Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Audit Definition
04-28-2009, 12:21 AM
Post: #1
Audit Definition
<font color="blue"></font id="blue"><font size="6"></font id="size6"><font face="Arial"></font id="Arial">Definitions

1. Audit Risk. Audit Risk means that an auditor gives an inappropriate audit opinion when the financial statements are materially misstated. Audit risk has three components inherent risk, control risk and detective risk.

a) Inherent Risk. Is the susceptibility of an account balance or class of transactions to misstatements that could be material, individually or when aggregated with misstatements in other account balances or classes, assuming there are no related internal controls.
b) Control Risk. Is the risk that a misstatement that could occur in an account balance or class of transactions and that could be material individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems.
c) Detection Risk. Is the risk that an auditor’s substantive procedures will no detect a misstatement that exists in an account balance or class of transactions that could be material, individually or when aggregated with other balances and classes.

2. Accounting System. Means the series of tasks and records of any entity by which transactions are processed as a mean of maintaining financial records. Such system identifies, assemble, analyze, calculate, classify, record, summarize and report transactions and events.

3. Internal Control System. Means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management’s objective of insuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the records and timely preparation of reliable financial information. The internal control system extends beyond those matters which relate directly to the functions of accounting system and comprises of two components a) the control environment and b) control procedures.

a) Control Environment. Means the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance in the entity. The control environment has an effect on the effectiveness of the specific control procedures. A strong control environment, for example, one with the tight budgetary control and an effective internal audit function, can significantly complement specific control procedures. However, a strong control environment does not, by itself, insure the effectiveness of internal control system. Factors reflected in the control environment include
#61656; The function of the board of directors and its committees.
#61656; Management’s philosophy and operating style.
#61656; The entity’s organizational structure and methods of assigning authority and responsibility.
#61656; Management’s control system including the internal audit function, personnel policies and procedures and segregation of duties.

b) Control Procedures. Means those policies and procedures in addition to the control environment which management has established to achieve the entity’s specific objectives. Specific control objectives include
#61656; Reporting, reviewing and approving reconciliation.
#61656; Checking the arithmetical accuracy of records.
#61656; Controlling applications and environment of computer information systems, e.g., by establishing controls over
• Changes to computer programs.
• Access to data files.
#61656; Maintaining and reviewing control accounts and trial balances.
#61656; Approving and controlling of documents.
#61656; Comparing internal data with external sources of information.
#61656; Comparing the results of cash, security and inventory counts with accounting records.
#61656; Limiting direct physical access to assets and records.
#61656; Comparing and analyzing the financial results with budgeted amounts.

In the audit of financial statements, we are only concerned with those policies and procedures with in the accounting and internal control systems that are relevant to the financial statement assertions. The under standing of relevant aspects of the accounting and internal control systems, together with inherent and control risk assessments will help the auditors to
a) Identify the type of potential material misstatement that could occur in the financial statements;
b) Consider factors that affect the risk of material misstatement; and
c) Design appropriate audit procedures to minimize risk to an acceptable level.

Therefore, while developing the audit approach, we should consider the preliminary assessment of control risk (in conjunction with the assessment of inherent risk) to determine the appropriate detection risk to accept for the financial statement assertions. Based on such assessment, we should decide on the timing, nature and extent of the substantive procedures for the financial statement assertion.

Inherent Risk

For developing the overall audit plan, we should assess inherent risk at the financial statement level. For developing audit programs, we should relate such assessment to material account balances and class of transactions at the assertion level, or assume that the inherent risk is high.

The assessment of inherent risk requires the use of professional judgment considering the following factors

At the financial statement level

#61656; The integrity of management.
#61656; Management experience, knowledge and changes in management during the period, for example, the inexperience of management may affect the accuracy and reliability of the financial statement prepared by such management.
#61656; Unusual pressure on management, for example, circumstances that might predispose management to misstate the financial statements, such as the industry experiencing large number of business failures or any entity that lacks sufficient capital to continue operation.
#61656; The nature of entity’s business, for example, the potential for technological obsolescence of its products and services, the complexity of its capital structure, the significance of related parties and the number of locations and geographical spread of its production facilities.
#61656; Factors affecting the industry in which the entity operates for example, economic and competitive conditions as identified by the financial trends and ratios, and changes in technology, consumer demand and accounting practices common to industry.

At the account balance and class of transaction level

#61656; Financial statement accounts likely to be susceptible to misstatement, for example, accounts which required adjustments in the prior period or which involve a high degree of estimation.
#61656; The complexity of underlying transactions and other events, which might require using work of an expert.
#61656; The degree of judgment involved.
#61656; Susceptibility of assets to loss or misappropriation, for example, assets which are highly desirable and movable such as, cash.
#61656; The completion of unusual and complex transactions, particularly at or near the period end.
#61656; Transactions not subject to ordinary processing.

Following are the objectives of internal control which relate to the accounting system

1. Transactions are executed in accordance with the management’s general and specific authorization.

2. All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of reliable financial statements in accordance with acceptable accounting policies.

3. Access to assets and records is permitted only in accordance with management’s authorization.

4. Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken regarding any difference.


We are required by AS-6 to obtain an appropriate understanding of the accounting and internal controls system to enable us to design our substantive audit procedures aimed at minimizing the detection risk to an acceptable level.

The process of understanding involves obtaining knowledge of the design of the accounting and internal control systems, and there operation. We usually perform a “Walk-through” test that is, tracing a few transactions through the accounting systems, for understanding the accounting and internal control systems.

Previous periods audit experience, review of the previous years files containing documentation of the accounting and internal control systems also enhances our understanding of such systems.

The procedures, which may be used for obtaining such understanding includes
#61656; Inquiries of appropriate management, supervisory and other personnel at various organizational levels within an entity, together with reference to documentation, such as procedures manuals, job description and flow chart.
#61656; Inspection of records and reports produce by the accounting and internal control system; and
#61656; Observation of the entity’s activities and operations, including observation of the organization of computer organization, management personnel and the nature of transaction processing.

We are required to obtain a level of understanding of the accounting system that is sufficient to identification and understanding of
#61656; Major classes of transactions in the entity’s operation;
#61656; How such transactions are initiated;
#61656; Significant accounting records, supporting documents and accounts in the financial statements and
#61656; The accounting and financial reporting process from the initiation of significant transactions and events to their inclusion in the financial statements

In respect of control environment, we are required to obtain an understanding sufficient to assess directors’ and management attitude, awareness and actions regarding internal controls and their importance to the entity. This understanding will enable us to determine the appropriateness of relying on controls for a portion of our overall audit assurance.


After obtaining an understanding of the accounting and internal control systems, the auditor is required to make preliminary assessment of control risk, at the assertion level, for each material account balance or class of transactions.

The control risk for some or all assertion is assessed at a high level when
#61656; The entity’s accounting and internal control systems are not effective; or
#61656; Evaluating the effectiveness of the entity’s accounting and internal control system would not be efficient.

The preliminary assessment of control risk for a financial statement assertion should be high unless the auditor
#61656; Is able to identify internal controls relevant to the assertion which are likely to prevent or detect and correct a material statement; and
#61656; Plans to perform tests of control to support the assessment.

We should document
#61656; Our understanding of the accounting and internal control system; and
#61656; When the control risk is assessed as less than high, the basis for the conclusion.

Different techniques may be used to document information relating to accounting and internal control systems, such as narrative descriptions, questionnaires, check lists and flow charts.

Internal control questionnaire may also be used for the purpose of such documentation.

Testing of Controls

We are required to obtain evidence through tests of control to support any assessment of control risk which is less than high. The lower the assessment of control risk, higher will be the reliance on such controls, the more support will be required to ensure that such accounting and internal controls are suitably designed and operating effectively.

Objective of the tests of controls is to obtain evidence about the effectiveness of
#61656; The design of the accounting and internal control systems, that is, whether they are suitably designed to prevent or detect and correct material misstatements; and
#61656; Operation of the internal controls through out the period under audit.

Tests of control may include
#61656; Inspection of documents supporting transactions and other events to gain audit evidence that internal controls have operated properly, for example, verifying that a transaction has been authorized.
#61656; Inquiries about, and observation of, internal controls which have no audit trail, for example, determining who actually performs each function and not merely who is supposed to perform it.
#61656; Re-performance of internal controls, for example, reconciliation of bank accounts to ensure that they were correctly performed by the entity.

Based on the results of the tests of controls, we should evaluate whether the internal controls are designed and operating as contemplated in the preliminary assessment of control risk. If the results of test of controls highlight deviation, the preliminary assessment of control risk may need to be revised. In such cases, there will be a need to modify the timing, nature and extent of planned substantive procedures.

Before the conclusion of the audit, based on the results of substantive procedures and other audit evidence obtained, we should consider whether the assessment of control risk is confirmed.

Relationship between the assessment of Inherent and Control Risks

Management often reacts to inherent risks situation be designing accounting and internal control systems to prevent or detect and correct misstatements and therefore, in many cases, inherent risk and control risk are highly interrelated. In such situations, if the auditor attempts to assess the inherent and control risks separately, there is a possibility of inappropriate risk assessment. As a result audit risk may be more appropriately determined in such situation by making a combined assessment.


The level of detection risk relates to the substantive procedures. Our assessment of control risk, together with the inherent risk assessment, will influence the nature, timing and extent of substantive procedures to be performed to reduce the detection risk, and therefore audit risk, to and acceptably low level. However, some detection risk would always be present, even of an auditor were to examine 100% of the account balance or class of transaction because, for example, most audit evidence is persuasive rather then conclusive.

We should consider the assessed levels of inherent and control risks in determining the timing, nature and extent of substantive procedures required reducing audit risk to an acceptably low level. In this regard, we should consider
#61656; The nature of substantive procedures, for example, using tests directed toward independent parties outside the entity rather than the tests directed toward parties or documentation within the entity, or using tests of details for particular audit objective in addition to the analytical procedures;
#61656; The timing of substantive procedures, for example, performing them at period end rather than at an earlier date; and
#61656; The extent of substantive procedures, for example, using a larger sample size.

There is inverse relationship between detection risk and the combined level of inherent and control risks. For example, when inherent and control risks are high, acceptable detection risk needs to be low to reduce the audit risk to an acceptably low level. On the other hand, when inherent and control risks are low, we can accept higher detection risk and still reduce audit risk to an acceptably low level.

The assessed levels of inherent and control risks cannot be sufficiently low to eliminate the need for us to perform any substantive procedures. Regardless of the assessed levels of inherent and control risks, there would invariably be a need to perform some substantive procedures for material account balances and class of transactions.

The higher the assessment of inherent and control risk, the more audit evidence would be required to be obtained from the performance of substantive procedures. When both inherent and control risks are assessed as high, we need to consider whether substantive procedures can provide sufficient appropriate audit evidence to reduce detection risk, and therefore audit risk, to an acceptably low level. When it is determined that detection risk regarding a financial statement assertion for a material account balance or class of transactions can not be reduced to acceptably low level, we should express a qualified opinion or a disclaimer of opinion.


The control environment is the control consciousness of an organization it is the atmosphere in which people conduct there activities and carry out their control responsibilities. An effective control environment is an environment where competent people understand their responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way; they are committed to following an organization’s policies and procedures and it is ethical and behavioral standards. The control environment encompasses technical competence and ethical commitment; it is an intangible factor that is essential to effective internal control.
The board of directors and management enhance an organization’s control environment when they establish and effectively communicate written policies and procedures, a code of ethics, and standard of conduct. Moreover, the board and management enhance the control environment when they behave in an ethical manner creating a positive “tone at the top” and when they require that same standard of conduct from everyone in the organization.

Management is responsible for “setting the tone” for their organization. Management should foster a control environment that encourages

#61656; The highest level of integrity and personal and professional standards,
#61656; A leadership philosophy and operating style which promote internal control through the organization, and,
#61656; An assignment of authority and responsibility.

Control Environment Tips
Effective human resource policies and procedures enhance an organization’s control environment. Theses policies and procedures should address hiring, orientation, training, evaluations, counseling, promotion, compensation, and disciplinary actions. In the events that employees does not comply with an organization’s policies and procedures or behavioral standards, an organization must take appropriate disciplinary action to maintain an effective control environment. The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable.
Listed below are some tips to enhance an entity’s control environment. This list is not all-inclusive, nor will every item apply to every department; it can, however, serve as a starting point.
#61656; Make sure that the following policies and procedures are available (hard copy or Internet access)
a) Administrative Procedures
b) Employee Handbook
c) Purchasing Manual
d) Personnel Memorandum
#61656; Make sure that the entity has well-written departmental policies and procedures which addresses its significant activities and unique issues. Employee responsibilities, limits to authority, performance standards, control procedures and reporting relationships should be clear.
#61656; Make sure that employees are well acquainted with the organization’s policies and procedures that pertain to their job responsibilities.
#61656; Discuss ethical issues with employees. If employees need additional guidance, issue departmental standards of conduct.
#61656; Ask employees to disclose potential conflicts of interest, for example, ownership interest in companies doing business or proposing to do business with the department.
#61656; Make sure that job description exist and correctly translate desired competence levels into requisite knowledge, skills and experience; make sure that hiring practices result in hiring qualified individuals.
#61656; Make sure that the entity has an adequate training program for employees.
#61656; Make sure that employee performance evaluations are performed periodically. Good performances should be valued highly and recognized in a positive manner.
#61656; Make sure that appropriate disciplinary action is taken when an employee does not comply with policies and procedures or behavioral standards.

Control Procedures
Control procedures mean the policies and procedures in addition to the control environment, which the management has established to achieve the entity’s specific control objectives.
Control procedures are actions supported by policies and procedures that, when carried out properly in a timely manner to manage or reduce risk. The effectiveness of control procedures improved considerably, when there is strong control environment, a formal system of identification, assessment and management of major risks, an appropriate system of information and communication (vertical and horizontal) and an effective system of monitoring by management.

The responsibility for establishing adequate controls to meet the requirements of the business and the objectives of the internal control outlined above is that of the board of directors and management. Their responsibility includes identifying the financial and compliance risk for their operations, and designing, implementing and monitoring their internal control system.

Preventive & Detective controls.
Control can be either preventive or detective. The intent of these controls is different. Preventive controls attempt to deter or prevent undesirable events from occurring. They are proactive controls that help to prevent a loss. Examples of preventive controls are separation of duties, proper authorization, adequate documentation, and physical control over assets.

Detective controls, on other hand, attempt to detect undesirable acts. They provide evidence that a loss has occurred but do not prevent a loss from occurring. Examples of detective controls are review, analysis, variance analysis, reconciliation, physical inventories, and audits.

Both types of controls are essential to an effective internal control system. From a quality standpoint, preventive controls are essential because they are proactive and emphasize quality. However, detective controls play critical role providing evidence that the preventive controls are functioning and preventing losses.

Control activities include approvals, authorizations, verifications, reconciliation’s, reviews of performance, security of assets, segregation of duties and control over information systems.

Approvals, Authorizations and Verifications (Preventive)
Management authorizes employees to perform certain activities and to execute certain transaction with in limited parameters. In addition, management specifies those activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies that he or she has verified and validated that the activity or transaction conforms to establish policies and procedures.

Reconciliation (Detective)
An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary.

Reviews of Performance (Detective)
Management compares information about current performance to budget, forecasts, prior periods, competitors, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual condition that required follow up.

Security of Assets (Preventive and Detective)
Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compare to amounts shown on control records.

Segregation of Duties (Preventive)
Duties are segregated among different people to reduce the risk of error or inappropriate action. Normally, responsibilities for authorizing transactions, recording transactions (Accounting) and handling the related assets (Custody) are divided.

Control Over Information Systems (Preventive & Detective)
Controls over information systems are grouped in to two broad categories- general controls and applications control. General controls commonly include controls over data center operations, system software acquisitions and maintenance, access security, and application system development and maintenance. Application controls such, as computer matching and edit checks are programmed steps within application software they are designed to help insure the completeness and accuracy of transaction processing, authorization and validity. General controls are needed to support the functioning of application controls both are needed to ensure complete and accurate information processing.

Control procedure must be implemented thoughtfully, conscientiously, and consistently; a procedure will not be useful if performed mechanically with out a sharp continuing focus on conditions to which the policy is directed. Further, it is essential that unusual conditions identified as a result of performing control procedures are investigated and appropriate corrective action to be taken.

Control Procedures-Approvals (Preventive)
#61656; Written policies and procedures
#61656; Limits to authority
#61656; Supporting documents
#61656; Question unusual items
#61656; No “rubber stamps”
#61656; No Blank signed forms

An important control procedure is authorized/approval. Authorization is the delegation of authority; it may general or specific. Giving a department permission to expend funds from an approved budget is an example of general authorization. Specific authorization relates to individual transaction; it requires the signature of electronic approval of a transaction by a person with approval authority. Approval of a transaction means that the approver has reviewed the supporting documentations and is satisfied that the transaction is appropriate, accurate and complies with applicable laws, regulations, policies and procedures. Approvers should review supporting documentation, question unusual items, and make sure that necessary information is present to justify the transaction before they sign it. Signing blank forms should not be done.

Approval authority may be linked specific rupee levels. Transaction that exceeds the specified amount would require approval at higher levels. Under no circumstance should an approver tell some one that they could sign the approver’s name on behalf of the approver. Similarly, under no circumstance should an approver with electronic approval authority share his password with another person. To ensure proper segregations of duties, the person initiating a transaction should not be the person who approves the transaction. A department’s approval levels should be specified in departmental policies and procedures manuals.

Control Procedures-Reconciliation (Detective)
#61656; Reconciliation is comparison of different sets of data to one another, identifying and investigating differences and taking corrective actions, when necessary.
#61656; For example, vouching charges in the statements of accounts to file copies of approved vouchers.

Broadly defined reconciliation is a comparison of different sets of data to one another, identifying and investigating differences, and taking corrective action, when necessary, to resolve differences. Reconciling monthly financial reports from the accounting department (for example, statements of accounts, ledger sheets, etc) to files copies of supporting documentation or departmental accounting records is an example of reconciling one set of data to another. This control procedure helps to ensure the accuracy and completeness of transactions that have been charged to department’s accounts. To ensure proper segregation of duties, the person who approves transactions or handles cash receipts should not be the person who performs the reconciliation. Another example of reconciliation is comparing vacation and sick leave balances per department records to vacation and sick leave balances per the payroll system.

A critical element of the reconciliation process is to resolve difference. It does not do any good to note differences and do nothing about it. Differences should be identified, investigated, and explained corrective action must be taken. If any expenditure is incorrectly charged to an account, then appropriate action for posting a correcting general entry is required the reconciler should ascertain that the correcting general entry is posted. Reconciliation should be documented and approved by management.

Control Procedures –Review (Directive)
#61656; Budget to actual comparison
#61656; Current to prior period comparison
#61656; Performance indicators
#61656; Follow-up on unexpected results or unusual items

Reviewing reports, statements reconciliation, and other information by management is an important control procedure; management should review such information for consistency and reasonableness. Reviews of performance provide a basis for detecting problems. Management should compare information about current performance to budgets, forecasts, prior periods, competitors, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual condition which require follow-up. Management’s review of reports, statements, reconciliation, and other information should be documented as well as the resolution of items noted for follow-up.

Control Procedures-Assets Security (Preventive and Detective)
#61656; Security of physical and intellectual assets
#61656; Physical safeguards
#61656; Perpetual records are maintained
#61656; Periodic counts/physical inventories
#61656; Compare counts to perpetual records
#61656; Investigate/correct differences

Liquid assets, assets with alternative use, dangerous assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposition. Typically, access controls are the best way to safeguard the assets. Examples of access controls are as follows locked door, key pad systems, card key system, badge system, locked filing cabinet, guard terminal lock, computer password, menu protection, automatic call-back for remote access, smart card and data encryption.

The organization which has large value capital assets or significant inventories should establish perpetual inventory control over these items by recording purchases and issuances, periodically, the items should be physically counted by a person who is independent of the purchase authorization and asset custody functions and the counts should be compared to balances per the perpetual records. Missing items should be investigated, resolved and analyzed possible control deficiencies; perpetual record should be adjusted to physical counts if missing items are not located.

Control Procedures-Segregation Of Duties (Preventive and Detective)
#61656; No one person should….
a) Initiate transaction
b) Approve transaction
c) Record transaction
d) Reconcile balances
e) Handle assets
f) Review reports
#61656; At least two sets of eyes

Segregation of duties is critical to effective internal control; it reduces the risk of both erroneous and inappropriate actions. In general, the approval function, the accounting/reconciling function, and the asset custody function should be separated among employees. When these functions cannot be separated, a detailed supervisory review of related activities is required as a compensating control procedure. Segregation of duties is a deterrent to fraud because it requires collusion with other person to perpetrate a fraudulent act.

Specific examples of segregation of duties are as follows
#61656; The person who requisitions the purchase of goods or services should not be the person who approves the purchase.
#61656; The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports.
#61656; The person who approves the purchases of goods or services should not be able to obtain custody of checks.
#61656; The person who maintains and reconciles the accounting records should not be able to obtain custody of checks.
#61656; The person who open the mail and prepares a listing of checks received should not be the person who makes deposits.
#61656; The person who opens the mail and prepare a listing of checks received should not be the person who maintain the accounts receivable records.

General Controls These controls apply to entire information systems and to all the applications that reside on the systems. These include
#61656; Access Security, Data & Program Security, Physical Security
#61656; Software Development & Program Change Control
#61656; Data Center Operation
#61656; Disaster Recovery

General controls consist of practices designed to maintain the integrity and availability of information processing functions, networks, and associated application systems. These controls apply to business applications processing in computer centers by ensuring complete and accurate processing. These controls ensure that correct data files are processed, processing diagnostics and errors are noted and resolved, application and functions are processed according to established schedules, file back-ups are taken at appropriate intervals, recovery procedures for processing failures are established, software development and changed control procedures are consistently applied, and actions of computer operators and system administrators are reviewed. Additionally, these controls ensure that physical security and environmental measures are taken to reduce the risk of sabotage, vandalism, and destruction of networks and computer processing centers.

Finally, these controls ensure the adoption of disaster planning to guide the successful recovery and continuity of networks and computer processing in the event of a disaster.

Control Procedures- Application Controls (Preventive And Detective)

Applications are the computer programs and processes, including manualk processing that enable us to conduct essential activities; buying products, paying people, accounting for research costs, and forecasting monitoring budgets.

Application controls apply to computer application systems and include input controls (e.g., edit checks), processing controls (e.g., record counts), and output controls (e.g., error listings), they are specific to individual applications.


An audit program describes what and how much evidence is required to be gathered and evaluated, and how, when and by whom it is to be gathered and evaluated. In other words, it describes the nature, timing and extent of planned audit procedures.

An audit program is required in respect of evidence gathered and evaluated in each of the control testing, substantive testing and opinion formulation stages. It is prepared, or revised, as part of detailed planning activities of those three audit stages. For example, refer to

1. The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion.

2. Sufficiency and appropriateness are interrelated and apply to audit evidence obtained from both tests of control and substantive procedures. Sufficiency is the measure of a quantity of audit evidence; appropriateness is the measure of quality of audit evidence and its relevance to a particular assertion and its reliability. Ordinarily, the auditor finds it necessary to rely on audit evidence that is persuasive rather then conclusive and will often seek audit evidence from different sources or of a different nature to support the same assertion.

3. Financial statement assertions are assertions by management, explicit or otherwise, that are embodied in the financial statements. They can be categorized as follows
a) Existence an asset or a liability exists at a given date;
b) Rights and Obligation an asset or a liability pertains to the entity at a given date;
c) Occurrence a transaction or event took place which pertains to the entity during the period;
d) Completeness there are no unrecorded assets, liabilities, transactions or events, or undisclosed items;
e) Valuation an asset or liability is recorded at an appropriate carrying value;
f) Measurement a transaction or event is recorded at the proper amount in revenue or expenses allocated to the proper period; and
g) Presentation and disclosure an item is disclosed, classified, and described in accordance with the applicable financial reporting framework.

4. “Tests of control” means tests performed to obtain audit evidence about the suitability of design and effective operation of the accounting and internal control systems.

5. The aspects of the accounting and internal control systems about which the auditor would obtain audit evidence are

a) Design the accounting and internal control systems are suitably designed to prevent and/or detect and correct material misstatements; and
b) Operation the systems exist and have operated effectively throughout the relevant period.
6. “Substantive procedures” means tests performed to obtain audit evidence to detect material misstatements in the financial statements, and are of two types
a) Tests of details of transactions and balances; and
b) Analytical procedures

7. Procedures for Obtaining Audit Evidence The auditor obtains audit evidence by one or more of the following procedures inspection, observation, inquiry and confirmation, computation and analytical procedures. The timing of such procedures will be dependent, in part, upon the periods of time during which the audit evidence sought is available.

a) Inspection Inspection consists of examining records, documents, or tangible assets. Inspection of records and documents provides audit evidence of varying degrees of reliability depending on their nature and source and the effectiveness of internal controls over their processing. Three major categories of documentary audit evidence, which provide different degrees of reliability to the auditor, are
• Documentary audit evidence created and held by third parties;
• Documentary audit evidence created by third parties and held by the entity; and
• Documentary audit evidence created and held by the entity.

Inspection of tangible assets provides reliable audit evidence with respect to their existence but not necessarily as to their ownership or value.

b) Observation Observation consists of looking at a process or procedure being performed by others, for example, the observation by the auditor of the counting of inventories by the entity’s personnel or the performance of control procedures that leave no audit trail.

c) Inquiry and Confirmation Inquiry consists of seeking information of knowledgeable persons inside or outside the entity. Inquiries may range from formal written inquiries addressed to third parties to informal oral inquiries addressed to persons inside the entity. Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence.
Confirmation consists of the response to an inquiry to corroborate information contained in the accounting records. For example, the auditor ordinarily seeks direct confirmation of receivables by communication with debtors.

d) Computation Computation consists of checking the arithmetical accuracy of source documents and accounting records or of performing independent calculations.

e) Analytical Procedures Analytical procedures consists of the analysis of significant ratios and trends including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate from predicted amounts.

8. Cut-Off Test A cut-off test is a type of evidence gathering activity; in particular, the cut-off test gathers evidence that transactions are recorded in the period to which they refer.
A cut-off test, depending on its direction, provides evidence as to whether

#61656; Economic events occurring in the financial period being audited are recorded in the related account balance in the subsequent accounting period (a misstatement relating to completeness).
#61656; Economic events occurring in the period following the period being audited are recorded in the related account balance in the period being audited (a misstatement relating to validity).
A simple example in relation to accounts receivables and related sales transactions is as follows. On balance sheet date (or other appropriate cut-off date) the auditor obtains details (including details of the sequential identification number) of the last delivery advice to be issued in the accounting period by physically examining the source documents at the close of business.

If the auditor needs evidence as to the completeness of accounts receivable and related sales transactions, then subsequent to balance sheet date the auditor will trace the details on the last delivery advice issued for the year to the relevant sales invoice and then to the account receivable records to ensure that the sale has been included in the accounting records before year end. In addition, the auditor selects a sample of sales invoices posted to accounts receivables in the first few days of the month following balance sheet date. All of the invoices selected should refer to delivery advices having a reference number after the number noted on balance date.

If the auditor needs evidence as to the validity of accounts receivable the auditor selects a sample of invoices that have been included in accounts receivable in the last few days of the financial year. All of the invoices selected should refer to delivery advices having a reference number before (or including) the number noted on balance sheet date.


The term “Analytical Procedures” refers to a collection of activities performed by auditors to gather evidence.

Analytical procedures be performed in the audit planning stage to identify possible problem areas and in the substantive testing stage as a means of gathering substantive evidence in relation to one or more account balances or classes of transactions (i.e. as a substantive procedure, or substantive test); and in the opinion formulation stage (overall review stage), as a means of gathering evidence as to consistency of the financial statements with the auditor’s knowledge of the business of the entity.

All analytical procedures involve a comparison of the value of the actual (ratio/trend/account balance/transaction etc.) with the value of the expected (ratio/trend/account balance/transaction etc.) with the objective of identifying any unusual or unexpected values. The procedure required the investigation of the reason for any unexpected or unusual value.

Analytical procedures include

Reasonableness tests In a reasonableness test, the expected value is determined by reference to data partly or wholly independent of the accounting information system, and for that reason, evidence obtained through the application of such a test may be more reliable than evidence gathered using other analytical procedures. e.g. the reasonableness of the total annual revenue of a freight company may be estimated by calculating the product of the total tones carried during the year and the average freight rate per tone.

Scanning An auditor may scan account balances, listing of transactions etc., with the object of detecting any unusual or unexpected balances or transactions.

Review An auditor may review reconciliation, compilations and aggregations of transactions and/or account balances, again with the object of detecting any unusual or unexpected balances or transactions.

Ratio Analysis The computation and comparison of the actual value of a ratio with the expected value may be based, for example, on
#61656; Prior period values.
#61656; Values in other divisions of the entity.
#61656; Forecast values.

Once again, the objective of this analytical procedure is to detect any unusual or unexpected value for the ratio.

Common size analysis is a type of cross-sectional analysis used for comparing the percentage components of balance sheets and income statements of one entity, or a division of an entity, with comparable data from one or more other entities/divisions. This analysis may be used for either (i) the comparison of a (prospective) client’s data with the industry average and/or an industry competitor or (ii) for the comparison of income statements of different divisions of the same entity.

When analytical procedures are used as substantive procedure (or substantive test), and the application of the procedures does not identify any unusual or unexpected differences, then, by inference, the results provide evidence in support of management’s assertions.

Analytical procedures generally provide less reliable substantive evidence than the other category of substantive procedures/tests, (test of detail). The substantive evidence gathered using analytical procedures is thus generally used to corroborate other substantive evidence gathered, rather than used as sole source of evidence.


Date 01/04/2006

The Chief Accountant,
A.G.E Industries (Pvt.) Limited,
26-Sadar Road,
Peshawar Cantt.

Dear Sir
<font color="black"></font id="black">

In order to commence the annual audit for the year ended 2006, we shall be grateful if you could provide the following as earliest

• Trial balance
• Draft financial statements
i. Balance sheet
ii. Profit and loss account
iii. Statements of changes in equities
iv. Accounting policy and other detailed notes to the accounts
(If financial statements are available on soft copy, please provide the same)

• Property, plant and equipment (PPE)
i. Detailed movements schedule i.e. additions, deletions & transfers
ii. Profit/loss on disposal, showing for each item
Date of purchase
Date of disposal
Accumulated depreciation
Net book value
Proceeds on disposal
iii. Capital commitments, showing for main items
Amount approved or budgeted
Amount order
Cost, if any, already debited to PPE
Please have available for our inspection the title deeds in respect of any freehold property.

• Investment, showing for each item
i. Name or nature
ii. Nominal value
iii. Book value
iv Market value
v Income booked for the year
The latest financial statements of investee companies (if any) should be made available for our review.

• Inventories
i. Detailed listing for each category of inventory, showing
Unit (i.e. kilogram, meter, etc.)
Unit price
ii. Goods in transit, listed by banks handling the transactions
Description of goods
Letter of credit number
Date L/C opened
Cost to date
Invoiced cost
Freight (if not cif)
Custom duty
Deposit paid
Date of receipt of goods.

• Receivables and prepayments
i. Aged listing of trade debtors, showing amount received since the balance sheet date. The analysis should show balances aged as follows – current month/2-3 months/4-12 months/ over one year.
ii. Specific provision for doubtful items
iii. Bills receivable showing
Date of maturity
Collecting bank
iv. Bills discounted showing
Date of maturity
Amount of bill
Bank with which discounted
v. Staff loans and current accounts
Name of employee
Nature of debt
Repayment arrangement
vi. Sundry receivable, indicating nature of debt
vii. Prepayments
Nature (rent, insurance, tax, etc.)
Period of prepayments (identify separately amounts prepaid for more than one year)
Basis of calculations
Amount prepaid

• Affiliates Balances
Please arrange for all affiliates, including the parent company/head office to confirm their balances with the company at the balance sheet date direct to our selves.

• Bank balances/Over drafts
i. Please complete the attached letter in respect of each bank with which the company has had dealings during the year, and return it to us, once signed, for us to forward to the banks concerned.
ii. Bank reconciliations for all current accounts, showing
Cheques drawn but not yet cleared by bank
Cheque number
Date drawn
Date presented (after balance sheet date)
iii. Deposit not yet credited by bank
Date deposited
Drawer of cheque etc.
Date cleared (after balance sheet date)

• Cash
Please obtain in confirmations of balances held by holders of all cash floats and petty cash funds at different locations (if any).

• Payables and accruals
i. Trade creditors
ii. Bills payables showing
Date of maturity
Amount foreign currency (for foreign bills) local currency
iii. Sundry payables, showing nature of the debt
iv. Accruals
Nature (e.g. salaries, leave pay, utilities, communications etc.)
Period of accruals
Basis of calculations
Amount accrued

• Employees terminal benefits
i. Showing for each employee
Date of employment
Basic salary
Basis of calculation

• Loans payables for all medium and long term loans outstanding, show
Source of loan
Purpose of loan
Original amount
Period of loan
Balance outstanding
Interest rate
Repayment arrangements
Security given

• Contingent Liabilities
i. Please list all claims against the company and any current litigation. Please send the attached letter to your legal advisors.
ii. List of all letters of guarantee given by banks on behalf of the company, noting the purpose and amounts of each.

• Profit and loss account
Details of classification of each income and expense item including the tax status summary supported by the last assessment orders, tax return, summary of taxes paid and detail of appeals if any.

• Statement of changes in equities
i. Movement schedule of paid-up capital (if any)
ii. Form ‘A’
iii. Other details of statutory forms submitted to the registrar of companies.

• Minutes
The minutes of all board and general meetings held during the year should be maid available for our inspections.

If you have any queries regarding the information requested above or any other questions in connection with our forth-coming audit, please do not hesitate to contact us as soon as possible.

Yours faithfully


Chartered Accountants

Not the above list is for guidance purposes only, the same can be tailored with the requirements/nature of the client industry.


The audit firm should implement quality control policies and procedures designed to ensure that all audits are conducted in advance with ISAs. The objective of quality control policies will incorporate the following-

#61656; Professional Requirements
#61656; Skills and Competence
#61656; Assignment
#61656; Delegation
#61656; Consultation
#61656; Acceptance & Retention of clients
#61656; Monitoring

The firms’ general quality control policies and procedures should be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood and implemented.

Professional Requirements
Personnel in the firm should adhere to the principles of independence, integrity, objectivity, confidentiality and professional behavior.

#61656; Obtain from personnel written representations on an annual basis in respect of nonexistence of prohibited relationships and prohibited investments. A list of clients may be prepared each year to allow staff to determine their independence.
#61656; Assign responsibility for obtaining representations and reviewing independence compliance files for completeness to a person with appropriate authority.

Skills and Competence
The firm is to be staffed by personnel who have attained and maintain the technical standards and professional competence required to enable them to fulfill their responsibilities with due care.

#61656; Maintain a program designed to obtain qualified personnel by planning for personnel needs, establishing hiring objectives and setting qualifications for those involved in the hiring function.
#61656; Assign to authorized persons the responsibility for employment decisions.
#61656; Conduct an orientation program relating to the firm and the profession for newly employed personnel.
#61656; Outline the requirements for continuing professional education and communicate them to personnel.
#61656; Encourage participation in external continuing professional education programs.
#61656; Establish qualifications deemed necessary for the various levels of responsibility with in the firm.
#61656; Review periodically the performance of the personnel and discuss with them their progress within the firm.
#61656; Conduct firm programs to develop and maintain expertise in specialized areas and industries.
#61656; Maintain a reference library and technical literature including details regarding current developments in the office for ready reference.
#61656; Provide personnel with professional literature relating to current developments in professional technical standards.
#61656; Conduct in-house seminars on various topics for the personnel.

Audit work is to be assigned to personnel who have the degree of technical training and proficiency required in the circumstances.

#61656; Prepare time budget for audits to determine manpower requirements in to schedule audit work.
#61656; Give appropriate consideration to both continuity and rotation when deploying staff to assignments.
#61656; Consider the experience and training of the audit personnel in relation to the complexity or other requirements of the audit.

There is to be sufficient direction, supervision and review of work at all levels to provide reasonable assurance that the work performed meets the appropriate standards of quality.

#61656; Assign responsibility for planning an audit. Involve appropriate personnel assigned to the audit in the planning process.
#61656; Develop background information or review information obtained from prior audits and update for changed circumstances.
#61656; Prepare audit programs for various areas of audit interest.
#61656; Determine manpower requirements and estimated time to complete the audit.
#61656; Consider current economic conditions affecting the client and its industry and their potential effect on the conduct of the audit.
#61656; Develop guidelines for form and content of working papers.
#61656; Utilize standardized forms, checklists and questionnaires to the extent appropriate to assist in the performance of audits.
#61656; Provide on-the job training during performance of audits – discuss with assistants the relationship of the work they are performing to the audit as a whole.
#61656; Encourage personnel to train and develop subordinates.

Whenever necessary, consultation with in or out side the firm is to occur with those who have appropriate expertise.

#61656; Inform personnel of the firm’s consultation policies and procedures.
#61656; Specify areas requiring consultation because of the nature or complexity of the subject matter.
#61656; Maintain or provide access to adequate reference libraries and other authoritative sources.
#61656; Maintain consultation arrangement with other firms and individuals where necessary to supplement firm’s resources.
#61656; Maintain subject files containing the result of consultation for reference and research purposes.
#61656; Designate specialists for particular industries.

Acceptance and retention of clients
An evaluation of prospective clients and a review, on an ongoing basis, of existing clients is to be conducted. The firm’s independence and ability to serve the client properly and the integrity of the client’s management should be considered.

#61656; Obtain and review available financial statements regarding the prospective clients.
#61656; Inquire of third parties as to any information regarding the prospective client. The inquiries may be directed to legal advisors, bankers and others.
#61656; Communicate with the predecessor auditor and make inquiries regarding the integrity of management, accounting policies, audit procedures and other significant matters.
#61656; Consider circumstances, which would cause the firm to regard the engagement as one requiring special attention or presenting unusual risks.
#61656; Determine that the acceptance of the client would not violate code of professional ethics.
#61656; Inform appropriate personnel of the firm’s policies and procedures for accepting and retaining clients.
#61656; Evaluate clients upon the occurrence of specified events to determine whether the relationships ought to be continued.
#61656; Such events may include a change in one or more of the following
- Management
- Directors
- Ownership
- Legal advisors
- Financial condition
- Scope of the engagement
- Nature of client’s business

The continued adequacy and operational effectiveness of quality control policies and procedures are to be monitored.

#61656; Determine objectives and prepare instructions and review programs for use in conducting monitoring activities.
#61656; Provide guidelines for the extent of work and criteria for selection of engagements for review.
#61656; Establish the frequency and timing of monitoring activities.
#61656; Review and test compliance with firm’s general quality control procedures.
#61656; Provide for reporting findings to appropriate management levels, for monitoring actions taken or planned and for overall review of the firm’s quality control system.
#61656; Determine need for modification of quality control policies and procedures in view of results of monitoring activities and other relevant matters.
Visit this user's website Find all posts by this user
Quote this message in a reply
05-26-2009, 08:04 PM
Post: #2
Nice stuff...... Thanks a lot...
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 

Forum Jump:

User(s) browsing this thread: 1 Guest(s)