Lesson 17
Possible application:
standard accounting procedures such as the use of control accounts,
reconciliation
procedures and the
performance of arithmetic checks on accounting records.
d) Physical
There should be
adequate physical control to ensure the security and safekeeping of its assets
such
as plant and
machinery, valuable inventory items and cash.
Possible application
: banking cash
immediately, controlling access to inventory areas; electronic tagging of
inventory and portable
non-current assets.
e) Management and
Monitoring
There should be
sufficient controls in existence to ensure management can effectively control
the
business
operations.
: the use of budgeting
and standard costing systems; the establishment of an internal
audit
department
f) Authorization
All transactions
should be authorized.
Possible application
: authorization of
purchases, cash and bank payments, sale of non-current assets, sales
to customers on credit,
bad debt write offs.
g) Personnel
Employees should
be appropriately qualified and of suitable caliber to perform the required
tasks.
Possible application
: recruiting the right
people for the job; training them effectively, motivating and
rewarding employees in
an appropriate way.
h) Segregation of
duties
There should be an
appropriate division of responsibilities to reduce the opportunity for fraud
and
manipulation.
This is a
fundamental control procedure designed to ensure that one person does not have
sole
charge of a
transaction from beginning till end. Perfect segregation of duties exists where
each of
the main stages in
a transaction are under the control of a different person.
Possible application:
Consider an inventory
purchasing system in a manufacturing company:
Stage
Documentation Responsibility
Initiation
Stores requisition Stores keeper
Authorization
Purchase order Purchasing officer
Custody
Goods received note Receiving officer
Recording
Invoice Account department
Documenting the system
Documenting the system
is an extremely important stage in the audit;
Auditing standards state
that in planning the audit, auditors should obtain and document an
understanding
of the accounting system
and control environment
sufficient to determine
their audit approach.
The various methods of
ascertaining and recording the system may be summarized as follows:
1. Organization
chart
2. Narrative notes
3 Flowcharts
4 Internal control
questionnaires (ICQs)
5 Internal control
evaluation checklists (ICEC)
59
Organization Chart
Production
Director
Production
Planning
Factory
Manager
Managing Director
Distribution
Manager
Purchases
Controller
Sales
Director
Advertising
Manger
Chief
Accountant
Narrative Notes
Finance
Director
Manager
Accounts
This is a simple and
apparently convenient way of describing systems. Having ascertained the system,
the
auditor draws up a
narrative description of it for the audit files. An example might be:
Sales invoices are
prepared by Mr._____ They are checked by Mr. _____ and then passed to Mr. _____
for
recording in the
customer’s account in the sales ledger etc.
Shortcomings of the
method:
1. Notes can take up a
disproportionate amount of space
2. Notes may be
difficult to interpret
3. What happens it
personnel change?
Flowcharts
This is becoming an
increasingly widely used technique for recording accounting systems in audit
files.
A flowchart is a
diagrammatical representation of an accounting system.
A good flowchart will be
supplemented with narrative.
Flowcharts have the
following advantages:
(i) They portray the
flow of documents through the system and enable the auditor to relate
those
movements with
procedures and checks carried out as part of that system.
(ii) They show the
movement of documents in such a way that, when properly prepared, the
sources and destinations
of all documents will be clear.
(iii) They help to
highlight weaknesses in the control of the business.
(iv) They enable audit
tests to be clearly related to weaknesses in the accounting system.
Standard symbols
are used to
represent documents, operations and checks carried out.
Flow lines
are used to join
up the symbols and represent the movement of documents.
Dotted lines
are used to
represent the flow of information between documents.
Essentials of flowchart
Internal control
evaluation flowcharts must highlight the following:
(a) the sequence of
operations happening to each document (e.g. authorization, checking, matching,
filing)
(b) the segregation of
staff duties and who is responsible for each operation.
60
Symbols used in manual
systems flowcharts
• A document
• A multi-part set of
documents
• Pre-numbered
document
• A book of
account
• An operation performed
on a document
• A check performed on a
document
• Filing a book or
document
• Document flow
• Information flow
• Connector with another
page/flow-line
N
61
Flowchart of purchases
Narratives:
1 Requisition note
raised when goods
are at a pre-set
re-order level. Order
quantity is
pre-determined by use of a
copy of the previous
purchase order.
2 Signed by store
manager.
3 Buyer checks
authorization.
4 Purchase order set
prepared.
8 P02 filed temporarily
to act as a check
on overdue deliveries.
10 P04 and P05 are filed
until goods are
received.
11 Weekly check on
overdue deliveries.
12 Goods checked to PO
to ensure they
are in agreement.
13 If not damaged, goods
are accepted
and a goods received
note set is raised.
Where quantity received
is below order a
shortage memo set is
also raised and a
note made on the
purchase order.
14 P05 is sent back to
the warehouse to
act as the next
requisition note.
Commentary on the above
flowchart
(a) All operations and
checks are positioned on vertical lines within a particular department.
(b) Horizontal lines
show the movement of a document between departments.
(c) In practice the
flowchart would continue, dealing with the processing of the purchase
invoice/credit
note/day books/payables
ledger/cash book etc. The
flow-lines at the bottom
of the page would continue to page 2 of the flowchart.
(d) Note that the
narrative to the flowchart does not deal with all of the operation numbers since
some
should be
self-explanatory e.g. operation 9 represents the
numerical filing of P03
in the buying department.
62
Lesson 18
EVALUATING THE INTERNAL
CONTROL SYSTEM
Flow Charts and Internal
Control Questionnaires:
Use of the major symbols
in flow charts
The Document symbol
Each document in the
flowchart should have a vertical flow-line. Such vertical flow-lines represent
a
movement in time within
a particular department. When the document is moved to another
department, this
movement in position will be represented by a horizontal line; departments are
therefore listed across
the page.
Here the document
is originated in Dept
A. It is moved to Dept
B, then Dept D and then Dept C. Note that only vertical and horizontal lines
are
used, never diagonal
lines.
The Operation symbol
Various operations will
be performed on a document.
It will, for instance:
be prepared, added up, used to prepare other documents, etc.
Any operation, other
than a check function, is represented by the cross symbol.
Each operation symbol
should be supported by a brief narrative explaining the nature of the
operation.
Invoice
etc.
Kamran totals the
invoice
Note that the operation
symbol is positioned on a
vertical flow-line. It
should never appear on a
horizontal flow-line
since that would suggest in this
case that Kamran totals
the invoice while it is
moving from one
department to another.
63
The Information flow
symbol
Fauzia prepares an
invoice
from the sales order
This example is wrong
because:
(a) no narrative exists
to explain
the nature of the
operation;
(b) the sales invoice
has no
flow-line, it disappears
into
thin air.
Sales
order
Sales
order
Here one document is
prepared from
another.
The movement of
information to the
sales invoice is shown
by a dotted line. Such
information flow-lines
are always horizontal,
never vertical.
Note that flow-lines
then continue for both
the order and the
invoice.
Sales
Invoice
The Check symbol
Sattar totals the
invoice
Wajid checks the totals
Pasha checks that all
goods dispatched have
been invoiced.
Delivery
Note
Sales
Invoice
Sales
Invoice
This example
shows a simple
check on a single
document.
This shows a check
between two
documents.
Note the use of the
information flow-line
again and that both the
delivery note and the
sales invoice continue
with vertical flow-lines
of their own.
64
The filing symbol
Once documents have been
processed they will often be filed away.
Such files are either
permanent or temporary.
The two sorts of file
are denoted by the same symbol but the
temporary files are
marked with a letter ‘T’.
It will often be useful
to indicate the order of filing either numerically,
alphabetically or in
chronological order. This can be done by
marking the symbol with
the letter N, A, or D.
Filed awaiting delivery
of
goods.
Checked by Zahoor
(weekly) got late
delivery
When goods are received
purchase order initialed
by
Safdar
Purchase
Order
TN
N
Note that with the
temporary
filing symbol the
flow-line of the
document must continue.
With the permanent
filing symbol
the flow-line stops
since the
document has reached its
ultimate
destination
The book of account
symbol
The flowchart should use
the book symbol to show the book which is
already in existence. It
should also show the book being re-filed once the
posting is
completed.
Sohail posts invoices to
the SDB
Sales
Invoice
Sales
Daybook
D
Note that the same
flow-line principles apply to books as to documents. A vertical flowline
is
needed
which
ends
with
the
re-filing
of
the
sales
day
book
which
will
be
kept
chronologically.
65
Depicting multi-part
sets of documents
Rauf prepares
purchase order sets
Requisition
Note
Purchase
order
To supplier
N
Note that each part of
the set must have a flow-line emanating from it. In this
example; PO1 is sent to
the supplier, PO2 goes off to another department and PO3
is filed numerically
Preliminary Evaluation
of the System
Having ascertained,
confirmed and recorded the system, the auditor now needs to carry out a preliminary
evaluation of the system
in order to make a decision as to whether he will:
• Rely on internal
controls and adopt a systems audit approach, or,
• Perform extensive
substantive testing. Using a verification approach to the audit.
Internal Control
Questionnaire
Features:
• Used in large company
audit
• Used to place reliance
on internal controls
• Used to design audit
approach
Definition:
An ICQ is a formal
and usually standardized document which comprises:
1. A list of internal
controls in existence and
2. Highlights any
weaknesses.
Objectives:
(i) To ascertain a
clients systems of accounting and internal control
(ii) To evaluate the
control system thus recorded, and hence
(iii) To identify those
controls which indicate strengths in the system upon which the auditor
will seek to place
reliance, and
(iv) To identify those
areas over which there are weak or no controls and which therefore
must be subjected to
more extensive substantive testing and reported by inclusion in the
Management Letter.
Construction of an
ICQ
I) It is good practice
when designing ICQs to state, as a brief introduction:
i. A list of control
objectives
which each
sub-system under consideration should
seek to achieve
ii. Any business
considerations specific to the enterprise under review
which
should be taken into
account.
66
The reason for this is
essentially to highlight for the audit staff key areas for their consideration
to the audit
staff.
II) The questions in an
ICQ should be designed to ascertain whether the control objectives are being
achieved and should
therefore cover such aspects as:
a. Instructions given to
staff in the performance of their duties
b. Authorization
procedures
c. Documents and
procedures used to originate transactions
d. Recording procedures
e. Sequence of
procedures
f. Custody procedures
g. Relative independence
of the persons involved at each stage
of a transaction (i.e.
segregation of duties).
III) The questions
should be framed such that a Yes/No answer is given, with a No answer
usually
indicating a control
weakness.
IV) An ICQ should carry
such basic information as:
(a) The name of the
document (ICQ)
(b) the system to which
it relates (e.g. purchasing cycle)
(c) the client to whom
it relates
(d) the accounting period
under review
(e) evidence of who has
prepared and reviewed the document
(f) the provision of
columns for:
- Yes and No
answers
- comments where
neither Yes or No are applicable
- indicating the
significance or otherwise of apparent weaknesses
- references to
audit programs
- references to
Management Letters.
Lesson 19
INTERNAL CONTROL
QUESTIONNAIRE
Having ascertained,
confirmed and recorded the system, the auditor now needs to carry out a
preliminary
evaluation of the system
in order to make a decision as to whether he will:
• Rely on internal
controls and adopt a systems audit approach, or,
• Perform extensive
substantive testing. Using a verification approach to the audit.
Internal Control
Questionnaire
An ICQ is a formal
and usually standardized document which comprises:
3. A list of internal
controls in existence and
4. Highlights any
weaknesses.
Features:
• Used in large company
audit
• Used to place reliance
on internal controls
• Used to design audit
approach
Objectives:
(i) To ascertain a
clients systems of accounting and internal control
(ii) To evaluate the
control system thus recorded, and hence
(iii) To identify those
controls which indicate strengths in the system upon which the auditor
will seek to place reliance,
and
(iv) To identify those
areas over which there are weak or no controls and which therefore
must be subjected to
more extensive substantive testing and reported by inclusion in the
Management
Letter.
Construction of an ICQ
(I) It is good practice
when designing ICQs to state, as a brief introduction:
(a) a list of control
objectives
which each
sub-system under consideration should seek to achieve
(b) any business
considerations specific to the enterprise under review
which should be
taken into
account.
The reason for this is
essentially to highlight for the audit staff key areas for their consideration
to the audit
staff.
II) The questions in an
ICQ should be designed to ascertain whether the control objectives are being
achieved and should
therefore cover such aspects as:
(a) instructions given
to staff in the performance of their duties
(b) authorization
procedures
(c) documents and
procedures used to originate transactions
(d) recording
procedures
(e) sequence of
procedures
(f) custody
procedures
(g) relative
independence of the persons involved at each stage of a transaction (i.e.
segregation of
duties).
(III) The questions
should be framed such that a Yes/No answer is given, with a No answer usually
indicating a control weakness.
(IV) An ICQ should carry
such basic information as:
(a) the name of the
document (ICQ)
(b) the system to which
it relates (e.g. purchasing cycle)
(c) the client to whom
it relates
(d) the accounting
period under review
(e) evidence of who has prepared
and reviewed the document
(f) the provision of
columns for:
- Yes and No
answers
- comments where
neither Yes or No are applicable
- indicating the
significance or otherwise of apparent weaknesses
68
- references to
audit programs
- references to
Management Letters.
Example of part of an
ICQ
INTERNAL CONTROL
QUESTIONNAIRE
Prepared by:
________ Date: ________
CLIENT:
___________ PERIOD: _____
Reviewed
by:________ Date: ________
THE PURCHASING CYCLE
(a) Control objectives.
(b) Business
considerations.
(c) The
questionnaire
a) Control
objectives
To ensure
that:
(i) Purchased
goods/services are ordered under proper authorities and procedures
(ii) Purchased
goods/services are only ordered as necessary for the proper conduct of the
business
operations and are
ordered to suitable suppliers
(iii) Goods/services
received are effectively inspected for quality, quantity and condition
(iv) Invoices and
related documentation are properly checked and approved as being valid before
being entered as trade
payables
(v) All transactions
relating to trade payables are valid (suppliers invoices, credit notes
and
adjustments), and only
those valid transactions should be accurately recorded in the accounting
records.
b) Business considerations
Points
Effect on audit procedures and on financial statements
(i) Nature of the
company’s - Auditor must be aware of the
purchases.
Varying nature of goods purchased.
(ii) The existence of
a - As far as possible ordering should
purchasing
department. be centralized.
(iii) The
company’s - The fixing of minimum/maximum
purchasing policy.
Inventory and re-order levels should ensure efficient control. However,
buying in bulk, with
resulting higher inventory levels may be part of a
company policy to reduce
unit costs, in which case inventory
obsolescence and storage
cost problems may arise.
(iv) The selection of
suppliers. - The purchasing department should maintain a supplier’s
register to
record past purchases,
prices, and satisfaction received etc. The constant
seeking of alternative
sources of supply at keener prices is an indication of
efficient
management
69
(C) Questionnaire
Initiation and
authorization
• Are standard
(Purchase) order
forms (SOFs) issued showing
names of suppliers,
quantities
ordered and
prices?
• Are copies of SOFs
retained on
file?
• Who authorizes orders
and
what are their authority
limits?
• Are the persons in 3
above
independent of those who
issue
requisitions?
• Is a record kept, of
orders placed
but not executed? (If
yes, specify
type of record kept and
filing
sequence).
Custody
• Are goods from
suppliers
inspected on arrival as
to quantity
and quality?
• How is the receipt of
supplies
recorded (e.g. by Goods
Received
Notes)?
• Are these records
prepared by a
person independent of
those
responsible for:
- ordering functions?
-processing and
- recording?
Yes/ No Comments
References
Criticism on ICQs
• ICQs represent an
attempt at a formalized, systematic, approach to the audit of large
complex
organizations.
• It is however
increasingly apparent that such questionnaires can become too complex, lengthy
and
detailed for meaningful
evaluation of accounting systems.
• There is a danger that
ICQs can provoke too formalized an approach to an assignment; that will
be
concentrating as they do
on the controls themselves rather than upon the fraud or irregularity that the
controls
are designed to
prevent.
Internal Control
Evaluation Checklists
To overcome the above
discussed possible shortcomings, many auditing practices have amended their
approach to internal
control evaluation by the adoption of a different type of document, Internal
Control
Evaluation Checklists
(ICEC).
The ICEC is designed to
determine; whether desirable internal controls are present?, using key control
questions to ascertain
where specific frauds or errors are possible.
It is normally employed
where system’s information has already been recorded (usually in the form of
flowcharts).
Key questions are asked
in an ICEC, the answers to which prompt further supplementary
questions.
Reference is made to a
supporting flowchart which is the means of ascertaining the existing systems.
This
makes the ICEC document
shorter and less complex, but it may require more skill and judgment on the
part of the auditor to
interpret the completed form.
Note that virtually all
the rules applicable to the construction of an ICQ apply to the construction of
an
ICEC.
70
Example of ICEC
INTERNAL CONTROL
EVALUATION CHECKLIST
Prepared by:
________ Date: ________
CLIENT:
___________ PERIOD: _____
Reviewed
by:________ Date: ________
PURCHASES – PAYABLES –
PAYMENTS
(a) Control
objectives.
(b) Business
considerations.
(c) The checklist
a) Control Objectives
As per ICQ
b) Business
Consideration
As per ICQ
c) The Checklist
1 Purchases
Comments Reference
1.1 Can goods be
purchased without authority?
(a) purchase
requisitions and order approvals?
(b) limit of buyers
authority to order?
(c) purchasing segregated
from receiving,
accounts payable and
inventory records?
(d) un issued orders
safeguarded against loss?
1.2 Can liabilities be
incurred although goods
not received?
(a) receiving segregated
from purchasing,
accounts payable and
inventory records?
(b) are all goods passed
directly to stores?
(c) GRNs or equivalent
prepared independently?
(d) adequate comparison
with order, claims for
short shipment
etc?
(e) invoices, GRNs,
direct to accounts payable not
purchasing?
(f) invoices checked to
order and GRNs, prices
checked?
(g) check of extensions,
additions, discounts?
(h) documents cancelled
to prevent re-use?
(i) unmatched documents
investigated regularly?
(j) freight checked,
bills matched to
consignments?
(k) purchase returns and
allowances controlled -
follow-up?
(I) forward purchases
controlled?
1.3 Can cut-off errors
occur?
(a) time lapse from
receipt of goods to invoice processing?
(b) valuation of
unmatched GRNs?
(c) adequate control and
recording of receipts?
1.4 Can invoices be
wrongly allocated?
(a) nominal ledger
analysis?
(b) analysis
independently checked?
(c) staff purchases
controlled?
(d) independent and
regular review?
71
1.5 Can liabilities be
recorded for goods or services not ordered?
(a) goods received
without authority?
2 Payables
2.1 Can liabilities be
incurred but not recorded?
(a) payables balances
agreed periodically?
(b) suppliers statements
independently reconciled?
(c) invoice
register?
(d) forward
contracts?
(e) order backlog follow
up?
(f) debit balances
controlled?
3 Payments
3.1 Can payments be made
if not properly supported?
(a) discounts
taken?
(b) control over
invoices before validating complete?
(c) cheque signatories
independent of purchasing, receiving, accounts payable and cheque
preparation?
(d) signatories examine
support for payment,
check completeness,
cancel support?
(e) control over
signature plates or pre-signed
cheques?
(f) control where one
signature?
(g) frequency with which
cheques mailed?
(h) independent regular
bank reconciliation, with
cheques directly from
bank and review
reconciliation?
(i) cheques crossed
account payee only,
continuity accounted
for, control over unused
cheques?
(j) bank transfers
controlled - standing orders?
(k) issue of bearer or
cash’ cheques?
(I) advances and loans
controlled?
(m) bank transfer
payments, traders credits, direct
debits?
3.2 Can payments for
non-routine purchases be made if not authorized or properly
supported?
(a) services, expense
accounts, taxation payments
in advance, staff
purchases and goods on
consignment?
3.3 Can non-current
assets be acquired or removed without proper authorization and
recording?
(a) approved work orders
for non-current assets
and major repairs?
(b) approval of cost
over-runs?
(c) reporting of
scrapping or disposals?
(d) detailed non-current
asset register, regular
physical inspection and
review of values?
(e) periodic insurance
appraisals, adequate
coverage?
(f) control over loose
tools?
Limitations of the
effectiveness of Internal Control
It is possible to reduce
the volume of transaction testing required in conducting an audit if the
internal
controls are sound and
are operating effectively, but it is not likely that an auditor will be able to
rely on
internal controls
entirely. This is because all control systems have inherent limitations such
as:
a) The need to balance
the cost of the control with its benefits
72
b) The fact that
internal controls are applied to regular, recurring transactions, not one off
year
end adjustments or
unusual transactions, which are often large and subject to error.
c) The potential for
human error
d) The possibility of
fraudulent collusion (two or more persons operating together) to ‘get
round’
controls that segregate
duties. For example; the supervisor responsible for checking and
authorizing overtime
claims could collude with employees, to enable excess overtime payments
to be claimed.
e) The abuse of
authority and override of controls by senior managers or the owners of the
business. Abuse of
authority might involve ordering personal goods through the firm. It is very
easy for directors and
managers of organizations of any size to instruct staff to bypass normal
procedures such as the
requirement for authorization for payments.
f) The obsolescence of
controls which have not changed to reflect changes in the business
activities or
organization.
In practice, the
training of auditors always involves a warning never to rely on internal
controls entirely, no
matter how effective
they may appear to be. Hence some verification of transactions is always
carried out as
part of the auditor’s
work.
73
Lesson 20
AUDIT TESTS
Audit evidence through
Audit Procedures
The auditor needs to
generate sufficient appropriate audit evidence that will allow a conclusion to
be
reached based on this.
Audit evidence, is obtained from audit procedures performed during the course
of
audit, such as:
• Test of control
(compliance test)
• Test of details
(substantive test)
• Analytical procedures
(substantive test)
Audit Procedures based
on the understanding of Internal Control
Auditor’s understanding
of the control environment, determines the audit procedures.
A strong control
environment would provide more confidence about the effectiveness of internal
control
and the reliability of
audit evidence generated internally within the entity and thus, for example,
allows the
auditor to conduct some
audit procedures at an interim date rather than at period end.
If there are weaknesses
in the control environment, the auditor ordinarily conducts more audit
procedures
at period end rather
than at an interim date, seeks more extensive audit evidence from substantive
procedures, modifies the
nature of audit procedures to obtain more persuasive audit evidence, or
increases
the number of locations
to be included in the audit scope.
Appropriate Audit
Approach
The auditor’s
understanding of the internal control would enable him to select an appropriate
audit
approach. These audit
approaches may be as follows:
1. Apply tests of
control only for a particular assertion.
2. Apply substantive
procedures only for a particular assertion may be because auditor failed
to
identify any effective
controls relevant to assertion.
3. Combined approach
i.e. applying both tests of operating effectiveness of control’s and
substantive procedures
for the same assertion.
However, irrespective of
the approach selected, the auditor designs and performs substantive procedures
for each material class
of transactions, account balance and disclosures.
In the case of very
small entities, there may not be control activities and auditor may have to
apply only
substantive
procedures.
Considering the Nature,
Timing and Extent of Audit Procedures
Nature
The nature refers
to:
• the purpose i.e.
(tests of controls or substantive procedures) and
• their type, i.e.
inspections, observation, inquiry confirmation, recalculation,
re-performances
or analytical
procedures.
Timing
Timing refers to when
audit procedures are performed or the period or date to which the audit
evidence
applies.
Extent
Extent refers to sample
size or number of observations of a control activity (quantity of audit
evidence). It
depends on auditor’s
judgment after considering materiality, the assessed risk and the degree of
assurance
the auditor plans to
obtain.
Nature
The nature refers to the
purpose i.e. (tests of controls or substantive procedures) and their type, that
is,
inspections,
observation, inquiry confirmation, recalculation, re-performances or analytical
procedures.
Certain audit procedures
may be more appropriate for some assertions than others.
74
The types of procedures
to be performed and their combination would be affected by the auditor’s
assessment of the risk.
The higher the risk, the more reliable audit procedure would be required.
In determining the audit
procedures to be performed, auditor considers inherent and control risks
associated with the
particular account balance or class of transactions.
Auditor is required to
obtain audit evidence about the accuracy and completeness of information
produced
by the entity’s
information system when that information is used for performing audit
procedures.
Timing
Timing refers to when
audit procedures are performed or the period or date to which the audit
evidence
applies.
Tests of control and
substantive procedures may be performed either at an interim date or at period
end.
The higher the risk of
material misstatement, the more likely it is that the auditor may consider it
more
effective to perform
substantive procedures near to or at the period end rather than at an earlier
date or to
apply audit procedures
unannounced or at unpredictable times. On the other hand performing audit
procedures before the
period end may assist the auditor in identifying significant matters at early
stage of
the audit, which in turn
would help in resolving them or developing an effective audit strategy.
In considering when to
perform audit procedures, the auditor also considers such matters as the
following:
• The control
environment
• When relevant
information is available (for example, electronic files may subsequently
be
overwritten or
procedures to be observed may occur only at certain times).
• The nature of the risk
(for example, if there is a risk of inflated revenues to meet earnings
expectations by
subsequent creation of false sales agreements, the auditor may wish to examine
contracts available on
the date of the period end).
• The period or date to
which the audit evidence relates.
Certain audit procedures
can be performed only at the period end.
Examples are:
• Agreeing the financial
statements to the accounting records.
• Examining adjustments
made during the course of preparing the financial statements.
• To cover the risk of
overstatement the auditor ordinarily inspects transaction near the period
end.
Extent
Extent refers to sample
size or number of observations of a control activity (quantity of audit
evidence). It
depends on auditor’s
judgement after considering materiality, the assessed risk and the degree of
assurance
the auditor plans to
obtain. Extent of audit procedures is increased when the risk of material
misstatement
increases.
The use of
computer-assisted audit techniques (CAATs) may enable more extensive testing of
electronic
transaction and account
files. Such techniques can be used to select sample transaction from key
electronic
files, to sort
transactions with specific characteristics or to test an entire population
instead of a sample.
Valid conclusions may be
drawn using sampling approaches. However, in certain circumstances
examination of entire
population may be more appropriate to reach a valid conclusion about that
population.
Test of Control
The auditor is required
to perform tests of controls when the internal controls are operating
effectively or when
substantive procedures
alone do not provide sufficient appropriate audit evidence at the assertion
level.
Tests of controls
comprise of testing three things:
1. Design – that the
internal controls are properly designed to cover the risk it is meant for.
(examined through ICQs
and ICECs)
2. Implementation – that
the internal controls have been put into operation.(examined through a
walk through test with a
little sample)
3. Operating
effectiveness – that the systems of internal control were operating effectively
at
relevant times during
the period. ( examined through compliance tests based on a judgmental
sample)
75
Nature of Tests of
Controls
These are as
follows:
• Inquiry and
observation
(e.g. inquiry
about and observation of controls over opening of mail to
verify controls over
cash receipts).
• Re-performance
(e.g. preparation
of bank reconciliation statement);
• Inspection of
documentation
relevant to
performance of controls;
• Applying CAATs.
• Tests of controls and
tests of details may be applied simultaneously on the same transaction;
tests
of control see whether
e.g. invoice is approved and tests of details to detect material misstatement
in that invoice.
Timing of Tests of
Controls
These may be performed
at
1. a particular time
or
2. on the information
relating to the entire audit period.
– If performed at a
particular time, it would provide evidence of operating effectiveness of
controls at that
particular time. Such evidence may be sufficient for the auditor e.g.
observation of counting
of inventories.
– However, if auditor
wants to obtain evidence about the effective operation of controls
throughout the period
under audit, then tests of control’s should be applied on
transactions of the
entire period.
If auditor wants to rely
on controls tested in prior periods, he should make inquiry that there is no
change
in such controls. If
these controls have changed, these should be tested for operating effectiveness
first
before relying on these.
The auditor may not test
all the controls every audit if there is no change in them. However, such
controls
must be tested at least
every third audit.
Extent of tests of
controls
The auditor designs
tests of controls to obtain sufficient appropriate audit evidence that the
controls
operated effectively
throughout the period of reliance. Matters the auditor may consider in
determining the
extent of the tests of
controls include the following:
1. The frequency of the
performance of the control by the entity during the period.
2. The length of time
during the audit period that the auditor is relying on the operating
effectiveness
of the control.
3. The relevance and
reliability of the audit evidence to be obtained in supporting that the
control
prevents, or detects and
corrects, material misstatements.
4. The extent to which
the auditor plans to rely on the effectiveness of the control (and
thereby
reduce substantive
procedures based on the reliance on such control).
5. The expected
deviation from the control.
Substantive Procedures
Substantive procedures
are performed in order to detect material misstatements at the assertion level,
and
include tests of details
of classes of transactions, account balances and disclosures and substantive
analytical
procedures.
The auditor plans and
performs substantive procedures to be responsive to the related assessment of
the
risk of material
misstatement.
Irrespective of the
assessment of risk of material misstatement, the auditor should design and
perform
substantive procedures for
each material class of transactions, account balance, and disclosure.
The auditor’s
substantive procedures should include the following audit procedures related to
the financial
statement closing
process:
• Agreeing the financial
statements to the underlying accounting records; and
• Examining material
journal entries and other adjustments made during the course of preparing
the financial
statements.
76
When the auditor has
determined that an assessed risk of material misstatement at the assertion
level is a
significant risk, the
auditor should perform substantive procedures that are specifically responsive
to that
risk.
Nature of Substantive
Procedures
Substantive analytical
procedures are applied on large volume of transactions, which are predictable
over
time. Tests of details
are ordinarily more appropriate to obtain audit evidence regarding certain
assertions
about account balances,
including existence and valuation.
In designing substantive
analytical procedures, the auditor considers such matters as the
following:
• The suitability of
using substantive analytical procedures given the assertions.
• The reliability of the
data, whether internal or external from which the expectation of recorded
amounts or ratios is
developed.
• Whether the expectation
is sufficiently precise to identify a material misstatement at the
desired
level of assurance.
• The amount of any
difference in recorded amounts from expected values that is acceptable.
Timing of Substantive
Procedures
When substantive procedures
are performed at an interim date, the auditor should perform further
substantive procedures
or substantive procedures combined with tests of controls to cover the
remaining
period that provide a
reasonable basis for extending the audit conclusions from the interim date to
the
period end.
In considering whether
to perform substantive procedures at an interim date the auditor considers such
factors as the
following:
• The control
environment and other relevant controls.
• The availability of
information at a later date that is necessary for the auditor’s procedures.
• The objective of the
substantive procedure.
• The assessed risk of
material misstatement.
• The nature of the
class of transactions or account balance and related assertions.
• The ability of the
auditor to perform appropriate substantive procedures or substantive
procedures
combined with tests of
controls to cover the remaining period in order to reduce the risk that
misstatements that exist
at period end are not detected.
If substantive
procedures are performed at an interim date, the auditor may sometimes consider
applying
tests of controls also
on the transactions of remaining period while extending his substantive
procedures
from interim date to the
period end.
In situations of actual
or expected fraud, auditor may prefer applying substantive procedures at period
end.
If misstatements are
detected in classes of transactions or account balances at an interim date, the
auditor
ordinarily modifies the
related assessment of risk and the planned nature, timing or extent of the
substantive
procedures covering the
remaining period.
Substantive procedures
applied in a prior period are not sufficient to address a risk of material
misstatement
in the current year
except in certain circumstances.
Extent of performance of
substantive procedures
Greater the risk of
material misstatement due to weaknesses in the system of internal control, the
greater
would be the risk of
material misstatement in the financial statements.
In designing tests of
details, the auditor may use either audit sampling or may choose to select
items to be
tested by some other
selective means of testing.
Adequacy of Presentation
and Disclosure
The auditor should
perform audit procedures to evaluate whether the overall presentation of the
financial
statements, including
the related disclosures, are in accordance with the applicable financial
reporting
framework.
Post a Comment
Don't Forget To Join My FB Group VU Vicky
THANK YOU :)