Montgomery has define Auditing as a systematic and orderly check on the
book and records of a business or other organization in order to ascertain or verify and to report the facts regarding the financial operations and the result there of. Explanation of auditing: Introduction: Auditing is a review of the book of accounts carried out scientifically with the objective of forming an opinion and reporting to the stakeholders. There are two broad categories into which all audits can be classified , and within each of these categories there are several types of audit. Figure 2.1 gives a list of different types of audits under the two categories. Types of audit Category1:General audits Category2:Specific audits Independent audit Interim audit Internal audit Tax audit Government audit Cost audit VAT audit Management audit Proprietary audit Investigation Operation audit Secretarial audit Social audit Systems audit
Audits can also be classified on the basis of the timing of audits as: Continuous or perpetual audit Periodical /annual/ final audit Balance sheet audit Qualities of an Auditor: A part from the professional qualification required of an auditor by low , he must have certain personal qualities without which he may not be able to perform his duties satisfactorily. These are 1. Common sense: According to Spicer and Pegler the auditor should have a full share of that most valuable asset-common sense. The Satyam case demonstrates this aspect vividly, because application of common sense would have raised the question: why was the company sitting on such a huge pile cash year after year ? 2. Independence: An influenced or biased person cannot form an independent opinion. Thus a direct or indirect interest in the result of the company under his audit may prevent an auditor from functioning independently. 3. Honesty and integrity: An auditor is answerable to owners of a business who have no say in its management and so must have unimpeachable integrity. 4. Objectivity: An auditor should not allow subjective judgment to cloud his opinion, which should as far as possible be based on facts. 5. Communication: He should be able to communicate effectively ,both orally and in writing. Particularly in the matter of report writing , he should be able to convey his message clearly and unambiguously. 6. Tactfulness: He should be firm , yet diplomatic with his client and staff. Discovering the truth from a facts and figures requires a great deal to tact. Objectives of a good internal audit system Internal audit was conceived as precursor to the annual statutory audit and comprised of a document-level checking of accounting records to give comfort external auditors who did not have time for base-level vouching. The key objectives of a good internal audit system are: 1. Evaluation of accounting controls: Ensuring that the checks and balances in the accounting processes are effective and provide the required accounting controls. 2. Compliance with policies and procedures: Verifying compliance with the policies and procedures laid down for key activities and reporting acts of omission and commission. 3. Protection and optimal utilization of business assets: Ensuring physical availability and usefulness of fixed assets as per companys records, and checking utilization of major assets vis--vis plan. 4. Testing the reliability of Management Information System (MIS): Reviewing the management reporting structure and the utility of reports flowing out of the system. Internal audit is often considered a part of the finance function of the enterprise since the technical expertise required to do the audit function is available only with the Finance & Accounts professionals. While this is natural , it may be a short-sighted approach.
Points of dissimilarity: 1. Statutory status: External audit is usually mandated by law. But internal audit is not mandatory expect for companies to which companies (Auditors Report) Order,2003 applies. 2. Independence: The statutory auditor is independent of the organization which appoints him. But the internal auditor is an employee of the organization reporting to a Divisional or Functional Head (usually Finance) and so his freedom might be limited. 3. Scope: The scope of an external audit is well-defined by the statute that mandates the audit. A limited amount of interpretative changes may be possible, but mostly it is the beaten track. The scope of internal audit is determined by the management and may be expanded or restricted depending upon the peculiarities of the particular situation being audited. 4. For example, statutory audit must compulsorily comment on physical verification of inventories being done once year, close to the year end. But internal audit may choose continuous verification as the appropriate method of company. 5. Responsibility: The responsibility of external auditor is mainly towards the shareholders who have appointed him, and other external stakeholders of the company. 6. Powers: The external auditor has a statutory powers under the Companies Act and related statutes. The internal auditor is given his terms of reference and powers by the management. His power depend the requirement of the management. 7. Submission of reports: The external auditor submits his reports to the owner of the shareholders. The internal auditor submits his report to the management. 8. Periodicity: External audit is conducted periodically usually once year. Internal audit is done throughout the year on the basis of a time bound program. Role of Internal Auditor in the Companys Management: The internal auditor can play a significant role in enhancing the effectiveness of managerial processes in a company. The specific contributions that an internal auditor can make include. 1. Review of internal control systems: The internal auditor should review the internal control systems of the organization. He should determine whether the existing control systems are appropriate and commensurate with the objectives, size, etc. of the organization. 2. Review of safeguards for assets: The auditor should regularly review the adequacy of insurance covers for fixed assets and complete accounting of all transactions relating to fixed assets, etc. 3. Review of compliance with policies, plan, procedures and regulation: The internal auditor should include a regular checklist of compliances by different functions of laid down procedural requirements. When a non-observance is spotted, he should inquire and ascertain the reason for the deviation, and report the event together with the proposed solution. 4. Review of organization structure: A well-designed organization structure is the basic requirement for the smooth functioning of any organization. Organization structure defines the authorities and responsibilities of executives. Simplicity and lack of ambiguity. Clear definition of authority and responsibility at each level. Balance of power, to ensure there is no undue dominance of any function. Balance of responsibility, to ensure proper unity of command and span control. Effective communication of the organization chart to all concerned. 5 Review of deployment of resources: The internal auditor reviews utilization of resources deployed for the business men , machines, money, materials and management to identify deviations both by way of excessive use of resources and resources that are under-utilized. Duties of auditor under sec. 581ZG: Without prejudice to the provisional contained in sec 227, the internal auditor shall report on the following matters relating to the producer company , namely: The amount of due along with particulars of bad debits if any. The verification of cash balance and securities. The details of assets and liabilities. All transaction which appear to be contrary to the provision of this part. The loan gives by the producer company to the directors. The donations or subscription given by the producer company. Any other matters as may be considered necessary by the auditor.
Characteristics of an Effective Internal Control System: The effectiveness of the internal control system can be ensured if the following aspects of the companys operations are kept in mind and done properly. 1. How the organization structure is planned: For strong internal controls, the organization structure should have the following features: Freedom of operation at every level of the hierarchy, subject to over all company guideline and achievement of companys overall objectives. Clear demarcation between the performance of the activity and its recording, especially in matter involving money handling and fixed assets. 2. Authorization, records and control procedures: The authorization process for decisions and the records-keeping of activities resulting from decisions should have the following features: Clear knowledge of the approval system and recording procedures of every item of expenditure and income , by the concerned department and function. Up-to-date recording and accounting of monetary transactions and all activities related to fixed assets. Complete documentation of transactions with proper authentication. 3. Sound practices: An effective internal control system must build in safeguards, which are fully practiced .For example the work of one person should get checked automatically by another person in the transaction flow. 4. Quality of personnel: The competence of executives who implement the controls is a basic prerequisite of an effective internal control system. The competence has extend to all the persons in the chain. Elements of internal Control An entitys internal control system is much more than the entitys record- keeping procedure. 1. Control environment: Control environment is the basis of an internal control system. It includes and reflected the factors that influence the control consciousness of its people. SA400: Risk Assessment and Internal Control issued by the ICAI mention the following aspects the control environment. 2. Risk assessment: Assessing control risk is the process of evaluating the effectiveness of an entity accounting and internal control system in preventing or detecting material mistakes in financial statements. Change in the operating environment New personnel New Information Systems Rapid growth New technology New lines, products, or activities Corporate restructuring Foreign operations Changes in accounting method 3. Control activities: The following actions can help risks listed above: P- Performance reviews (review of actual against plan) I-Information processing (check of accuracy, completeness, authorization) P- Physical control (physical security) S- Segregation of duties 4. Information communication: The accounting system should record, process, summaries and report transaction and in order to maintain correctness of related assets and liabilities, it must identify and record all transaction at proper values and with least delay. 5. Monitoring and supervision: Monitoring and supervision involves continuously assessing the quality of internal control performance over time. General EDP control Organizational and operational controls: Relate to plan of the organization and operation of EDP activities Emphasis segregation of EDP department from source and user department and Also lays stress on segregation of functions within the EDP department. System development and documentation control: are designed to monitor, design, test and documents the system and programs constituting each application. Include Participation by user groups and accounting and internal auditing staff in system design. Joint system testing and approval by user department and EDP personnel and Documentation creation and maintenance. Hardware controls: Are built into computer equipment by the manufacturer to detect equipment failure. Some key hardware controls are echo check parity check, dual read and read after write. Access controls: To prevent unauthorized use of data files, programs and their support documentation and computer hardware, access must be limited to authorized individuals. Data and procedural controls: Aim at controlling daily computer operations, minimizing processing errors and assuring continuity of operations in the event of physical disaster or computer failure. Appraisal of Accounting System and Related Internal Control: Though the scope, objectives and approach to auditing do not change in a computerized environment, the extent of audit procedures and nature of audit program definitely get affected. Hence an auditor must have a clear understanding of the clients accounting system and related internal controls. An example is the practice of posting journals in the system without a supporting document or without hard copy of the entry duly authorized. Before under taking detailed audit , the auditor must satisfy himself about the input and output of the accounting system. He should remember the acronym GIGO meaning wrong input can give only wrong output. A review of the accounting system and internal controls may be comprehensive in a first time audit or in a complex system. The review in a recurring auditor for a relatively simple EDP system will require less time. Since computer applications can be more easily modified during design and development then after implementation, auditor should consider commencing the audit review during system development The auditor should review the accounting system to gain understanding of the overall control environment and flow of transaction. Such a review generally includes a survey of the organization, management, personnel and nature of transaction. The auditor should specially focus on EDP organization structure. Clear and adequate separation of duties within the EDP function is vital. EDP should be separate from user departments. EDP personnel should not initiate transactions. EDP function should include at least the following employees. Internal control system in insurance companies: Insurance companies pay special attention to internal control procedures with regard to receipts and payments, acceptance of policy covers, calculation of premiums, granting of loans, buying and selling of investments, payment of commission to agents, and expenses of management. Cash and cheques received are deposit in the account of the insurance company without delay Cash and cheque payment are made under proper authority and adequately documented Policy covers are accepted only the basis of proper evaluation of the circumstances involved as per set norms and exceptions are duly authorized. Premiums are calculated according to the degree of risk and conditions specified in the policy. Proper controls exist on the expenses of management. Clear reporting lines are drawn and implemented between the branch and the divisional office. Reporting Internal Control weaknesses The inadequacies and weaknesses in the internal control system are communicated by a latter commonly referred to as management letter points of inadequacies and weaknesses are noted first on a study of the control system itself. The management letter is in three sections: Executive summary Points to be addressed from the current internal control review and Points from previous reviews that have not been attended to. The format has 4 columns: Activity/ function Point to be addressed Response by concerned manager and Action to be taken as agreed The major points that have serious repercussions are normally presented in the Executive summary and help top management to focus on the big issues. It should be appreciated that issuing the management letter does not absolve the auditor from his duty to mention the shortcoming in the auditor report by way of qualification where the defects are material and their impact on the result significant. In the case of Re S.P Catter son & Ltd. (1937, 81 Act L.R 62) the auditor was acquitted of the charge of negligence for employees fraud in view of the fact that he had already informed the client about the unsatisfactory state of specific areas of accounts and had suggested improvements , which were not acted upon by the management.