adverse opinion.
3.4 Modified Unqualified Auditors’ Report- Emphasis of Matter
3.4.1 Emphasis of matter paragraph
Emphasis of matter paragraph is used where the auditor wishes to draw
attention to an important item in the financial statements. The
conditions to use this report are the directors must fully disclose all the
information and the item is significant.
An emphasis of matter does not constitute a qualified opinion. It is
usually situated after the opinion paragraph and states that the opinion is
not qualified with regard to that matter.
It is used when there is a significant uncertainty or going concern issue
that has been fully disclosed in the notes to the financial statements and
the outcome of the issue is dependent on events yet to happen.
ABFA3114 Principles of Auditing Page 43
3.5 Departures From An Unqualified Auditors’ Report
3.5.1 Qualified audit opinion
Qualifications may be material and pervasive. The difference between them is
a matter of degree of effect and materiality. A pervasive qualification (very
serious) is one that affects the view given by the financial statements “AS A
WHOLE”. For example, if the auditors are not able to collect evidence from
whatever sources to form audit opinion, it is said to be pervasive.
Qualified audit opinions arise where there are either
i. disagreement on accounting matters such as accounting treatment
and disclosure. It is used where the auditor disagrees concerning the
accounting treatment, amount or disclosure of an item in the financial
statements.
OR
ii. limitations in the scope of the audit that unable the auditors to carry
out their duties. It is used where the audit cannot obtain sufficient
evidence regarding an item in the financial statements.
Common circumstances that may give rise to a disagreement with the
management of the company are:
Non compliance with Companies Act or other legislations.
No compliance with approved accounting standards.
Disagreement with the facts or amounts included in the Financial
Statements
Inadequate disclosure.
ABFA3114 Principles of Auditing Page 44
Qualification Matrix (Students should have a clear understanding on this
matrix).
Two levels of
qualified
opinion
Limitation of scope
(auditors could not access
full information in the
respect of the audit)
Disagreement
(auditors disagree with
management on accounting
policies selected, method of
application or disclosure
requirements)
Level 1
MATERIAL
ONLY NOT
pervasive
(less serious &
affect only a
particular
area)
QUALIFIED “EXCEPT
FOR”
(e.g. No inventory count
carried out)
QUALIFIED “EXCEPT FOR”
(e.g. Difference of opinion
between directors and auditor
as to whether to provide for a
doubtful debt.
Level 2
BOTH
MATERIAL
&
PERVASIVE
(Very serious
& affect the
whole
financial
statements)
DISCLAIMER OF
OPINION (e.g.
Destruction of accounting
records)
ADVERSE OPINION
(e.g. Auditors state that the
accounts do not give true and
fair view)
Summary
i. Limitation of scope (material) = Except For
ii. Limitation of scope (material & pervasive) = Disclaimer of opinion
iii. Disagreement (material) = Except For
iv. Disagreement (material & pervasive) = Adverse opinion
ABFA3114 Principles of Auditing Page 45
3.5.2 A disclaimer of opinion should be expressed when the possible effect of
a limitation of scope is so material and pervasive that the auditor could not able
to obtain appropriate and sufficient evidence to express opinion on the financial
statements. Example of disclaimer of opinion,
Example: “Due to the significant of the matters above, we (auditor) do not
express an opinion on the financial statements.”
3.5.3 An adverse opinion should be expressed when the effect of a
disagreement is so material and pervasive that the auditor concludes a
qualification of the report. Adverse and Disclaimer opinions do not support
credibility of the financial statements. Example,
“In our opinion, because of the effects of the matters above, the financial
statements do not give a true and fair view of the financial position”
3.5.4 Except for opinion is used when the disagreement or limitation of scope
is not so serious or not due to fundamental errors. “Except for” opinions are
generally less extreme because they are positively supporting other matters
other than those matters being highlighted. Example,
“In our opinion, except for the effect of adjustments, we had been able to
satisfy ourselves as to the physical inventory quantities….”
How to decide which modified opinion is appropriate in the exam? Follow these
rules
i. If accounting records have been destroyed or gone missing and affect
the WHOLE financial statements, then “Disclaimer of Opinion” is
appropriate.
ii. If only part of the accounting records have been destroyed or gone
missing such as only receivable records; the rest of the accounting
records are still complete, then “Except for” is appropriate.
iii. If the disagreement is fundamental and affects the WHOLE financial
statement, then “Adverse opinion” is appropriate.
iv. If only a small portion such as depreciation treatment, then use
“Except for”.
ABFA3114 Principles of Auditing Page 46
Auditors normally would not issue a qualified report unless it is absolutely
necessary to do so. In practice, issuing qualifying report is avoided by
discussion and negotiation with the directors. Management will usually make
whatever changes necessary in order to avoid a qualified report.
3.5.5 Other information disclosed in the annual report
a) Other information disclosed in the annual report includes:
i. Opening balance
ii. Prior year figures
iii. Other information issued with audited financial statements.
b) ISA510 Initial Audit Engagements- Opening Balances requires that an
auditor obtains sufficient appropriate evidence about whether the opening
balances contain misstatements that materially affect the current period‟s
financial statements by:
i. determining whether the prior period‟s opening balances have been
correctly brought forward to the current period, (or restated)
ii. determining whether the opening balances reflect the application of
appropriate accounting policies.
c) ISA710 Comparative Information requires that comparatives comply in all
material respects with the identified financial reporting framework. Two
categories of comparatives exist are:-
i. Corresponding figures.
ii. Comparative financial statements.
d) ISA720 The Auditor’s Responsibility in Relation to Other Information
Documents Containing Audited Financial Statements requires that “the auditor
should read the other information to identify material inconsistencies with the
audited financial statements”. This may include items such as employee reports,
five-year summaries and management commentaries on operations. Thus,
auditors should have full access to other information.
ABFA3114 Principles of Auditing Page 47
CHAPTER 4
ACCOUNTING AND INTERNAL CONTROL SYSTEM
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Define the objective and types of internal control
Understand the limitations of internal control
Ascertain the internal control
Evaluating the internal controls
Understand the audit strategy and internal controls.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 6
ABFA3114 Principles of Auditing Page 48
“Within an organisation, internal control provides a way to meet
management’s stewardship or agency responsibilities. Management also
needs a sound internal control system that generates reliable information
for decision-making purposes.”
4.1 Accounting Systems
4.1.1 Definition of Accounting System:
It is a series of tasks and records of an entity by which transactions are
processed as a mean of maintaining financial records. Such system identify,
assemble, analyse, calculate, classify, records, summarise and report
transactions and other events.
4.1.2 Management’s/Directors’ responsibility on accounting system
Management/directors of the organisation is/are supposed to:
Set up and maintain an adequate accounting and internal control system
in the company.
Deliver a copy of company audited annual report to Companies
Commission of Malaysia (CCM).
Prepare annual financial statements to show true and fair view of the
company.
Ensure company keeps proper accounting records as required by
Companies Act.
Safeguard the company‟s assets and to prevent fraud and errors in the
company.
4.1.3 Auditor’s responsibility on accounting system
Auditor‟s responsibility is to assess and review the effectiveness of accounting
system to ascertain its adequacy as a basis of preparation of financial
statements.
4.2 Internal Control
4.2.1 Definition of Internal control
It is a process designed and implemented by the management to provide
reasonable assurance about the achievement of the entity's objectives with
regard to reliability of financial reporting, effectiveness and efficiency of
operations and compliance with applicable laws and regulations.
It is also designed and implemented to address identified business risks that
threaten achievement of any of these objectives
ABFA3114 Principles of Auditing Page 49
4.2.2 Objectives of Internal Control System
Validity. To ensure business is carried out in an orderly, effective and
efficient manner.
Timeliness. To ensure all the transactions are recorded on a timely basis.
Compliance. To ensure compliance with laws and regulations.
Valuation. To ensure assets are properly safeguarded and valued.
Authorisation. To prevent and detect fraud and errors.
Completeness. To secure the completeness an accuracy of the records
and the timely preparation of reliable financial information.
Classification. To ensure all the transactions are classified into the proper
account.
Posting and summarisation. To ensure all transactions are properly
recorded in journals and posted to the General Ledger.
[Note to students: Not all the objectives of internal control mentioned above are
relevant to external audit on financial statements; for example, control over the
product design. Only those items that related to financial statements are likely to
be relevant to external audit such as internal control over compliance with the
laws and regulations because any violating the laws is subject to financial
losses.]
4.2.3 Reasons for understanding the accounting & internal control systems
In a financial statement audit, the auditor should understand the client‟s
accounting and internal control systems in order to:
i. assess their reliability for the presentation of financial statement and
design suitable audit procedures.
ii. identify the types of potential misstatements.
iii. determine the control risk level.
iv. determine the audit strategy and plan audit tests
4.2.4 To gain understanding on the internal control system, auditor will
perform the following:
i. Review the previous audit files for recurring engagement. Auditor can
obtain great deal of information about the client‟s internal controls
ABFA3114 Principles of Auditing Page 50
developed prior years. Because systems and controls usually don‟t change
frequently; this information can be updated and carried forward to current
year.
ii. Inquiry of the client’s personnel. Interview the key staff to obtain some
information.
iii. Read the relevant documentation of client such as policy, system
manuals, documents, reports and records. By examine the actual,
completed documents and records, auditor can obtain evidence that the
control policies and procedures have been run effectively.
iv. Visit the client’s office to have physical inspection on the existence of
assets. Auditor will gain the information on condition of the physical
assets and control system in safeguarding the physical assets.
v. Observe the client’s activities. Auditor can observe staff to carry out the
process of preparing the documents, records and accounting system. This
observation will enhance the understanding of auditor towards the control
that has been in place.
-The knowledge gained from the above procedures on internal control
system, auditor will use this knowledge to :
Identify the types of potential misstatements.
Determine control risk which in turn affects the detection risk.
Assist in the designing further audit procedures such as substantive
procedures.
- In deciding the nature (types) and extent (depth) of the understanding
of the internal control required to carry out audit engagement, auditor
should consider the following factors:
The materiality level.
Knowledge gained from the previous audit.
Auditor‟s knowledge on the client‟s industry.
The size of entity and the ownership.
The complexity of the client‟s operations and system.
ABFA3114 Principles of Auditing Page 51
4.2.5.1The relationship between control risk and the client’s internal
control system is that if the internal control system is weak, the control risk is
high. The effectiveness of internal control system will directly influence the
control risk.
4.2.6 The difference between management’s and auditor’s concern on
internal control system.
Management’s concern on internal control system is to ensure the
effectiveness of internal control system so that organisation is able to achieve
the corporate objectives. Management is concerned whether the internal
controls established and implemented are effective enough to provide them with
reasonable assurance that the company would able to achieve its objectives.
Auditor’s concern on internal control is towards the impact of internal control
to the financial reporting and safeguarding of assets. The main reason auditor is
interested in internal control is that reliance on internal control will reduce the
amount of substantive testing of transactions. If auditor is satisfied that the
internal control system is functioning effectively, there is a reduced risk of error
in the accounting records.
4.3 5 Components of an internal control system.
Components
of Internal
Control
1.Control
Environment
2.Control
Procedures
3.Risk
Assessment
5.Monitoring
4.Information &
Communication
ABFA3114 Principles of Auditing Page 52
4.3.1 Component 1- Control environment. It is concerned an overall attitude
of directors and management towards internal control system. . It is the
framework (background) within which controls operate.
Factors that affect the control environment are:-
Integrity and ethical values. An entity needs to establish ethical and
behavioural standards that are communicated to employees and are
reinforced by daily practice.
Commitment to Competences. Management must specify the
competence level for a particular job and translate it into the required
level of knowledge and skills.
Participation of the Board of Directors or Audit Committee. The
board of directors and its audit committee significantly influence the
control consciousness of the entity. They must take their fiduciary
responsibilities seriously and actively oversee the entity‟s accounting and
reporting policies and procedures.
Management’s Philosophy and Operating Style. Establishing,
maintaining and monitoring the entity‟s internal controls are
management‟s responsibility. Management‟s philosophy and operating
style may significantly affect the quality of internal control.
Organizational Structure. The organizational structure defines how
authority and responsibility are delegated and monitored. It provides a
framework for planning, executing, controlling and monitoring
operations.
Assignment of Authority and Responsibility. This factor includes how
authority and responsibility for operating activities are assigned and how
reporting relationships and authorization structure are established.
Human Resource Policies and Procedures. The entity should have
personnel policies for hiring, training, evaluating, counselling and
compensation policies and procedures.
ABFA3114 Principles of Auditing Page 53
4.3.2 Component 2- Control procedures (Types of control procedures).
Control procedures are the policies and procedures that help to ensure that
necessary actions are taken to address the risks involved in achieving the
entity‟s objectives.
Examples of specific control activities include those relating to the following:
(P2.A.R
2.I.S
2)
• Physical controls. (P)
-The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
-This concerns custody of assets and involves procedures designed to limit
access to authorised personnel only. Controls are important in the case of
valuable and moveable assets. Example: only supervisor can access the
inventory.
• Personnel. (P) Procedures should be designed to ensure that personnel
operating a system are competent and motivated to carry out the tasks assigned
to them, as the proper functioning of a system depends upon the competence
and integrity of the operating personnel. Example: Only authorised person with
competency can perform the task.
• Authorisation & Approval (A).
Seeking a higher authority to approve is one of the control activities. All
transactions should require authorization or approval by an appropriate person.
The limits of approval should be clearly specified. Example: Sales invoices
need to be authorized.
• Performance Reviews. (R)
These control activities include reviews and analyses of actual performance
versus budgets, forecasts, and prior period performance; relating different sets
of data – operating or financial, to one another, together with analyses of the
relationships and investigative and corrective actions; comparing internal data
with external sources of information; and review of functional or activity
performance.
ABFA3114 Principles of Auditing Page 54
• Recording of transactions (R)
To control the transactions and system, recording must be in placed to ensure
the completeness of all the transactions.
• Information processing. (I)
The two broad groupings of information systems control activities are (i)
application controls, which apply to the processing of individual applications,
and (ii) general IT-controls, which are policies and procedures that relate to
many applications and support the effective functioning of application controls
by helping to ensure the continued proper operation of information systems
• Segregation of duties. (S)
-Assigning different people the responsibilities of authorising transactions,
recording transactions, and maintaining custody of assets. Segregation of duties
is intended to reduce the opportunities to allow any person to be in a position to
both perpetrate and conceal errors or fraud in the normal course of the person‟s
duties.
• Supervision. (S)
All actions by all levels of staff should be supervised. The responsibility for
supervision should be clearly laid down and communicated to the person being
supervised. Example: Bank reconciliation must be checked by supervisor.
4.3.3 Component 3-Risk assessment. It is a process of identifying and
analysing risk factors that affect the business entity and managing the
risks. The client‟s business risks can arise or change as a result of the
following circumstances:
Change in the operating environment
New personnel
Change in information system
Rapid growth including foreign country expansion.
New products or service.
Corporate restructuring.
New or change in accounting standards
ABFA3114 Principles of Auditing Page 55
4.3.4 Component 4-Information and communication. This is concerning the
understanding of individual role in the internal control system and open
communication channel for reportable events. There are 2 categories of
information systems control procedures:
Category 1-General Controls. They relate to the overall information
processing environment over data maintenance, access security and
hardware protection.
Category 2- Application controls. They relate to software application that
ensure the information processed is complete, accurate and authorised.
4.3.5 Component 5-Monitoring. It involves monitoring and managing the
internal control system to ensure its effectiveness and efficiency in
operation as well as recommendation for improvement. It also involves
appropriate personnel assessing the design and operation of controls on a
timely basis and taking necessary action.
4.4 The effect of entity size on internal control
Small organisation. Due to limited resources, small entity could not able
to implement expensive and complex internal control system. Thus, the
owners are directly involved in day to day monitoring of business. Often,
the owners in small organization override the control procedures. In term
of communication channel, due to fewer levels of management, the
communication channel is effective.
Large organisation. Large organisation may have resources to
implement sophisticated control system and employ professionals to
monitor the operation process. Often the internal control system is formal
and well structured. Due to many levels of management, communication
process may be slower and subject to communication bottleneck problem.
ABFA3114 Principles of Auditing Page 56
4.5Limitations of Internal Control
4.5.1 Describe four inherent limitations of an internal control system.
i. There is potential for human error due to carelessness, mistakes
of judgment and misinterpretation of instructions.
ii. There is possibility that a person responsible for exercising an
internal control could abuse his power by overriding the internal
control.
iii. Fraudulent collusion to circumvent internal controls can happen
both within the company and outside the company.
iv. Cost and benefit analysis. Internal control system costs money.
To be effective, the benefits should be more than cost of
implementing a control system.
v. Company will give normally give priority to implement internal
controls that are routine and recurring transactions. In fact, more
controls must be in place for non routine transactions that are
normally high risk.
vi. Some of the internal control procedures are inflexible to change
quickly.
4.6 Consideration of Internal Control in Planning and Performing an Audit
ISA 300 Planning states that “the auditor should plan the audit so that the
engagement will be performed in an effective manner”. So, in the planning
stage, auditors need to consider whether they should rely on the client‟s internal
control system or not.
They are 2 audit strategies:
1) Non Reliance Strategy (also known as substantive strategy). If the
internal controls system is weak and poor, definitely the auditors do not
want to rely on them. When the internal control system is weak, the
control risk is said at high level. Therefore, auditors will directly collect
the evidence by themselves. Auditors will carry out a lot of detailed
testing to collect more evidence to support the audit opinion. This
detailed testing is called substantive testing. In short, if the internal
controls system is weak and control risk is assessed as HIGH, substantive
procedures will be used because auditors cannot rely on the system.
ABFA3114 Principles of Auditing Page 57
2) Reliance Strategy. If the internal control system is strong and effective,
the control risk is assessed as LOW. Then, auditors will rely on the
system by reducing the substantive testing.
Summary:
“WEAK IC HIGH CONTROL RISK NON RELIANCE
MORE SUBSTANTIVE TESTING.”
“STRONG IC LOW CONTROL RISK RELIANCE LESS
SUSBSTANTIVE TESTING”
4.7 Types of procedures used to assess the operation of internal control
system
No Procedures Explanation
1 Examining previous
audit work
Looking at the previous audit records to form an
understanding on the internal control system. If
it is the first audit, a detailed system
examination is carried out.
2 Client‟s own
documentation of the
system
Examine the client‟s manuals of accounting
procedures. These provide a valuable source of
information
3 Interview with
client‟s staff
Interview the staff on how they carried out their
tasks and ascertain that unauthorized personnel
are not allowed to access the records/ system.
4 Walk through test It involves taking a transaction through the
system from original sources of documents (e.g.
sales order) to final destination (e.g. Statement
of Comprehensive Income). Auditors perform
such tests to check their understanding on
internal control and documentation.
5 Examining/Inspecting
client‟s documents.
Examining the client‟s relevant documentations
to ensure they are complete and properly
matched. All the supporting documents must
ABFA3114 Principles of Auditing Page 58
No Procedures Explanation
Records and reports exist.
6 Re-performance on
client procedures
Auditors follow the client‟s procedures and
determine whether they obtain the same results
as per the client‟s records. For example, auditors
calculate depreciation by using the client‟s
depreciation rate and method to check whether
the results are the same or not.
7 Observation of
client‟s procedures
Just observe how client‟s carrying out
procedures such as how staff segregating their
duties, the ways staff performs duties that do not
have any documentation.
4.8 Documenting System & Control
4.8.1 Types of recording
No Recording Explanation Advantages Disadvantages
1 Narrative
notes
Use
narrative or
descriptive
statements to
record.
-simple & convenient
to record
-fast approach
1) It is
cumbersome &
takes up large
amount of storage;
2) notes may be
difficult to
interpret & review;
3) difficult to
make changes in
the system; 4)
difficult to spot
any omission of
data.
2 Organisati
on chart
Use chart to
present the
relationships
-convenient way of
showing the
relationship
-Do not deal with
informal
relationship
ABFA3114 Principles of Auditing Page 59
No Recording Explanation Advantages Disadvantages
between
individuals
in an
organisation
-Useful to show who
should report to.
-Do not indicate
the reporting
procedure
-Cannot replace
other recording
methods but just
supplement them
3 Internal
control
question
(ICQ) or
checklist
ICQs are
used to ask
whether
controls
exist, which
meet specific
control
objectives.
The major
question
which
internal
control
questionnair
es are
designed to
answer is
'How good is
the system
of controls?'
-A standardised
checklist to record
- Easy to use as cross
reference to other
working paper.
- Questions
formed might be
too standardised
that not taking the
special
environment of a
particular client
4 Flowchart It is a
diagrammati
cal
representatio
n of a
system.
Symbols are
-Provide a clear
diagrammatic picture
-Enable the systems
to be recorded in a
standardized format
which is easily
-time consuming
to draw up
ABFA3114 Principles of Auditing Page 60
No Recording Explanation Advantages Disadvantages
used to show
the flow of
documentati
ons.
understood.
-Highlight
relationships between
different parts of a
system.
- Provide an
overview of a flow of
system and
weaknesses are more
easily identified.
- encourage a
disciplined approach
to the recording of a
system in that the
originator of a
flowchart must have
a good understanding
of the system being
recorded.
4.7.2 Internal Control Questionnaires (ICQs) & Internal Control
Evaluation Questionnaires (ICEQs)
Two types of questionnaire are:-
Internal Control Questionnaires (ICQs) are used to ask whether
controls exist which meet specific control objectives.
Internal Control Evaluation Questionnaires (ICEQs) are used to
determine whether there are controls which prevent or detect specified
errors or omissions.
ABFA3114 Principles of Auditing Page 61
Internal Control Questionnaires (ICQs)
The major question which internal control questionnaires are designed to
answer is 'How good is the system of controls?'
Where strengths are identified, the auditors will perform work in the
relevant areas. If, however, weaknesses are discovered they should then
ask:
What errors or irregularities could be made possible by these
weaknesses?
Could such errors or irregularities be material to the accounts?
What substantive procedures will enable such errors or irregularities to
be discovered and quantified?
An example would be:
Are purchase invoices checked to goods received
notes before being passed for payment? YES/NO/Comments
A 'NO' answer to that question clearly indicates a weakness in the
company's payment procedures.
The ICQ questions below dealing with goods inward provide additional
illustrations of the ICQ approach.
Goods inward
(a) Are supplies examined on arrival as to quantity and quality?
(b) Is such an examination evidenced in some way?
(c) Is the receipt of supplies recorded, perhaps by means of goods
inwards notes?
(d) Are receipt records prepared by a person independent of those
responsible for:
(i) Ordering functions
(ii) The processing and recording of invoices
ICQs: advantages
ABFA3114 Principles of Auditing Page 62
(a) If drafted thoroughly, they can ensure all controls are considered.
(b) They are quick to prepare.
(c) They are easy to use and control.
ICQs: disadvantages
(a) The client may be able to overstate controls.
(b) They may contain a large number of irrelevant controls.
(c) They may not include unusual controls, which are nevertheless
effective in particular circumstances.
Internal Control Evaluation Questionnaires (ICEQs)
In recent years many auditing firms have developed and implemented an
evaluation technique more concerned with assessing whether specific
errors (or frauds) are possible rather than establishing whether certain
desirable controls are present.
This is achieved by reducing the control criteria for each transaction stream
down to a handful of key questions (or control questions). The
characteristic of these questions is that they concentrate on the significant
errors or omissions that could occur at each phase of the appropriate cycle
if controls are weak.
ABFA3114 Principles of Auditing Page 63
Internal control evaluation questionnaire: control questions
The sales (revenue) cycle
Is there reasonable assurance that:
(a) Sales are properly authorised?
(b) Sales are made to reliable payers?
(c) All goods despatched are invoiced?
(d) All invoices are properly prepared?
(e) All invoices are recorded?
(f) Invoices are properly supported?
(g) All credits to customers' accounts are valid?
(h) Cash and cheques received are properly recorded and deposited?
(i) Slow payers will be chased and that bad and doubtful debts will be provided against?
(j) All transactions are properly accounted for?
(k) Cash sales are properly dealt with?
(l) Sundry sales are controlled?
(m) At the period end the system will neither overstate nor understate trade accounts receivable?
The purchases (expenditure) cycle
Is there reasonable assurance that:
(a) Goods or services could not be received without a liability being recorded?
(b) Receipt of goods or services is required in order to establish a liability?
(c) A liability will be recorded:
(i) Only for authorised items
(ii) At the proper amount?
(d) All payments are properly authorised?
(e) All credits due from suppliers are received?
(f) All transactions are properly accounted for?
(g) At the period end liabilities are neither overstated nor understated by the system?
(h) The balance at the bank is properly recorded at all times?
(i) Unauthorised cash payments could not be made and that the balance of petty cash is correctly
stated at all times?
Wages and salaries
Is there reasonable assurance that:
(a) Employees are only paid for work done?
(b) Employees are paid the correct amount (gross and net)?
(c) The right employees actually receive the right amount?
(d) Accounting for payroll costs and deductions is accurate?
Inventory
Is there reasonable assurance that:
(a) Inventory is safeguarded from physical loss (eg fire, theft, deterioration)?
(b) Inventory records are accurate and up to date?
(c) The recorded inventory exists?
(d) The recorded inventory is owned by the company?
(e) The cut off is reliable?
(f) The costing system is reliable?
(g) The inventory sheets are accurately compiled?
(h) The inventory valuation is fair?
Non current tangible assets
Is there reasonable assurance that:
(a) Recorded assets actually exist and belong to the company?
(b) Capital expenditure is authorised and reported?
(c) Disposals of non current assets are authorised and reported?
(d) Depreciation is realistic?
(e) Non current assets are correctly accounted for?
(f) Income derived from non current assets is accounted for?
Investment
ABFA3114 Principles of Auditing Page 64
ICEQs: advantages
(a) Because they are drafted in terms of objectives rather than specific
controls, they are easier to apply to a variety of systems than ICQs.
(b) Answering ICEQs should enable auditors to identify the key controls
which they are most likely to test during control testing.
(c) ICEQs can highlight areas of weakness where extensive substantive
testing will be required.
ICEQs: disadvantage
(a) They can be drafted vaguely, hence misunderstood and important
controls not identified.
ABFA3114 Principles of Auditing Page 65
CHAPTER 5
AUDIT EVIDENCE
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand the basic concept of audit evidence
Explain the financial statement assertions
Reference Text: Audit & Assurance Services in Malaysia- Chapter 4
ABFA3114 Principles of Auditing Page 66
5.1 The Concept of audit evidence
5.1.1 Definition of audit evidence
Audit evidences are information obtained by the auditor in arriving at the
conclusions on which the audit opinion is based. It is any information used by
the auditor to determine whether the information being audited is stated in
accordance with the established criteria.
The concept of audit evidence is influenced by:
The nature of audit evidence
The appropriateness of audit evidence
The sufficiency of audit evidence
The evaluation of audit evidence.
5.1.2 ISA 500 Audit Evidence requires auditors to obtain sufficient
appropriate audit evidence to be able to draw reasonable conclusions on
which to base the audit opinion. Sufficiency means adequacy in term of
quantity of evidence. Appropriateness means the quality or reliability of
audit evidence.
5.1.3 Factors which will influence the auditor’s judgement concerning the
sufficiency of audit evidence obtained.
Factor 1- Assessment of inherent risk
As inherent risk increases, then more audit evidence will be required to reduce
detection risk.
Factor 2- Materiality of the item
An increase in materiality means that more audit evidence will be required to
ensure that no material error has occurred.
Factor 3- Nature of the accounting and control systems
Where the accounting and control systems are poor, then more audit evidence is
necessary as less reliance can be placed on those systems.
ABFA3114 Principles of Auditing Page 67
Factor 4- Control risk
Determine the extent to which the directors have implemented a sound system
of internal control; poor internal controls increase control risk, decreasing
reliance that can be placed on those controls.
Factor 5- Experience from previous audits
Good experience from previous audits will decrease the amount of evidence
required as the auditor can place reliance on previous review of client‟s
systems.
Factor 6- Result of audit procedures
Where the results of different audit procedures agree with each other, then
overall less evidence is needed – overall the evidence is more persuasive;
however, where results are in conflict then more evidence is required.
Factor 7- Quality of information available
Some sources of audit evidence are more reliable than others – meaning, less
evidence is needed when relying on those sources. For example; documentary
evidence is more reliable than oral evidence.
5.1.4 Four determinants/characteristics of the persuasiveness of evidence.
(Or appropriateness of audit evidence)
1) Relevance. Evidence must pertain to the audit objective that the auditor is
testing before it can be persuasive. If the auditor relies on evidence that is
unrelated to the audit objective, he may reach an incorrect conclusion about a
management assertion.
2) Reliability. Reliability is concerned with worthy of trust. The degree of
reliability depends on the following factors:
Evidence is reliable if the sources are independent such as external third
party‟s evidence or confirmation- e.g. bank confirmation
letter/receivables confirmation letter is more reliable than internal sources
such as bank reconciliation statement/sales invoices.
Evidences collected by auditors themselves are more reliable than
client‟s internally generated reports – e.g. auditors perform their own
bank reconciliation.
ABFA3114 Principles of Auditing Page 68
Strong internal control system will produce more reliable evidence.
Qualified experts and skilful professionals are able to produce more
reliable evidence than unskilful parties- e.g. qualified engineer‟s advice is
more reliable than non-qualified engineer‟s.
Objective evidence is better than subjective judgement.
Written documentation is more reliable than oral ones.
Original document is more reliable than photocopied ones.
3) Sufficiency of the evidence- sufficiency is referring to quantity of evidence.
4) Timeliness. The timeliness of audit evidence can refer either to when it is
accumulated or to the period covered by the audit.
“Audit evidence is usually persuasive rather than convincing for two reasons.
First, since an audit must be completed in a reasonable amount of time and at a
reasonable cost, the auditor examines only a sample of the transactions that
compose the class of transactions or account balance. Second, due to the nature
of evidence, auditors must often rely on evidence that is not perfectly reliable.
The types of audit evidence examined by the auditor have different degrees of
reliability, and even highly reliable evidence has weaknesses. Therefore, the
evidence obtained by the auditor seldom provides absolutely convincing
evidence about a financial statement assertion.”
5.1.5 Three ways/sources of gathering audit evidence:
1. ................... generated evidences- They are generated inside the company
itself such as purchase orders, payment vouchers, good received notes etc.
Internal generated evidences are less reliable.
2. ................... generated evidences- They are generated outside the
company such as third party confirmation, purchase invoices of suppliers.
Reliability of external evidence is higher.
3. ..................... generated evidences- They are generated by auditors
themselves such as auditors re-performing calculation on depreciation.
Auditor‟s collection of evidences is more reliable compared to client‟s
generated evidence.
5.1.6 Procedures to obtain audit evidence
ABFA3114 Principles of Auditing Page 69
Audit evidence can be obtained by Analytical Procedures, Enquiry,
Inspection, Observation, Computation & re-performance and
Confirmation (A.E.I.O.U + C)
Procedures Explanation Assertion
Analytical
procedures
(A)
-This is the analysis of significant ratios and
trends such as evaluating and comparing
financial and non- financial data for
relationship that is inconsistent with other
information.
For example, comparing total gross salary
against number of employees.
Completeness
Occurrence
Existence
Classification
Enquiry (E) -This involves seeking information from
client‟s staff or external sources. Strength of
evidence depends on the knowledge and
integrity of source of information. Normally,
inquiry will support corroborative evidence.
For example, auditors enquire the
management on the obsolete, slow moving
stock which has lower value.
Existence
Occurrence
Accuracy
Physical
inspection of
assets (I)
-Inspection of assets that are recorded in the
accounting records is to confirm the
existence, give evidence of valuation, but
does not confirm the right & obligation.
-Conformation that assets seen are recorded
in accounting records gives evidence of
completeness
For example, counting cash in hand,
counting stock quantity, inspecting the
condition of assets.
Existence,
valuation,
completeness
Inspection of
documentation
(I)
-Inspection of documentation is to confirm
an asset exists or a transaction occurred.
-Confirmation that items recorded in
supporting documentation are recorded in
accounting records tests “completeness”.
Existence
Occurrence
Completeness
Cut off
Valuation
Right &
Obligation
ABFA3114 Principles of Auditing Page 70
Procedures Explanation Assertion
-Cut-off can be verified by checking
transactions recorded after Statement of
Financial Position date to supporting
document to confirm they occurred after the
Statement of Financial Position date.
-Inspection of documentation provides
evidence of valuation/measurement, rights
and obligations and nature of items. It can
also be used to compare documents and
confirm authorisation.
For example, inspecting the land title to
ascertain the ownership.
Observation
(O)
-Just watching how a procedure being
performed. Observation can just confirm
that the procedure took place.
For example, auditor observed the
segregation of duties between the person
receiving payments from customers and the
person recording those payments in the
accounts receivable ledger.
Completeness
Classification
CompUtation
and re-
performance
(U)
-Computation involves checking arithmetic
accuracy such as cross casting, testing
addition and subtraction. For example,
compute the depreciation amount.
-Re-performance involves auditor applying
the client‟s procedures and check for
accuracy. It is normally viewed as highly
reliable because the auditors collect the
evidence themselves.
Accuracy
Confirmation -This involves seeking confirmation from
another source of details in client‟s
accounting records such as obtain bank
confirmation on the bank statement balance.
Occurrence
Existence
Accuracy
ABFA3114 Principles of Auditing Page 71
An overview of audit evidence gathered to form an audit opinion
5.1.7 Quality of evidence
High quality of evidence Low quality of evidence
-Independent external evidence - Internally generated evidence
-Internal evidence with strong control - Internal evidence with poor control
system system
-Evidence obtained directly by auditor - Evidence obtained indirectly by others
-Written document - Oral
-Original document - Photocopied document
Audit Evidence
(Gathering evidence)
2.
Substantive Analytical
Procedures
3.
Examples- inspection,
observation, enquiry etc
Examples- Verify original
documents, 3rd
party confirmation
Audit Opinion
1. Risk Assessment
Procedures
P
ABFA3114 Principles of Auditing Page 72
5. 2 Management Assertions (Financial Assertions) (EXAM FOCUS
AREA)
Management is responsible for the true and fair presentation of the financial
statements. ASSERTIONS are expressed or implied representations by
management in the financial statements. For example, when the Statement of
Financial Position has an item of receivable of RM5 million, management
asserts that the receivables actually exist and related transactions occurred.
Thus, management assertions can be grouped into 3 categories:
Category 1- Assertions about transactions and events for the period under audit.
Category 2- Assertions about account balances at the period end.
Category 3- Assertions about presentation and disclosure.
IMPORTANT! When you design audit tests/procedures for specific areas,
you should focus on the management (financial) assertions.
C
3. Presentation &
Disclosure
2. Account
Balances
1. Transactions &
events
1. Completeness 2. Accuracy 3. Cut off 4. Classification 5. Occurrence “CACCO”
1. Completeness 2. Obligation 3. Valuation & allocation 4. Existence 5. Rights “COVER”
1. Completeness 2. Classification & understandability 2. Occurrence & right 3. Valuation & Accuracy 5. Rights “CCOVR”
ABFA3114 Principles of Auditing Page 73
Remember this: “A.C.C.A. C.O.V.E.R.” for management assertions
1. Accuracy- amounts and other data relating to recorded transactions have
been recorded precisely.
2. Completeness- all transaction/disclosure that have been recorded/ disclosed.
3. Cut off- transactions have been recorded in the correct accounting period
4. Allocation-A transaction or event is recorded at the proper amount and
revenue or expense is allocated to the proper period.
5. Classification/understandability- transactions have been recorded in the
proper account. Understandability means the financial information is
appropriately presented and described and disclosed clearly.
6. Occurrence- transactions and events that have been recorded actually
occurred and relate to the entity.
7. Valuation- assets, liabilities and equity are included in the financial
statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded.
8. Existence- assets, liabilities and equity interest do exist.
9. Rights and obligation-the entity holds or controls the rights to assets.
Liabilities are the obligation of the entity.
5.3 Audit Objectives
5.3.1 In obtaining evidence to support the assertions contained in the financial
statements, auditor develops specific audit objectives that relate to each
management assertion.
5.3.2 Audit objectives test the category (transactions, account balances &
disclosure) of each management assertions.
5.3.3 Some audit objectives and their related assertions are more important than
others. For example, audit objective to test assets will be on its validity; while,
a test of a liabilities will place more emphasis on completeness.
ABFA3114 Principles of Auditing Page 74
5.3.4 Relationship between management assertions and their related audit
objectives
Management Assertions Audit Objectives
Existence Validity
Rights and obligations Ownership
Occurrence Validity
Completeness Completeness and cut off
Valuation Accuracy
Presentation and disclosure Classification and disclosure
The relationship between the management assertion of existence and
audit objective is to verify the validity of the transactions in the financial
statements by performing a physical inspection on the assets.
The relationship between the management assertion of right and
obligation and audit objective is to verify the ownership of the
assets/liabilities in the financial statements by inspecting the title deed of
the assets or agreement.
The relationship between the management assertion of occurrence and
audit objective is to verify the validity of the transactions in the financial
statements.
The relationship between the management assertion of completeness and
audit objective is to verify the completeness and proper cut off of the
transactions, assets and liabilities in the financial statements.
The relationship between the management assertion of valuation and
audit objective is to verify the accuracy of the amount of transactions,
assets and liabilities in the financial statements.
The relationship between the management assertion of presentation and
disclosure and audit objective is to verify the proper classification and
disclosure of the transactions, assets and liabilities in the financial
statements.
ABFA3114 Principles of Auditing Page 75
5.3.6 The following are the discussion of audit objectives
Validity. It relates to the existence or occurrence assertion and is
concerned with whether the transactions included in the financial
statements are valid or in existence. The auditor‟s main concern is that
the account balances are not overstated.
Ownership. It addresses whether the assets and liabilities belong to the
entity and relates directly to management‟s assertions about rights and
obligations. If the entity does not have rights to an asset or liability, it
should not be included in the financial statements.
Completeness. It relates to the management assertion of completeness
and address whether all transactions are included in the accounts.
Cut-off. It relates to the completeness assertion and is concerned with the
transactions included in the account are recorded in the proper accounting
period.
Accuracy. It relates to the valuation or allocation assertion and addresses
proper accumulation of transactions and amounts.
Classification. It relates to the presentation and disclosure assertion. It is
important that transactions be included in the correct account and that
accounts be properly presented in the financial statements.
Disclosure. It relates directly to the presentation and disclosure assertion
and is concerned with that all financial statement disclosures are made in
accordance with approved accounting standards and regulations.
ABFA3114 Principles of Auditing Page 76
5.4 The relationship of audit evidence to the audit report
An overview of the relationships between the financial statements,
management assertions, audit procedures and the audit report
In order to form an opinion whether the financial statements prepared show true
and fair view, auditors need to carry out audit procedures to obtain evidences.
These evidences would support the audit opinion. The audit procedures
designed by auditors are derived from management assertions. The audit
opinion expressed in the audit report is to provide reasonable assurance that the
financial statements are free from material misstatement.
5.4.1 Relationship of the types of evidence to audit objectives
Audit Objectives
Type of
evidence
Validity Complete
-ness
Cut off Ownership Accuracy Valuation Classification Disclosure
Analytical
Procedures
Enquiry
Inspection –
physical
assets
Financial Statements Audit report
Evidences on the “true and fair
view” of financial statements
Management assertions about
components of financial
statements
Audit procedures
ABFA3114 Principles of Auditing Page 77
Type of
evidence
Validity Complete
-ness
Cut off Ownership Accuracy Valuation Classification Disclosure
Inspection-
documentatio
n
Observation
Computation
Reperforman
ce
Confirmation
5.5Management Representation (Letter of Representation)
5.5.1 ISA 580 Written Representations requires auditors to obtain written
confirmation of appropriate representations before the audit report is issued,
when other sufficient appropriate audit evidence cannot reasonably be expected
to exist.
5.5.2 The purposes of Management Representation are:
To allow directors to acknowledge their responsibilities for FS
To confirm matter material to financial statements where representation is
the audit evidence.
Used as audit evidence when other audit evidence is expected to be not
available
Requirement of ISA580 to obtain management representation
Acknowledges representations previously made verbally by management
Minimises the misunderstandings between management and auditor
Reasonable assurance about effective working of internal control system
ABFA3114 Principles of Auditing Page 78
CHAPTER 6
AUDIT PROCEDURES
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Explain the audit objectives and audit procedures
Describe the types of audit tests.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 4
ABFA3114 Principles of Auditing Page 79
6.1 Audit Procedures
6.1.1 Audit procedures are specific actions performed by the auditor to gather
evidence to draw conclusions on which to base the audit opinion. Audit
procedures can be grouped under the following 3 main categories:
1. Risk assessment procedures.
2. Tests of controls.
3. Substantive procedures.
An overview of audit evidence gathered to form an audit opinion
Audit Evidence
(Gathering evidence)
2.
Substantive Analytical
Procedures
Tests of details
3.
Examples- inspection,
observation, enquiry etc
Examples- Verify original
documents, 3rd
party confirmation
Audit Opinion
1.
P
ABFA3114 Principles of Auditing Page 80
6.1.2 Risk Assessment Procedures
ISA 315 Understanding an Entity and Its Environment requires the
auditor to perform risk assessment procedures and obtain an
understanding of the entity and its environment including its internal
control in order to assess the risks of material misstatement at the
financial statement and assertion level.
The auditors always perform risk assessment procedures to obtain
understanding of the entity and its environment. By performing these
procedures, auditors are able to assess the risk of material misstatement at
the financial statement and assertion levels.
Examples of risk assessment procedures are inspection of
records/documents, examination of physical assets, observation, inquiries,
confirmation and others.
6.1.3 Tests of Control (TOC)
TOC are performed to obtain audit evidence about the suitability of
design and effectiveness of operation of the accounting and internal
control systems in the organisation. They are based on the auditor‟s
understanding of the entity‟s internal control. The auditor may perform
tests of controls to test the operating effectiveness of controls in
preventing or detecting and correcting material misstatements at the
assertion level.
TOC consist of procedures directed toward testing the operating
effectiveness of controls to prevent, detect or correct material
misstatement. TOC include obtaining audit evidence about how controls
were applied, the consistency with which they were applied, and by
whom or by what means they were applied.
The auditor can use the following procedures to test the control system:
i. Inquiries of appropriate management, supervisor and staff
personnel.
ABFA3114 Principles of Auditing Page 81
ii. Inspection of documents, reports and electronic files
iii. Observation of the application of specific control.
iv. Walkthroughs, which involve tracing a transaction from its
original source to its inclusion in the financial statements.
v. Re-performance of the application of the control by the auditors.
After performing the tests of control, if the control risk is LOW (it means
the control system is very good), then auditor will perform LESS
substantive procedures because the auditor can rely on the internal control
system.
Conversely, if the control risk is ..........., the auditor has to perform
............. substantive procedures to collect more evidences because they
cannot rely on the internal control system.
6.1.4 Substantive Procedures
A substantive procedure is a procedure designed to test for misstatements
in a transaction class, account balance and disclosure components that
directly affect the financial statements.
Substantive procedures include detailed testing on account balance and
transaction, disclosure and analytical procedures. Based on the assessed
risk of material misstatement, the auditor performs substantive
procedures to detect material misstatement at the assertion level.
Under substantive procedures, there are 2 categories of substantive
procedures:-
i. Tests of details of class of transactions, account balances and
disclosure. These procedures are testing individual transaction for
fraud or errors. For example, auditor may verify a large purchase
invoices (one by one checking) to collect evidence about the
occurrence, completeness and accuracy assertions.
ii. Substantive analytical procedures (AP). AP can be used as
substantive procedures at the assertion level by comparison of
recorded value with the expectations developed by the auditor
ABFA3114 Principles of Auditing Page 82
6.2 Types of audit procedures
The following are the different types of audit procedures:
i. Documentation or records inspection: It involves examination of
documentary evidence both internal and external sources such as examine
the sales invoices a few days before the year end.
Tracing refers to first select a transaction and then follow it to the journal or
ledger. The direction is from source documents to ledger or journals. Testing
this direction ensures that the transactions are completely recorded in the
accounting records. For example, auditor selects a sample of shipping
documents and traces to the sales invoices and to the sales journals. Then,
auditor would have an evidence of completeness of sales.
Vouching refers to first select an item from ledger or journals and then
examining back the original source documents. The direction is from ledger /
journals to source documents. This direction testing is to ensure the
transaction is actually occurred or valid. For example, auditor select a sales
transaction in sales ledger to vouch to customer sales order to ensure a genuine
sales transaction.
ii. Physical assets inspection: It is conducted by inspecting the condition or
counting the tangible assets such as physical count of year end stock, cash
count, inspecting plant and machinery, examining share certificates and
so on. Physical inspection provides a highly reliable type of evidence. It
satisfies the assertion of existence and condition of assets. However,
physical inspection on assets cannot satisfy the right and obligations
assertion.
Source
documents
Ledger or
journal
ABFA3114 Principles of Auditing Page 83
iii. Observation: by looking at the process or activity that leaves no audit
trial such as observation of segregation of duties in the accounts
department. For example, observing how staff personnel carry out the
procedures. Observation does not provide very reliable audit evidence
and normally require additional corroborating evidence to support it.
iv. Enquiries: Seeking information of knowledgeable persons inside or
outside the company such as legal advice from a lawyer. Inquiry alone
does not provide sufficient audit evidence and the auditor will gather
additional corroborative evidence to support the response. In conducting
inquiry, the auditor should:
Consider the knowledge, objectivity, experience,
responsibility and qualification of the person to be
questioned.
Ask clear, concise and relevant questions.
Use open or closed questions appropriately.
Listen actively and effectively.
Consider the reactions and responses and ask follow up
questions.
Evaluate the response.
v. Confirmation: Obtain a written representation from an independent party
to justify the client‟s information such as obtain a bank confirmation for
bank balance and receivable confirmation from customers. The reliability
of confirmation depends of the following factors:
Written or oral confirmation.
Past experience with the entity
The nature of the information being confirmed.
The person /party giving the confirmation.
vi. Scanning: Scanning is the review of accounting data to identify
significant or unusual items. It can be performed either manually or using
computer.
ABFA3114 Principles of Auditing Page 84
vii. Computation: It consists of checking the mathematic accuracy of source
documents and accounting records such as casting the depreciation
calculation.
viii. Re-performance: Re-perform the procedures or controls that were part
of the entity‟s internal control system such as re-perform the bank
reconciliation.
ix. Analytical procedure: Conduct a study of comparison and relationships
among both financial and non-financial information such as compare
actual capital expenditure with the budget.
6.3 Relationship of audit procedures to assertions
6.3.1 Audit programme is a set of audit procedures prepared to verify
assertions for a component of the financial statements. Audit programme will be
designed to meet the assertions. The following is an example of audit
procedures for account receivable to meet the various assertions.
Management assertions about the
accounts receivables component of
the financial statements
Audit procedures for account
receivable
Existence Confirm accounts receivable
Rights and obligations Inquire of management whether
receivables have been sold.
Completeness Agree total of accounts receivable
subsidiary ledger to accounts
receivable control account.
Valuation or allocation Test the adequacy of the allowance for
doubtful debts.
Presentation and disclosure Examine listing of accounts receivable
for amounts due from related parties.
ABFA3114 Principles of Auditing Page 85
6.4 Reliability of the types of audit procedures
6.4.1 Hierarchy of the reliability of evidence from audit procedures.
Level of reliability Type of procedures
High Physical examination
Computation
Medium Documentation inspection
Confirmation
Analytical procedures
Low Inquiries of client‟s personnel
/management
Observation
6.4.2 Physical examination and computation are generally considered as “high
reliability” because the auditor has direct knowledge about them,
6.4.3 Inspection of documentation, confirmation and analytical procedures are
generally considered to be “medium reliability”.
6.4.4 Inquiries of client‟s personnel or management and observation provide
generally “low reliability” because both require further corroboration evidence
to verify.
6.5 Analytical procedures (AP)
6.5.1 Definition of Analytical Procedures
ISA 520 Analytical Procedures defines AP as evaluations of financial
information made by a study of plausible relationship among both financial and
non-financial data. The important concept of AP is the “comparison” of figures.
6.5.2 Analytical procedures include the consideration of comparisons with, for
example, the following:
a. Comparison of current year financial information with comparable prior
period by calculating ratio analysis, trend analysis.
ABFA3114 Principles of Auditing Page 86
b. Comparison of current year financial information with budgets,
projections and forecasts.
c. Predictive estimate prepared by the auditors, such as an estimation of the
depreciation charge for the year.
d. Comparison of company‟s results to the industrial standards.
e. Comparison between financial information against non-financial
information.
6.5.2 Purposes of AP- Analytical procedures are used by the auditor:
a. To assist in planning the nature, timing and extent of other audit
procedures. It is also known as PRELIMINARY Analytical Procedures.
(BEFORE AUDITING)
b. As substantive procedures when their use can be more effective and
efficient than other procedures in reducing detection risk for specific
financial statement assertions. It is also known as SUBSTANTIVE
Analytical Procedures. (DURING AUDITING)
c. As part of the overall review of financial statements when completing the
audit. It is also known as FINAL Analytical Procedures or Analytical
Review Procedures. (AFTER AUDITING). The objective of AP at the
overall review stage of an audit is to assist the auditor in assessing the
conclusions reached and evaluating the overall financial statement
presentation.
This requires reviewing the trial balance, financial statements,
explanatory notes in order to:
Judge the adequacy of the evidence gathered to support any
unusual balances during the audit.
Determine if any other unusual balances or relationships
have not been investigated.
ABFA3114 Principles of Auditing Page 87
6.5.3 Selected financial ratios that normally used as AP
1. Current ratio
2. Quick ratio
3. Days outstanding in accounts receivable
4. Inventory turnover
5. Days of inventory on hand
6. Gross profit percentage
7. Profit margin
8. Return on equity
9. Debt to equity
10. Time interest earned
ABFA3114 Principles of Auditing Page 88
CHAPTER 7
AUDIT RISK AND MATERIALITY
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand the concept of audit risk.
Learn the form and components of the audit risk model.
Understand how to use the audit risk model in a risk based approach.
Understand the audit risk assessment procedures.
Understand the concept of materiality and steps in applying materiality.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 3
ABFA3114 Principles of Auditing Page 89
7.1 Audit Risk
7.1.1 An auditors face two major types of risk:
1. Audit risk. This is the risk that the auditors express an inappropriate
(wrong) audit opinion when the financial statements are materially
misstated. In other words, audit risk is the risk that auditor will issue an
unqualified opinion when the financial statements contain material
misstatement.
2. Auditor’s business risk. This is the auditor‟s exposure to loss or
injury to his professional practice from litigation, adverse publicity or
other events arising in connection with financial statements audited and
reported on. For example, an auditor may conduct an audit in accordance
with established auditing standards and still be sued by the client or third
party. Although the auditor has complied with professional standards and
may ultimately win the lawsuit, his professional reputation may be
damaged in the process by the negative publicity.
Auditor‟s business risk cannot be eliminated completely but it can be
reduced by exercising quality controls of the audit works or by avoiding
engagement of client that lacks integrity or is in the financial difficulty.
7.1.2 The audit risk model. The auditor should use professional judgement to
assess audit risk and to design audit procedures to ensure it is reduced or
restricted to acceptable low level.
7.1.3 The auditors consider risks of material misstatement at 2 levels:-
1. The overall financial statement level. Risk at this level frequently
relates to an entity‟s control environment. The auditor‟s response to
address such risks may include the use of more experienced audit staff,
use of experts to minimize the risk.
2. The assertion level for individual account balances and classes of
transactions. [ Assertions mean expressed or implied representations by
management or a responsible party in an accountability relationship that
pertain to economic actions and events ].At this level, risk consideration
directly assists the auditor in determining the scope of auditing
procedures or a particular account balance or class of transactions, ie.
ABFA3114 Principles of Auditing Page 90
Determine whether the use of more tests of control or substantive
procedures is appropriate to address the risk.
7.1.4 Audit risk model can be expressed as the following: (EXAM FOCUS
POINT)
AR = IR x CR x DR where AR = Audit risk
IR = Inherent risk
CR = Control risk
DR = Detection risk
COMPANY
............ ....
................
....
.... ....
.... ....
....
............
............
....
....... ..... ....
Inherent risk
Control risk
FINANCIAL STATEMENTS
AUDITORS
Detection risk
AUDIT RISK RISK OF MATERIAL MISSTATEMENT= + DETECTION RISK
Audit risk (AR) is the risk that the auditor may fail to modify the opinion when
the financial statements contain material misstatement.
Inherent risk (IR) is the susceptibility of an assertion to material misstatement
in the financial statements in the absence of internal controls. It is a native
risk that cannot be eliminated.
This risk will be affected by such items as how much the company is subject to
market forces, the cash situation of the company, the trading history of the
company, and the nature and incidence of unusual transactions. Inventory, for
example, is more inherently risky than cash items because there is greater scope
for manipulation and error. A construction company is more risky than a food
retailer because construction company is subject to volatility of economic
situation.
External factors such as political, economic, social, technological, competitive
factors can influence inherent risks.
ABFA3114 Principles of Auditing Page 91
Control risk (CR) is the risk that material misstatements will not be
prevented, detected and corrected on a timely basis by an entity’s internal
control.
This risk will be affected by such factors as control environment in the company
including policies and procedures applied in particular areas.
When the control risk is assessed as high, auditor can use the following
strategies to reduce it:-
Use substantive testing strategy.
Not to use test of control
Carry out extensive substantive procedures.
Detection risk (DR) is the risk that the auditor’s procedures will not detect a
material misstatement that exists in an account balance or class of
transactions. Detection risk is a function of the effectiveness of auditing
procedures and their application by the auditor.
Detection risk made up by two sources of risks- sampling risk and non sampling
risk.
- Sampling risk is the risk that auditor‟s procedures select the wrong
sample which is not representative of the population and as a result
auditor draws an inappropriate conclusion.
- Non sampling risk is the risk that auditor may use inappropriate audit
procedures, and fail to detect a misstatement when applying audit
procedures or misinterpret an audit result.
7.1.6 Relationship among inherent risk, control risk and detection risk.
Detection risk has an inverse relationship to the risk of material misstatement
arising from inherent risk and control risk. The higher the risk of material
misstatement, the lower the acceptable detection risk. For example, if an entity‟s
inherent risk and control risk are high, the auditor sets a lower level of detection
risk in order to meet the planned level of audit risk.
ABFA3114 Principles of Auditing Page 92
AR = IR x CR x DR
DR = _____AR____
IR x CR
Example AR IR CR DR
1 Very low High High Low
2 Low Low High Moderate
3 Moderate High Low Moderate
7.2 The auditor’s risk assessment procedures
7.2.1 ISA 315 Understanding the entity and its environment and assessing the
risks of material misstatement provide guidance to auditors on understanding of
the firm business and its environment.
The auditor should obtain an understanding of the entity and environment
including internal control, sufficient to identify and assess the risks of material
misstatement of the financial statements and sufficient to design and perform
audit procedures.
7.2.2 The auditor’s understanding of the entity and its environment consists
of an understanding of the following aspects:
(a) Industry, regulatory, and other external factors, including the applicable
financial reporting framework.
(b) Nature of the entity, including the entity‟s selection and application of
accounting policies.
(c) Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements.
ABFA3114 Principles of Auditing Page 93
(d) Measurement and review of the entity‟s financial performance.
(e) Internal control systems.
7.2.3 Risk Assessment Procedures
The auditor should perform the following risk assessment procedures to obtain
an understanding of the entity and its environment, including its internal
control:
(a) Inquiries of management and others within the entity;
(b) Analytical procedures; and
(c) Observation and inspection.
7.2.4 Assessing the Risks of Material Misstatement
The auditor should identify and assess the risks of material misstatement at the
financial statement level, and at the assertion level for classes of transactions,
account balances, and disclosures. For this purpose, the auditor:
- Identifies risks throughout the process of obtaining an understanding
of the entity and its environment, including relevant controls that
relate to the risks, and by considering the classes of transactions,
account balances, and disclosures in the financial statements;
- Relates the identified risks to what can go wrong at the assertion level;
- Considers whether the risks are of a magnitude that could result in a
material misstatement of the financial statements;
- Considers the likelihood that the risks could result in a material
misstatement of the financial statements.
ABFA3114 Principles of Auditing Page 94
7.2.5 Auditor’s response to the results of the risk assessment
In the response to the results of the risk assessment, auditor will:-
Firstly, determine the overall responses to address the risks of material
misstatement at the financial statement level-i.e. assessment of control
environment.
Secondly, the auditor has to consider how to respond to the risks of
misstatement at the assertion level- i.e. the nature, timing and extent of
the audit procedures.
Nature of audit procedures refers to ..................... (e.g. tests of control or
substantive procedures) and ...............(e.g. inspection, observation,
confirmation, analytical procedures). If the risk of misstatement is
considered as high, auditor will perform detailed substantive procedures
to obtain more evidence.
Extent of audit procedures refers to the ...................or ....................... of a
specific audit procedure. If the risk of misstatement is high, the auditor
will increase the extent of audit procedure such as increasing the size of
sample.
Timing refers to ...............audit procedures are performed or the period
or date to which the audit evidence applies. Audit can be conducted at an
interim period or year end. If the risk of misstatement is high, auditor will
plan for unpredictable times of checking.
7.3 Materiality
7.3.1 Materiality can be defined in the following terms: “Information is
material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements”.
7.3.2 Materiality depends on the size of the item or error judged in the
particular circumstances of its omission or misstatement. Thus, materiality
provides a threshold or cut off point rather than being primary qualitative
characteristic which information must have if it is to be useful.
ABFA3114 Principles of Auditing Page 95
7.3.3 An item is material if it affects the truth and fairness of the financial
statement as a whole. But, truth and fairness is a matter of opinion
(judgement). Therefore, an item is judged to be material if it is of sufficient
size and/ or importance that its disclosure or non- disclosure is likely to affect
or influence the opinions/ judgement of users of the financial statements.
7.3.4 ISA 320 Audit Materiality states that the assessment of what is material is
a matter of professional judgement. Materiality can be expressed in both
qualitative and quantitative aspects.
7.3.5 Factors affecting judgement of materiality:
a. Materiality is a ..................... rather than an absolute concept. A
misstatement of an amount might be material for a small company but
immaterial for a large company. For example, a total of misstatement of
RM500,000-00 would be material for a small company but it would be
immaterial for a large company. Hence, it is not possible to set a specific
Ringgit-value guideline for all the audit client- i.e. different client has different
materiality level.
b. Bases are needed for evaluating materiality. Since materiality is a
judgemental matter, it is necessary to have bases for setting the materiality
level. Normally, auditor uses the following quantitative bases to set materiality:
Total assets (e.g. 0.5% x total assets)
Total revenues (e.g. 0.5% x total revenue)
Net income before tax (e.g. 5% x net income before tax)
Equity (e.g. 1% of equity)
Example:
Statement of Financial Position
Assets $10,000,000
Liabilities $7,000,000
Equity $3,000,000
$10,000,000
Statement of Comprehensive Income
ABFA3114 Principles of Auditing Page 96
Revenue $14,000,000
COS ($12,000,000)
GP $2,000,000
Indirect expenses ($1,200,000)
Net Income before tax $800,000
Income tax ($300,000)
Net Income after tax $500,000
So, the materiality level for each item (used as base) is
Net income before tax:
Total assets:
Revenue:
Equity:
c. Qualitative factors also affect materiality. Certain types of misstatements
are likely to be more important to users than others, even if the amounts are the
same. For example:
Amounts involving fraud are usually considered more important than
unintentional errors even though both are the same amounts, because
fraud reflects on the honesty and reliability of management or personnel
involved.
Misstatements can be material as a result of not meeting the contractual
obligations. For example, illegal payment (i.e. under table money) may
be immaterial (small amount of money) to the financial statements, but
once the disclosure of such illegal act to the public it may result huge
loss. Thus, it is said to be material.
The auditors need to consider both the quantity (amount) and the quality
(nature) of the misstatement. For example, a qualitative misstatement
would be the inadequate or improper description of an accounting policy
which is likely to mislead the users.
If a small amount of error repeated, it can cumulate to become material
effect. For example, a small error in a month end procedures, can
cumulatively have a material effect, if repeated.
ABFA3114 Principles of Auditing Page 97
7.3.6 Steps in applying materiality on an audit.
Step 1
Step 2
Step 3
Step 1- Establish a preliminary judgement about materiality
The preliminary judgement about materiality is the maximum amount by which
auditor believes the financial statements could be misstated and still not affect
the decisions of reasonable users.
In designing the audit plan, the auditor establishes an acceptable materiality
level so as to detect quantitatively material misstatements.
By quantifying the estimate about materiality, the audit team is able to plan the
scope of audit and evaluate the results of the audit procedures.
In the planning materiality, auditor should concern about the qualitative factors
that may affect establishing and evaluating materiality such as the following
factors:
Material misstatements in prior years.
Potential for fraud or illegal acts.
Violation of covenants in a loan agreement.
Trend in earning.
Miss forecasted revenue or earning.
Establish a preliminary judgement about materiality
Estimate likely misstatements and compare totals to
the preliminary judgement about materiality
Determine Tolerable Misstatement
ABFA3114 Principles of Auditing Page 98
Materiality may be increased based on favourable qualitative factors as
mentioned above, such as no material misstatement in the previous years, no
fraud or breach of laws or regulations, no violation of covenants in a loan
agreement, increasing in earnings and meeting the forecasted revenue.
Materiality will be lowered if unfavourable qualitative factors exist such as
many misstatements in the previous years, high potential of fraud case, violation
of loan covenant, decreasing trends in earnings and failure to meet the
forecasted results.
Step 2- Determine tolerable misstatement or tolerable error (TE)
Tolerable misstatement or tolerable error is the amount of planning materiality
that is allocated to an account balance or class of transactions. Some common
tolerable misstatement or tolerable error is 2%- 15% of the account or 50%-75%
of planning materiality. TE must be less than materiality amount.
For example
Planning Materiality of revenue = 0.5% x $14,000,000 (revenue) =
$70,000
Tolerable error = $70,000 (planning materiality) x 50% = $35,000-00
Account balance represents an individual line of item such as accounts
receivables.
A class of transactions refers to a type of transactions processed by the client‟s
accounting system such as purchase or revenue transactions.
The purpose of allocating a portion of the preliminary judgement about
materiality is to plan the scope of audit procedures for the individual account
balance or class of transactions.
For example, if a small amount of materiality were allocated to a specific
account, such as receivable, more evidence would be gathered. If a larger
amount of materiality were allocated, then less evidence would be gathered.
ABFA3114 Principles of Auditing Page 99
Summary: Small Materiality, More Evidence
Example A Example B
Materiality Level Materiality Level
Material
High RM70k (High ML)
Material
RM35k TE
Immaterial
Low RM1k (Low ML)
Immaterial
In allocating materiality, the auditor should consider the following factors:
The magnitude (degree) of the account relative to the financial
statements;
The expectation of error
The relative cost to audit the account balance or class of transactions.
Step 3- Estimate likely misstatements and compare totals to the
preliminary judgement about materiality
Step 3 is done near the end of the audit, when the auditor review all the
evidence that has been gathered.
In this step, based on the results of the audit procedures conducted, the auditor
aggregates misstatements from each account or class of transactions. Auditor
compares this aggregate misstatement to the preliminary judgement about
ABFA3114 Principles of Auditing Page 100
materiality established in step 1 and may revise the planning materiality, if
necessary.
If the misstatements are less than the preliminary judgement about materiality,
the auditor can conclude that the financial statements are true and fair.
If the misstatements are greater than the planned judgement about materiality,
the auditor will ask the client to adjust the financial statements. If the client
refuses to correct the financial statements, the auditor should issue a qualified or
an adverse opinion because the financial statements do not present a true and
fair view.
7.3.7 Roles of materiality concept
i. In the audit planning, auditor needs to set preliminary materiality level,
plan audit procedures to detect misstatement that is above materiality
level.
ii. During the auditing process, auditor will carry out audit procedures as
planned, focus on transactions above material level. Auditor will revise
materiality level and carry out additional audit procedure, if necessary.
iii. At the final audit, auditor will evaluate the impact of misstatement on the
true and fairness of financial statements and consider the appropriateness
of the audit report to be issued.
7.3.8 Significance of the concept of materiality to the auditor.
a. The concept of materiality is extremely important to the auditor because:
- It assists the auditor to determine whether true and fair view has been
distorted.
- It indicates the amount of audit work should be done on a specific
area.
- It enables the auditors to restrict the scope of audit work, and hence to
make the most efficient use of time and staff and also avoiding
unnecessary testing of those immaterial items.
b. Materiality is an important consideration in deciding the appropriate type of
audit report given in different circumstances.
ABFA3114 Principles of Auditing Page 101
c. Without setting a materiality level, auditors have to find all the misstatements
which are impossible. By nature of audit, auditors are responsible for obtaining
reasonable assurance that this materiality threshold has been satisfied.
d. However the use of predetermined materiality level has some drawbacks such
as:
The choice of materiality is subjective- there is nothing to decide what
figure is appropriate in any given case.
The use of a materiality level implies errors below a certain size may not
be detected by the auditor‟s work.
Individual immaterial errors may in total become material misstatement.
7.3.9 Relationship between materiality and audit risk.
The relationship between materiality and audit risk is inverse. The higher the
materiality level, the lower the audit risk and vice versa. If the auditor
determines that the acceptable materiality level is lower, audit risk is higher.
The auditor would have to compensate this by either:
a. Reducing the level of assessed control risk
b. Reducing the detection risk by modifying the nature, timing and extent of
substantive procedures (ISA320 requirement).
“High AR, low material level, thus auditor needs to .................. the volume of
checking”
“Low AR, high material level, thus auditor ..................... the volume of
checking”
Audit Risk Level
ABFA3114 Principles of Auditing Page 102
High
Low
Low Materiality High
CHAPTER 8
AUDIT PLANNING AND CONTROL
________________________________________________________________
Lesson Learning Outcomes
When you have completed this lesson you will be able to:
Understand the pre engagement planning
The content and purpose of engagement letter
Understand the flow of audit planning
Documentation of working papers and files.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 5
ABFA3114 Principles of Auditing Page 103
8.1 The Process of Auditing
Step Process Description
1 Engagement letter Every auditor should send his client an engagement
letter which sets out the auditor‟s duties and
responsibilities before commencement of audit
work. If the client requires other services, the scope
of these services should be set out clearly.
2 Planning The auditor must plan and control the audit work if
the audit work is to be done to a high standard of
skill and care.
3 Ascertainment of
system
An auditor must enquire information and ascertain
the client‟s system of accounting and internal
control system in order to understand the
effectiveness and reliability of the system.
4 Testing
transactions
The auditor should test the controls if he intends to
rely on them and he must test the records in order
to obtain evidence that they are reliable basis for
the preparation of accounts.
5 Verifying assets
and liabilities
The auditor must verify the figure appearing in the
financial statements.
5.
Verifying
assets &
liabilities
1. Engagement
letter 2. Planning 3. Ascertainment
of system
7. Obtain management
representation
8. Signing audit report 6. Review of financial
statement
9. Auditor
re-
elected at
AGM
4. Testing
transactions
ABFA3114 Principles of Auditing Page 104
Step Process Description
6 Review of
financial
statements
The auditor reviews the financial statement to see
if overall they appear sensible.
7 Obtaining
management
representation
The auditor asks the management to formally
confirm the correctness of the financial statements.
8 Signing audit
report
The auditor signs the audit report once the directors
have approved the accounts. Audited accounts are
laid before the members at the company‟s AGM.
9 Auditor re-elected
at AGM
The end of AGM signifies the end of the auditor‟s
term of office. The members of the company may
decide by a majority to re-elect the auditor if he
wishes to continue to act for the company.
8.2 Preliminary Engagement Activities
Phases of an audit that relate to audit planning
Preliminary engagement activities help the auditor to consider events or
circumstances that may adversely affect the auditor‟s ability to plan and
perform the audit engagement to reduce audit risk to an acceptable low level.
Preliminary engagement activities
Obtain understanding of the entity
Planning: Set overall audit strategy & develop audit plan
Establish materiality & assess risks
ABFA3114 Principles of Auditing Page 105
8.2.1 Issues to consider before accepting an engagement
a. Qualification to act as an auditor. Determine if the auditors are independent
of the client and able to provide the desired service.
b. Technical competence. Determine whether the auditors have the necessary
expertise, technical skills and knowledge of the industry to carry out an
effective audit especially if the client business is in a specialised industry.
c. Resources available. Auditors should determine whether they have resources
(e.g. audit staff, audit techniques) to perform the audit work and complete the
audit engagement within the deadline.
d. Ethical matters. Auditors should determine if they accept the client would
violate any applicable regulations and standards or face any ethical threats to the
independence of the auditor.
e. Risk assessment. Auditors should consider if they accept the client and the
risk associated to the client would pose a significant danger to the auditor‟s
reputation. When auditors assess the risk, they need to consider the following:-
The viability and stability of the client‟s business
The character and involvement of management
The effectiveness of accounting system and internal control system
The application of accounting standards and policies
Whether is there any unusual item or going concern problem faced by the
client
f. Replacement of previous auditors. If this is the first year audit, auditors
should consider the reasons for resignation of the previous auditor. Auditors
should contact the previous auditor to find out is there any serious disagreement
with directors over accounting matters.
g. Procedures for obtaining information. When considering accepting
appointment, auditors should obtain and review the available financial
information (e.g. annual reports, interim management reports etc.) and inquire
third parties (e.g. banks, solicitors) about any information concerning the
integrity of the management.
ABFA3114 Principles of Auditing Page 106
8.2.2 Upon acceptance of an appointment, a contract is entered into. Terms of
the contract can be both implied or expressly agreed.
Implied terms include:-
Preserving client’s confidentiality
Caring of client’s books and documents
Compliance of rules and laws affecting his
appointment
Expressed terms are set out in writing in the ................................
8.2.3 Engagement Letter
a. Engagement letter is a letter that formalises the contract between the auditor
and the client and outlines the responsibilities of both parties.
b. Purposes of engagement letter
To clearly define the objective, scope of audit and the form of
report
To clearly define the extent of the auditor‟s responsibilities
To minimise the risk of misunderstandings between auditor and
client
To confirm acceptance by the auditor of his engagement
To confirm acceptance by the auditor of his engagement
To inform and educate the client on the limitation of the
engagement
c. Procedures to issue engagement letter
Discuss with the directors on the terms of engagement on or before
acceptance of a new client.
Draft and sign the letter before commencing any part of the
assignment.
Receive the client‟s written resolution on acceptance to confirm to
engage the auditor.
Review the engagement letter every year to make any change.
ABFA3114 Principles of Auditing Page 107
d. Major terms/contents of engagement letter
The objective of the audit of financial statements.
Management‟s responsibility for the financial statements.
The scope of the audit, including reference to applicable
legislation, regulations or professional standards.
The form of reports.
The inherent limitations of an audit and the risk that material
misstatements may remain undiscovered.
Unrestricted access to whatever records, documentation and other
information requested in connection with the audit.
The basis of calculation of audit fees.
e. Other terms that auditor may include in the engagement letter are:
Arrangements regarding the planning of the audit.
Expectation of receiving from management written confirmation
concerning representations made in connection with the audit.
Request for the client to confirm the terms of the engagement by
acknowledging receipt of the engagement letter.
Description of any other letters or reports the auditor expects to
issue to the client.
Basis on which fees are computed and any billing arrangements.
Arrangements concerning the involvement of other auditors and
experts in some aspects of the audit.
Arrangements concerning the involvement of internal auditors and
other client staff.
Arrangements to be made with the predecessor auditor, if any, in
the case of initial audit.
Any restriction on the auditor‟s liability when such possibility
exists.
A reference to any further agreements between the auditor and the
client.
ABFA3114 Principles of Auditing Page 108
8.2.4 Regular review of engagement letter
a. Engagement letter should be regularly reviewed (usually on an annual basis)
and be updated in response to the changes in the terms of engagement.
b. Auditors should send a new engagement letter to client when:-
Any indication that the client misunderstands the objective and
scope of the audit.
Any revised or special terms of the engagement.
A recent change of senior management, board of directors or
ownership of company.
A significant change in nature or size of the client‟s business.
There is a legal requirement.
8.3 Overall Audit Strategy
8.3.1 The auditor should plan the audit work so that the audit will be performed
in an effective manner.
8.3.2 Planning involves developing an overall audit strategy and an audit plan
that detailed the nature, timing and extent of the planned audit procedures.
8.3.3 Objectives/ /advantages/importance/purposes of audit planning are:
Establish the means of achieving the objectives of the audit.
Direct and control the audit work by delegation and coordination of
work
Ensure the auditor focuses on high risk or important areas.
Ensure the potential problem areas are identified such as material
misstatement, control weaknesses.
Ensure the audit work can be completed in time.
Audit work is completed in efficient manner.
To facilitate the direction, supervision and review of their work.
8.3.4 Overall audit strategy determines the scope, timing and direction of the
audit, and guides the auditor in developing a more detailed plan. In developing
the overall audit strategy, auditor should consider the following
ABFA3114 Principles of Auditing Page 109
The results of preliminary engagement activity (i.e. preliminary
risk assessment) and experience gained from other services
provided.
The reporting framework, reporting requirement and its objectives.
The materiality level.
The high risk areas where material misstatements do exist.
8.4 Planning Considerations
8.4.1 ISA 300 Planning an Audit of Financial Statements states that audit
planning is a continual process. Planning must be completed before the
commencement of detailed audit procedures.
8.4.2 Issues and considerations relevant to the audit planning process.
a. Staffing requirements and use of experts.
Auditors should determine the number and grade of audit staff to be
allocated to each stage of the audit. More experience audit staff are
required for high risk areas or involvement of experts on complex
matters.
In some cases, auditor may require the assistance of an expert (e.g.
engineer/doctor/lawyer/valuer) in particular field of specialization.
b. Considerations of materiality and risks
When planning the audit, the auditor considers what would make the
financial statements materially misstated. The auditor‟s assessment of
materiality helps to answer questions relating to nature of audit
procedures.
Auditor uses his knowledge about the entity and its environment as a
basis for identifying and assessing the risks of material misstatements in
the financial statements. Auditor should assess the inherent risks and
control risks that affect the financial assertions.
In evaluating the effect of information technology on the client‟s
accounting systems, the auditor needs information on the following:
ABFA3114 Principles of Auditing Page 110
The extent to which information technology is used in each
significant accounting system.
The complexity of the client‟s technology activities.
The organisational structure of the information technology
activities.
The availability of data.
The need for information technology assisted techniques to
father data and conduct of audit procedures.
c. Understand the applicable laws and regulations.
The auditor should recognise that non-compliance of laws and regulations
by the client entity may materially affect the financial statements and he
should obtain a general understanding of the legal and regulatory
framework applicable to the client entity. The auditor should primarily be
concerned with the following laws and regulations:-
Legal provisions that determine the form and content of the
client‟s financial statement.
Laws and regulations that affect the continuing operation of
the entity
Non-compliance of which can result in financial losses.
d. Identify related parties.
The auditor should identify all related parties during the planning phase
of the audit so that the auditor will be alert for related party transactions
during the audit. The related parties are holding company, subsidiaries,
associates, close family members, substantial shareholders, joint venture,
major suppliers and buyers.
e. Going concern issue.
In the planning of audit, auditor should consider whether there are events
or conditions and related business risks which may cast significant doubt
on the entity‟s ability to continue as a going concern.
f. Considering the internal audit function.
Auditor should assess the effectiveness, competence and objectivity of
internal audit function. The important criteria for this assessment are:
ABFA3114 Principles of Auditing Page 111
Organisation status of internal audit department. Internal
auditor should report to audit committee, not finance
director.
Scope of function. The nature and extent of functions
performed by internal auditors will affect the usefulness and
relevance of their work to external audit objective.
Technical competence such as skills and knowledge of
internal auditor.
Due professional care requires work to be properly planned,
reviewed and documented by internal auditors.
g. Review audit strategy with audit committee.
The auditor should review the audit planning with audit committee. Audit
committee is a subcommittee from the board of directors whose
responsibilities are to assist the board of directors in meeting corporate
governance practice.
h. Additional value-added services.
As part of the planning process, the auditor may look for opportunities to
recommend additional value-added services such as risk assessment,
business performance measurement, and electronic commerce.
8.5 Documenting Overall Audit Strategy and Audit Plan
8.5.1 The auditor should document the overall audit strategy and the audit plan
including any significant changes to the strategy or audit plan made during the
audit engagement.
8.5.2 The form and extent of documentation would depend on the size and
complexity of the entity, materiality and the circumstances of the specific audit
engagement.
8.5.3 An audit plan will set out the overall strategy while the detailed
procedures will be given in the audit program.
8.5.4 An audit program consists of detailed instructions (detail audit procedures)
that instruct the auditor to collect the evidence.
ABFA3114 Principles of Auditing Page 112
8.5.5 Advantages of using audit programs
Provide a clear set of instructions on the work to be done.
Provide clear record of the audit work carried out and by whom they were
carried out.
They facilitate the review of audit work by the audit manager/partner.
Duplication of work can be avoided.
Omission of important audit work can be avoided.
8.5.6 Disadvantages of using audit programs
Audit may be too rigid and not able to tailor to different situation.
Audit program may be outdated against the change in client‟s business.
A standardised audit program limits the auditor from probing any matter
concerning audit.
Too standardised audit program may restrict the auditor‟s innovation in
performing audit.
8.6 The Audit Testing Hierarchy
8.6.1 Audit testing hierarchy starts with tests of controls and substantive
analytical procedures (AP) before substantive tests of details. Auditor begins the
audit with test the effectiveness of internal control. If the tests of control
indicate that internal control system is strong, less substantive analytical
procedures and substantive tests of details will be performed; and vice versa.
1 2 3
Tests of control Substantive Analytical
Procedures
Substantive tests of
details
ABFA3114 Principles of Auditing Page 113
8.6.2 An “Assurance Bucker” Analogy. Assurance bucker is a mixture of audit
procedures and evidence. The assurance bucker must be filled with evidence to
obtain the level of assurance to support the auditor‟s opinion.
Min 95%
Confidence
Desired assurance
Assurance Bucker
8.6.3 Auditor first begins with fill the bucker with evidence from the risk
assessment procedures. After completing risk assessment procedures, the
auditor will conduct tests of control, followed by substantive analytical
procedures and finally substantive tests of details. If the evidence collected from
tests of control is sufficient, then the auditor will reduce the volume of
substantive analytical procedures and substantive detail testing.
8.7 Audit Documentation
8.7.1 Audit documentation is the auditor‟s principal record of the work
performed and the basis for the conclusions in the auditor‟s report. Sometime,
audit documentation is also described as “working papers” or “audit files”.
Audit documentation can be prepared and stored in hard copy format or soft
copy format in the computer.
Remaining SUBSTANTIVE
TESTS OF DETAILS
SUBSTANTIVE ANALAYTICAL
PROCEDURES
TESTS OF CONTROLS
RISK ASSURANCE PROCEDURES
20%
80%
95%
50%
ABFA3114 Principles of Auditing Page 114
8.7.2 Audit documentation or working papers serve 2 functions/objectives:-
1. As sufficient and appropriate record of the basis for the auditor‟s
report;
2. As evidence that the audit was performed in accordance with ISAs and
applicable legal and regulatory requirements.
8.7.3 The content of working papers is affected by:
1. Nature of engagement.
2. Form of the auditor‟s report.
3. Nature and complexity of the business.
4. Nature and condition of the entity‟s accounting and internal control
system.
5. Needs in the particular circumstances for directors, supervision and
review of work performed by audit staff.
6. Specific audit methods and techniques used in the auditing.
8.7.4 Benefits that the auditors will obtain from working papers.
1. Working papers can help in the supervision of the audit work. The
engagement partner needs to supervise the work delegated by him has
been properly performed. Hence, by asking audit staff to produce detailed
working papers, he is able to monitor the process of auditing.
2. Working papers will provide, for future reference details of audit
problems encountered.
3. Working papers serve as evidence of work performed and conclusions
drawn in order to form opinion. This can be invaluable sources of
evidence in the litigation case where the Court orders the auditor to
produce evidence.
4. Good working papers can help in planning and control the process of
auditing.
ABFA3114 Principles of Auditing Page 115
5. The preparation of working papers encourages the auditors to adopt a
high quality of auditing.
8.7.5 Ownership and custody of working papers. The working papers are the
auditor‟s property and should maintain the confidentiality and safe custody.
Confidential information concerning the client should not be released to a third
party without getting consent from the client. If the client requests for the
auditor‟s working papers, auditor may at his discretion to release the extraction
of the working papers.
8.7.6 Standardisation of working papers.
Usually the working papers used are standardised such as standard referencing,
sequence of papers, symbols, flowcharts, checklists for disclosure and cross-
referencing.
8.7.7 Benefits of using standardised working papers.
1. Improve the efficiency in preparation and review of audit work.
2. Help to instruct audit staff and facilitate the delegation of work.
3. Provide a mean to control the quality of auditing.
8.7.8 Benefits of using electronic automated working papers.
1. The risk of human errors may be reduced.
2. The working paper will be neater and easier to review.
3. Any adjustment can be made easily to all the working papers since
change of one figure will automatically be adjusted in other figure.
4. Hard copy of standard forms does not have to be carried to client‟s
premise.
5. Electronic working papers can be transmitted from client office to audit
partner in the audit firm for review via Internet.
ABFA3114 Principles of Auditing Page 116
8.7. 9 Audit files can be separated into 2 types:- (1) permanent audit file (PAF)
& (2) current audit file (CAF).
8.7.10 Permanent audit files (PAF) are used to:-
1. document information which is of recurring value regarding items
appearing in the financial statements such as equity, number of issued
shares etc.
2. document information of a permanent nature regarding the client‟s
business.
3. give audit staff who are new to the audit information regarding the
client‟s affairs and the nature of audit.
8.7.11 Information stored in the Permanent Audit File (PAF) includes:
Statutory regulations governing the company.
Memorandum and Articles of Association.
Letter of auditor engagement.
Trade licences, agreements, debenture deeds, guarantees, and etc.
Address of the registered office.
Organisation chart and responsibility of key personnel.
Organisation„s background information on history, principal activities,
share capital, types of businesses, subsidiaries.
Accounting policies used.
A list of the directors, company‟s bankers, solicitors, insurance
companies, and etc.
8.7.12 Current audit files (CAF) are audit files contain information relating
primarily to the audit of a single (current) period. The objectives of the current
audit file are to:
Provide a record of the work planned.
Detail the work performed including audit procedures performed,
information obtained and conclusion reached.
Enable the audit partner to review the audit.
8.7.13 Current Audit File (CAF) contains the following information:
ABFA3114 Principles of Auditing Page 117
A copy of the accounts being audited.
An index to the file.
Information related to the understanding of internal control and
assessment of risk including ICQ & ICEQ.
An audit program performed including audit work carried out, results of
the test, conclusion drawn from them.
A schedule for each item in the Statement of Financial Position such as
non-current assets schedule, current assets schedule, liability schedules
and equity schedule.
A checklist for compliance with statutory disclosure.
Working trial balance that links the amount in the financial statements to
the audit working papers.
Account analysis that analyse the activity of a particular account for the
period such as legal fees.
Account listing of items in an account such as a trade payable listing.
ABFA3114 Principles of Auditing Page 118
CHAPTER 9
AUDIT ON CASH AND BANK
________________________________________________________________
Learning Outcomes
When you have completed this lesson you will be able to:
Understand internal control on cash & bank system
Explain the audit of cash and bank balances.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 16
ABFA3114 Principles of Auditing Page 119
9.1 Cash
9.1.1 Cash is reported in the financial statements under Cash and Bank Balance
or Cash and cash equivalents. Cash includes certificates of deposit, current
accounts and fixed deposits.
9.1.2 Cash and bank balances usually have high inherent risk and therefore are
normally a critical audit area due to the following reasons:
It is highly liquid and therefore susceptible to fraud.
Most of the business transactions go through cash and bank
Because of its residual nature, cash does not have a predictable
relationship with other financial statement accounts. As a result,
analytical procedures could not be used in the audit of cash and its
equivalent.
9.2 Types of bank accounts
9.2.1 Cash management is an important function in all organisations because
proper management of cash allows company to earn interest on excess of cash
and reduce the cost of borrowing. To maximise the cash position, an entity
implements procedures for fast collection of cash receipts and delaying the
payment of cash disbursement.
9.2.2 The following types of bank accounts are used by an entity to aid in
controlling cash:
General cash accounts
Imprest cash accounts
Branch accounts
9.2.3 General cash account
The general cash account is the principal cash account for most entities. The
major source of cash receipts for this account is revenue cycle. The major
sources of cash disbursements are purchasing cycle and payroll cycle. For many
small entities, this general cash account is the only cash account maintained in
the book.
ABFA3114 Principles of Auditing Page 120
9.2.4 Imprest cash account
An imprest bank account contains a stipulated amount of money and the
account is used for limited purposes such as distribution of payroll and petty
cash. For example, before the disbursement of wages and salaries, a cash
transfer is made from general cash account to the payroll account for the
amount of the net payroll. Then, wages and salaries are drawn from this
account. Use of imprest account such a payroll account can minimise the time
required to reconcile the general cash account.
9.2.5 Branch account
Companies that operate branches in multiple locations may maintain separate
account at local banks. This allows each branch to pay local expenses and to
maintain a banking relationship in the local community. For proper control, the
branch should be required to submit periodic cash reports to head office and the
entity‟s management should carefully monitor the cash balances in the branch
accounts.
General cash
account
Imprest
account (e.g.
payroll
account)
Cash Transfer
Salary
ABFA3114 Principles of Auditing Page 121
9.3 Risk areas, internal control objectives, internal control procedures and
test of control.
HEAD OFFICE
BRANCH 3 BRANCH 2 BRANCH 1
BRANCH
ACCOUNT
1. Risk Areas
2. Internal Control
Objectives
3. Internal control
procedure
4. Test of Control
Tests of control are to
ensure the internal
control procedures are
effective
Internal control
procedures are to
achieve the internal
control objectives
Internal control
objectives are to
address the risk areas
ABFA3114 Principles of Auditing Page 122
9.4 Cash Receipts Transactions
Risk area Internal
control
objectives
Internal control
procedures
Tests of control
Cash receipts
recorded but not
received or
deposit
Validity -Segregation of
duties between cash
receipts and
recording.
-Perform monthly
bank reconciliation
to tally the receipts
and recording.
-Observe and
evaluate the process
of segregation of
duty.
-Review monthly
bank reconciliation to
ensure no
unexplained item
exists.
Cash receipts
being stolen or
lost before
recording
Completeness -Reconcile daily
cash receipts with
posting to accounts
receivable
subsidiary ledger.
-Prepare and send
the customer /
receivable
statements
periodically basis.
-Any customer
complain should be
handled by an
independent party
-Testing of the
reconciliation of
daily cash receipts
with posting to
accounts receivable
ledger to ensure it is
completely recorded.
-Inquiry of client
personnel about
handling of monthly
statements and
examination of
resolution of
complaints.
Cash receipts are
recorded in the
wrong period
Timeliness Control procedures
must be in placed to
ensure cash receipts
should be deposited
on daily basis.
Examine the cash
receipts and agree to
the bank deposit
slips.
Cash discounts
are not properly
taken into
Authorisation Procedures should
be in place to
authorize cash
Select a sample of
cash receipts
transaction and
ABFA3114 Principles of Auditing Page 123
Risk area Internal
control
objectives
Internal control
procedures
Tests of control
account discount. examine the approval
of discount given.
Cash receipts
recorded at the
wrong amount
Valuation Reconcile the daily
remittance report to
control listing of
remittance advice.
Prepare monthly
bank reconciliation
and having
independent
review.
Review and testing of
reconciliation.
Cash receipts
recorded in the
wrong account
Classification Prepare a chart of
accounts to avoid
confusion.
Tracing of cash
receipts from listing
to cash receipts
journal for proper
classification.
Review of cash
receipts journal for
unusual items.
Cash receipts
posted to the
wrong
customer‟s
account.
Cash receipts are
not properly
posted to general
ledger accounts
Posting and
summarisation
Reconcile daily
remittance report
with postings to
cash receipts
journal and
accounts receivable
ledger.
Review the
monthly customer
statements and
complaints.
Review and testing of
reconciliation; its IT
application, testing of
programmed controls
of posting.
Review and testing of
client procedure for
mailing statements
and handling
complaints from
customers.
ABFA3114 Principles of Auditing Page 124
9.5 Cash Disbursement Transactions
Risk Areas Internal
control
objectives
Internal control
procedures
Test of controls
Cash
disbursement
recorded but not
made.
Validity -Proper segregation
of duty
-Supplier statements
independently
reviewed and
reconciled to
accounts payable
records.
-Prepare and review
monthly bank
reconciliations.
-Observe and
evaluate proper
segregation of duties.
-Review client‟s
procedures for
reconciliation vendor
statements.
-Review monthly
bank reconciliations
for indication of
independent review.
Cash
disbursement
made but not
recorded.
Completeness -Proper segregation
of duty.
-Accounting for the
numerical sequence
of cheques.
-Reconcile daily
cash disbursements
to account payables.
-Observe and
evaluate proper
segregation of duties.
-Review and test
client‟s procedures
for numerical
sequence of cheques;
if IT application, test
programmed
controls.
-Review procedures
for reconciliation of
daily cash
disbursement to
account payable.
Cash
disbursement
recorded in
wrong period.
Timeliness -Reconcile daily
cheques issued with
posting to the cash
disbursements
Review daily
reconciliation.
ABFA3114 Principles of Auditing Page 125
Risk Areas Internal
control
objectives
Internal control
procedures
Test of controls
journal and accounts
payable subsidiary
records
Cash
disbursement
not authorised.
Authorisation -Proper segregation
of duties.
-Cheques prepared
only after all source
documents have
been independently
approved.
-Evaluate the process
of segregation of
duty.
-Examine the
indication of
approval on
vouchers.
Cash
disbursement
recorded in
incorrect
amount.
Valuation -Reconcile the daily
cash disbursement to
cheques issued.
-Reconcile supplier
statements to
account payable
records and
independently
reviewed.
-Reconcile monthly
bank statements and
independently
reviewed.
-Review all the
reconciliations
including cash
reconciliation,
supplier statement
reconciliation and
bank reconciliation.
Cash
disbursement
charged to
wrong account.
Classification -Prepare a chart of
accounts.
-Having independent
approval and review
of general ledger
account on vouchers.
-Review cash
disbursement journal
for reasonableness of
account distribution.
-Review general
ledger account code
on voucher for
reasonableness.
ABFA3114 Principles of Auditing Page 126
Risk Areas Internal
control
objectives
Internal control
procedures
Test of controls
Cash
disbursement
posted to the
wrong supplier
account.
Cash
disbursements
journal not
summarized
properly or not
properly posted
to GL accounts
Posting &
Summarization
-Reconcile the
supplier statements
to account payable
and independently
reviewed.
-Agree the monthly
cash disbursements
journal to general
ledger posting.
-Reconcile account
payable to general
ledger control
account
-Review the
reconciliation.
-Review posting
from cash
disbursements
journal to the general
ledger.
-Review the
reconciliation.
9.6Substantive procedures for cash transactions
Audit Objectives Cash Receipts Cash Disbursement
Validity Trace a sample of entries in
the cash receipts journals to
remittance advices, receipts,
daily deposit slips and bank
statement to ensure all the
cash receipts are accounted
for.
Trace a sample of entries
from the cash disbursement
journal to voucher and bank
statement.
Examine a sample of
payment vouchers for
authorised signature and
proper approval to ensure all
the disbursements are valid.
Completeness Trace a sample of remittance
advices to cash receipts
journal and deposit slips to
ensure they are completely
recorded.
Trace a sample of payment
vouchers to the cash
disbursement journal to
ensure the payments are
completely recorded.
Cut off Compare the dates for Compare the dates for a
ABFA3114 Principles of Auditing Page 127
Audit Objectives Cash Receipts Cash Disbursement
recording a sample of cash
receipt transactions in the
cash receipt journal with the
dates the cash was deposited
in the bank to ensure they are
recorded in the right
accounting period.
sample of cheque payments
from disbursement journal
with the dates the cheques
cleared in the bank
statement to ensure they are
recorded in the right
accounting period.
Accuracy Calculate cash receipts
journal and agree posting to
the general ledger to ensure
the accuracy of cash receipts.
Calculate cash
disbursements journal and
agree posting to the general
ledger to ensure the
accuracy of disbursement.
Valuation Compare a sample of
remittance advices with
amount in cash receipts
journal to ensure the amount
is tally.
Compare a sample of
cheque payments &
payment voucher with
amounts in the cash
disbursements journal to
ensure the amount is tally.
Classification Examine a sample of
remittance advice for proper
account classification.
Examine a sample of
payment vouchers for proper
account classification.
9.7 Substantive procedures for cash/bank balances
Audit objectives Audit procedures
Completeness,
validity &
accuracy
1. Obtain the cash and bank schedule from client and
ensure the opening balance is agree to the financial
statements and also ensure the closing balances are
agree to the trial balance.
Completeness,
validity &
accuracy
1. Perform analytical procedures and test reasonableness
of closing balances.
Cut-off,
Completeness,
validity &
accuracy
1. Obtain bank reconciliation prepared by client.
2. Ensure balances agree to the lead schedule.
3. Select long outstanding unpresented cheques and
uncredited deposit.
ABFA3114 Principles of Auditing Page 128
Audit objectives Audit procedures
4. For unpresented cheques, trace to the following
month bank statement and ensure they are cleared at
the year end.
5. For uncredited deposit, select deposit from bank
reconciliation and ensure it appear in bank statement
prior to year end.
Completeness,
validity &
accuracy
1. Obtain direct confirmation from bank on the bank
account balance as well as name of account number,
balances of account, bank loan, any credit facilities
and charges of assets.
Completeness,
validity &
accuracy
1. Discuss with management on the reason for opening
new account and closure of account.
2. Discuss with management on the new facilities or
credit applied for the bank account.
Cut-off 1. Scrutinise the cash book and bank statement before
and after Statement of Financial Position date for
exceptional entries and transfers which have material
effect on the balance.
Ownership 1. Review BOD minutes and loan agreement.
2. Identify whether any account i secured on assets of
the company.
3. Determine whether the bank accounts are subject to
any restrictions.
4. Consider legal right of set off of overdraft against
positive bank balance.
Presentation and
disclosure
1. Investigate any unusual or large payments to related
parties.
2. Evaluate financial statement presentation.
ABFA3114 Principles of Auditing Page 129
9.8 Auditing the cash account
9.8.1 To audit a cash account, the auditor should obtain the following
documents:-
A copy of the bank reconciliation.
A standard letter request information from the bank (also known as bank
confirmation letter)
Bank statements.
9.8.2 Bank reconciliation working paper. Auditor will normally obtain a copy
of the bank reconciliation prepared by the client. The working paper reconciles
the balance per the bank with the balance as per the book. The major
reconciliation items are deposit in transit, outstanding cheques and other
adjustment such as bank charges and interest.
9.8.3 Bank confirmation letter. The auditor will send a letter to all the banks
that the client is dealing with. The bank confirmation is a reliable third party
confirmation. The objective of getting bank confirmation is to ascertain the
existence and amount of balance / liabilities; the existence, ownership and
proper custody of assets.
9.8.4 The procedures of getting bank confirmation are as follows:
a) Auditor must obtain an authorization letter from the client to permit their
banks to release / disclose information concerning audit to the auditor.
b) The request should be sent to the bank‟s branch manager stating both the
client‟s year end date.
c) The auditor must follow up the bank response and review all the
information released by the bank.
9.8.5 Tests of the bank reconciliation that prepared by client.
The auditor uses the following audit procedures to test the bank reconciliation:
1. Test the mathematical accuracy of the bank reconciliation working paper
and agree the balance per the book to the general ledger.
2. Agree the bank balance on the bank reconciliation with the balance
shown on the bank confirmation. The balance should correspond to the
balance per bank statement at the end of the period.
ABFA3114 Principles of Auditing Page 130
3. Trace the deposits in transit on the bank reconciliation to subsequent bank
statements. Any deposit in transit shown on the bank reconciliation
should be listed as a deposit shortly after the end of the period.
4. Compare the outstanding cheques on the bank reconciliation working
paper with the cheques cleared contained in the subsequent bank
statement for cheque number, date and amount. The auditor should ensure
that no cheques dated prior to the financial year end are included with the
subsequent bank statements that are not included as outstanding cheques
on the bank reconciliation.
5. Agree any charge included on the bank statement to the bank
reconciliation. These bank charges may result in an adjustment to the
client‟s book.
6. Agree the adjusted book balance to the cash account lead schedule. The
adjusted book balance would be part of the amount included in the
financial statements for cash.
9.8.6 Fraud related audit procedures for cash
In the event that auditor suspects that some form of fraud involving cash has
occurred, the auditor should extend the normal audit procedures for cash
transactions and balances. Three audit procedures can be used to detect
fraudulent activities in the cash account are:
Extended bank reconciliation procedures. Auditor will extend the coverage
period to investigate the outstanding cheques and have a detailed examination
of the outstanding items.
Proof of cash. Reconcile the receipts and payments in the cash book with bank
statement for a specific period to ensure all the transactions in the cash book and
bank statement agreed and no transactions have been omitted from the book
Tests of kiting. When cash has been stolen by an employee, it is possible to
cover the cash shortage by following a practice known as kiting. This involves
an employee covering the cash shortage by transferring money from one bank
account to another and recording the transactions improperly in the entity‟s
book. Test of kiting involves the preparation of an inter bank transfer schedule
to ensure proper cut off for the cash transactions.
ABFA3114 Principles of Auditing Page 131
9.8.7 Auditing a petty cash fund
Control procedures for petty cash
1. A petty cash fund should be maintained on an imprest basis by an
independent petty cash cashier.
2. Pre-numbered petty cash vouchers should be used for withdrawal of
cash from the fund and a limit should be placed on the size of
reimbursements made from petty cash.
3. Accounts payable clerk should review the vouchers of payment before
replenishing the petty cash fund.
4. Surprise cash count should be conducted by an independent officer.
Audit tests for petty cash
1. The auditor should gain understanding of the client‟s control
procedures over petty cash to assess the adequacy which in turn
determine the nature and extent of the auditor‟ work.
2. The auditor should focus on both the transactions processed through
the fund during the period and the balance in the fund.
3. The auditor selects a sample of petty cash reimbursements and
examines the particulars of payments.
4. The auditor should test count the physical cash to ensure it is tally to
the petty cash book balance.
ABFA3114 Principles of Auditing Page 132
CHAPTER 10
AUDIT ON PROPERTY, PLANT AND EQUIPMENT
________________________________________________________________
Lesson Learning Outcomes
When you have completed this lesson you will be able to:
Develop an understanding of the management process for property,
plant and equipment.
Understand the internal control on property, plant and equipment
Audit of Property, Plant & Equipment.
Reference Text: Audit & Assurance Services in Malaysia- Chapter 14
ABFA3114 Principles of Auditing Page 133
10.1 Auditing property, plant and equipment (PPE)
10.1.1 For most business entities, property, plant and equipment often represent
a material portion of the total assets and hence they are significant in the
financial statements.
10.1.2 If the client is a small entity with a few asset acquisitions during the
period, it is more cost effective for the auditor to follow a substantive strategy.
Following this strategy, the auditor conducts substantive analytical procedures
and substantive test of the account balances.
10.1.3 For large entities are likely to have formal capital budgeting procedures
for authorisation and purchasing non-current assets. While routine purchase
might be processed through the purchase cycle, acquisition or construction of
specialized property, plant and equipment may be subject to different
requisition and authorization procedures. When the entity has a formal control
system over non-current assets, the auditor may follow a reliance strategy and
test the internal control.
10.2 Types of transactions
10.2.1 Four types of PPE transactions may occur:
Acquisition of non-current assets for cash or other non-monetary
considerations.
Disposal of non-current assets through sale, exchange, retirement or
abandonment.
Depreciation of non-current assets over their useful economic life.
Leasing of non-current assets.
10.3 Inherent risk assessment of PPE
10.3.1 The assessment of inherent risk for the purchasing cycle provides a
starting point for assessing inherent risk for PPE. The reasons for auditor focus
on PPE due to the following three inherent risk factors:
ABFA3114 Principles of Auditing Page 134
Complex accounting issues. FRS 116 sets the standards for the
accounting treatment of PPE. Some of the PPE transactions can give rise
to complex accounting issues, for example, lease accounting, self
constructed assets and capitalisation of interest.
Difficult to audit transactions. When assets are purchased directly from
suppliers, initial measurement of costs can be verified by examining the
invoice and purchase contracts. However, the transactions involving
donated assets, non monetary exchanges and self constructed assets are
more difficult to audit.
Misstatements detected in prior audits. If the auditor has detected
misstatements in prior audits, the assessment of inherent risk should be
set higher than if few or no misstatements have been found in the past.
10.3.2 Due to the complexity of PPE transactions as mentioned above, a non
current asset register will be maintained. The advantages of maintaining
non-current asset register are
Complete information for each PPE such as description, location
and serial number, date of purchase, installation cost, depreciation
method, residual value and estimated useful economic life are
completely recorded.
Any addition or disposal of PPE could be easily identified and
managed.
It facilitates the calculation of depreciation or amortization.
10.4 Control risk assessment- PPE
10.4.1 The following are the major 4 internal control objectives, control
procedures and test of control for PPE.
Control
Objectives
Control procedures Test of Control
1.Occurrence 1. The purchase of PPE
must pass through a
specific capital
budgeting process
which should require
Analytical review
1. General review
between current and
prior year figures to
ABFA3114 Principles of Auditing Page 135
Control
Objectives
Control procedures Test of Control
higher approval
authority.
2. Review of supplier‟s
invoices to satisfy the
assertion of occurrence.
ascertain any
unexplained
differences
2. Review of sensitive
codes in the general
ledger such as repairs
or maintenance
2.Authorisation
Purchase
requisitions are
initiated in relevant
departments and
authorized at the
appropriate level
within the entity.
1. Internal control
procedures should be in
place to ensure that the
authorisation to
purchase PPE is
consistent with the
authorization.
2. Control procedures
must be in place for
authorising the sale or
disposal of non- current
assets.
3. All major maintenance
or improvement
transactions should be
properly authorised by
an appropriate level of
management.
1. Discuss the level of
capital purchases in
the year with the
purchasing manager
2. Review the board
minutes for
authorisation of
capital
purchases
3.Completeness
The detailed PPE
ledger should
includes complete
information for
each PPE such as
description,
location and serial
number, date of
purchase,
1. Perform monthly
reconciliation of the
PPE subsidiary ledger
to general ledger
control account.
2. Periodically compare
the details recorded in
PPE subsidiary ledger
with the existence of
physical assets. Obtain
1. Review of the
movements on the
non-current asset
codes
2. Compare budgeted
capital purchases with
actual capital
purchases
ABFA3114 Principles of Auditing Page 136
Control
Objectives
Control procedures Test of Control
installation cost,
depreciation
method, residual
value and
estimated useful
economic life.
or prepare a summary
of tangible non-current
assets showing how
gross book value,
accumulated
depreciation, and net
book value reconcile
with the opening
position.
3. Compare non-current
assets in the general
ledger with the non-
current assets register
and obtain explanations
for differences.
4. Check whether assets
which physically exist
are recorded in non-
current asset register.
5. If a non-current asset
register is not kept,
obtain a schedule
showing the original
costs and present
depreciated value of
major non-current
assets.
6. Reconcile the schedule
of non-current assets
with the general
ledger.
ABFA3114 Principles of Auditing Page 137
4. Segregation of duty. The existence of adequate segregation of duties for
PPE within an entity depends on the volume and significance of the
transaction processed. The table below shows the key segregation of
duties for PPE transactions and possible errors/fraud resulting from
conflict of duties.
Segregation of duties
Possible Errors/Fraud Resulting from
Conflict of Duties
The initiation function should be
segregated from final approval
function to avoid unauthorised or
unnecessary purchase
If one individual is responsible for
initiating a PPE transaction and also has
authority to approve the transaction, it is
likely unauthorised purchases of assets
can occur. This can result in purchase of
unnecessary assets that do not meet the
company‟s quality control standards; or
illegal payments to supplier or contractors.
The PPE records function should
be segregated from the general
ledger function.
If an individual is responsible for the PPE
records and also for the general ledger
functions, that individual can conceal any
defalcation that would normally be
detected by reconciling subsidiary records
with the GL control account.
The PPE records function should
be segregated from the custodial
function.
If an individual is responsible for the PPE
records and also has custodial
responsibility for the related assets, tools
and equipment can be stolen and the theft
can be concealed by adjustment of the
accounting records.
If a periodic physical inventory of
PPE is taken, the individual
responsible for the inventory
should be independent of the
custodial and record keeping
functions.
If an individual who is responsible for the
periodic physical inventory of PPE is also
responsible for the custodial and record
keeping functions, theft of the entity‟s
physical assets can be concealed.
ABFA3114 Principles of Auditing Page 138
10.5 Substantive procedures for PPE
10.5.1 Analytical procedures
Compare prior year balances in PPE and depreciation charges with
current year balances after consideration of any changes in conditions or
asset composition.
Example 20x9 compared to 20x8
Property, plant & equipment (o/s) xxx yyy
Depreciation charged xxx yyy
Compute the ratio of depreciation charges to the related PPE account and
comparison to prior years‟ ratios.
Example 20x9 compared to 20x8
Depreciation / PPE x ratio y ratio
Compute the ratio of repairs and maintenance expense to the related PPE
account and comparison to prior years‟ ratios.
Example 20x9 compared to 20x8
Repair & maintenance expense/PPE x ratio y
ratio
Compute the ratio of insurance expense to the related PPE account and
comparison to prior years‟ ratio.
Example 20x9 compared to 20x8
Insurance expense/PPE x ratio y ratio
Review capital budgets and comparison of the amounts spent with
amounts budgeted.
Example: Compare actual expense on PPE to budgeted amount.
ABFA3114 Principles of Auditing Page 139
10.5.2 Substantive procedures for testing transaction- PPE
Assertions about
classes of
transactions
(Objective of
procedure)
Substantive procedures
Occurrence 1. Vouch significant additions and disposals to
vendor invoices or other supporting documents.
2. Review lease agreements to ensure that lease
transactions are accounted for properly.
Completeness 1. Trace a sample of purchase requisitions to
loading dock reports and to the PPE records i.e.
transaction and master file.
2. Vouch a sample of PPE additions to
documentation indicating proper authorisation.
Accuracy 1. For assets written off, test amounts charged
against income and accumulated depreciation.
Cut-off 1. Examine the purchases /sales of capital assets
for a few days before and after year end.
2. Inquiry of client personnel and a review of lease
transactions for the same period can provide
evidence on proper cut off for leases.
Classification 1. Vouch transactions included in repairs and
maintenance for items that should be recognised
as PPE.
2. Review lease transactions for proper
classification between operating and finance
leases.
ABFA3114 Principles of Auditing Page 140
10.5.3 Substantive procedures for testing account balances- PPE
Assertions about
account balances
(Objective of
procedures)
Substantive procedures
Existence 1. Verify the existence of major additions by
physically examining the property, plant &
equipment.
2. Confirm that the company physically inspects
all items in the non-current asset register each
year
3. Inspect assets, concentrating on high value
items and additions in year. Confirm items
inspected exist, are in use, are in good condition
and have correct serial numbers
4. Review records of income yielding assets
5. Reconcile opening and closing vehicles by
numbers as well as amounts
Rights and obligations 1. Examine or confirm deeds or title documents for
proof of ownership.
Completeness 1. Obtain a lead schedule of property, plant &
equipment and agree the total to the general
ledger.
2. Obtain detailed schedules for additions and
disposals of PPE and agree the amount to total
shown on lead schedule.
3. Physically examine a sample of capital assets
and trace them into the PPE subsidiary ledger.
Valuation & allocation 1. Evaluate fixed assets for significant write off by
performing the following procedures:
Identify the event or change in circumstance
indicating that the carrying value of the asset
may not be recovered.
Verify written off loss by determining the sum
of expected future cash flows and comparing
that sum to the carrying value.
Examine entity‟s document supporting such as
directors‟ minutes on the written off.
ABFA3114 Principles of Auditing Page 141
10.5.4 Audit procedures in respect of additions, disposal and self constructed
assets-PPE.
Audit procedures
Additions of assets
(Assertions are to
confirm rights and
obligation, valuation
and completeness)
1. Verify additions by inspection of architects‟
certificates, solicitors‟ completion statements,
suppliers‟ invoice etc.
2. Check capitalisation of expenditure is correct by
considering for non-current assets additions and
items in relevant expense categories. For
example, capital or revenue must be distinctively
differentiated. Capitalisation must be
consistently applied.
3. Check purchases have been properly allocated to
correct non-current asset accounts.
4. Check purchases have been authorised by
directors/senior management.
5. Check additions have recorded in PPE
subsidiary ledger and general ledger.
6. Agree the addition of PPE to the supplier‟s
invoices or purchase agreement to ensure the
accuracy and validity of transaction.
Self-constructed assets
1. Verify material and labour costs and overheads
to invoices, wage records etc.
2. Ensure expenditure has been analysed correctly
and properly charged to capital.
3. Check no profit element has included in costs.
Disposals
Assertions are to
confirm rights and
obligations, valuation
and completeness)
1. Verify disposals with supporting documentation,
checking transfer of title, sales price and dates of
completion and payment.
2. Check calculation of profit or loss.
3. Check that disposals have been authorized.
4. Consider whether proceeds are reasonable.
5. If the property was used as security, ensure
release from security has been correctly made.
6. For significant disposals, consider impact upon
other areas of business and whether disposal
should be disclosed.
ABFA3114 Principles of Auditing Page 142
10.5.5 Evaluating the audit finding- PPE.
If the aggregate likely misstatement is less than the tolerable misstatement, the
evidence indicates that the PPE accounts are not materially misstated.
If the likely misstatement were greater than tolerable misstatement, the auditor
would either require adjustment to the accounts or issue a qualified auditor‟s
report.
ABFA3114 Principles of Auditing Page 143
CHAPTER 11
COMPUTER IN AUDITING
________________________________________________________________
Lesson Learning Outcomes
When you have completed this lesson you will be able to:
Understand the effect of IT on elements of control environment and
control procedures
Understand the meaning and importance of general controls in an IT
environment.
Learn the audit process in an IT environment.
Understand the concept of CAAT.
Reference Text: Auditing and Assurance in Malaysia- Chapter 7
ABFA3114 Principles of Auditing Page 144
11.1 The effect of information technology on internal control components
11.1.1 The usage of IT can affect any 5 components of internal control. The
information system in an IT environment includes computer hardware,
software, automated controls and procedures, and data in electronic format.
11.1.2 There are potential benefits to an entity‟s internal control arising from
using the IT. The potential benefits of IT on internal control include:-
Consistent application of predefined business rules and performance of
complex calculations in processing large volume of transactions or data.
Enhancement of the timeliness, availability and accuracy of information.
Facilitation of additional analysis of information.
Enhancement of the ability to monitor the performance of the entity‟s
activities and its policies and procedures.
Reduction in the risk that controls will be circumvented.
Enhancement of the ability to achieve effective segregation of duties by
implementing security controls in applications, databases and operating
system.
11.1.3 The potential risks of usage of IT to internal control include:
Reliance on systems or programmes that inaccurately process data,
process the wrong data or both.
Unauthorised access to data that may result in destruction of data or
improper changes to data, including the recording of unauthorised or non-
existent transactions or inaccurate recording of transactions.
Unauthorized changes to data in master files.
Unauthorized changes to systems or programmes by unauthorized person.
Failure to make necessary changes to systems or programmes when
control environment has changed.
Inappropriate manual intervention / override by management.
Potential loss of data if non protection (or firewall) is in place on the
database.
11.1.4 The effects of IT on an organisation‟s internal controls are:
IT affects all the factors that affect the control environment.
IT affects the business risks that influence the achievement of entity
objectives.
ABFA3114 Principles of Auditing Page 145
It affects the control procedures that ensure management‟s directives are
carried out.
IT affects the information and communication requirement
It affects the monitoring activities.
11.1.5 The control environment factors and control procedures affected by IT
are:
11.1.5.1 Control environment factors
Assignment of authority and responsibility. A clear line of authority and
responsibility is important so that the entity is able to achieve its
objectives.
Human resource policies and practices. It is important to have personnel
who possess the skills and expertise needed to oversee and operate the
information system.
11.1.5.2 Control procedures
Information processing. Two areas in which control procedures can be
affected by the use of IT in processing are (1) authorisation of
transactions; and (2) the keeping of adequate documents and records.
Proper segregation of duties. In an IT environment, the programmes
within the system may assume the responsibilities of all the functions
relating to the initiation, authorisation and recording of transactions as
well as the custody of assets.
Physical controls. Physical control over the computer terminals and
access the database must be protected against unauthorised access and
stealing the private information. Entity should have a disaster recovery
plan including backup copies of programme and storage of database in
different locations.
ABFA3114 Principles of Auditing Page 146
11.2 Types of controls in an IT environment
There are 2 broad categories of information systems control procedures: (i)
General controls; (ii) Application controls.
Category 1- General Controls
i. General controls are related to the overall information processing
environment and have pervasive effect on the entity‟s computer
operations. It relates to the overall environment within which
computer base accounting systems are developed, maintained and
operated to all the applications. General controls are sometimes
referred to as supervisory, management or information technology
controls.
Objective: General controls are to ensure proper development and
implement of applications and the integrity of programme and data files
and of computer operations. General controls can be either manual or
programmed. [Manual control means control procedures are performed
by personnel; programmed control procedures are executed by computer
software].
General controls include controls over:
(i) Data Centre and Network Operations Controls include controls
over computer and network operations, data preparation, work flow
control and library function control. It prevents unauthorised access
to the network programs, files and systems documentation by
computer operators. The operating system log should record all the
computing activities.
(ii) System software acquisition, change and maintenance; systems
software are the computer programmes that control the computer
functions and the application programmes to run. Any installation,
change or modification of software must be controlled.
(iii) Access security; Security and access controls are
Restricting access to computers to authorised users only such as
locked doors, authorized cards.
ABFA3114 Principles of Auditing Page 147
Password to restrict access to programmes and data files.
Logging or trail to record and monitor access to computer files and
programmes.
Secure storage of backup data in a safe and separate location.
(iv) Application system acquisition, development and maintenance.
Policies and procedures for planning, acquiring or developing and
implementing new systems should be controlled.
Category 2- Application Controls.
Application controls apply to the processing of individual accountings,
such as sales or payroll and help ensure the completeness and accuracy of
transaction processing, authorisation and validity. It applies to the
processing of individual accounting applications such as payroll or sales
system
Objective: Application controls are to ensure the completeness and
accuracy of the accounting records and validity of the entries made
therein resulting from both manual and programmed processing.
Application controls cover the following
(i) Data Capture Controls. Data capture controls must ensure that all
transactions are recorded in the application system; transactions are
recorded only once (it means no double recording) and any rejected
transactions are identified, controlled, corrected and re-entered into
the system. Therefore data capture controls are concerned the
assertions of occurrence, completeness and accuracy. Batch
processing procedures should be used to control the data capture.
[Batch processing is an input and processing method whereby data
are accumulated by classes of transactions and are entered and
process in batches.]
(ii) Data Validation Controls. Data can be validated for its existence
and accuracy by the following controls.
ABFA3114 Principles of Auditing Page 148
Limit test. A test to ensure that a numerical value does not
exceed some predetermined value, such as “Not exceeding
RM1,000-00.”
Range test. A check to ensure that the value in a field falls
with an allowable range of value; such as “Between 1 to 10
units”
Sequence check. A check to determine if input data are in
proper numerical or alphabetical sequence; such as “#20001,
20002, 20003....... 20009”
Existence test. A test of an account number or account code
by comparison to a file or table containing valid account
number or code. For example, Account code for receivables
“D10020”, Account code for credit sale “A10010”
Field test. A check on a field to ensure that it contains either
all numerical or alphabetic character. For example,
units.
Sign test. A check to ensure that the data in a field have the
proper arithmetic sign. For example, decimal point
Check digit verification. A numeric value computed to
provide assurance that the original value was not altered.
(iii) Processing Controls. These are the controls that ensure a proper
processing of transactions. For example, file labels control
whereby internal and external file labels should be assigned.
(iv) Output Controls. Outputs are reports and printed documentation.
Only authorized persons would be able to access the reports.
(v) Error Controls. Errors can be identified at any point in the
system. Once the errors are identified, they should be corrected
immediately.
11.3 The audit process in an IT environment
11.3.1 The auditor‟s understanding of the entity‟s internal control information
system must include the following issues:
The extent to which IT is used in each significant accounting application.
The complexity of the entity‟s IT applications and operations.
20
21. 19
ABFA3114 Principles of Auditing Page 149
The organisational structure of the IT processing activities.
The availability of data for audit evidence.
11.3.2 Low complexity system. A low complexity system would be composed
of a stand-alone PC or a small network of computers. In a low complexity
system environment, auditor will concern the manual control elements in the
information processing rather than control over computer programme.
Two types of audit approach in an IT environment.
i. Audit around the computer: it is concerning only the input and
output
ii. Audit through the computer: it is concerning about the input,
output and also the processing routines of the computer.
11.3.3 Advanced system. Advanced systems comprise the mixture of online,
real time processing, extensive database system, distributed data processing,
electronic data interchange (EDI) and e-commerce.
11.3.4 Depth of understanding of internal control. When the entity‟s
information system becomes more complex with the use of IT, the auditor may
need to devote more effort to understanding internal control in order to conduct
tests of control and substantive procedures.
11.3.5 The use of IT specialist. In the advanced IT environment where auditor is
lack of expertise in the IT knowledge, auditor may seek the assistance from the
IT specialist to test the control system and collect the audit evidence.
11.3.6 The use of IT can provide an audit trail for the purpose of auditing. Audit
trail is a chain of evidence provided by documentation or other cross
referencing that connects account balances and other summary results with
original transaction data.
11.4 Computer Assisted Audit Techniques (CAATs)
11.4.1 CAATs are techniques that involve the auditor using the computer in the
performance of the audit. They include the use of test data and computer
software to test an entity‟s files and databases. Test data is the auditor created
simulated transaction data to be used for testing the control system.
ABFA3114 Principles of Auditing Page 150
11.4.2 CAATs may be used by the auditor to execute substantive procedures or
in testing application controls. An auditor would find it necessary to use CAATs
in advanced IT systems when the validation and processing controls for routine
transaction are embedded in the application programmes. Use of CAATs for
substantive procedures may be efficient when the entity‟s data files are
maintained in software format.
11.4.3 In determining whether to use CAATs, the auditor should consider the
following factors (or factors influencing the choice between CAATs and manual
technique):
The IT knowledge, expertise and experience of the auditor in IT.
The availability of CAATs
The availability of computer facilities and data.
The impracticality of manual test.
The effectiveness and efficiency of using CAATs.
The timing of applying CAATs.
11.4.4 The common audit procedures that can be performed with CAATs
include substantive procedures for transactions and balances, analytical
procedures and tests of controls.
11.4.5 Advantages of CAATs to the auditor
In a computer based system the large volume of transactions is
likely to force the auditor to rely upon programmed controls.
CAATs are likely to be the only effective way of testing
programmed controls.
CAATs are able to audit a large volume of items quickly and
accurately and therefore increase the assurance.
CAATs enable the auditor to test the accounting system and its
records in the soft copy rather than relying on testing printouts
which can easily amended by client.
Once CAATs are set up, it will be cost effective way of
obtaining audit evidence.
ABFA3114 Principles of Auditing Page 151
The results of CAATs can be used to compare the traditional
clerical audit work to increase the auditor confidence.
11.4.5 Major steps in applying CAATs
o Set the objective of the CAATs application;
o Identify the specific files or database to be examined;
o Determine the accessibility of the entity‟s files;
o Define the specific tests or procedures and related transactions
and
balances affected;
o Define output requirements;
o Identify the personnel who will participate in the application of
the
o CAATs.
o Ensure the use of CAATs is properly controlled and
documented;
o Reconcile data to be used for the CAAT with the accounting
records;
o Evaluate the results after execution of the CAAT application.