Professional Documents
Culture Documents
Chapter-1
Nature of Auditing
AUDITING MEANING
The word Auditing has been derived from Latin word audire which means to
hear.
Audit is an independent examination of financial information of any entity whether
profit making or not irrespective of its size & legal structure, when such an audit is
conducted with a view to express an opinion thereon.
The audit is not confined to financial audit alone. It may be extended to other areas
also such as management audit, operational audit, internal audit and environmental
audit etc.
The audit is conducted for a stated purpose, for example, the financial audit may be
conducted to ascertain whether they present a true and fair view of the financial
position and the operating result of the enterprise.
Every audit has to be based on some evidence.
The audit findings have to be communicated to those who have appointed the auditor.
For example, in case of a company the audit report is made to the shareholders.
AUDITING FEATURES
1- Examination of books & statements
CA Clues
The entity may be profit oriented or a charitable one (For Example- Trust, Section 25
Companies)
6- Opinion
What Constitutes "true and fair", however, has not been defined in any legislation.
Section 211(5) of the Companies Act provides that the accounts of a company shall be
deemed as not disclosing a true and fair view, if they do not disclose any matters are
required to be disclosed by virtue of provisions of Schedule VI of that Act, virtue of a
notification or an order of the Central Government modifying the disclosure
requirements.
The concept of true and fair is a fundamental concept in auditing.
The phrase true and fair" in the auditor's report signifies his opinion as to whether the
state of affairs and the results are truly and fairly represented in the accounts under
audit.
It is a matter of an auditors judgment in the particular circumstances of a case. An
auditor has to see:
That the assets are neither undervalued nor overvalued,
3
CA Clues
INDEPENDENT AUDIT
[RTP, Nov 89, May 92, May 93, Nov 91, May 97, May 01, May 07, May 05, May 08, Nov
09,May 10, May 2012 5-8 Marks]
The need for auditor independence is provided in Standard on auditing.
The Companies Act, 1956 also contains specific provision to ensure auditors
independence.
As per The chartered Accountants Act, 1949 as amended by The Chartered Accountants
(Amendment) Act, 2006, independence of auditor is required.
Independence means that the judgment of a person is not subordinate to wishes of
another person.
It requires that he should not act under any influence.
If auditor maintains high degree of independence, credibility of financial statements is
enhanced.
Independent audit report will be accepted and respected by all the stakeholders.
Advantage of Independent Audit
It safeguards the financial interest of persons not associated with the management
like shareholders.
It acts as a moral check on the employees from committing fraud.
It is helpful in setting tax liability.
It ensures maintenance of adequate books and records, statutory registers etc.
Audited financial statements are the basis for determining amount receivable or
payable in certain circumstances.
The principal aspects to be covered in an audit concerning the final statements of accounts
are as follows
1) Accounting and Internal Control System
The auditor should obtain an understanding of the accounting and the internal control
system operating in the enterprise. Such an understanding will enable the auditor to
ascertain the degree to which reliance can be placed on the information obtained
during the audit.
4
CA Clues
The auditor should review the system from time to time to ascertain its adequacy and
comprehensiveness.
OBJECTIVE OF AUDIT
The objective of an audit may be classified into two categories
(a) Primary Objective and
(b) Secondary Objective.
Secondary Objective
CA Clues
CA Clues
As per nature
1. Self revealing errors- The existence of these errors becomes apparent during
compilation of accounts. A few illustrations of such errors are given hereunder,
showing how they become apparent
1
2
2. Non Self revealing error- The existence of these errors is not revealed
automatically by routine accounting procedures. These can be revealed by
detailed analysis and normal audit procedures. Example- Revenue expenditure is
charged as capital expenditure.
3. Unintentional errors- These are unintentional mistake. Example- Wages paid to
X; a casual laborer has not been recorded in the books of account.
4. Intentional errors- These are intentional mistakes / fraud. Example- Fictitious
purchases of Rs. 10,000 have been recorded by cashier to misappropriate cash.
5. Procedural errors- These are the errors in the implementation of procedures or
frauds. Example- Payment of a purchase invoice without sufficient purchase
documents.
CA Clues
CA Clues
7- Audit Evidence
Auditor should obtain sufficient and appropriate audit evidence by performing
compliance and substantive procedures.
Evidences enable the auditor to draw reasonable conclusion.
Compliance procedures mean the tests designed to obtain reasonable assurance that
internal controls have been properly designed & operating effectively throughout the
year.
Substantive Procedures are performed to obtain evidence as to the completeness,
accuracy and validity of data produced by the accounting system.
8- Internal controls
Internal control system ensures that the accounting system is adequate and that all the
accounting information has been duly recorded.
The auditor should understand the accounting system and related internal controls
adopted by the management.
He should study and evaluate internal controls system to determine the nature, timing
and extent of other audit procedures.
9- Audit conclusion and Reporting
The auditor should review and assess the conclusions drawn from the audit evidences
obtained through performance of procedures.
The audit report should contain clear written expression of opinion on the financial
statements.
His report is on whether:
The financial information has been prepared using acceptable accounting policies
which have been consistently applied;
The financial information complies with relevant regulation and statutory
requirements; and
There is adequate disclosure of all material matters.
The report should be as per legal requirement. When other than opinion is given, the
audit report should state the reasons thereof.
QUALITY OF AUDITOR
1. Integrity: Auditor should be honest, sincere and straightforward while performing his
professional duties.
2. Communication Skill: During the conduct of audit, he has to interact with various
officers and staff of organization & third parties, thus he requires good oral & written
communication abilities.
9
CA Clues
FUNCTION
BY WHOM
ACCOUNTING
Accounting is the art of
Recording,
Classifying
&
Summarizing
financial
information.
It records financial aspects of
entity
Any person having good
knowledge of accounting
[May 99]
AUDITING
It is independent Examination of
financial information of an entity
to express an opinion thereon
It reviews the accounting system
EXPERTISE
TIME OF
OCCURRENCE
Accounting expertise
AUDITING
10
INVESTIGATION
CA Clues
MEANING
It is Independent Examination
of Financial information of an
entity to Express an opinion
thereon
OBJECTIVE
To ascertain the truthfulness
and fairness of the state of
affairs.
NATURE OF
Conclusions are drawn on the
EXAMINATION basis of test checking of
accounts and records.
PERIOD
An audit covers a period of one Not necessarily restricted to a
UNDER
year.
financial year. It can extend for a
EXAMINATION
period consisting of a number of
years.
SCOPE
The scope of audit is very wide. However,
the
scope
of
In statutory audit the scope of investigation is limited as regards
audit is determined by the the activity or areas to be covered.
relevant law and in private
audit,
by
the letter
of
engagement.
CONDUCTED
A CA within the meaning of CA Any person, who need not
BY
Act 1949.
necessarily be a CA.
FINANCIAL
Generally
covers
financial Covers both financial and non
ASPECTS
aspects only
financial aspects.
NATURE OF
Audit is concerned only with But in an investigation, conclusive
EVIDENCE
prima facie evidence which is evidence is required.
sufficient and appropriate
SUBMISSION
The audit report is submitted to The investigation report is to be
OF
the owners of the business.
submitted to person (s) on whose
REPORT
behalf it is being conducted.
CA Clues
The evidences obtained by the auditor are persuasive rather than conclusive and they
cannot ensure the auditor in a certain way.
Because of these factors, the auditor can only express an opinion and absolute
certainty in auditing is rarely attainable.
There is also likelihood that some material misstatements of the financial information
resulting from fraud or error, if either exists, may not be detected.
3. Test checking
Auditor uses sampling during performance of audit.
It is not possible for him to conduct detailed checking due to time constraints.
As he does not check each & every item, it's impossible for him to detect all fraud &
errors.
4. Inherent limitations of internal controls
Internal controls suffer from limitation such as collusion among employees or wrong
use of authority by management etc.
It is clearly evident that there always is some risk of an internal control system failing
to operate as designed.
If internal controls are weak, auditor may not be in a position to obtain assurance.
12
CA Clues
CA Clues
The discipline of behavioural science is closely linked with the subject of auditing.
While it may be said that the financial auditor deals basically with the figures
contained in the financial statements but he shall be required to interact with a lot of
people in the organisation.
The knowledge of human behaviour is indeed very essential for an auditor so as to
effectively discharge his duties.
14
CA Clues
CA Clues
16
CA Clues
Chapter-2
Basic Concepts in Auditing
CONCEPT OF MATERIALITY
[Nov 86, Nov 96, May 2007, Nov 2007-4 Marks, Nov 2009-6 Marks, May 2013]
According to AS-1 Material items are those items, the knowledge of which might
influence decisions of the user of financial statements.
SA 320 is applicable on Materiality in Planning and Performing an Audit. It deals
with the auditors responsibility to apply the concept of materiality in planning and
performing an audit of financial statement.
Materiality is therefore, an important and relevant consideration for an auditor who
has constantly to judge whether a particular item or transaction is material or not.
The auditors determination of materiality is a matter of professional judgement.
Judgement of materiality is affected by circumstances and size of the business.
Both the amount and nature i.e. quantity and quality should be considered
Material is a relative term and what may be material in one case may not be material in
another. Even insignificant items in terms of quality may also be material in special
circumstances. For example:- In a company having turnover of Rs. 50 Lakhs p.a. and
profit of Rs. 2 lakhs p.a. The damages paid of Rs. 1 lakhs may be material and may
require separate disclosure because of quantity (size). However, the same information
may not be material for a company having turnover Rs. 100 corers p.a. and profit of Rs.
12 Crore p.a. Here the materiality has been judged by its amount with reference to size
of the company. However , in case of a company having the turnover of Rs. 100 Crore
p.a. and profit of Rs. 10-12 Crore p.a. the violation of law even of small amount may be
material , like- if company pays the remuneration to its managerial person in excess of
section 198 of the Companies Act, 1956. Even excess managerial remuneration, in this
case may be Rs. 50,000, will be material because of non-compliance of law.
Performance Materiality: It means the amount or amounts set by the auditor at less
than materiality for the financial statements as a whole to reduce to an appropriately
low level the probability that the aggregate of uncorrected and undetected misstatement
exceeds materiality for the financial statements as a whole.
There is an inverse relationship between materiality and audit risk.
Materiality decided earlier may be revised during the performance of the audit.
Materiality should be considered by the auditor when:
Planning the audit (When establishing over audit strategy as per SA-300)
Evaluating the effect of misstatement. (Regarding any revision in materiality which
was considered at the time of planning while evaluating the effect of misstatement as
per SA-450)
Auditor should document the following:
Material level considered for financial statement as a whole
Performance material considered
Any revision made in material level considered earlier.
17
CA Clues
The information, which may be oral or written obtained by the auditor for the purpose
of audit, is known as audit evidence.
Auditor needs evidences to obtain information for arriving at his judgement.
Audit evidence is necessary to support the auditors opinion and report.
Audit evidence includes both information contained in the accounting records
underlying the financial statements and other information
The auditor should obtain sufficient & appropriate audit evidence through the
performance of compliance and substantive procedures to enable him to draw
reasonable conclusion there from on which to base his opinion on the financial
information.
Sufficiency refers to the quantum of audit evidence obtained.
Appropriateness refers the relevance and reliability of the evidence.
Followings are the factors to determine the sufficient and appropriate
[RTP, May 90, May 07, May 09, Nov 2010-6 Marks]
The factors that influence the Auditors judgement as what is sufficient and appropriate
audit evidence area) The materiality of the item.
b) Type of information available.
c) Experience gained during previous audit.
d) Trends indicated by accounting ratios and analysis.
e) The degree of risk of misstatement
b) Oral evidence- These are the evidences having no physical existence. ExampleDiscussion with management
18
CA Clues
CA Clues
CA Clues
[Nov 2007, May 2008-6 Marks, June 2009-10 Marks, May 2013-4 Marks]
a) Assertion about classes of transactions and events for the period under audit:
i. Occurrence- Transactions and events that have been recorded have occurred
and pertain to the entity
ii. Completeness- All the transactions and events that should have been recorded
have been recorded.
iii. Accuracy- Amounts and other data relating to recorded transactions and events
have been recorded appropriately
iv. Classification- Transaction and events have been recorded in the proper
accounts
b) Assertions about account balances at the period end:
i. Existence- Assets, liabilities and equity interest exist
ii. Rights and obligations- The entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
iii. Completeness- All assets, liabilities and equity interest that should have been
recorded have been recorded.
iv. Valuation- Assets, liabilities and equity interest are included in the financial
statement at appropriate amounts.
c) Assertions about presentation and disclosure
i. Classification- Financial information is appropriately presented and described,
and disclosures are clearly expressed.
ii. Accuracy and valuation- Financial and other information are disclosed fairly
and at appropriate amounts.
iii. Completeness-All disclosures that should have been included in the financial
statements have been included.
CA Clues
Inspection
consists
of
examining
records,
documents
or
tangible
assets.
CA Clues
External Confirmation-
It means audit evidence obtained as a direct written response to the auditor from
a third party (the confirming party) in paper/ electronic/ other form. Auditor
should carefully plan & control external confirmation
Generally external confirmation is used for the following:
Bank balances
Accounts receivables balances
Account payable balances
Property title deed held by third party
Loan from lenders
While selecting items for confirmation the auditor should consider the materiality
of account balances.
Procedure of external confirmation
Selection (To whom confirmation letter is to be sent)
23
CA Clues
Positive Form In positive form external party always responds whether they agree with auditors
understanding or not.
If auditor does not receive any reply, he may send an additional confirmation
request.
If still request is not replied then he has to do additional procedure alternate
procedure.
If alternate procedures do not provide sufficient evidence, he should determine its
effect on audit report (Qualify/Disclaimer)
Positive form is more reliable than negative form.
Negative Form
In negative form external party responds only when they disagree with auditor
understanding.
This form is generally used when risk of misstatement is low because internal
controls are effective and low exception rate is expected.
These are less reliable than positive form
Evaluation
If response indicating disagreement of third party, the auditor shall investigate
exception to determine whether these are indicative of misstatement by performing
additional audit procedures.
In case of positive form confirmation request there is no response by third party the
auditor should perform alternative procedures.
If management request auditor not to seek external confirmation, auditor should ask
management for written presentation. Auditor should consider whether there are valid
ground for the same. If there are valid grounds then he may accept the management
request and adopt alternative procedure. If there are not valid grounds then he may not
accept the management request as it is a limitation on scope of his work.
4-Computation
24
CA Clues
CA Clues
When information to be used as audit evidence has been prepared using the work of a
managements expert, the auditor shall to the extent necessary, having regard to the
significance of that experts work for the auditors purpose
a) Evaluate the competence, capabilities and objectivity of that expert.
b) Obtain an understanding of the work of that expert
c) Evaluate the appropriateness of that experts work as audit evidence for the
relevant assertion.
When information to be used as audit evidence has been produced by the entity the
auditor should
a) Obtain audit evidence about the accuracy and completeness of the information
b) Evaluate whether the information is sufficiently precise and detailed for the
auditors purpose.
26
CA Clues
27
CA Clues
Chapter-3
Preparation for an Audit
AUDITORS ENGAGEMENT
The conduct of the members of ICAI is governed by set of rules. One of these rules
forbids CA to solicit the client. Client must themselves find their auditors. It is
important for both the auditors and the client that they should be clear about nature of
engagement.
Letter of Engagement refers to the letter written by the auditor to his client
documenting and confirming his acceptance to the appointment, the objective, scope
and extent of his responsibilities to his client. The auditor should send an engagement
letter, preferably before the commencement of the engagement, to help avoid any
misunderstanding with respect to the engagement.
In case of recurring audit, the auditor may decide not to send a new engagement letter
each period. However, the auditor shall send a new engagement letter each year in the
following situations:
Any indication that the client misunderstands the objective and scope of the audit.
Any revised and special terms of engagement.
Any recent change in BoD or senior Management.
A change in legal or regularity requirement.
Any change in the business of the client that is significant.
Any change in reporting requirement.
If the auditor is of the opinion that change in terms of engagement is reasonable, he
must issue the audit report according to the changed terms. However if the auditor is of
the opinion that change in terms of engagement is unreasonable and is not allowed by
the client to original engagement, he should withdraw and communicate the reason of
withdrawal to the BoD or the shareholders.
QUALITY CONTROL FOR AUDIT WORK AT FIRM LEVEL [5 Marks, Nov 2007]
SA 220 on Quality Control For Audit Work requires that the audit firm should
implement quality control policies and procedures to ensure that audits are conducted
in accordance with SA. The requirements are:-
28
CA Clues
4) Delegation: Direction, supervision and review of work at all level to meet standard
of quality.
5) Consultation: Consultation within or outside the firm with experts wherever
necessary.
6) Acceptance and relation of clients: Evaluation of prospective clients and review of
existing to accept or retain a client based on firms independence and ability to serve.
7) Monitoring: Adequacy and operational effectiveness of quality control policies to be
continuously monitored.
Audit Process
Audit process refers to the sequence of activities performed in the formulation of
audit opinion on the financial statement.
It is a well defined methodology for organizing an audit and is adopted to
accomplish audit objectives.
Audit process can be viewed as a four step exercise
Step-1 Planning (SA-300)
Step-2 Performing procedures: Following 2 types of procedures are performed:
Risk Assessment Procedure (As per SA 315)
Further audit procedures (As per SA 330)
Step-3 Obtaining audit evidence on the basis of procedures performed.
Step-4 Concluding and Reporting (SA 700, 705, 706)
29
CA Clues
Audit planning refers to planning by the auditor to enable him to conduct an effective
audit in an efficient and timely manner and includes planning about area, scope, depth
of transaction to be audited, time to be devoted, person to be deployed for audit etc.
The engagement partner and other key members of the engagement team shall be
involved in planning the audit.
Planning Activity
There are 2 types of planning activities
1. The auditor shall establish an overall audit strategy to determine the Scope, Timing
and Direction of the audit. It may be establish by followings:
i. Identify the characteristic of the engagement that define its scope.
ii. Ascertain the reporting objective of engagement
iii. Consider the factors that are significant in determining the engagements teams
efforts.
iv. Consider the result of the preliminary engagement activity
v. Ascertain the Nature, Timing and Extent of procedures proposed to be performed
2. The auditor shall develop an audit plan that:
i. The nature, timing and extent of planned risk assessment procedures as
determined under SA-315 Identifying and Assessing the Risk of Material
Misstatement Through Understanding the Entity and its Related Environment
30
CA Clues
ii.
Initial audit engagement: In case of first audit, the auditor should follow the
following activities before the above preliminary activities:
Communicating with the predecessor auditor
Knowledge of clients business.
CA Clues
AUDIT TECHNIQUES
For collection and accumulation of audit evidence, certain methods and means are
available and these are known as audit techniques. Some of the techniques commonly
adopted by the auditors are the following:
1. Posting checking
2. Casting checking
32
CA Clues
AUDIT PROGRAMME
[May 88, Nov 92, Nov 2006, Nov 2008, Nov 2013]
[May 81, May 88, May 91, Nov 06, Nov 07]
A written audit programme provides the assistants with a clear set of instructions
about the work to be done by them.
Selection of assistants for the jobs on the basis of capability becomes easier when the
work is properly planned and segregated.
The principal can control the progress of the various audits in hand by examination of
audit programmes.
A properly drawn audit programme serves as evidence in the event of any charge of
negligence brought against the auditors.
It serves as a guide for carrying out the current audit and as a basis for drawing the
future audit programme.
[May 81, May 91, Nov 06, May 07, May 2012]
A hard and fast audit programme may kill the initiative of efficient and enterprising
assistants.
An audit programme can make the audit exercise rigid and mechanical.
Inefficient assistants may take shelter behind the program saying that the matter does
not contain any instruction.
33
CA Clues
AUDIT NOTEBOOK
[Nov 2001]
An audit notebook is a bound book containing the audit programme, significant audit
observations, objections, queries etc.
It is a part of permanent record of the auditor, available for reference later on, if
required.
Some of the important content recorded in the audit notebook are as follows:
Name of the business and its structure
List of books of accounts maintained by the enterprise
Errors and fraud discovered
List of missing vouchers and receipts
Matters to be specified in audit report
Date of commencement and completion of audit
Audit Program
The audit note-book has great evidentiary value in case of any charge of negligence is
brought against the auditor by the client.
Specimen of entries in an Audit Note Book to indicate the manner in which entries in
those books ought to be made:
Voucher No.
38
107
306
42
89
Account
Advertisement
Rent
Das & Co.
Machinery
Stores
Amount (Rs.)
1,600
1,500
3,474
1,49,160
7,403
Query
MD sanction required
Rent, bill & Receipt required
Receipt required
Boards sanction required
Invoice required
How disposed of
Sanction obtained
Receipt & bill obtained
Party reminded
Sanction obtained
Party reminded
CA Clues
Type of engagement
Nature of clients business
Degree of reliance on internal control
Sources of information
Conclusion reached
Supervision and review of work performed by assistant
35
CA Clues
Working papers should be designed and properly organised to meet the circumstances
of each audit.
Audit documentation serves a number of purpose including: [Nov 2013]
Assessing the engagement team to plan and perform audit
Enabling the engagement team to be accountable for its work
To enable the engagement partner for direction, supervision and review the work
performed by engagement team members.
For quality control review.
For future reference in case of recurring audit
External inspection. (Peer Review)
The extent of documentation is a matter of professional judgement. It is neither
necessary nor practical that every observation etc. pertaining to an audit is documented.
However the working paper should be sufficiently complete and detailed for an auditor
to obtain an overall understanding of an audit.
Auditor is the owner of working papers relating to audit.
An auditor should retain the working paper for a period of time sufficient to meet the
requirement of practice. As per the ICAI auditor should retain the paper for 7 years.
The auditor shall assemble the final audit file within 60 days after the date of auditors
report and after the assembly of the final audit file, the auditor shall not delete or
discard audit documentation of any nature before the end of its retention period of 7
years. If it is necessary to add new documentation after compilation the auditor will
document the specific reason for making them and when and by whom they were made
and reviewed.
Permanent Audit File: Permanent audit files are those which are of continuing
importance and will be required in future audits. It only needs to be updated from time to
time. A permanent audit file normally includes the following: (May 90, Nov 90, Nov 92,
May 97, Nov 97, Nov 05, Nov 07)
Current Audit File: Current audit files contain the information relating to audit of single
period. It includes the following:
[Nov 90, Nov 07, Nov 2012]
Correspondence relating to acceptance of annual reappointment
Audit programme
Letters of representations and confirmation from clients
Copies of communication with experts or other auditors
36
CA Clues
The term test check stands for the method of auditing where instead of a complete
examination of all the transactions recorded in the book of account only some of the
transactions are selected and verified.
Test checking is an accepted auditing procedure where in only a part of it is checked
to form an opinion instead of checking all transactions.
Audit sampling means the application of audit procedures to less than 100% of items
within a population
Population means the entire set of data from which a sample is selected.
Sampling risk means the risk that auditors conclusion based on a sample may be
different from the conclusion if the entire population were subjected to the same audit
procedure.
Non Sampling Risk means the risk that the auditor reaches an erroneous conclusion for
any reason not related to Sampling Risk. For example use of inappropriate audit
procedures, misinterpretation of audit evidences etc.
There may be two types of sampling risk:
Type-1 That controls are more effective than they actually are and no material
misstatement exist
Type-2 That controls are less effective than they actually are and material
misstatement exist.
The auditor shall evaluate the result of sample and whether the use of audit sampling
has provided a reasonable basis for conclusion about the population that has been
tested.
Precautions to be taken in Adopting Test Checking Techniques
a) The transaction of the concern should be classified under appropriate heads and
may be stratified if wide variations are there between transactions of same kind.
b) Internal control relating to transaction should be reviewed.
c) Examination in depth should be done
d) Auditor should identify the item not suitable for test checking.
e) The number of transaction to be selected for each test check plan should be
predetermined.
37
CA Clues
a)
b)
c)
d)
Judgemental Sampling:
Under this method, the sample size and its composition are determined on the basis
of the personal experience and knowledge of the auditor.
This method has been in common application for many years because of its
simplicity in operation.
For example, March, June and September may be selected in year one and different
months would be selected in the next year.
An attempt would be made to avoid establishing a pattern of selection year after year
to maintain an element of surprise as to what the auditor is going to check.
It is a common practice to check large number of items towards the close of the year
so that the adequacy of cut-off procedures can also be determined.
In judgement sampling the auditors opinion determine the sample size but it cannot
be measured how far the sample size would fulfil the audit objective.
Statistical Sampling:
Statistical sampling is a method of audit testing which is more scientific than testing
based entirely on the auditors own judgement because it involves use of
mathematical laws of probability in determining the appropriate sample size.
Statistical sampling has reasonably wide application where a population to be tested
consists of a large number of similar items.
Advantages of statistical sampling are:
a) It is more scientific.
b) No personal bias
38
CA Clues
[May 2012]
Under this method each unit of the whole population e.g. purchase or sales invoices
has an equal chance of being selected.
The mechanics of selection of items may be choosing numbers from table of random
numbers by computer or picking up numbers randomly drum.
It is considered that random number tables are simple and easy to use and also
provide assurance that the bias does not affect selection.
Stratified sampling
This method involves dividing the whole population to be tested in a few separate
groups called stratum and taking a sample from each of them.
Each stratum is treated as if it were a separate population.
The number of groups into which the whole population has to be divided is
determined on the basis of auditor judgement.
For example debtor balance may be divided into four groups as follows:
Balance in excess of Rs. 1,00,000
Balance in the range of Rs. 75,000 to Rs. 1,00,000
Balance in the range of Rs. 25,000 to Rs. 75,000
Balance below Rs. 25,000
39
CA Clues
Block Sampling
This method involves the selection of a defined block of consecutive items.
For example take the first 200 sales invoices from the sales day book in the month of
September; alternatively take any four blocks of 50 sales invoices.
Selection of month may be on random basis.
There is a close similarity between this method and judgemental sampling .
Cluster Sampling
This method involves dividing the population into groups of items known as
clusters.
A number of clusters are randomly selected from all the clusters rather than
individual items of the population.
E.g. 600 invoices are divided into 15 clusters having 40 invoices each, then selecting
6th, 8th, and 13th cluster.
SURPRISE CHECK
Surprise check refers to the out of routine check that is carried out in the normal course
of audit.
Such checks are the important part of the audit procedures.
The auditor in the circumstances of each audit may determine frequency of such checks.
These checks preferably should be at least once during of the audit.
40
CA Clues
Surprise checks are mainly intended to ascertain whether the system of internal control
is operating effectively.
Surprise check may be with respect to the
[4 Marks, May 2008]
Verification of cash and investments.
Test verification of stores & stocks and records relating thereto
Verification of books of prime entry and statutory registers.
The result of surprise check should be communicated to the management if they reveal
any weakness in the system of internal control or any fraud or error or deficiency in the
maintenance of records. The auditor should satisfy himself that an adequate action has
been taken on the matter communicated by him to the management.
It is not necessary in all cases for the result of surprise check to be included in the auditor
report. They however should be included if in the opinion of the auditor they are material
effect and affect the true & fair view of financial statement.
EXAMINATION IN DEPTH
[Nov 94, Nov 95, Nov 97, May 2000, Nov 2007, May 09, Nov 2012 4 Marks, Nov
2013]
It implies examination of a few selected transactions from the beginning to the end
through the entire flow of transaction
It involves studying the recording of transaction at the various stages through which
they have passed.
At each stage, relevant records and authorities are examined, it also judged whether the
person who has exercised the authority in relation to the transaction is authorised to do
so in terms of the prescribed procedure.
Examination in depth of the transaction relating to the payment of a creditor for goods
supplied would involve verification of the following:
Purchase requisition
Invitations of the quotations and analysis of the same
Official purchase order
Receipts of goods along with delivery challan
Taking goods to store room after verification of quality and quantity
Entry into store records
Receipts of the suppliers invoices
Entries into purchase day book
Posting to purchase ledger and purchase ledger control account
Payment of cheque in settlement after discount, if any
Entries in cash book, ledgers.
AUDIT RISK
Audit risk means that the auditor may give an inappropriate audit opinion when the
financial statements are materially misstated.
41
CA Clues
Audit risk is a function of the risk of material misstatement (Inherent risk & Control
risk) and detection risk.
Audit risk has three components:
Inherent Risk
Control Risk-
[Nov 2005]
Control risk means the risk that a material misstatement could occur but would not be
prevented or quickly detected by the organisations control.
The preliminary assessment of control risk is the process of evaluating the likely
effectiveness of an entitys internal control systems in preventing or detecting and
correcting material misstatements.
Such risk can only be assessed and not reduced
Detection Risk
Detection risk means the risk that the auditor will fail to detect a material misstatement
in the financial information.
Detection risk relates directly to the effectiveness of audit procedures.
It is the risk relating to substantive procedure due to sample & test checking.
Auditor can increase or decrease it by changing nature, timing and extent of audit.
In the case where inherent and control risk are very low, the auditor should perform
some substantive procedures.
42
CA Clues
CA Clues
False Test checks refers to an audit procedure wherein only a part is checked to form an
opinion instead of checking all the transactions.
12) Audit procedures and audit techniques are not one and same thing.
True Audit procedures are two Compliance procedures and Substantive procedures. To
apply these procedure auditor uses some specific methods known as audit techniques.
13) Auditing in depth implies that the auditor vouches almost all transaction in a
manner that the chances of not checking any transaction are left at minimum.
False Auditing in depth does not mean the 100% vouching. It is checking selected
transaction from beginning to end to understand the entire system within which the
transaction passes through.
14) While auditing the accounts of a company, it is obligatory that the auditor must
adopt sampling technique.
False It is not obligatory that the auditor must adopt sampling technique while auditing
the accounts of a company.
15) The auditee firm has no right to compel the auditor to provide copies of the
working papers.
True Working papers are the property of the auditors so auditee has no right to compel
the auditor to provide copies of the working paper.
16) Analytical procedures are unable to help the auditor in determining the nature,
timing and extent of other procedures at the planning stage.
False- SA 520 Analytical Procedure puts forward that application of analytical
procedures helps the auditor to find the aspects of the business of which he was
unaware and it will also assist him in determining the nature, timing and extent of audit
procedures.
44
CA Clues
Chapter-4
INTERNAL CONTROL
INTERNAL CONTROL
Internal control is the process designed, implemented and maintained by TCWG &
management to provide reasonable assurance about the achievement of entitys
objectives with regard to
1. Carry on the business in an orderly manner,
2. Safeguard of the assets
3. Secure as far as possible the accuracy and reliability of its record
4. Prevention and detection of fraud and error
Component of Internal Control
1. Information system
2. Control environment
3. Risk assessment procedure of the entity
4. Activity related to control
5. Monitoring of control
The internal control also includes the system of internal check and internal audit.
The management is responsible for maintaining an adequate accounting system
incorporating various internal controls to the extent appropriate to the size and nature
of the business.
The system installed should be reviewed by the management to ascertain whether the
prescribed management policies are being properly interpreted by the employees and
are faithfully implemented.
Followings are the aims of internal control so far as financial and accounting aspects are
concerned [Nov 2003]
Providing the flow of work through various stages.
Segregation of accounting and custodian function.
Securing proper documentation at each stage.
Safeguard of the assets
Making the work simpler
Lowering the chances of occurrence of errors and frauds.
Minimising loss and wastage
Preparation of periodical accounting and financial report.
Encouraging employees to do willingly with best of this ability and knowledge
Discouraging employees from non- compliance with the prescribed procedures.
CA Clues
Benefit expected from a control may not commensurate with cost of implementation.
The potential for human error such as due to careless, misunderstanding of
instructions.
Possibility that a person responsible could misuse the authority.
Manipulations by the management in the preparation of financial statement.
Most internal controls do not tend to be directed at transactions of unusual nature.
Possibility that procedures may become inadequate due to change in conditions.
To facilitate the accumulation of the information necessary for the proper view and
evaluation the auditor should use any one of the following:
1) Narrative Record: This is a complete and exhaustive description of the system as
found in operation by the auditors. It is suitable where:
- No formal control system is in operation.
- The size of the business is small.
2) Check list:
A checklist is a series of instructions and questions which the auditor should
follow and answer.
The complete check list is studied by the principal/ manager/ senior to ascertain
the existence of internal control and evaluate its implementation and efficiency.
Answer to checklist is usually in form of Yes, No or Not Applicable
ExampleAre tenders invited before placing order- Yes/ No.
Are the purchases made on the basis of a written order?
Is the purchase order form standardised?
Are purchase order forms pre-numbered?
3) Questionnaire[May 2007, Nov 2010, May 2013]
Internal control questionnaire is a set of questions designed to provide a thorough
view of the state of internal control in an organisation.
This is most widely used for collecting information about the existence, operation
of internal control in an organisation.
The auditor may prepare a standard questionnaire to be used with suitable
modification in the case of all audit engagements or he may prepare a fresh one
for each audit engagement.
The questionnaire is usually issued to the client and client is requested to get it
filled by the concerned executives and employees.
The questions should be so designed that an answer can be provided by mere
ticking of the word YES or NO or NOT APPLICABLE. Usually questions
are framed in such a way that NO shows the weakness.
Example- Do you keep invoice pre numbered? Yes/No
46
CA Clues
INTERNAL AUDIT
CA Clues
INTERNAL CHECK
[May 2001, May 2006- 8 Marks, Nov 2006-6 Marks, May 2012-8 Marks]
It is type of control which focuses on drafting of procedures.
Internal check means the arrangement of duties of staff in such a manner that the work
of one person is automatically checked by another during the course of carrying out,
recording and processing of transaction.
The accounting of transactions has a number of processes such as posting to the
concerned books of accounts, recording receipts and payments of cash etc. These
processes are entrusted to various numbers of staff. Thus in an internal check
practically a continuous internal audit is carried on by the staff itself.
Internal check is valuable part of internal control.
Internal check is procedure oriented.
General consideration in framing a system of internal check:
[RTP, Nov 89, May 09, Nov 06, May 2012]
No single person should have an independent control over any important aspects of
the business.
The duties of the staff members should be changed from time to time without any
previous notice.
Every member of the staff should be encouraged to go on leave at least once in a
year. Frauds successfully concealed by the employees are unearthed when they are
on leave.
Persons having physical custody of the assets must not be permitted to have access
to the books of accounts.
Mechanical devices such as automatic cash counting machine may be employed.
Budgetary System should be implemented.
Internal Check
Internal check means the arrangement of
duties of staff in such a manner that the
work of one person is automatically checked
by another during the course of carrying out,
recording and processing of transactions
Objective is to minimize and detect errors
and frauds.
It is an integral part of the regular operations
Internal Audit
Internal Audit is an audit conducted on
behalf of the management of an enterprise
with the objective of assisting the
management to discharge its responsibility
effectively.
Main objective is evaluating the effectiveness
of organizational control.
Internal audit is carried out by staff specially
assigned for it
48
CA Clues
CA Clues
The overall objective and scope of an audit does not change in a CIS environment.
The use of a computer changes the processing and storage of financial information and
may affect the organization and procedure employed by the entity to achieve adequate
internal control.
CIS environment affect the procedures followed by the auditor to obtain audit
evidences.
The auditor should have an understanding of computer hardware, software and
processing system. Specialised skills and competence may be required to:
Determine the effect of CIS environment on the assessment of overall audit risk.
Design and perform appropriate compliance procedures and substantive
procedures.
Evaluate the result of procedures performed.
When the auditor delegates work to assistance or uses work performed by other
auditor or expert, the auditor should have sufficient knowledge of CIS to:
Direct, supervise and review the work of assistants with CIS skills.
Obtain a reasonable assurance that the work performed by other or expert with CIS
skills is adequate for his purpose.
The auditor should gather information about CIS environment that is relevant to audit
plan, including the information: [May 2013-4 Marks]
1) How the CIS function is organized.
2) The computer hardware and software used by the entity
3) Each significant application processed by the computer
4) Nature of processing (Batch, Online real time)
CA Clues
General CIS Controls The purpose of general CIS controls is to provide a reasonable level
of assurance that the overall objectives of internal control are achieved. It includes:
a) Organization and Management Controls: These are designed to establish an
organisational framework over CIS activities including
Policies and procedures relating to control functions
Appropriate segregate of incompatible functions
b) Application System Development and Maintenance Controls: These are designed to
provide reasonable assurance that system are developed and maintained in an
authorised and efficient manner. These are designed to control over
Changes to application system
Access to system documentation
Acquisition of application system from third parties
Testing, implementation and documentation of new or revised system.
c) Computer Operation Controls: These are designed to control the operation of the
system and to provide reasonable assurance that
Only authorized programs are used (Password control, personal identification No.)
Processing errors are detected and corrected
System are used for authorized purpose by authorized personnel
d) System Software Controls: These are designed to provide a reasonable assurance that
system software is acquired or developed in authorized and efficient manner, including:
Restriction of access to authorised personnel only
Authorization, approval, testing, implementation and documentation of new
system software and modifications.
e) Data Entry and Program Controls: These are designed to provide reasonable assurance
that
Access to data and programs is restricted to authorised personnel
An authorization structure is established over transactions being entered in to the
system.
There are other CIS safeguards that contribute to the continuity of CIS processing. These
may include:
Off site back up of data and computer programs
Provision of offsite processing in the event of disaster.
Recovery procedures for use in the event of theft, loss, destruction etc.
51
CA Clues
CIS Application Controls: The purpose of CIS application control procedure over the
accounting application in order to provide reasonable assurance that all transactions are
authorised and recorded and are processed completely, accurately and on a timely basis.
a) Control over Input: These controls provide reasonable assurance that
Transaction are properly authorised before being processed by the computer.
The system should devise controls to check that data input are accurate
Transactions are not lost, duplicated or improperly changed
Incorrect transactions are rejected or submitted after correction.
b) Controls Over Processing and computer data files: These are designed to provide
reasonable assurance that
Processing errors are identified and corrected on a timely basis
Transactions are not lost, added or improperly changed
Transactions are properly processed by the computers
c) Control over Output: These provide assurance that
Results of processing are accurate
Access to output is restricted to authorized personnel
Output is provided to appropriate authorised personnel on a timely basis.
AUDIT TRAIL
An audit trail refers to a situation where it is possible to relate, the original input with
the final output (i.e. on an one to one basis)
In other words, audit trail means a link between few records or a path for audit
Example- Approval of a transaction, its documentation, entry in a book of original
entry, posting to ledger, ledger account balancing, trial balance, classification and
summarisation of balances and presentation of in a financial statement.
Hence for each transaction there is an audit trail.
When there is significant visible audit trail, the work of auditor is not affected and he
not changes his approach to audit.
In CIS environment there is absence of audit trail due to factors such as
Direct data entry into the system
Direct posting of transactions to master file
Elimination of reports as information is supplied on-line
The auditor may use special technique to overcome the loss or changes in audit trail.
Some measure to overcome the loss of audit trail may include
Programmed Interrogation Facilities
Arranging for special printouts containing additional information
52
CA Clues
The auditor determines his audit procedures without taking into account the fact of
use of computer for processing of information.
In the Black box approach, the auditor concentrate on input and output and ignores the
procedure of how computer process the data or transactions.
The auditor carries out the audit more or less in the same manner as in manual system
except that instead of handwritten books of account, he examines computer printouts.
The auditor can usually audit around the computer when either of following situation
applies to application system existing in the installation
The system is simple.
The system uses generalised software that is well-tested and widely used by many
institutions.
The primary advantage of this approach is simplicity. Auditor having little technical
knowledge of computer can be trained easily to perform the audit.
The disadvantage of this system is that it is not beneficial for complex system and this
system follows the pattern of historical audit.
53
CA Clues
The auditor evaluates the internal controls relating to CIS and on the basis of this
evaluation, determines the nature, timing and extent of his substantive procedures.
Situation where it must be used (May 2007)
The computer processes a large volume of input and resultantly produces a large
volume of output.
The significant parts of the internal control system are embodied in the computer
system itself.
The logic of the system is complex.
The auditor takes the computer as a target of audit
The auditor can used the computer to test
The logic and controls existing within the system
The records produced by the system
The primary advantage of this approach is the auditor has increased power to
effectively test a computer system.
The primary disadvantage of this approach is it need for extensive technical expertise.
CAATs are those techniques which undertake assistance of computer for being applied
to an audit in a computerised environment.
The use of CAATs may be useful because of following reasons:
Internal Storage
Disappearance of Audit trail
Absence of input documents
Lack of visible output
CAATs can be used for both compliance procedures and substantive procedures
Benefit of CAAT
1) Time Saving: Auditor can check voluminous data in less time by using CAAT, so
there is a much time saving.
2) Audit effectiveness: The effectiveness and efficiency of auditing procedure will be
improved through the use of CAAT.
3) Effective test checking and examination in depth: CAAT permits effective
examination in depth of selected transactions.
CAAT's are very effective in performing ARP because the software can easily trace
unusual fluctuations and hard copy can be generated for auditor's ready reference.
54
CA Clues
When planning the audit, the auditor may consider an appropriate combination of
manual and computer assisted audit techniques.
Followings are CAATs :
Test Data: The auditor enters a set of data in to entitys system and compares the
result with predetermined results. These test data are chosen by the auditor.
Audit programme: This implies that a processing run is undertaken using a tested
programme under the control of the auditor.
55
CA Clues
CA Clues
False Under this approach, the auditor determines his audit procedure without
considering the fact of use of computers for processing of information. The auditor
carries out the audit work more or less in the same manner as in manual system. Thus,
he does not require computer expertise.
12) Auditing through the computer is required under many situations.
True It is required due to online data entry, Real time file updation, Reduction of
printouts.
13) Audit software is the property of client.
False- It is a set of computer programs used by the auditor as part of his auditing
procedures to process data of audit significance from the entity accounting system.
Thus it is the property of auditor.
14) Performing audit in CIS environment is always simpler than in manual
environment since trial balance always tallies.
False- While auditing in CIS environment, auditor has to face many hurdles like loss of
audit trail, unauthorised amendments to clients data and program. Moreover, here
auditor requires technical expertise also. Thus it is not simple to audit in CIS
environment even if trial balance tallies.
57