Definition of auditing:

Montgomery has define Auditing as a systematic and orderly check on the

book and records of a business or other organization in order to ascertain
or verify and to report the facts regarding the financial operations and the
result there of.
Explanation of auditing:
Introduction: Auditing is a review of the book of accounts carried out
scientifically with the objective of forming an opinion and reporting to the
stakeholders.
There are two broad categories into which all audits can be classified , and
within each of these categories there are several types of audit. Figure 2.1
gives a list of different types of audits under the two categories.
Types of audit
Category1:General audits Category2:Specific
audits
Independent audit Interim audit
Internal audit Tax audit
Government audit Cost audit
VAT audit
Management audit
Proprietary audit
Investigation
Operation audit
Secretarial audit
Social audit
Systems audit



Audits can also be classified on the basis of the timing of audits as:
Continuous or perpetual audit
Periodical /annual/ final audit
Balance sheet audit
Qualities of an Auditor:
A part from the professional qualification required of an auditor by low , he
must have certain personal qualities without which he may not be able to
perform his duties satisfactorily. These are
1. Common sense: According to Spicer and Pegler the auditor
should have a full share of that most valuable asset-common sense.
The Satyam case demonstrates this aspect vividly, because
application of common sense would have raised the question: why
was the company sitting on such a huge pile cash year after year ?
2. Independence: An influenced or biased person cannot form an
independent opinion. Thus a direct or indirect interest in the result of
the company under his audit may prevent an auditor from
functioning independently.
3. Honesty and integrity: An auditor is answerable to owners of a
business who have no say in its management and so must have
unimpeachable integrity.
4. Objectivity: An auditor should not allow subjective judgment to
cloud his opinion, which should as far as possible be based on facts.
5. Communication: He should be able to communicate effectively
,both orally and in writing. Particularly in the matter of report writing
, he should be able to convey his message clearly and
unambiguously.
6. Tactfulness: He should be firm , yet diplomatic with his client and
staff. Discovering the truth from a facts and figures requires a great
deal to tact.
Objectives of a good internal audit system
Internal audit was conceived as precursor to the annual statutory audit and
comprised of a document-level checking of accounting records to give
comfort external auditors who did not have time for base-level vouching.
The key objectives of a good internal audit system are:
1. Evaluation of accounting controls: Ensuring that the checks
and balances in the accounting processes are effective and provide
the required accounting controls.
2. Compliance with policies and procedures: Verifying
compliance with the policies and procedures laid down for key
activities and reporting acts of omission and commission.
3. Protection and optimal utilization of business assets:
Ensuring physical availability and usefulness of fixed assets as per
companys records, and checking utilization of major assets vis--vis
plan.
4. Testing the reliability of Management Information
System (MIS): Reviewing the management reporting structure
and the utility of reports flowing out of the system.
Internal audit is often considered a part of the finance function of the
enterprise since the technical expertise required to do the audit
function is available only with the Finance & Accounts professionals.
While this is natural , it may be a short-sighted approach.

Points of dissimilarity:
1. Statutory status: External audit is usually mandated by
law. But internal audit is not mandatory expect for companies
to which companies (Auditors Report) Order,2003 applies.
2. Independence: The statutory auditor is independent of the
organization which appoints him. But the internal auditor is an
employee of the organization reporting to a Divisional or
Functional Head (usually Finance) and so his freedom might be
limited.
3. Scope: The scope of an external audit is well-defined by the
statute that mandates the audit. A limited amount of
interpretative changes may be possible, but mostly it is the
beaten track. The scope of internal audit is determined by the
management and may be expanded or restricted depending
upon the peculiarities of the particular situation being audited.
4. For example, statutory audit must compulsorily comment on
physical verification of inventories being done once year, close
to the year end. But internal audit may choose continuous
verification as the appropriate method of company.
5. Responsibility: The responsibility of external auditor is
mainly towards the shareholders who have appointed him, and
other external stakeholders of the company.
6. Powers: The external auditor has a statutory powers under
the Companies Act and related statutes. The internal auditor is
given his terms of reference and powers by the management.
His power depend the requirement of the management.
7. Submission of reports: The external auditor submits his
reports to the owner of the shareholders. The internal auditor
submits his report to the management.
8. Periodicity: External audit is conducted periodically
usually once year. Internal audit is done throughout the year
on the basis of a time bound program.
Role of Internal Auditor in the Companys
Management:
The internal auditor can play a significant role in enhancing the
effectiveness of managerial processes in a company.
The specific contributions that an internal auditor can make include.
1. Review of internal control systems: The internal auditor
should review the internal control systems of the organization. He
should determine whether the existing control systems are
appropriate and commensurate with the objectives, size, etc. of the
organization.
2. Review of safeguards for assets: The auditor should
regularly review the adequacy of insurance covers for fixed assets
and complete accounting of all transactions relating to fixed assets,
etc.
3. Review of compliance with policies, plan, procedures
and regulation: The internal auditor should include a regular
checklist of compliances by different functions of laid down
procedural requirements. When a non-observance is spotted, he
should inquire and ascertain the reason for the deviation, and report
the event together with the proposed solution.
4. Review of organization structure: A well-designed
organization structure is the basic requirement for the smooth
functioning of any organization. Organization structure defines the
authorities and responsibilities of executives.
Simplicity and lack of ambiguity.
Clear definition of authority and responsibility at each level.
Balance of power, to ensure there is no undue dominance of
any function.
Balance of responsibility, to ensure proper unity of command
and span control.
Effective communication of the organization chart to all
concerned.
5 Review of deployment of resources: The internal auditor
reviews utilization of resources deployed for the business men ,
machines, money, materials and management to identify deviations
both by way of excessive use of resources and resources that are
under-utilized.
Duties of auditor under sec. 581ZG:
Without prejudice to the provisional contained in sec 227, the internal
auditor shall report on the following matters relating to the producer
company , namely:
The amount of due along with particulars of bad debits if any.
The verification of cash balance and securities.
The details of assets and liabilities.
All transaction which appear to be contrary to the provision of this part.
The loan gives by the producer company to the directors.
The donations or subscription given by the producer company.
Any other matters as may be considered necessary by the auditor.

Characteristics of an Effective Internal Control
System:
The effectiveness of the internal control system can be ensured if the
following aspects of the companys operations are kept in mind and done
properly.
1. How the organization structure is planned: For strong
internal controls, the organization structure should have the
following features:
Freedom of operation at every level of the hierarchy, subject
to over all company guideline and achievement of companys
overall objectives.
Clear demarcation between the performance of the activity
and its recording, especially in matter involving money
handling and fixed assets.
2. Authorization, records and control procedures: The
authorization process for decisions and the records-keeping of
activities resulting from decisions should have the following features:
Clear knowledge of the approval system and recording
procedures of every item of expenditure and income , by the
concerned department and function.
Up-to-date recording and accounting of monetary transactions
and all activities related to fixed assets.
Complete documentation of transactions with proper
authentication.
3. Sound practices: An effective internal control system must build
in safeguards, which are fully practiced .For example the work of one
person should get checked automatically by another person in the
transaction flow.
4. Quality of personnel: The competence of executives who
implement the controls is a basic prerequisite of an effective internal
control system. The competence has extend to all the persons in the
chain.
Elements of internal Control
An entitys internal control system is much more than the entitys record-
keeping procedure.
1. Control environment: Control environment is the basis of an
internal control system. It includes and reflected the factors that
influence the control consciousness of its people. SA400: Risk
Assessment and Internal Control issued by the ICAI mention the
following aspects the control environment.
2. Risk assessment: Assessing control risk is the process of
evaluating the effectiveness of an entity accounting and internal
control system in preventing or detecting material mistakes in
financial statements.
Change in the operating environment
New personnel
New Information Systems
Rapid growth
New technology
New lines, products, or activities
Corporate restructuring
Foreign operations
Changes in accounting method
3. Control activities: The following actions can help risks listed
above:
P- Performance reviews (review of actual against plan)
I-Information processing (check of accuracy, completeness,
authorization)
P- Physical control (physical security)
S- Segregation of duties
4. Information communication: The accounting system should
record, process, summaries and report transaction and in order to
maintain correctness of related assets and liabilities, it must identify
and record all transaction at proper values and with least delay.
5. Monitoring and supervision: Monitoring and supervision
involves continuously assessing the quality of internal control
performance over time.
General EDP control
Organizational and operational controls:
Relate to plan of the organization and operation of EDP activities
Emphasis segregation of EDP department from source and user
department and
Also lays stress on segregation of functions within the EDP
department.
System development and documentation control:
are designed to monitor, design, test and documents the system and
programs constituting each application.
Include
Participation by user groups and accounting and internal auditing
staff in system design.
Joint system testing and approval by user department and EDP
personnel and
Documentation creation and maintenance.
Hardware controls:
Are built into computer equipment by the manufacturer to detect
equipment failure. Some key hardware controls are echo check parity
check, dual read and read after write.
Access controls:
To prevent unauthorized use of data files, programs and their support
documentation and computer hardware, access must be limited to
authorized individuals.
Data and procedural controls:
Aim at controlling daily computer operations, minimizing processing errors
and assuring continuity of operations in the event of physical disaster or
computer failure.
Appraisal of Accounting System and Related Internal
Control:
Though the scope, objectives and approach to auditing do not change in a
computerized environment, the extent of audit procedures and nature of
audit program definitely get affected. Hence an auditor must have a clear
understanding of the clients accounting system and related internal
controls.
An example is the practice of posting journals in the system without a
supporting document or without hard copy of the entry duly authorized.
Before under taking detailed audit , the auditor must satisfy himself about
the input and output of the accounting system. He should remember the
acronym GIGO meaning wrong input can give only wrong output.
A review of the accounting system and internal controls may be
comprehensive in a first time audit or in a complex system. The review in a
recurring auditor for a relatively simple EDP system will require less time.
Since computer applications can be more easily modified during design and
development then after implementation, auditor should consider
commencing the audit review during system development
The auditor should review the accounting system to gain understanding of
the overall control environment and flow of transaction. Such a review
generally includes a survey of the organization, management, personnel
and nature of transaction.
The auditor should specially focus on EDP organization structure.
Clear and adequate separation of duties within the EDP function is
vital.
EDP should be separate from user departments.
EDP personnel should not initiate transactions.
EDP function should include at least the following employees.
Internal control system in insurance companies:
Insurance companies pay special attention to internal control procedures
with regard to receipts and payments, acceptance of policy covers,
calculation of premiums, granting of loans, buying and selling of
investments, payment of commission to agents, and expenses of
management.
Cash and cheques received are deposit in the account of the
insurance company without delay
Cash and cheque payment are made under proper authority and
adequately documented
Policy covers are accepted only the basis of proper evaluation of the
circumstances involved as per set norms and exceptions are duly
authorized.
Premiums are calculated according to the degree of risk and
conditions specified in the policy.
Proper controls exist on the expenses of management.
Clear reporting lines are drawn and implemented between the
branch and the divisional office.
Reporting Internal Control weaknesses
The inadequacies and weaknesses in the internal control system are
communicated by a latter commonly referred to as management letter
points of inadequacies and weaknesses are noted first on a study of the
control system itself.
The management letter is in three sections:
Executive summary
Points to be addressed from the current internal control review and
Points from previous reviews that have not been attended to.
The format has 4 columns:
Activity/ function
Point to be addressed
Response by concerned manager and
Action to be taken as agreed
The major points that have serious repercussions are normally presented in
the Executive summary and help top management to focus on the big
issues.
It should be appreciated that issuing the management letter does not
absolve the auditor from his duty to mention the shortcoming in the
auditor report by way of qualification where the defects are material and
their impact on the result significant.
In the case of Re S.P Catter son & Ltd. (1937, 81 Act L.R 62) the auditor was
acquitted of the charge of negligence for employees fraud in view of the
fact that he had already informed the client about the unsatisfactory state
of specific areas of accounts and had suggested improvements , which were
not acted upon by the management.












1. R
e