Course: S6: Auditing

Topic outline

General
UNIT 1 :FUNDAMENTAL CONCEPTS IN AUDITING
Key unit competence: To be able to explain the fundamental concepts
in auditing
Introductory activity
MUKESHIMANA decided to set up a business for selling flowers after S6
Accounting. She got up early in the morning, visited the market, and then
set up a stall by the side of the road. She started selling different kinds of
flowers. She was able to sell and gain some income from the business. For
the first year, everything went well.
However, MUKESHIMANA thought that she could sell more flowers if she
was able to transport more to the place where she would sell them. She
also knew that there were several other roads nearby where she could sell
flowers.To achieve her ambition of selling more flowers; she needed to buy
a van and recruit more employees to transport flowers to different selling
points.
MUKESHIMANA realized the need for more money to expand her business.
Therefore, she requested her rich friend Alex to invest in the business.

Alex found out the potential of MUKESHIMANA’s business and decided
to invest in it, but he did not want to be involved in the management of the
business and bear liablities in case of failure its failure (bankruptcy).
He therefore suggested the following to MUKESHIMANA:
• To establish a limited liability company;
• To be the major shareholders (over 51%) and be entitled for more
dividends
• Mukeshimana to be the managing director of the company
At the end of the first year of trading as a limited liability company, Alex
received a copy of the financial statements. He noticed that the profit of
the company was lower than expected, and this lowered significantly his
dividends.
He knew that MUKESHIMANA is being paid salary and she might not give
much attention to the performance of the company (making profit for the
company).
To have proper understanding of the performance of the business, there
was a strong need of Alex to engage the third parties to provide annual
assurance services on financial statements of the company.
Referring to the passage above, answer the following questions:
1. How do you call the work done by the third parties appointed?
2. What do you think about the work done by the third parties and the
work performed by MUKESHIMANA as managing Director?
3. What are the advantages that Alex will obtain from the work performed
by the third parties?
4. Differentiate the work of MUKESHIMANA from the work performed
by the third parties.
1.1. Key terms applied in auditing
Learning activity 1.1

Analyze the photos above and answer the questions below:
1. Who is the auditor?
2. How do you call the work performed by the auditor?
3. What are main principles of audit?

1.1.1. Meaning of key terms
a) Audit
An audit is an official independent examination of the accounts or accounting
systems of an entity.
Audit is defined as an independent examination of books of accounts and
vouchers of business with view of forming an opinion/ judgment as to whether
these have been kept properly according to the company’s Act and as to whether
or not the statements present a true and fair view of the financial position of a
business.
An audit is an exercise that auditors carry out in order to be able to give the
statutory opinion whether financial statements give a true and fair view.
An audit is an independent examination and expression of an opinion on a set
of financial statements.
b) Assurance
The International Standards on Auditing (ISA) give a definition of an assurance
engagement as “ one in which a practitioner expresses a conclusion designed
to enhance the degree of confidence of the intended users other than the
responsible party about the outcome of the evaluation or measurement of a
subject matter against criteria. “
Assurance means confidence. In an assurance engagement, an ‘assurance
firm’ is engaged by one party to give an opinion on a piece of information that
has been prepared by another party.
The opinion is an expression of assurance about the information that has been
reviewed. It gives assurance to the party that hired the assurance firm that the
information can be relied on.
c) Auditor
An auditor is a person who conducts an audit. An auditor is a person authorized
to examine and verify the books of account of an organization.
An auditor is a qualified accountant appointed by the shareholders, government,
or management of a company to examine independently the financial information.
d) Auditing
Auditing may be defined as the examination of financial statements covering
the transactions over a period and ascertaining the financial position of an
organization on a certain date in order that the auditor may issue a report on
them. It means that the auditing is the application of auditing principles and
methods as may be considered as necessary by an auditor.
e) Integrity
An auditor should be straightforward, honest and sincere in his/her approach to
his/her professional work.
f) Objectivity
Is not to allow bias, conflict of interest or undue influence of others to override
professional or business judgments
g) Professional Independence
The auditor is an agent/watchdog for the shareholders and must be independent
of directors and management who look after the interests of shareholders in a
company or of the government.
The profession requires the auditor to be independent so as to be able to
express a balanced opinion on the accounts presented by the directors to the
shareholders whose company he has audited.
h) Professional competence and due care
To maintain professional knowledge and skils at the level required to ensure
that a client or employer receives competent professional services based on
current developments in practice, legislation and techniques and act diligently
in accordance with applicable techniques.
i) Confidentiality
The state of keeping or being kept secret or private, the auditor should not
disclose any information to the third party.
j) Professional behavior
Auditor should comply with laws and avoid any actions, which discredit the
profession.
k) Planning
Planning is the process of thinking regarding the activities required to achieve
a desired goal
l) Impartiality
Is the principle holding that decisions are based on objective evidence obtained
during audit, not on the basis of bias or prejudice caused by influence of different
interests of individuals or other involved parties.
m) Evidence
During the audit, the auditor can collect the evidence through the working
papers. He/she can surround his/her opinion on the audit evidence.
n) Consistency
The consistency principle states that once you decide on an accounting method
or principle to use in your business, you need to stick with and follow this method
or principle consistently throughout your accounting periods.
o) Legal Frame Work
The business activities may run within the rules and legal formalities. To protect
the rights of the interested party, rules must be applied/followed.
p) Working papers preparation
Audit working papers are documents which contain all information gathered
from the company audited and show all evidences to help the auditor to prepare
the final report and to form his/her opinion.
q) Internal Control
The auditor will examine the accounting system and internal control in operation.
r) Report
Report is the end product of the external audit process or of the performed audit
work.
s) Professional skepticism
Professional skepticism is defined in the ISAs as an attitude that includes a
questioning mind, being alert to conditions, which may indicate possible
misstatement due to error or fraud, and a critical assessment of audit evidence.
Application activity 1.1
1. What is the meaning of assurance in auditing?
2. Briefly explain the following terms.
a. Integrity
b. Objectivity
Learning activity 1.2
1.2. Objectives, advantages and disadvantages of auditing

1. Is it important to know the objectives of audit?
2. What are the objectives of audit you know?
1.2.1. Objectives of auditing
The objectives of audit may be classified into two categories:
a) Primary or principal objectives of auditing
• To determine the accuracy of financial statements or accounts;
• To prove the true and fair view of the company’s financial state of affairs;
• To confirm that the proper books of accounts are being kept or not;
• To prepare audit report;
• To confirm the exactitude of final accounts.
b) Secondary or subsidiary objectives of an auditing
• To detect errors;
• To detec frauds;
• To prevent errors;
• To prevent frauds ;
• To assist the client to improve their accounting systems;
• To find out whether the internal control system is working properly or not;
• To advice the management.
1.2.2. Advantages and disadvantages of auditing
a) Advantages of audit
For the shareholders:
• Shareholders are assured that directors and management are acting to
the best of their interests ;
• They use audited accounts to determine amount to be paid to dead
partner;
• They use audit report to admit a new partner by examining his/her
business;
• Audit ensures that regulations and statutory requirements are followed.
For the employees:
• Audit keeps accounting staff vigilant and careful in their work;
• Employees ensure their job security and continuity of good remuneration
by the audited company;
• Act as a detective and preventive measure against errors and frauds.
For the state:
• Audited companies ensure the accomplishment of fiscal duties
regarding companies (payment of taxes and social contributions);
• The government is assured that public funds are being well used;
• The government ensures continuity of business for the purpose of
general interests of the people;
• The state ensures that books of accounts are maintained according to
legal requirements and companies Act.
For the management of an enterprise and third parties in general:
• Audit provides assurance and credibility to the accounts for interested
parties;
• Third parties not taking active part in the organization are protected;
• Audited accounts minimize disputes between parties;
• Audited accounts are acceptable as the basis of ascertaining tax
liability;
• The auditor promotes general management efficiency by advising
management.
b) Disadvantages of auditing
• If the auditor has many clients, planning and personnel problems lead to
inefficient audit, leaving errors and frauds undetected. Thus, increasing
auditor’s liability to third parties.
• It is expensive and third parties may not be able to afford it.
• The audit report provides information that may otherwise be confidential
to competitors.
• A qualified report may affect the company’s credibility with third parties.
• An audit can disrupt the client’s (audited company) work.
• Audited figures may be altered (changed) leading to inaccurate opinion.
• May prompt trade unions to demand for higher wages for their
employees e.g. in cases of unreasonable reserves.
• An audit can lead to conflict between the internal auditor and
management in cases where the internal auditor co-operates with the
external auditor.
• Revelations of weaknesses in the management letter or letter of
weaknesses may make managers to resign. Thus, leading to apathy in
the organization.
Application activity 1.2
1. Explain the advantages of audited accounts to shareholders.
2. What are the primary or main objectives of auditing?
1.3. Types of Audits according to the different classifications
Learning activity 1.3
G&P Partners is an auditing firm, registered in Rwanda to provide an audit
and advisory services since 2010. For the year ended 31st December 2021,
G&P Partners received the assignement from different clients as follows:
1. On 05th January 2021, G&P Partners singed an engagement
letter with Sika Ltd for providing the audit opinion on their financial
statements and compliance with company’s procedures manuals,
rules and regulations. Sika Ltd agreed with auditor also to conduct
its audit in every 3 months until the end of the year.
2. On 20th March 2021, during the annual general meeting, Bwiza Ltd
appointed G&P Partners as a new auditor to conduct an audit of
their annual accounts.
3. On 01st April 2021, G&P Partners signed an engagement letter with
office of auditor general to conduct an audit for one of government
projects to evaluate whether the project objectives were attained or
not and to evaluate whether the transcations passed by the project
coordinator were made in economic, efficient and effective manner.
Question
From the above assignment received by G&P Partners, List the types of
audits that will be conducted.
1.3.1. Forms of organizations
a) Auditing of a sole proprietorship
This is a form of audit of the accounts of a private individual or sole trader. An
auditor is asked to audit the accounts of a private individual or a sole trader. He/
she must get clear instructions in writing from his/her client as to what he/she is
expected to do i.e. his/her duties, nature of work, scope of work etc and will be
clearly defined in the engagement letter.
Advantages of auditing of the accounts of sole trader are:
• Assured that his/her accounts are properly kept or not;
• Audited accounts are helpful in confirming that the profit or loss has
been made;
• Sole trader agents are kept vigilant (in the case of consignment);
• Taxes are assessed and paid very well;
• Audited accounts are basis for obtaining bank loans and public markets.
b) Auditing of partnership
The scope and conduct of auditing and rights and duties of the auditors
are determined on the basis of the agreement between the firm and auditor
(engagement letter). While conducting auditing of partnership firm, the auditor
must also consider the partnership Deed.
Advantages of auditing of partnership
• Avoids any financial dispute among partners.
• Third parties are assured that there are no frauds.
• Helps in the valuation of goodwill of a dead partner and incoming
partner.
• Expertise of audit contributes to increase profit, better management
and compliance with tax laws.
Distinction between auditing of partnership firm and auditing of a
limited lability company

c) Audit of limited company
An audit of a limited liability company is an examination of the financial statements
of a company, such as the income statement, cash flow statement, and balance
sheet. Audit provides to investors and regulators the confidence in the accuracy
of a corporation’s financial reporting.
During the audit of a limited liablty company, it is clarified whether the financial
statements are fairly presented and free from material misstatements.
The auditor’s role is to examine annual final accounts of the company and make
sure they are correct and reliable but not to manage those accounts.
1.3.2. According to the nature of work
a) Private Audit
Private or voluntary audit is that audit which is not legally required. It is conducted
in line with the agreement between the auditor and the client (audited company),
and is not governed by any particular law.
This audit is conducted to obtain an audit report for the use by different users of
the financial statements( management for an organization, investors, employees
etc...).
The private audit includes the audit of sole trader, and audit of partnership.
The contract (engagemennt) between auditor and his/her clients is important
because:
• It defines the scope of audit;
• It is the basis of charging the audit fees;
• It is the basis of the information to include in the report;
• It serves as an evidence;
• It protects both parties;
• It prevents misunderstanding between parties;
• It is legal binding;
• It specifies the rights and duties of both parties;
• It can be used to solve disputes between parties;
• It minimizes risks;
• It outlines expectation for both parties.
b) Statutory Audit
Statutory audit is the audit conducted under the provisions of the companies
Act.
Similarities between statutory and private audits
• In both audits, the auditor’s duties and scope of work can be increased
by the client.
• In both audits, the auditor earns the audit fee.
• Both audits are conducted at the end of the year when the records
have been balanced and closed off.
• In both audits, the auditors apply similar techniques and audit tests.
• Both auditors might be the members of professional accountants’ body
like ICPAR, ACCA, and IFAC.
• In both audits, valuable advice is provided to the client at the end of
audit work.
• Both audits are used as basis for decision-making.
• Both safeguard company’s assets.
• In both audits, the auditors issue audit reports.
• Both audits are concerned with the review of the activities of the
company.
• They are concerned with the preventive measures against errors and
frauds.
• They are concerned with the strength of the ICS.
c) Internal Audit
Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization’s operations. It helps an
organization to accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.
The report of internal audit is used by the management for the improvement of
internal control system.
The internal auditor carries out checking work throughout the year. Although,
he/she is an employee of the organization, he/she is given some form of
independence in order to perform his/her duties as required.
d) External Audit
An external audit is an objective examination by an auditor to examine the
company’s books of accounts and determine if the company’s financial
statements are fair and true. An auditor also determines if the company follows
accounting standards and systems. An independent auditor reviews the
accounts and provides the reassurance and transparency to the company›s
shareholders about the correctness of the accounts.It makes the company and
its financial statements more credible and respected.
External audit is conducted by an independent auditor who is not an employee
of the organization.The external auditor is appointed by owners of a business
andby the shareholdres in a case of a limited company.
The main purpose of external audit is to provide an audit report on financial
statements audited. The audit report is used by the shareholders and third
parties like bank managers, creditors, and income tax authorities.
Differences between Internal Audit and External Audit
Differences between an internal Auditor and External Auditor

1.3.3. According to the time
a) Final audit (periodic/Detailed/Complete Audits)
It is conducted at the end of the financial period when accounts have been
closed off, and financial statements have been prepared and approved.
Advantages of final Audit
• Chances of figures being changed are minimal.
• It is flexible as the auditor can prepare good programme to cover all
areas well.
• It is very ideal for small business whose transactions are few and can
be audited at one sitting.
• It is not expensive.
• This audit does not interrupt the client’s work.
• It eliminates notes taking which are a phenomenon of other audits.
Disadvantages of final audit
• The delays may occur if there is large volume of work.
• The frauds and errors are discovered after the close of the year.
Sometimes, it is too late to rectify or take preventive measures.
• As the financial periods of most of the clients end on the same date , it
becomes difficult for the auditor to deploy audit staff adequately.
b) Interim Audit
Interim audit is conducted to a particular date within the accounting period.
It is conducted within the accounting period usually half yearly. It is a kind of
audit which is conduted between the two periods or during transitional period.
It is aimed at assessing the company’s performance in order to pay interim
dividends.
Advantages of interim audit
• It facilitates completion of the final audit.
• Errors and frauds can be more quickly found and detected during the
course of the year.
• It is ideal for situations under which the company is required to publish
figures for purposes of paying interim devidend.
• It is less expensive than continuous audits because the auditor will
spend less time in the company in interim audit.
• It has a moral effect on the staff of the client in that they will be upto
date .
Disadvantages of Interim audit
• Figures already audited can be changed/altered after this audit.
• It will interrupt the client’s work as his/her books will be taken away for
the purpose of audit.
• It involves a lot of notes taking.
• The client’s staff may develop the habits of depending upon the audit’s
staff to solve their accounting problems.
• Since it is aimed at the declaration of interim dividends, the management
may manipulate the accounts to show more profits so as to declare
better dividend which will amount to a big fraud.
• This means additional work.
c) Continuous Audit
It is that audit which involves detailed examination of the books of accounts at
regular intervals of 1, 2 or 3 months. Continuous audit is applied where:
• Financial businesses whose transactions must be up to date to prevent
errors and frauds;
• The number of transactions are too numerous to audit at the end of the
year;
• There are no satisfactory internal control systems; in risky businesses
where decision making has to be made timely and accurately;
• It is desired to present the accounts just after the end of the financial
year for example in banks;
• The statement of accounts is required to be presented to the
management after every month or each quarter;
• There is no satisfactory internal control system in operation.
Advantages of continuous audit
• Easy and quick discovery of errors.
• Quick presentation of accounts.
• Moral check on staff.
• Keeps client’s staff regular.
• Audit staff can be kept regular.
• Efficient audit.
Disdvantages of continuous audit
• Alteration of figures.
• Altered by dishorest clerk.
• Dislocation of client’s work.
• This method is expensive.
• It involves extensive note taking so as to avoid alteration of figures.
Distinction between continuous audit and Interim audit.
1.3.4. According to the method of approach
According to the method of approach ,various types of audits are:
a) Procedural audit
A procedural audit is an examination and review of the internal procedures and
records of an organization in order to ascertain their accuracy and reliability.The
main purpose of this audit is to ascertain whether the internal procedures are
reliable or not.
Advantages of procedural audit
• This audit will provide a feedback to the management.
• The audit will reveal which procedures are outof dated and uneconomical
and which calls for replacement.
• It will identify the strength or weakness in ICS.
• It will reveal the management weakness in supervising the company’s
operations.
• It will ensure co-ordination of the company’s operations which may
boost its profitability.
• It will reveal whether procedures in accounting department are working
propely or not.
Disadvantages of procedural audit
• It may be a very expensive audit.
• It may be frustrated for the management.
• It may mean duplication of effort if the same procedures are examined
in the final audit.
• This type of audit may be tedious in particular if the company has
numeruos procedures.
b) Management audit
Management audit is an independent and systematic analysis and evaluation
of a company’s overall activities and performance. It is a valuable tool used to
detremine the efficiency,functions,accomplishments and achievements of the
company.
The purpose of this audit is to prepare a report on the effectiveness of the
management from the point of view of the profitability and efficient running of
the business.
Advantages of management audit
• It will improve the quality of the management in the business.
• It will identify how decisions are made in a business.
• It will reveal the weaknesses of the management.
• It will reveal the efficiency of budgetary system and its management.
Disadvantages of management audit
• It may lower the morale of top management.
• It is not possible for the mangement and audit staff to reveal their
inefficiencies during the auditor’s presence and this may lead to a
biased report.
c) Vouching Audit
Vouching audit is that audit where the auditor checks each and every transaction
right from the origin in the books of prime entry till they are posted and the final
accounts are prepared from the amounts posted.
d) Balance sheet audit
The term balance sheet audit means verification of the value of assets,liabilities,the
balances of reserves and provisions and the amount of profit earned or loss
incurred by a business during the year.
The balance sheet items are verified by checking the following;
• Description
• Ownership (recording of items)
• Net Book Value (NBV=cost less totaldepreciation)
• Existence (physical existence of the asset)
Advantages of a balance sheet audit
• Less expensive because it only checks the balance sheet items.
• Results in a balanced opinion because the balance sheet contains the
most important items the auditor’s report is based on.
• Chances of changing figures after the audit are minimal.
Disadvantages of a balance sheet audit
• It is partial audit and not therefore suitable to limited companies.
• It is only applicable to companies with a strong internal control system.
• If undertaken for a limited company, it may increase the auditor’s
liabilities because it covers a limited area.
e) Standard audit
This is a type of audit, which is conducted to ascertain whether the client
accounting system complies with the required levels of standards set by the
professional bodies.
These may include:
• Statement of standards of accounting practices (SSAP);
• International Accounting Standards (IAS);
• Generally Accepted Accounting Principles (GAAPs).
1.3.5. According to the public sector’s audit
Main Objective
The main objective of public sector’s audit is to provide assurance to parliament,
the government and the public that government departments, ministries and
agencies are operating and accounting for their performance in accordance
with the Act of Parliament, the relevant regulations and public interests.
The three main types of public sector’s audits
a) Financial audit
It focuses on determining whether an entity’s financial information is presented
in accordance with the applicable financial reporting and regulatory framework.

This is accomplished by obtaining sufficient and appropriate audit evidence to
enable the auditor to express an opinion as to whether the financial information
is free from material misstatement due to fraud or error.
b) Performance audit
It focuses on whether interventions, programs and institutions are performing in
accordance with the principles of the economy, efficiency and effectiveness and
whether there is room for improvement.

Performance audit is executed against suitable criteria, and the causes of
deviations from those criteria or other problems are analyzed.
The aim is to answer key audit questions and to provide recommendations for
improvement.
c) Compliance audit
It focuses on whether a particular subject matter is in compliance with identified
criteria obtained from laws and regulations. Compliance auditing is performed
by assessing whether activities, financial transactions and information are,
in all material respects, in compliance with the existing laws and regulations
governing the audited entity.
Application activity 1.3
1. Explain the following types of audits according to the time factor.
a. Final audit
b. Interim audit
c. Continuous audit
2. Give the advantages and disadvantages of procedural audit.
1.4. Investigation
Learning activity 1.4
Analyze the photos above and answer the follow questions:
1. What do you see on the image above?
2. Differentiate these persons according to their work
1.4.1. The difference between auditing and investigation
a) The meaning of investigation
Investigation is an act that involves the examination of accounts and the use
of accounting procedures to discover financial irregularities and to follow the
movement of funds and assets in and out of organisations.
Investigation is an inquiry commissioned by a client for some purpose.
Investigating is a kind of special audit with a limited or extended scope according
to the purpose for which it is conducted.
b) Difference between auditing and investigation
1.4.2. Characteristics and reasons of investigation
a) Characteristics of investigation
• Investigation is an enquiry.
• Investigation implies systematic and critical examination of accounts
and records of a business enterprise for a specific purpose.
• It is conducted for a specific purpose (suspicion).
• Its specific purpose may be evaluated of state of affairs or establishment
of a fact.
• Conducted for a non-fixed period (any time) and any person (police,
lawyers, consultants, etc.) and describes a fact not an opinion.
b) Reasons for investigation
Investigation is carried out due to the following reasons:
Purchase of a company
When an individual is interested to purchase a business, he/she can appoint an
accountant of his/her choice to carry out investigation in respect of business
which he/she wants to purchase. The main purpose of this investigation is to
find out the details about this purchase. If the investigation report is in favor of
this business, then it can be purchased.
Admission of a new partner
An investigation may arise, either on behalf of a person intending to bring capital
in order to become a partner, or for the existing proprietors who intend to take
in a partner. If the investigation is arranged by the prospective partner. The main
purpose will be to ascertain whether to become a partner is beneficial or not. In
this case, investigation will be similar as in the case of a purchase of a business.
Fusion of the companies (Acquisition of a Merger)
Mergers mean to convert two or more business enterprises into one unit. In
this case, one business enterprise can acquire the assets or shares of another
enterprise. The most important term that must be negotiated in a merger
arrangement is the price the acquiring firm will pay for the acquired business. In
mergers or fusions, a larger firm generally takes over a small one and assumes
all management control.
Before the merger of two or more business enterprises, investigations are carried
out through some accountants by the firm, which intends to acquire other firms.
The main purpose of these investigations is to find out the details about financial
position of the other businesses.
Prospecting of the investments (Prospective investment)
Some individuals or firms might be interested to make some investments in
the form of shares or debentures of other companies. In order to make their
decisions, they want to know the details about the financial standing of those
companies. For this purpose, they can arrange some investigations through
some accountants.
Prospecting of a loan or investigations on request for loans (Prospective
lending)
Some banks carry out some investigation before advancing loans to some
business enterprises. Similarly, some suppliers need independent investigation’s
reports before granting credit facilities to their clients.
Suspicion of fraud or fraud investigation (Fraud)
Investigations are carried out on the instructions of management to detect fraud
if the behavior of some employee is suspicious. If the fraud is concerned only
with the section of the work e.g. the entry of dummy workmen on a wages sheet
by one clerk, the extent of the investigation should be restricted to that one
section.
On the other hand, if misapplication of cash is the result of collusion between
two or more employees then the investigation can be extended to various
sections or departments of the organization.
Legal or statutory investigation
Investigation conducted to satisfy some legal requirements. The following cases
indicate when a legal investigation can be conducted:
• An investigation by the liquidator of a company where directors are
suspected of fraud regarding the affairs of the company;
• An investigation by a trustee in a bankruptcy where the bankrupt is
suspected of having acted fraudulently in the past.
c) Steps of investigation
• Determine the scope/objectives of investigation.
• Planning the investigation (Formulate investigation program).
• Establishment of the fields of application (by examining or studying
various records).
• Analysis and interpretation of findings/results.
• Preparation of the investigation’s report/writing of the investigation
report.
d) Report of investigation.
On the completion of investigation, the report is submitted to concerned parties.
The report submitted in respect of an investigation should cover the following
points:
• Reference to instruction given by the client;
• Reference to basic documents covering information obtained;
• General outline of the work done;
• Summary of information obtained;
• Recommendations in accordance with information obtained.
Application activity 1.4
1. The scope of investigation is very large than the scope of accounting.
State some areas in which investigation should be applied.
2. What are the steps of investigation?
1.5. Auditing and acccounting
Learning activity 1.5
1. Observe carefully the pictures above and establish the difference
among them.
1.5.1. Difference between auditing and accounting
1.5.2. Benefits and limitations of an audit
a) Benefits of an audit
• The shareholders of a company are given an independent opinion as
to the true and fair view of the accounts that have been prepared by
management.
• The use made by third parties such as suppliers and banks adds
confidence in the performance of a company.
• While not responsible for detecting fraud, the very fact that an audit
is carried out and may uncover evidence of fraud, can help to mitigate
against such risks.
b) Limitations of an audit
• Every item is not checked. In fact, only test checks are carried out by
auditors.
• Auditors depend on representations from management and staff.
• Evidence gathered is persuasive rather than conclusive.
• Auditing is not purely an objective exercise. Judgments have to be
made in a number of areas.
• The timing of an audit.
• An unqualified audit opinion is not a guarantee of a company’s future
viability, the effectiveness and efficiency of management, nor that fraud
has not occurred in the company.
Application activity 1.5
1. You are a shareholder in AKARABO Co.Ltd. What are the benefits
could you get from an audit?
2. Explain the limitations of an audit
Skills lab activity 1
Using two learning groups, one being as an accountant and another as
an auditor. Students visit library and pairs exchange roles as the teacher
supports accordingly. Let students present their views on the similarities
between auditing and accounting.
End unit 1 assessment
1. Write short notes on the following:
a. Statutory Audit
b. Private Audit
c. Interim Audit
2. Explain the term continuous audit and outline its advantages and
disadvantages.
3. What are the types of audits according to the time factor?
4. Give the difference between Auditing and Accounting
5. Explain the following principles of auditing:
a. Objectivity
b. Professional Independence
6. What are the elements of an investigation report?
UNIT 2:LEGAL AND PROFESSIONAL REQUIREMENT
Key unit competence: To be able to describe the legal and professional
standards required for an auditor
Introductory activity
MURENZI has recently completed his Certified Public Accountant (CPA)
course and got an offer in KM audit firm. On his first audit assignment,
the audit Partner instructed him to observe the auditing standards and
professional ethics. Further, he was requested to carry out his engagement
with due diligence and be able to mitigate any ethical threats/ challenges.
Given that it was his first engagement assignment, he was not sure about
the professional and legal requirements of the auditors. Furthermore, he did
not know the ethical threats partaning to the profession of auditing and their
mitigation strategies.
In response to his problem, the auditor decided to consult the senior auditor
KEREKEZI with whom deployed to carry out the audit of BETA Co Ltd
financial statements for the period ended 31 December 2020, prepared
in conformity with common rules. MURENZI got ample explanations from
the colleague. Thereafter, he started the audit and the audit was done as
guided by the audit partners. The auditor conducted the audit in conformity
with international standards on auditing, local requirements, and observed
the professional requirements.
Questions
1. Why is it necessary for an auditor to comply with national and
international regulations on auditing?

2. In case the auditor does not comply with national and international
regulations on auditing, what happens?
2.1. Audit standards
Learning activity 2.1
INEZA BAKERY produces different products from wheat flour like bread,
cakes etc. it has records of financial transactions. The management of this
bakery needs the help for checking if their records are accurate according
to General Accepted Accounting Principles.
1. As students in S6 Accounting, what do you think could be the
International Standards on Auditing that would applied while
checking the financial records of INEZA BAKERY?
2. What are the fundamental principles of ethics that you must fulfil in
order to become a member of professional body like ICPAR/IFAC?
2.1.1. International standards on auditing
a) Meaning of International Standards on Auditing (ISAs)
International standards on auditing are professional standards for the
performance of financial audit of financial statements.
b) Structure of International Standards
The International standards are structured as follows:
• Introduction: includes the purpose, scope and subject matter of the
ISA plus the responsibility of the auditor.
• Objective: consists of a clear statement of the ISA’s objective in relation
to the audit area that the ISA addresses.
• Definitions: of applicable terms used in the text.
• Requirements: clearly stated as ‘the auditor shall…’
• Application and other explanatory material: more precise explanations
of what requirements mean or are meant to cover.
These standards are issued by International Federation of Accountants (IFAC)
through the International Auditing and Assurance or guarantee Standards Board
(IAASB). ISAs are mandatory in some jurisdictions for the audit of company’s
accounts.
c) Process of setting Standards
• The IAASB identifies new developments.
• The IAASB appoints a task force to draft a standard.
• Consultation takes place.
• An “exposure draft” is produced; essentially a draft standard issued
welcoming comments from the profession and any other interested
party.
• The task force considers comments and may make amendments.
• The Standard is finalised and formally approved by the IAASB.

Examples of international standard on auditing
• IAS200: Overall Objectives of the Independent Auditor and the Conduct
of an Audit in Accordance with International Standards on Auditing
• IAS210: Agreeing the Terms of Audit Engagements
• IAS230: Audit Documentation
• IAS500: Audit evidence
• IAS530: Audit sampling
• IAS700: Forming an opinion and reporting on financial statements
2.1.2. Ethical duties of auditors according to International
standards on auditing
The IESBA Code of Ethics provides ethical guidance for members in its
five fundamental principles such as: integrity, objectivity, professional
competence and due care, confidentiality and professional behavior.
a) Fundamental principles of ethics
All members and students must comply with these five fundamental principles
set out in IESBA Code of Ethics.
• Integrity: to be straightforward and honest in all professional and
business relationships.

• Objectivity: Not to compromise professional or business judgments
because of bias, conflict of interest or undue influence of others.
• Professional competence and due care:

– To attain and maintain professional knowledge or skills at the level
required to ensure that a client or employing organization receives
competent professional service, based on current technical and
professional standards and relevant legislation.

– To act diligently in accordance with applicable technical and
professional standards.

• Confidentiality: To respect the confidentiality of information acquired
as a result of professional and business relationships.
• Professional behavior: to comply with relevant laws and regulations
and avoid any action that the professional accountant knows or might
discredit the profession.
Compliance with the fundamental principles may potentially be threatened by a
broad range of
Circumstances. The IESBA Code of Ethics categorises them as follows:
• Self-interest (e.g. financial interests, concern over employment
security)
• Self-review (e.g. decisions made and reviewed by same person)
• Advocacy (not improper provided it does not result in misleading
information)
• Familiarity (e.g. long association, acceptance of gifts)
• Intimidation (e.g. threat of dismissal)
Possible safeguards to above threats of independence are:
• Setting the internal rules that for example no partners or staff have
shares in audits client ;
• Setting client acceptance procedures ;
• Carry out an annual review of independence both for the whole firm ;
• Do a consultation procedure in case of doubt ;
• Second partner review of certain client ;
• Rotation of the engagement partner or rotation of senior auditor staff.
b) Specific guidance and notes
The IESBA Code of Ethics states that independence requires independence
of mind and independence in appearance. In other words, the auditor must be,
and must be seen to be independent.
• Independence of mind is the state of mind that permits the provision
of conclusions without being affected by influences that compromise
professional judgement, allowing an individual to act with integrity, and
exercise objectivity and professional scepticism.
• Independence in appearance is the avoidance of facts and
circumstances that are so significant a reasonable and informed third
party would be likely to conclude that a firm’s, or audit and Assurance
team members, integrity, objectivity or professional scepticism have
been compromised.
It is very important that the auditor is impartial and independent of management,
so that he/she can give an objective view on the financial statements of an
entity. The responsibility is always on the auditor not only to be independent but
also to be seen to be independent.

Application activity 2.1
1. You are appointed as the auditor of XY Company. What are the main
principles of ethics you need to observe during the audit?
2.2. Auditor of the company
Learning activity 2.2
Suppose you are the auditor of Star Ltd located at Nyagatare District and
you have a neighbour who has new business. He/she wants to know the
main responsibilities of an auditor. Help him/her to answer the following
question:
1. What do you think could be the responsibilities of the auditor of Star
Ltd Company?
2.2.1. Duties, obligations and rights of an auditor
a) Duties of an auditor
An auditor has to:
• Make a report to shareholders, ownersor government ( for external
auditors)
• Make a report to the management (for internal auditors).
• Assist in investigation.
• Certify that whether loans are properly secured and not at terms
prejudicial to the interest of shareholders.
• Certify whether transactions conducted by the company are not
prejudicial to the interest of shareholders.
b) Obligations of an auditor
An auditor must:
• Pass an approved set of professional examinations, set by a Recognised
Qualifying Body (RQB) e.g. the ACCA, CPA, CA;
• Become a member (and stay member) of a Recognised Supervisory
Body (RSB) e.g. ACCA, ICPAR;
• Not to be a director or employee of the company, or of any associated
companies;
• Not to be an employee or business partner of a director or employee of
the company or of any associated companies.
c) Auditor’s rights
The auditors have powerful rights to:
• Access to all records needed (the books of the organisation at any
time);
• Receive information and explanations of all transactions;
• Call for information and explanations from employees, managing agents,
company secretaries, etc;
• Attend and receive notice (within 21 days) about general meetings and
they have right to speak at general meetings on relevant matters;
• Visit the company’s branches;
• Take a legal and technical advice;
• Remuneration;
• Sign the audit report.
2.2.2. Auditor’s liability
a) Meaning of auditor’s liability agreements
Auditor’s limited liability agreements are contracts designed to ensure that
auditors are not pursued for excessive losses, just reasonable proportion based
on their responsibility.
b) Types of auditor’s liability
Civil liability of Auditor for negligence: Civil liability is the legal responsibility
for a payment to an aggrieved third party, due to the violation of a civil law, tort,
or a breach of contract. Therefore, the auditor must exercise reasonable degree
of skill and care in the performance of his/her duties.An auditor can be held
liable for negligence of his/her duty if it is proved that:
• Negligence in the performance of his/her duty;
• A loss or damage as a result of his/her negligence;
• The loss was suffered by his/her client.

Criminal liability: responsibility for any illegal behaviour that causes harm or
damage to someone or something which means open to punishment for a crime.
c) Sources of legal liability for an auditor
• The Legal Liability of Auditors to Third parties;
• Unjustified/unfair Lawsuits;
• Successful Lawsuits against Auditors.

Third parties: can be a person or group besides the two primarily involved
in a situation, especially a dispute. Third parties may include any individual
shareholders, potential investors and the banks. In these cases, there is no
contract with the audit firm. Therefore, there is no implied duty of care. In order
to hold the auditor criminally liable, the following must be proved:
• that the statement made was false in material facts;
• that the auditor willfully made such a false statement, and;
• That the statement complained of has been made in any return report,
balance sheet, certificate or any other document required to be made
under any provision of the Companies Act.
It may be stated here that the court has the powers to relieve an auditor either
partly or wholly; if a case is proceeding against him/her for negligence, default
or breach of duty or trust provided it is satisfied that the auditor acted honestly
and reasonably by taking into consideration all the circumstances of the case.
An auditor may be also held liable for damages to third parties, if they have
suffered any loss relying on any balance sheet or any financial statement signed
by him/her. Such liability arises where there is no direct contractual liability. It
may arise in the following cases.

• Where the auditor has been proved negligence and any third party has
suffered a financial loss due to negligence of the auditor;

• Where the auditor did not attach a disclaim to this report to the effect
that the report was not intended to be relied upon by third parties;

• Where the auditor was made fully aware that third parties were going
to rely on his/her report;

• Where the third parties can prove that no other external factors
influenced their decision making except the auditor’s report;

• Where the auditor owed a duty of care to the third parties;

• Where the auditor gives reference regarding his/her client’s credit
worthiness;

Although it is difficult to determine to which third parties the auditor will be liable.
However, the auditor may be liable generally to the following third parties:
• Any person to whom he/she owes duty of care e.g. debtors or creditors
of his/her client;
• Persons who may rely on his/her work provided the auditor knew
that those persons will rely on his/her work e.g. bank managers, tax
authorities etc;
• Any person who is affected due to his/her audit report e.g. the employees
of his/her client.
The auditor can take the following steps to minimise the danger of any claim
against him/her for negligence work:
• Gather conclusive evidence and supporting documents before passing
any entries and drawing an opinion;
• Review the risky audit areas before releasing the final audit report to
the shareholders;
• Withdraw his/her consent and give a public notice to this effect after
registration of prospectus but before allotment of shares;
• Use well trained and experienced staff during the audit work who will
carry out their duties completely;
• He/she should obtain supporting evidence e.g. letters of representation
to prove his/her competences;
• Withdraw his/her consent in writing before such a prospectus has
been registered and before it is for public use.
Application activity 2.2
Question
1. AMAHORO Ltd is an audit firm located in Bugesera District. It is
appointed to audit the industry that manufactures agricultural
products. The owner of AMAHORO Ltd asks for assistance on ways
of minimising the risks/dangers of any claim against for negligence.
How AMAHORO Ltd will minimize the risks of negligance?
Skills lab activity 2
Through internet search, students in their learning teams search different
cases that can lead the auditor to criminal liabilities and civil liabilities.
End unit 2 assessment
1. What are the components of International Standards on Auditing?
2. Which of the following are not engagement standards issued by the
IAASB?
a) International Standards on Auditing
b) International Standards on Quality Control
c) International Auditing Practice Statements
d) International Standards on Related Services
e) International Standards on Assurance Engagements
f) International Standards on Review Engagements
3. Under what circumstances an auditor may be held liable to a third
party for negligence.
4. Which cases may lead an auditor to be held liable to criminal
offence?
UNIT 3: AUDITOR’S APPOINTMENT
Key unit competence: To be able to describe the procedures for
auditor’s appointment.
Introductory activity
MODERN BUSINESS enterprise has been operating for ten years in
manufacturing business industry. For the last ten years in operation, the
business was characterized with high costs and thus affecting its profitability.
The business owner thought of seeking advice from the expert.
NTRODUCTION
TO ACCOUNTING
UNIT AUDITOR’S APPOINTMENT 3
Key unit competence: To be able to describe the procedures for
auditor’s appointment.
Introductory activity
MODERN BUSINESS enterprise has been operating for ten years in
manufacturing business industry. For the last ten years in operation, the
business was characterized with high costs and thus affecting its profitability.
The business owner thought of seeking advice from the expert.
After the consultation , the owner found it necessary to execute the following:
• Change the business’s nature and become a limited liability
Company;
• To issue more shares;
• To ensure that the produces are accessible to customers in their
respective places;
• To increase the sales turnover;
• To reduce the number of sales staffs and be replaced by the sales
agents, that will be provided the commissions on sales made.
After the structuring of the business, a new company named XY ltd and
started its operations on 1st Jan 2016. This was followed with the appointed
of board members.
Due to the fact that it was its first year of operation as a company, the
shareholders were interested to know the performance of the company and
thought of hiring an expert to review the financial statements of XY ltd for
the period ended 31 December 2016 and give his/her independent opinion.
Questions
1. What is a professional name of a person who examines financial
statements and other financial documents on behalf of shareholders?
2. What are procedures of appointing him/her?
3. What should that person consider before accepting the assignment?
3.1. Auditor’s appointment procedures
Learning activity 3.1
On the appointment of the auditor, in the general annual meeting of the
board of directors, shareholders and the management were discussing
the basis under which the auditor of their famous company known as
TWUNGANIRANE Ltd, would be recruited. They wanted to set ethical
duties, rights and liabilities of their new auditor.

1. What should be the fundamental ethical principles of auditors?

2. What do you think are the rights of an auditor?

3. What are the auditor’s liabilities?
3.1.1. Appointment of an auditor
It is a legal requirement of the Companies Act for all Limited Companies to
appoint an auditor who will oversee the company’s affairs for a given financial
period.
a) Conditions and ways of appointing an auditor
• First auditor is appointed after the company’s registration by the Board
of Directors in 30 days and when fair to do, he/she is appointed by the
registrar of companies.
• In case the above auditor is to resign, he/she must give a notice of 28
days in writing to the Board of Directors and for removal he/she is given
28 days.
• At the annual general meeting, the shareholders will have to appoint an
auditor-28 days must be given to the out-going auditor in this respect.
• Automatic Appointment
– If there is no resolution intended to remove the previous auditor,
then he/she is automatically reappointed.
– If the previous auditor does not give a notice of the resigning in
writing (of 28 days) then he/she is deemed to be automatically re-appointed.
– If the auditor has not committed any act which disqualifies him/her
automatically from being re-appointed.
– If after the annual general meeting, the shareholders disagree on
who is to be the next auditor. (If no new auditor is appointed nor do
they delegate this duty to the Board of Directors, then 7 days after
the annual general meeting the Registrar of Companies will have to
appoint a new auditor) assuming that the previous auditor has been
removed.
– In addition, automatic re-appointment will be obvious accepted.
If he/she is not qualified for re-appointment e.g. due to misconduct or delays the
annual general meeting. If the auditor has given a notice (28 days) in writing of
his/her intention/unwillingness to be re-appointed. If a notice for a solution has
been given by any one shareholder, intending to appoint someone else then the
auditor cannot be automatically re-appointed.
b) Casual Vacancies
A casual vacancy may arise in the auditor’s office due to any one of the following
situations:
• The auditor’s death –Directors will have to fill such a vacancy;
• The auditor is incapacitated, e.g. loss of limbs -Directors can fill such
a vacancy;
• A doctor has to give a formal certificate to this effect;
• The auditor’s resignation
This can only be filled by shareholders through an Extra Ordinary General Meeting.
Explanation why the auditor is resigning is required, if due to disagreement, he/
she can be reinstated by the shareholders and directors may be removed.
c) Procedures for appointing an auditor
Advertising
To enhance comply with the company’s Act and other requirements in place,
recruiting company should advertise for a vacancy of its offer of external
auditor. The advertisement should be done through official different medium of
communication such as company website, radios, news papers…etc.
Use of logos
A firm /auditor must have a practicing/auditing certificate to qualify him/her
as registered auditor. The firm/ auditor’s documentations should be designed
logos representing him/her.
Tendering
Client companies can change auditors. In this regard, a firm/auditor may be
approached to submit a tender for an audit. When approached to tender, an
audit firm must consider whether they want to do the work and they must have
regard for the ethical considerations, such as independence and professional
competence. In addition, they need to consider fees and some other practical
issues.
Fees
A member may quote whatever fee is deemed to be appropriate. The fact that
one may quote a lower fee than another auditor is not in itself unethical. However,
it does raise the risk of a threat to the principles of professional competence
and due care in that the fee quoted may be so low as to make it appear to be
difficult to perform the audit to the expected standards.
Therefore, it is wise to set out the basis of the calculation of the fee. The following
factors should be considered when setting out a fee:
• What does the job involve?
• Is it audit and/or tax or is there some other complicated work involved?
• Which staff will need to be involved, numbers and quality? How long
will they be required? Is the nature of the business complex?
• What charge out rates are to be applied?
The practice of undercutting fees has been called lowballing and can be seen
in action generally where large audits are concerned. We have seen that having
a lower fee may seem to have a negative impact on an auditor’s perceived
independence but there are other factors to be considered:
• Auditors operate in a market like any other business where supply and
demand very often dictate the price;
• Fees may be lower due to reasons such as better internal audit functions;
• Simplified group structures within client companies;
• Auditing firms have increased productivity, whether through the use of
more sophisticated IT or experience gained through understanding the
client’s business.
Other considerations
It is important that the auditor also considers a number of other issues:
• Can the audit assignment be fitted in to the audit firms current work
plan?
• Is their suitable audit staff available?
• Will any specialist skills be required?
• What are the future plans for the company?
• Is there any training required for current staff and what will be the cost
of that training?
• What work does the client actually want? Audit and/or tax?
• Is this the first time the company has been audited.
• Whether the client is seeking to change its auditors and if so what is
the reason behind it?
Submitting an audit proposal
There is no set format. In fact, the client may dictate the format. Whatever the
form of the tender submission, the following matters should be included in the
proposal:
• The audit fee and the basis for its calculation ;
• An assessment of the needs of the client ;
• How the firm/auditor intends to meet the needs of the client ;
• Any assumptions made to support the proposal;
• The audit approach to be adopted by the firm ;
• A brief outline of the firm;
• Details and background of the key audit staff on the proposed
engagement.
Evaluating the tender
Different clients will have different ways of evaluating a tender. Some of the
more general points are listed below. It is important to bear these in mind when
preparing a proposal:
• Fee: This can be the most vital point. Some clients go straight to this
figure and do not even bother with the rest of the document.
• Professionalism: Auditors are expected to be professional.
Remember, the audit team and the tender documents are often the first
factors on which a prospective client forms an impression.
• Proposed audit approach: Clients are always looking for the least
amount of disruption to their already busy schedules, so the shortest
number of days on-site may be the key to winning a tender.
• Personal service: Fostering relationships is vital. Client should always
feel he/she is getting value for money.
Acceptance of the firm/auditor
You have submitted a tender. You have been successful and the client has
offered you the tender. Before you accept and commence the audit, you should
carry out a number of procedures in order to comply with the provisions in
ISQC1.
3.1.2 Acceptance procedures
a) Conditions before accepting the assignment
• Make sure there are no ethical issues that would prevent you from
accepting this assignment.
• Make sure that you are professionally qualified to carry out the work
requested and that your firm has the resources available in terms of
staff, expertise and time.
• Check out references for the directors of the client firm especially if
they are unknown to the audit firm.
• Consult previous auditors as a matter of professional courtesy and
establish from them whether there is anything that you ought to know
about this vacancy.
b) Conditions after accepting the assignment
• Make sure the resignation of the previous auditors has been properly
carried out and that the new appointment is valid. A resolution by
shareholders of the company is required.
• Submit a letter of engagement to the directors of the client company
and ensure it is accepted and signed before any audit work is carried
out.
ISQC1 states that a firm should establish policies and procedures for the
acceptance and continuance of client relationships and specific engagements,
designed to provide it with reasonable assurance that it will only undertake or
continue relationships and engagements where it:
• Has considered the integrity of the client and does not have any
information that would lead it to conclude that the client lacks integrity,
• Is competent to perform the engagement and has the capabilities, time
and resources to do so and
• Can comply with the ethical requirements.
The firm should obtain such information as it considers necessary in the
circumstances before accepting an engagement with a new client, when
deciding whether to continue an existing engagement and when considering
acceptance of a new engagement with an existing client. Where issues have
been identified and the firm decides to accept or continue the relationship or a
specific engagement, it should document how the issues were resolved.
In short, a firm must:
• Obtain relevant information;
• Identify relevant issues ;
• Resolve issues that are identified, and document that resolution.
c) Integrity of client
Matters to be considered:
• Identity and business reputation of owners, key management and those
charged with governance;
• Nature of the client’s operations and its business practices;
• Attitude of the owners, key management and those charged with
governance towards matters such as aggressive interpretation of
accounting standards and the internal control environment;
• Client’s attitude to fees;
• Indications of inappropriate limitation in the scope of work;
• Indications that client may be involved in money laundering or other
criminal activities.
• Reasons given for non-reappointment of previous auditors.
Information can be gathered through communications with previous auditors
or other professionals who may have provided services and through other
third parties such as bankers, legal counsel and industry peers. There is also a
multitude of relevant databases where one can do some background research.
d) Competence of the audit firm
Matters to be considered:
• Does the firm have sufficient knowledge of the relevant industry and the
relevant regulatory environment?
• Are there sufficient personnel within the firm having the necessary
capabilities and competence and are experts/specialists available
when needed?
• Are competent individuals available to perform engagement quality
control reviews?
• Will the firm be able to complete the engagement within the reporting
deadline?
Where a potential conflict of interest is identified, the firm should consider
whether it is appropriate to accept the engagement.
• Need to consider any significant matters that may have arisen during
the current or previous engagements of whatever description.
• SQC1 goes on to state that where the firm obtains information that
would have caused it to decline an engagement if that information had
been available earlier, policies and procedures (on the continuance
of the engagement and the client relationship) should include
consideration of: The professional and legal responsibilities that apply
to the circumstances, including whether there is a requirement for the
firm to report to the person or persons who made the appointment or,
in some cases,to regulatory authorities, and
• The possibility of withdrawing from the engagement or from both the
engagement and the client relationship.
Some suggested procedures would include discussing with appropriate client
management the appropriate action that the firm might make based on the relevant
facts and circumstances. In addition, the firm should document the significant
issues, consultations, conclusions and the basis for those conclusions.
3.1.3. Agreeing the terms of engagement
a) Terms of engagement
Once an engagement has been accepted, it is important to agree the terms.
It is essential that both parties fully understand what the agreed services are.
Any misunderstanding could lead to a breakdown in the relationship and could
result in legal action.
ISA 210-terms of audit engagements establishes and provides guidance on:
• Agreeing the terms of an engagement with the client and;
• The auditor’s response to a request by a client to change those terms
to one that provides a lower level of assurance.
It states that the auditor and the client should agree on the terms of the
engagement. The agreed terms would need to be recorded in an audit
engagement letter or other suitable form of contract. The terms should be
recorded in writing.
The objective and scope of an audit and the auditor’s obligations may be
established by law, but the auditor may still find that an audit engagement
letter will be informative for their clients. The main points to be clarified in the
engagement letter would include:
• Confirmation of the auditor’s acceptance of the appointment;
• The auditor is responsible for reporting on the accounts to the
shareholders;
• The directors of the company have a statutory duty to maintain the
books of the company and are responsible for the preparation of the
financial statements;

• The directors are responsible for the prevention and detection of fraud;

• The fact that because of the test nature and other inherent limitations of
an audit, there is the unavoidable risk that some material misstatements
may remain undiscovered;

• The scope of the audit including reference to appropriate legislation
and standards;

• There should be unrestricted access to whatever books and records
the auditor needs in the performance of his duties.
Other points to be included:
• Arrangements regarding the planning and performance of the audit;

• The expectation of receiving from management written confirmation
regarding;

• Representations made in connection with the audit;

• Request for the client to confirm in writing the terms of the letter;

• The fee to be charged and the credit terms;

• The form of any reports or other communication of results of the
engagement;

• On recurring audits, the auditor should consider whether circumstances
require the terms of the engagement to be revised and whether there
is a need to remind the client of the existing terms of the engagement;

• An auditor who, before the completion of the engagement, is requested
to change the engagement to one, which provides a lower level of
assurance, should consider the appropriateness of doing so. Where
the terms are changed, both parties should agree on the new terms;
Note, the auditor should not agree to a change of engagement where there is
no reasonable justification for doing so.
b) Books and documents
ISQC1 states that the firm should establish policies and procedures for the
retention of engagement documentation for a period sufficient to meet the
needs of the firm or as required by law or regulation.
Unless otherwise specified by law or regulation, engagement documentation is
the property of the audit firm. The firm may, at its discretion, make portions of,
or extracts from, engagement documentation available to clients, provided such
disclosure does not undermine the validity of the work performed, or, in the case
of assurance engagements, the independence of the firm or its personnel.
Audit working papers belong to the auditor and cannot be taken over by another
set of auditors taking over the audit assignment. In practice, the previous auditors
provide the new auditors with enough carry over information such as the lead
schedules behind the makeup of the financial statements.
The auditor owes a duty of confidentiality to the client, so documents about the
client should not be given to third parties unless:
• The client agrees to the disclosure ;
• The disclosure is required by law or court order;
• Disclosure is otherwise in accordance with the rules of professional
conduct.
The previous auditors should ensure that all the books and documents belonging
to the client are returned promptly. In some cases, the previous auditors are
allowed to keep the books where they are exercising a lien. This is a supplier’s
right to retain possession of a customer’s property until the customer pays up
what is owed.
Strict conditions that can be enforced:
• The books and documents must actually belong to the client;
• The auditor must have got them by proper means;
• The actual work must have been done and a fee note raised and given
to the client;
• The fee must relate to the held documents. Financial statements and tax
compliance work belong to the client, even if the auditor/ accountant
has prepared them.
Change in auditors
Companies do actually change their auditors. It is important that auditors
understand why a company may seek to change their auditor in a bid to prevent
this from happening to them.

The following sets out the reasons why this can happen:
Audit fee
• Many companies perceive that an audit has very little value. In turn this
makes the audit fee a very sensitive issue;
• The fee may be perceived to be too high. Remember, a lot of audit work
may be done off site and the hours charged at the firms office will belong
to the managers and partners, so the client might not understand why
the fee is so high;
• It may not be seen as good value for money. For example, a client may
have important tax work carried out for him. The fee charged may be
way lower than that of the audit, probably due to the time involved, yet
the client might see the value of this work far greater than that of the
audit;

• The current fee might not appear to be very competitive. Other similar
firms may be getting audit services for less;

• The client may put the audit out to tender to see whether the price is
actually negotiable, even though he may have no intention of changing
his auditor;

• The audit fee may breach the recommended level of overall practice
fees as laid down by ethics and auditor may have no other alternative
but to resign.
Audit firm may not seek re-election
• The auditor may choose not to stand for ethical reasons, such as he/
she doubts the integrity of management.

• Conflicts of interest may have arisen such as competition between
clients or maybe he/she has been offered some lucrative work by the
client and he/she may have to resign the auditor.

• The auditor may have a disagreement with the client such as in the
formulation of accounting policies.

• The auditor may simply not want to reduce his/her audit fee.
Problems related to the size of the company
• The company may be growing at such a rate that the audit firm no
longer has the necessary resources, staff, time, and expertise, to allow
it to retain the audit.

• It is important to apply the principle of professional competence and
due care.

• Alternatively, the company may be constricting and it now finds that it
can avail of the

• Audit exemption specified under relevant jurisdiction regulations.

• There is very little that the auditor can do in each of these cases.

• With small companies, the audit is almost a personal service. If
the relationship breaks down, there may be nowhere to go except
discontinue the relationship. Within a big firm with big audit clients, you
could simply change the engagement partner.
• As part of the safeguards against the threats to independence, audit
rotation was put forward. This is where the audit moves to another firm
although in the previous point, rotating to another engagement partner
within the same firm will mean the same thing.
Application activity 3.1
1. Go to the library and search in audit books, look on matters the
auditor considers related to the integrity of the client.
Skills lab activity 3
Through the search in audit books from the library, make a summary to
be presented in the class on the procedures for recruiting/appointing an
auditor.
End unit 3 assessment
1. Highlight the procedures for appointing of an auditor?
2. Indicate the main terms of engagement as per ISA 210?
3. Provide the conditions for setting the remuneration of the auditor?
4. What are conditions for accepting the audit assignments?
5. What are conditions of engagement client must respect
6. Write down the main elements of engagement letter?
UNIT 4: AUDITOR’S REQUIREMENTS
Key unit competence: To be able to describe the auditor’s requirements
Introductory activity
Observe the above image then answer the following questions:
1. Why is it necessary for an auditor to have rights during the audit
work?

2. What can happen to the auditor who does not perform well some of
his/ her duties?

3. How do we call the specific characteristics that can allow someone
to be an auditor?

4. How do we call the specific characteristics that can’t allow someone
to be an auditor?
4.1. Qualifications and disqualifications of an auditor
Learning activity 4.1
Observe the image above then answer the following questions:
1. What do you think those people are discussing about ?

2. Is it possible that the Board of Directors can select the manager’s
wife as an auditor of the company? If Yes or No, explain.

3. What can happen if the Board of Directors decide to select the
manager’s wife?

4. Are there any sanctions to the auditor who accepts the appointment
after knowing that he/she is not eligible?
4.1.1. Qualifications of an auditor
A person to be appointed as an auditor of a company is required to hold some
specific qualifications. These qualifications are given in company’s Act of the
country.
This section answers the following question: “Who can be an auditor”? The
following are his/her qualifications and requirements:
• To be a member of one or more of the professional bodies which is
specified in the first column of the accountants for example ICPAR,
ICPAK, ICPAU and ACCA;
• Anyone authorized by the registrar of companies to do so (Should be a
holder of a degree in accounting and have been in auditing environment);
• Must have passed a final exam of CPA, ACCA, CA;
• Must ensure that he/she has adherence to professional ethics;
• Must have a post-graduate experience in an auditing environment of
not less than two years;
• Must be holding a practicing certificate given by the Professional
Accountancy body like ICPAR, ICPAU, ACCA, and ICPAK.
4.1.2. Disqualifications of an auditor
This refers to the question of who cannot be an auditor. The following are parties
who cannot be auditors:

• An officer or servant of the company-which means that an employee of
a company cannot perform his/her own audit;

• A person who is partner or who is in employment of an officer of the
company being audited;

• A person who was the director, employee or any other officer of the
company to be audited, during three preceding years;

• The spouse or any other relative of a director of the company;

• Persons who are disqualified as auditors of the company’s subsidiary
or holding company or a subsidiary of a company’s holding company;

• Body corporate -These are in form of limited companies. These cannot
be auditors because of the following reasons;

– These have limited liabilities status and if allowed to be auditors,
this will expose the client to limited liabilities, which may ultimately
lead to heavy losses.

– Limited companies cannot express personal opinion, yet the
Companies Act requires that the audit report contain an opinion
paragraph (personal opinion) which millions of shareholders-owners
of a limited company cannot express.

• A person who is indebted to the company for quite large sum of money
or has given guarantee or security in connection with indebtness to any
party who received or got such indebt ness;
• Directors, shareholders, managing agents, secretaries and treasures of
the company;
• A person who is holding more than 5% of the company’s authorized
share capital.
Application activity 4.1
SCENARIO
KBC is a limited company that sells rice and sugar, MUGABO is the General
Manager engaged by shareholders. KBC Ltd has shareholders in the whole
country, and some of them don’t have enough time to look at the performance
of their business. After Covid-19 pandemic period some shareholders didn’t
receive their dividends due to the loss reported by the managment and
was disclosed in the financial stements of the company for the period for
the perioded ended 31December 2020. They had doubt that the financial
statements were manipulated by the management. They decided to appoint
an external auditor and requested MUGABO to look for a qualified auditor
who can help them to know what had happened. MUGABO appointed his
nephew TOTO as an external auditor. He perfomed the audit of the company
and confirmed the same loss.

Required:
Specify the basis for disqualifications of an auditor.
4.2. Rights and removal of an auditor
Learning activity 4.2

Observe the above image then answer the following questions:
1. Is it necessary that an auditor must have specific rights? If Yes or No,
explain.

2. What can happen if the client refuses to give to the auditor some of
his/her rights?

3. What can happen to an auditor who does’nt perform well some of
his/her duties?
4.2.1. Rights and duties of an auditor
a) Rights of auditors
The auditors must have certain rights to enable them to carry out their duties
effectively. The principal rights auditors should have, excepting those dealing
with resignation or removal, are set out below:
• Right to access to the books of accounts of the organization at all
times
– The auditor has a right to access to those books, which may be
kept in the business and elsewhere.
– Right to receive returns submitted by the branch office to head
office.
“Books” will include books of accounts, statutory books (Memorandum, and
articles), statistical books, costing books, minute books and all vouchers of
whatever nature.
• Right to request and receive
The auditor has the right to request and receive from officers of the company
such information and explanations as they consider as necessary for the
performance of their duties.
• Right to receive a notice of 21 days to attend the Annual General
Meeting
The auditor has the right to receive a notice of 21 days to attend the Annual
General Meeting or Extra-Ordinary Annual General Meeting regardless of
whether accounts are discussed at the same annual general meeting, but can
only speak at this annual general meeting if the accounts are subjected to
discussion.
• Rights to make a statement at the Annual General Meeting
The statement must be to do with accounts under discussion, and is bound
to answer only those questions concerning the accounts if there pass through
the Chairman of the annual general meeting. He/she has the right to correct
wrong statements given by directors to do with accounts. He/she cannot cover
omissions in the report through his/her statements at the annual general meeting
in exercising this right.
• Right to be indemnified
He/she can be indemnified out of the company’s assets against any liabilities
incurred by him/her defending his/her name if this was tarnished by the company
in any manner.
• Right to visit the company’s branches
The statutory auditor has a right to visit the company’s branches provided if
these have no qualified auditor. During this visit, he/she has a right to over all
books of accounts and vouchers of the same branch and has a right to access
to returns (the returns the same branch has submitted to the head office).
• Rights to take legal and technical advice
The auditor has a right to obtain advice from such experts as engineers, lawyers,
solicitors and valuers. However, this advice must be interpreted from the
auditor’s own understanding of the prevailing circumstances in order to arrive
at an opinion.
• Right to Remuneration
The auditor has the right to receive his/her fees provided after the completion
of the audit work.
His/her work or if dismissed unlawfully during the course of the year, he/she has
a right to the full year’s fees.
• Remuneration of an auditor
– If appointed by directors, they will fix his/her fees and expenses.

– If appointed by the Registrar, he/she fixes his/her remuneration in liaison
with Directors.

– If appointed by shareholders, the same fix his/her fees or can delegate
the powers to the Directors.

– A retiring auditor who is automatically re-appointed at the AGM,
unless a resolution is passes re-fixing his/her fees is entitled the same
remuneration as in the previous periods.

– If the auditor is required to do any other work other than his/her normal
work, e.g. to prepare tax return, he/she is entitled to extra remuneration
for that.

– If an auditor is removed in the way prejudicial to his/her interest, e.g.
unlawfully, he/she is entitled to a full year fees.

– Any sum paid in respect of expenses to the auditor is part of his/her
remuneration and should be reflected in the P&L Account.
• Right to sign the Auditor Report
An auditor or one partner in the firm of the auditors has a right to sign an audit
report or authenticate any documents which the companies Act requires the
auditor to sign e.g. a prospectus, engagement letter; interim report for payment
of interim dividends, bankers reference to do with the company’s financial
strength, a report of the company’s affairs when the management are resigning.
• Rights in relation to written resolutions
A right to receive a copy of any written resolution proposed.
• Right to be heard at any general meeting
On any part of the business of that meeting, that concerns them as auditors.

If auditors have not received all the information and explanations they consider
necessary, they should state this fact in their audit report.

The companies Act make it an offence for a company’s officer knowingly or
recklessly to make a statement in any form to an auditor which:

– Conveys or purports to convey any information or explanation required
by the auditor; and

– Is misleading, false or deceptive in a material particular.
b) Duties of an auditor
The auditors are required to report on every balance sheet (statement of financial
position) and profit and loss account (statement of comprehensive income) laid
before the company in general meeting.
The auditor must consider the following:
• Compliance with legislation;
• Truth and fairness of accounts;
• Adequate accounting record and returns;
• Agreement of account to records;
• Consistency of other information;
• Director’s benefits.
4.2.2. Resignation and removal of an auditor

Companies Act places a requirement on auditors to notify the appropriate audit
authority in certain circumstances on leaving office.
If it is a major audit (quoted company or major public interest company), the
notification must be given whenever an auditor ceases to hold office.
If it is not a major audit, the notification is only required if the auditor is leaving
before the end of his term of office.
The appropriate audit authority is:
• Secretary of state or delegated body (such as the Rwanda professional
oversight board) if a major audit;
• Recognised supervisory body (e.g. ICPAR) for other audits.
Notice must inform the appropriate audit authority that the auditor has ceased
to hold office and be accompanied by a statement of circumstances or no
circumstances.
Application activity 4.2
1. A company’s auditor can be removed before expiry of his/her term by
one of the following:

A. Shareholders
B. Board of directors
C. Central government
D. State government
E. A and B are correct answers
F. All of the above

2. Remuneration of a company’s auditor is fixed by one of the following :
A. Shareholders
B. Board of directors
C. Central government
D. Appointing authority
F. All of the above
3. Which among the following is not a duty of the auditor:
A. Checking errors and frauds
B. Correcting errors and frauds
C. Vouching with original documents
D. Preparing final accounts
E. No one of the above.
4. The duties of internal auditor are defined /given by :
A. Companies Act
B. Company low board
C. Management
D. A and C are correct answers
E. All of the above
Skills lab activity 4
With the help of a teacher, students should be required to identify the
rights of an auditor and their applications.
End unit 4 assessment
1. While conducting the audit of a limited liability company for the year ended 31st March 2021, the auditor wanted to refer to the minute books. The management refused to provide the minute books to the auditor.
Required:
Specify one of the rights of the auditor.
2. Mugabo Ltd was formed on 1st August 2021 to manufacture
computers, the directors are unsure to their responsibilities and
the nature of their relationship with the external auditors. The audit
partner has asked you to visit the client and explain to the directors
more about the fundamental aspect of the accountability of the
company and their relationship with the auditors.
Required:
What the auditors’ rights under the companies Act?
UNIT 5: AUDITOR’S RESPONSIBILITY
Key unit competence: To be able to exhibit auditor’s responsibilities
Introductory activity

A case study
KARAMBIZI is an auditor who was appointed in PHILMAX Ltd Company.
The company wanted to set terms of working framework for a new auditor.
The management of the company wishes to know how to define general
duties and legal professional responsibilities of an auditor.
Question
1. Highlight three duties of an auditor
2. What do you think are reasons that may lead to auditor’s liabilities?
3. What do you think can be auditor’s liabilities in relation to third parties?
5.1. Legal responsibilities and duties of an auditor
Learning activity 5.1
An auditor has been recruited in a company to help it secure operations,
especially related to financial and procedural management operations.

1. What do you think are main duties of an auditor in a company?

2. What do you think are reasons which can make an auditor liable to
the company?
5.1.1. Legal responsibilities of an auditor
Under the company’sAact, an auditor may be liable to the following parties:
• The client to whom he/she owes the primary duty of care;
• Third parties who have not privacy of contract but have relied on his/her
opinion to arrive at a decision.
In general, the auditor’s liability may arise due to:
– Breach of contract;
– His/her failure to discover material misstatement due to fraud;
– His/her failure to discover material misstatement due to error;
– Carelessness or dishonesty.
The liability of an auditor may arise in the following capacities:
• In his/her capacity as an auditor in private audits;
• In his/her capacity as an auditor as a statutory audit.
a) Liabilities of an Auditor under Private Audits
In such audits, the auditor’s liabilities depend on the agreement between the
auditor and the client. It is for that reason that an auditor insists that the agreement
be in writing clearly, defining his/her duties, powers and responsibilities.
The auditor cannot be held liable for losses incurred as aresult of reliance on
parts of the accounts not covered in the auditing agreement. The auditor’s
liabilities are limited to the areas specified in the scope. In order to minimize his/
her liabilities, the auditor must:
• Be diligent and honest to reduce negligence;
• Should never sign a balance sheet he/she doesn’t believe to be correct;
• Use disclaimers on his/her report to minimize liabilities resulting from
his/her report.
In assessing the auditor’s liabilities under private audit, the following should be
assessed:
• That he/she was actually negligent with reference to the agreement;
• That out of negligence, the client suffered loss;
• That a person who has explicit contractual obligation with him/her has
suffered the loss defined by the contract.
Note: Under private audits, the auditor must include a caveat and disclaimer to
his/her report to the effect that it should not be used by any party to make any
decision as the client may have limited his/her scope in the audit and that was
liable to obtain all information which he/she considered as necessary to make
an opinion
b) Liabilities of an Auditor under Statutory Audits (Company’s Act)
Under the Company’s Act, auditors’ liabilities cannot be limited by any
agreement. The Act defines his/her duties, powers and responsibilities. Under
the Company’s Act, the auditors’ liabilities can arise out of:
• Civil law
• Criminal law
Civil liability of the Auditor: These liabilities arise out of negligence. Under civil
law, the auditor has the duty to care about the following:
• The client (in contract)
• Third parties whether he/she has contractual obligations or not.
The client (in contract)
The auditor due to this must exercise care and diligence in the performance of
his/her duties. Even though negligence is proved against the auditor, there is no
liability for negligence unless it can also be proved that the client also incurred
loss out that negligence i.e. in case of third party liability. In order to sue the
auditor successfully, the client must prove:
• The auditor was negligent;
• That out of the auditor’s negligence, a client suffered a financial loss;
• That the financial loss is qualified and material.
Auditors’ liabilities to Third parties
He/she can be liable to the third parties under the following conditions:
• Where the party has suffered a financial loss as a result or by relying on
the report made by the auditor;
• Where it can be proved that the auditor did not use his/her professional
skills and judgement during the audits;
• Where the auditor made report aware that such a report should be
used by the third parties to make investment decisions;
• Where the auditor didn’t attach the disclaimer on his/her report that
such a report was not included to be relied upon by third parties;
• Where it can be proved that actually the third parties relied on the
report;
• Where the parties can prove that no external factors whatever influenced
their decision but just the audit report;
• Where the third parties were not warned not to rely on the audit report.
Auditors’ liabilities to Third parties
He/she can be liable to the third parties under the following conditions:
• Where the party has suffered a financial loss as a result or by relying on
the report made by the auditor;
• Where it can be proved that the auditor did not use his/her professional
skills and judgement during the audits;
• Where the auditor made report aware that such a report should be
used by the third parties to make investment decisions;
• Where the auditor didn’t attach the disclaimer on his/her report that
such a report was not included to be relied upon by third parties;
• Where it can be proved that actually the third parties relied on the
report;
• Where the parties can prove that no external factors whatever influenced
their decision but just the audit report;
• Where the third parties were not warned not to rely on the audit report.
5.1.2. Duties of an auditor
• Duty to make a report to shareholders or owners and duty to state
the following in his/her report
– Whether in his/her opinion, he/she has received all information and
explanations necessary for his/her opinion.
– Whether in his/her opinion, the trading, profit and loss account exhibits
the true and fair view of the profits or loss of the period.
– Whether in his/her opinion, the balance sheet is properly drawn and
exhibits a true and fair view of the company’s financial position.
– Whether proper books of accounts have been kept properly by the
company and returns received from company’s branches not visited by
him/her.
• Duty to call for information
– Whether loans have been properly secured except lands and building.
– Whether securities have been sold below the purchase price.
– Whether personal expenses have been debited to the profit and loss
account and if so to debit the personal accounts of the employees
concerned.
• Duty to assist in investigations
The auditor assists in carrying out investigation and provides support in
investigation to the investigators but only if financial matters are provided on
his/her working purpose.
• Auditor’s responsibilities in relation to fraud
With the prospectus, an auditor has to be extra careful in approving any kind of
information because if there is a misleading information, which can cause the
loss to the company and third parties, they can hold him/her liable for damages.
The auditor can relieve himself/herself of such liabilities under the following:
– If he/she withdraws his/her consent in writing before such prospectus
has been registered and circulated for the public use;
– That after registration of prospectus and before the allotment of
shares, he/she is knowing the misleading statement in the prospectus,
withdrawn his/her consent and gives a public notice to this effect;
– That it was important to give such statement and that he/she has
reasonable grounds, which he/she can substantiate e.g. letters of
representation for proving that the statement was true.
In general, the auditor’s liabilities to the third parties and client give arise to
claims against the auditor on such grounds as:
– Failure to detect embezzlement by employees;
– Negligence on the part of the auditor or his/her staff;
– Improper accounts procedures, which may lead to fraud;
– Errors in the financial statement he/she is reporting on.
In order to minimize his/her liabilities to the third parties and the client while
compiling his/her report, an auditor should:
– Enter into agreement with his/her client that another person should not
use his/her report;
– Include a disclaimer in his/her report to the effect that any party to make
any decision not included.
• Criminal liabilities of an Auditor
Arise when an auditor commits an act, which constitutes a crime. This includes
wrongful performance of a statutory duty or breach of statutory obligation. The
liquidator or receiver can sue an auditor as an officer of a company especially
during receivership or liquidation during the course of winding up a company if
he/she made wrong statement to them. In order to hold the auditor liable, the
following should be proved:
– That the auditor made a statement that proved false in material facts;
– That the auditor wilfully made a statement, which was actually false
knowing it;
– That the statement made was in any report, prospectus, balance sheet,
certificate or any other document, which under the company Act, the
auditor is required to authenticate;
– That the auditor made a statement as a statutory officer of the company
In general, an auditor can be held liable under the companies Act for criminal
acts under the following circumstances:
– If he/she fails to disclose material facts in the financial statements,
knowing that they are material and that such non-disclosure will make
the statement misleading;
– If the auditor does not use reasonable care and skills during the course
of his/her audit;
– If the auditor wilfully contravenes any provisions of the act which under
normal circumstances is supposed to follow during the course of his/her
auditing e.g. If he/she fails to request returns from the branches;
– If he/she destroys secrets ,mutilates vouchers, documents books of
accounts, certificates with the aim to destroy someone’s opinion;
– If he/she falsifies or is privy to falsification of any document, prospectus,
books of accounts or vouchers of the company with to deceive or
defraud;
– If he/she knows that, a material has been omitted in the report or
financial statements and does not reveal such fact.
Note: The main auditor cannot hold the liabilities of branch auditors.
– To certify statutory report in order to assure the owners about the
number of shares allocated to promoters and whether such issue was
conducted properly.
– Duty to certify the profit and loss account in the prospectus.
– Duty to certify the profit and loss accounts when managing agents
resign, balance sheet and funds flow statement.
Other duties
– Whether loans are properly secured and not at terms prejudicial to the
interest of the shareholders.
– Whether transactions conducted by the company are not prejudicial to
the interest of the shareholders.
– Whether securities have been sold at the price, lower than cost.
Application activity 5.1
1. Identify how an auditor can minimise his/her liabilities in regards to
his/her audit responsibilities.
2. Develop a guideline showing how the auditor’s liabilities under private
audit should be assessed.
5.2. Errors and frauds
Learning activity 5.2
A company found out some errors in the records of financial documents and
wanted to resort to auditor’s services to help the organisation in tracking
errors.
1. What types of errors the auditor may discover in the company’s
financial records?
2. What are the procedures the auditor will apply to discover errors and
frauds?
5.2.1. Types of errors and frauds
a) Errors
Definition of error: an error is an unintentional misstatement in the financial
statements, including the omission of an amount or a disclosure.
Errors detected/ disclosed by the Trial Balance
The purpose of the T/B is to check the accuracy and validity of the books. It
specifically detects the following errors:
• Single entry i.e. failing to complete double entry. e.g. cash sales where
sales A/C is credited but cash A/C not posted.
• Overcast (over debit or over credit of accounts) or undercast (under
credit or under debit of accounts).
• Two credits or two debits on the same side without the corresponding
entries.
• Transfiguration or transposition i.e. changing figures by mistakes
when posting e.g FRW 58, 000 as FRW 85,000.
• Summation or addition error e.g. if the total is FRW 40,000 and you
total FRW 50, 000.
Errors not detected/disclosed by the trial balance
• Errors of original entry
These errors originate from source documents e.g. invoices, vouchers, receipts,
bank-paying sleep etc. These errors are carried throughout the accounting
process i.e. from the journal to the ledger to the trial balance and eventually to
the final accounts.
For example: goods were sold on credit for FRW 95,000, but was recorded in
the sales invoice as FRW 59, 000 and the same figure is journalized.
• Errors of Omission
These are errors of omitting transactions from all books of accounts. If a
transaction occurs and is not recorded anywhere, the T/B cannot detect such
an error. If for example goods were bought for cash of FRW 65,000 and entries
were not made in the cash and purchases account.
• Errors of commission
These errors are committed when an entry is made on wrong person’s account
or account title but the double entry properly effected. For instance, goods
worth FRW 400,000 were sold to Jane on credit but Joan’s account was
debited instead of the correct account of Jane. The sales account being properly
credited.
• Errors of Principle
These are making entries on wrong classes or types of accounts. For instance,
if a capital expenditure for say purchase of a motor vehicle is made, and it is
debited to the purchases account instead of the correct motor vehicle account.
Or if an old fixed asset was disposed off and the proceeds from this disposal or
sale is entered in the sales account
• Compensating errors
These errors cancel out in the trial balance. They are cancelled because the
error on one side of the T/B is compensated by a similar error on the other side
of the trial balance. For instance, if an item that appears on the debit side of the
T/B
E.g, Purchases is overcast by FRW280,000 and by coincidence another account
that appear on the credit side of the trial balance says the sales account was
also overcast by FRW 280,000. These errors will neutralize each other and the
TB will agree as if no error was made.
• Errors of complete reversal entries
These are committed when entries are made on wrong sides of the accounts. For
instance, if wages totaling FRW 3,500,000 were paid cash and the bookkeeper
debits the cash account and credits the wages account.
Material error is an error, which has a big effect on the accounting transactions
and has effect on the financial statements of a business. To help you decide
whether a particular item/transaction is material, you may consider looking at
the following:
– The effect on an individual financial statement as well as the whole set of
financial statements.

– The percentage of the possible error: for profit and loss account items,
we usually calculate the percentage with reference to the profit before
interest and tax figure. For Balance Sheet items, we usually calculate the
percentage with reference to the total share capital and reserves or the
total fixed assets. As a rule, an error less than 5% would be regarded as
immaterial.

– Recurring or non-recurring error: recurring errors must be investigated no
matter how small the percentage is. Recurring errors imply that there is a
problem with the accounting system, which should be followed up.

– Statutory requirement: In general, if an error does not seriously affect the
accounts users’ decisions, we do not worry about this minor mistake.
However, in the context of law, sometimes there is no room for the
materiality concept. For example, if the Companies Act requires that a
particular item must be disclosed in financial statements, it must be done
even if the amount is only Frw1.
Immaterial error
Immaterial error is when an item is immaterial, we do not need to worry about it
for both qualitative and quantitative aspects.
Trial balance checking
• Check casts of the trial balance, lists of debtors and creditors.
• Establish the mount of difference.
• Check balances from personal and impersonal ledger into the trial
balance.
• While checking the balances, care must be taken to ensure that the
closing balances are correctly entered in the right column.
Short cut method
• Look for an item of half that amount which might have been entered on
the wrong side.
• If the difference is divisible by nine, it may mean an error of transposition
of figures (69 written as 96 or 86 written as 68, etc).
• If the difference is a round sum, it is probable that the mistake has been
made in totals of trial balance or carry forward of its figures.
• If the difference is of large amount, it is advisable to compare the trial
balance with that of the previous year, in order to ascertain whether the
figures under the different heads of account are very near the same as
those of previous year.
Extensive checking
• Ascertain that all opening balances have been correctly brought forward
in the current year’s books.

• Check casts, cross casts and carry-forward the various books of
original entries and ledgers.

• If the ledgers are self-balancing, the work would be restricted to
checking the balances, postings and casts of only that ledger the trial
balance of which does not agree..

• The postings from the various subsidiary books should then be checked
into the impersonal ledger.

• The journal and subsidiary books should be scrutinized to see that the
total debits and credits of each entry tally and there were no un-ticked
items.
Measures to prevent errors
– Employ a strong internal control system and efficient internal check
system.
– Award employees reasonable salaries according to their qualifications
and experience. to reduce chance ofcommitting errors and raise their
morale to work.
– Employment of qualified staff to prevent errors of principle.

– Institute an internal audit department where possible.

– Encourage clerks/staff to take their annual leave periodically so that their
work. Performance can be assessed in their absence and any errors they
had made revealed.

– Encourage inter-department transfers and rotation of duties at a surprise
moment so as to cut down the continuity of an error.

– There should a close supervision of duties; particularly in sensitive areas
of the business e.g. cash receipts and payments.

– Use specific reviews of what has taken place in any one given area.

– Use machines to record transactions e.g. adding machines, check-writing machines, etc.

– Management should insist on referees when engaging employees
especially the accounting staff.
b) Fraud
Definition of fraud: fraud is an intentional misrepresentation of financial
information by one or more individuals among the management, employees or
third party collaboration in order to defraud the business on financial resources
and assets. Example:
• Manipulation, falsification and alteration of record and document.
• Misappropriation of assets usually for personal use e.g. cash.
Types of the frauds
• Embezzlement of cash
This is the defalcation or misappropriation of moneyin, which you are responsible
in a business intentionally.

Cash may be misappropriated by:
– Omitting to enter any cash which has been received;

– Entering fewer amount than what has been actually received;

– Making fictitious entries on the payment side of the cashbook;

– Entering much amount on the payment side of the cashbook than what
actually has been paid.
• Misappropriation of goods
Misappropriation of goods is undersood as a cas where any may intentionally
misappropriate business goods for his/her personal use.
• Fraudulent manipulation of accounts
It is committed by directors or managers with a purpose of showing more profits
than what actually they are.This can be done to:
– Get a higher commission on profits;
– Ensure efficiency and smooth running of the business to shareholders;
– Obtain loans from financial institutions;
– Attract more investors to join the business;
Showing less profits than what actually they are in order:
– To purchase shares in the market at a lower price;
– To reduce or avoid the payment of income tax;
– To give a wrong impression about the success of the business to
competitors.
Difference between errors and frauds
Procedures of detecting errors and frauds
• Control of source documents
– Examination of documents that support a recorded transaction or
amount.
– The direction of testing must be from the recorded item to the
supporting document.
– Tests existence or occurrence.
• Document tracing (from supporting document to recorded item)
– Primary test for unrecorded items and therefore tests the
completeness assertion.
– The direction of testing must be from the supporting document to the
recorded item.
Physical observation
– Auditor witnesses the physical activities of the client.
– Differs from physical examination because physical examination
counts assets, while observation focuses on client activities.
• Direct confirmation
The receipt of a written or oral response from an independent third party
Auditor has client request that the third party respond directly to the auditor.
Positive Confirmations asks for response even if balance is correct. Negative
Confirmations asks for a response only if balance is incorrect. Examples: Banks
– Confirm checking account and loan balances
• Analytical examination
Audits studies relationships among data. Unusual fluctuations occur when
significant difference are not expected but do exist or when significant
differences are expected but do not exist. Analytical examination is required
during the planning and completion phases on all audits.
• Examination of the annual accounts
This involves the review of the financial information by the auditor
5.2.2. Auditor’s responsibilities in relation to fraud
ISA 240 the auditor’s responsibility to consider fraud in an audit of financial
statements, states quite clearly in paragraph 240.13 that the primary responsibility
for the prevention and detection of fraud rests with the management and those
charged with governance of the entity. It is their responsibility to establish a
control environment to assist in achieving the orderly and efficient conduct of the
entity’s operations. It is up to them to put a strong emphasis on fraud prevention.
The auditor does not have a specific responsibility to prevent or detect fraud,
but he must consider whether it has caused a material misstatement in the
financial statements.
Application activity 5.2
1. Establish measures an organisation should use in order to prevent
errors
2. What are justifications clients could provide as proof for liablity of an
auditor ?
Skills lab activity 5
In their learning teams, students will be shared the school accounting
information system and documents, be requested to identify errors.
End unit 5 assessment
1. Define the following terms:
a) Error
b) Fraud
2. Describe the auditor’s liabilities towards the third parties.
3. Describe five (5) types of errors in audit
4. Describe the duties of an auditor
5. What are the types of frauds?
6. What are auditor’s responsibilities in relation to fraud?
7. What kinds of measures are to be put in place to prevent errors?
8. Describe the procedures, which can be used to detect errors and
fraud
UNIT 6: AUDITOR’S REGULATION AND ETHICS
Key unit competence: To be able to comply with auditor’s regulation
and professional ethics.
Introductory activity
Financial and ethical reporting plays a significant role in sustainable
commercial development, as it provides the information required to assess
sustainable performance. In recent times, sustainability reporting has
constantly increased and is now a common business practice.

The countries that set the financial and ethical standards. However, the recent
role of emerging and developing nations requires that other regulations be
devised regarding not only financial stability but also inclusiveness and
economic development.

Because of the maturity of the institutional financial system and the efficient
market mechanism, the countries suggested reasons for international
differences concerning the context of financial reporting. This highlights the
importance of the auditing profession regaining and retaining the confidence
of the public, with duties performed in alignment with public interests.

Question

What would be the international standards adopted to support all contexts
of auditing?
6.1. International auditing standards
Learning activity 6.1
Look the picture above, and answer the following questions:
1. What do you see in this picture?
2. Which elements do you see that can be used as auditing standards?
O ACCOUNTING
Auditing | Student Book | Senior Six | Experimental version 75
6.1. International auditing standards
Look the picture above, and answer the following questions:
1. What do you see in this picture?
2. Which elements do you see that can be used as auditing standards?
Learning activity 6.1
6.1.1. The role of International Auditing and Assurance Standards Board

International Standards on Auditing (ISAs) are set by the International Auditing
and Assurance Standards Board (IAASB), a technical committee of the
International Federation of Accountants (IFAC).
The IAASB is there to serve the public interest by setting high-quality
international standards for auditing, quality control, review, other assurance,
and related services, and by facilitating the convergence of international and
national standards. In doing so, the IAASB enhances the quality and uniformity
of practice throughout the world and strengthens public confidence in the global
auditing and assurance profession.
Auditors are subject to ethical requirements imposed by their professional
bodies. One area where clients’ requirements may conflict with the requirements
for auditors to act ethically is whether the auditor should keep the affairs of
clients’ secret, or disclose them to others without obtaining the clients’consent.
The auditor should comply with the code of ethics for professional accountants
issued by the International Federation of Accountants.
6.1.2. International Standards on Auditing (ISA)
International Standards on Auditing (ISAs) are set by the International Auditing
and Assurance Standards Board (IAASB), a technical committee of the
International Federation of Accountants (IFAC). ISAs are produced by IAASB, a
technical committee of IFAC. IAASB also produces other items of international
guidance, such as the International Standard on Quality Control (ISQC).

The IAASB selects subjects for detailed study by way of a subcommittee
established for that purpose. As a result of that study, an exposure draft is
prepared for consideration by the IAASB. If approved, the exposure draft is widely
distributed for comment by auditor bodies of IFAC, and to such international
organisations that have an interest in auditing standards.
The key standards issued by the IAASB include:
Respective responsibilities, Audit planning, Internal control, Audit evidence,
Using work of other experts, Audit conclusions and audit report
6.1.3. The regulation of auditors
The accounting and auditing profession varies in structure from country to
country. In some countries, accountants and auditors are subject to strict
legislative regulation, while in others the profession is allowed to regulate itself.
Regulations governing auditors will, in most countries, be most important at the
national level. International regulation, however, can play a major part by:
• Setting minimum standards and requirements for auditors;
• Providing guidance for those countries without a well-developed
national regulatory framework;
• Aiding intra-country recognition of professional accountancy
qualifications.
The audit regulations are:
• Statutory regulation
• Licensing of auditors
• Delegated regulation by professional bodies within a legal framework
(not self- regulation)
Regulatory mechanisms are:
• Statutory audit requirement
• Legal provisions on appointment and dismissal of auditors,
• Licensing of auditors
• Competence requirements
• Professional conduct rules
• Auditing standards
• Disciplinary procedures
• Governance rules for regulatory bodies
The regulation of audit is centrally concerned with the issue of ensuring that
auditors follow best practice standards in conducting the audit, and are
competent and independent; all of this being seen as essential in terms of
auditors’ capability to detect significant errors/omissions in financial statements
and to report faithfully on them.
Application activity 6.1
1. What is IFAC in full?
2. What are the key standards issued by the ISA?
3. What are the purposes of International Standards on Auditing number
500 and 570
6.2. The fundamental principles of auditing
Learning activity 6.2
Look at the picture above and answer the following questions:
1. What are the activities carried out by the above persons?
2. Tell me about a time you faced an ethical dilemma.
6.2.1. The fundamental principles of auditing as per IESBA
The IESBA Code of Ethics provides ethical guidance. The five fundamental
principles of ethics are as follows: integrity, objectivity, professional
competence and due care, confidentiality and professional behaviour.

The IESBA Code of Ethics states that independence requires independence
of mind and independence in appearance. In other words, the auditor must
be, and must be seen to be, independent.
Independence of mind is the state of mind that permits the provision of a
conclusion without being affected by influences that compromise professional
judgement, allowing an individual to act with integrity, and exercise objectivity
and professional scepticism.
Independence in appearance is the avoidance of facts and circumstances
that are so significant a reasonable and informed third party would be likely
to conclude that a firm’s, or audit and assurance team members, integrity,
objectivity or professional scepticism have been compromised.
It is very important that the auditor is impartial and independent of management,
so that he/she can give an objective view on the financial statements of an
entity. The onus is always on the auditor not only to be independent but also
to be seen to be independent. You will see that some situations will constitute
such a significant threat to independence that an audit practice should not act
as auditors if they arise.
The following examples of specific threats to independence are given
in the code
• Self-interest threats
There are many examples of a self-interest threat arising in the Code. They fall
into two general areas:
– Relationships
Close relationships between audit staff and employees of audit clients can lead
to a lack of independence if the interests of the audit firm and client become too
closely aligned and audit staff lose objectivity. Close relationships also cause
familiarity threats.
Examples of such self-interest threats are when:
• The audit firm has a financial interest in an audit client;
• Business relations between the firm and client are too close;
• Audit staff move to work at the audit client;
• The audit partner sits on the client board;
• There are family/personal relationships between audit staff/client;
• Audit staff are offered gifts/hospitality by client staff;
• Audit fees from a single client are a high percentage of the audit firm’s
total fees;
• The audit firm, or an individual on the audit engagement, enters a loan
or guarantee arrangement with a client (that is not a bank or similar
institution carrying out its normal commercial business).
If an auditor inherits shares in a client company, he/she should try and sell them
as soon as possible, and keep the firm informed about what is going on.
Audit firms should not enter into close business relationships with clients other
than that of the audit itself. They should not have joint ventures or joint marketing
policies.
– Fee-related issues
An audit is carried out for a fee. However, self-interest threats arise if the fees
are so significant, or potentially so, that the audit firm loses its objectivity in
relation to the audit client. A key area is the proportion of total audit firm income
derived from a client. If it is too high, it indicates that the audit firm relies on that
audit client too much to be independent.
Contingent fee arrangements are prohibited for audit or assurance
engagements. Contingent fees are payable on condition of a favourable outcome
being achieved. For example, a firm may charge a client seeking a listing on the
stock exchange a contingent fee which is payable if the listing is successful.
• Self-review threats
If an auditor audits work he/she has carried out for a client, he/she is unlikely to
be able to be objective about it.
There are two general circumstances in which this situation might arise:
If the audit staff member has recently worked for the audit client, or if the audit
firm carries out more than audit for the audit client.
– Recent service at audit client
Individuals who have been a director or officer of the client, or an employee
in a position to exert significant influence over the preparation of the client’s
accounting records or the financial statements on which the firm will express an
opinion should not be assigned to the assurance team.
If an individual had been closely involved with the client before the period
covered by the auditor’s report, the audit firm should consider the threat to
independence arising and apply appropriate safeguards.
– Other services
Audit firms often offer a host of services other than audit. Examples include
preparing accounts and financial statements, valuation services, taxation services,
internal audit services, corporate finance services, IT services, temporary staff
cover, recruitment services, litigation support and legal services. Some of these,
for example, the routine preparation of tax returns, are not perceived to threaten
independence; others, particularly where it seems that audit firm staff are acting
on behalf of management, do affect independence.
Audit firms are not permitted to assume a management responsibility for the
client. Activities which would be considered management responsibility include:
– Setting policies and strategic direction;
– Hiring or dismissing employees;
– Directing and taking responsibility for the actions of the entity’s
employees
– Authorising transactions;
– Controlling or managing of bank accounts or investments;
– Deciding which recommendations of the firm or other third parties to
implement;
– Reporting to those charged with governance on behalf of
management;
– Taking responsibility for the preparation and fair presentation of the
financial statements;
– Taking responsibility for designing, implementing and maintaining
internal control.
Activities that are routine and administrative, or involve matters that are
insignificant, generally are deemed not to be a management responsibility
and are permitted by the IESBA Code. Firms should not prepare accounts or
financial statements for listed or public interest clients. For any client, assurance
firms are also not allowed to:
– Determine or change journal entries without client approval;
– Authorise or approve transactions;
– Prepare source documents.
In addition, in relation to the other services listed above, auditors should not
provide a valuation of an item that is going to be material to financial statements,
they should not carry out transactions on the client’s behalf when doing corporate
finance work, and should not underwrite the client’s shares.
Even if the services do not pose a threat to independence in themselves,
independence might be threatened if the auditor carried out a lot of other services
for a client, or if circumstances made the audit firm appear not independent.
This will often be a matter of judgement for audit firms.
• Advocacy threat
If an audit firm is asked (or perceived) to promote their client or represent them,
for example in a legal claim, then the auditor would be biased in favour of their
client and would not be able to be objective.
This loss of objectivity gives rise to an advocacy threat.
Examples of circumstances that create advocacy threats include:
– The auditor provides legal support to an audit client in a legal dispute;

– The auditor acts as an advocate on behalf of an audit client in a
dispute with a third party such as a tax disputes;

– The audit firm promotes shares in an audit client;

– The audit firm pitches a client reconstruction to a bank whilst
undertaking corporate finance services;

– A partner or employee of the audit firm serves as a director or officer
of an audit client.
The audit firm should ensure it does not accept work likely to cause an advocacy
threat, and it should withdraw from an engagement if the risk to independence
becomes too high.
• Familiarity threat
We have already looked at the potential problems caused by relationships
between audit firm/staff and audit client/staff. These also cause a familiarity
threat, when audit staff become too familiar with a client, which causes them to
lose objectivity, and professional scepticism. Another familiarity threat is long
association, where an audit firm or its personnel have been involved in the audit
of a particular client over an extended period. This can also affect objectivity.
For the audit of private limited companies, this is an issue for audit firms to monitor
themselves and take steps to avoid. The IESBA rules are more prescriptive in
relation to public limited companies.
• Intimidation threats
An intimidation threat arises when a member of the audit team is deterred from
acting objectively by threats (whether actual or perceived) from the directors,
officers or employees of an audit client. Such a threat may arise where the total
fees from an audit client represent a large proportion of the audit firm’s total
fees. Here the audit firm may be deemed to be dependent on the audit client
and this dependence may mean that they are more likely to give in to any threats
for fear of losing the audit client.
Similarly, an intimidation threat is created when an audit client threatens the firm
with litigation or takes legal action against them. In this situation the relationship
between client management and members of the audit team can no longer be
characterised by complete candour and full disclosure and therefore the audit
firm should stand down as auditors as the threat would be too significant to
avoid by other means.
6.2.2. The professional duty of confidentiality
“Auditors have a professional duty of confidentiality. However, they may be
compelled by law, or consider it desirable in the public interest, to disclose
details of clients’ affairs to third parties.”
Confidentiality requires auditors to refrain from disclosing information acquired
in the course of professional work except where:
– Consent has been obtained from the client, employer or other
proper source or;
– There is a public duty to disclose, or;
– There is a legal or professional right or duty to disclose.
The auditor agrees to serve a client in a professional capacity both the auditor
and the client should be aware that it is an implied term of that agreement that
the auditor will not disclose the client’s affairs to any other person with the
client’s consent or within the terms of certain recognised exceptions, which fall
under obligatory and voluntary disclosures.
The auditors must first obtain an understanding of the non-compliance and
disclose it to management. The client should be advised to report the non-compliance.
If they do not do so then the auditors may report the matters
themselves, but they are not obliged to do so. The recognised exceptions to the
duty of confidentiality are as follows:
Application activity 6.2
1. Why an auditor should observe the professional ethics of integrity?
2. What will happen if an auditor knows or suspects his/her client to
have committed money-laundering or terrorist offences?
Skills lab activity 6
By carrying out research,students in their learning teams, identify the area
(audit process) where each of the standard would be applied and why
End unit 6 assessment
1. Explain the concept of objectivity with reference to external auditors,
and outline five general threats to objectivity.
2. What is the principle of objectivity?
3. Describe the review process that firms should adopt to ensure that
they have maintained independence.
4. When is an auditor:
a) Obliged
b) Allowed
c) To make disclosure of clients’ affairs to third parties?
5. In which of the following situations is it not appropriate to disclose
confidential information?
a) Client has granted permission
b) To obtain evidence about an item in financial statements
c) To fulfil a public duty
d) To fulfil a legal duty to disclose
6. Which of the following is not a fundamental principle of professional
ethics?
a) Independence
b) Integrity
c) Objectivity
d) Confidentiality
7. It is important that an auditor’s independence is not questionable,
and that he/she should behave with integrity and objectivity in all
professional and business relationships. The following are a series
of questions, which were asked by auditors at a recent update
seminar on professional ethics.

a) A B & Co, the previous auditors, will not give my firm professional
clearance or the usual handover information because it is still
owed fees. Should I accept the client’s offer of appointment?

b) Can I prepare the financial statements of a company and remain
as auditor?
Required:
Discuss the answers you would give to the above questions posed by the
auditors based on IESBA Code of Ethics.
UNIT 7: AUDIT PLANNING
Key unit competence: To be able to execute audit planning and risk
assessment
Introductory activity
Look the above picture, then answer the following questions:
1. What do you understand by audit planning
2. How do we call those activities around audit planning?
7.1. Audit planning
Learning activity 7.1

Look at the above image, then answer the following questions:
1. Why the audit work must be planned?
2. What do you mean by audit strategy?
3. State the general areas the auditor must consider when setting audit
strategy
7.1.1. Meaning and objective of audit planning
a) Meaning of audit planning
Audit planning means developing a general strategy and a detailed approach for
the expected nature, timing and extent of the audit. The auditor plans to perform
the audit work in an efficient and timely manner.
b) The importance of audit planning
An effective and efficient audit relies on proper planning procedures. The
planning process is covered in general terms by ISA 300 states that the auditor
shall plan the audit so that the engagement is performed in an effective manner.
Audits are planned to:
– Help the auditor devote appropriate attention to important areas of the
audit;

– Help the auditor identify and resolve potential problems on a timely
basis;

– Help the auditor properly organise and manage the audit so it is
performed in an effective manner;

– Assist in the selection of appropriate team members and assignment
of work to them;

– Facilitate the direction, supervision and review of work;

– Assist in coordination of work done by auditors of components and
experts.
Audit procedures should be discussed with the client’s management, staff and/
or audit committee in order to co-ordinate audit work, including that of internal
audit. However, all audit procedures remain the responsibility of the external
auditors.
A structured approach to planning:
Step 1: updating knowledge of the client and assessing risks
Step 2: Ensuring that ethical requirements are met, including independence.
Step 3:establishing the overall audit strategy that sets the scope, timing and
direction of the audit and guides the development of the audit plan:
– Idendify the characteristics of the engagement that define its scope;
– Ascertain the reporting objectives to plan the timing of the audit and
nature of communications required;
– Consider significant factors in directing the team’s efforts;
– Consider results of preliminary engagement activities;
– Ascertain nature, timing and extent of resources necessary to perform
the engagement.
Step 4: Preparing the detailed audit approach
Step 5: Making administrative decision such as staffing and budgets.
7.1.2. Audit planning strategies
a) planning strategies
Audit strategy sets the scope, timing and the direction of the audit, and guides
the development of the more detailed audit plan.The audit strategy is the key
planning document. It considers general areas of planning such as:
• The timetable for reporting, key dates and statutory obligations;
• Reporting framework and scope of the audit;
• Initial materiality levels;
• Preliminary risk assessment.
• Audit team members and skills required;
• Arrangements for directing, supervising and reviewing the work of audit
team members;
• Consider the need for the service of experts;
• Location of client premises and travel/accommodation requirements.
Any changes made during the audit engagement to the overall audit strategy
or audit plan, and the reasons for such changes, shall be included in the audit
documentation.
Audit needs to be planned to ensure that:
• Appropriate attention is devoted to the important areas of the audit;
• Potential problems are identified (and resolved) on a timely basis;
• Work is completed effectively and efficiently;
• Appropriate staff are engaged on the audit team and, the proper tasks
are assigned to the members of the audit team;
• Assisting with the direction and supervision of the audit team and
review their work;
• Assisting with the coordination of work done by experts.
The establishment of the audit strategy involves:
In many audit firms, the audit engagement partner would create the audit
strategy, with the audit managers then being responsible for using the strategy
and then produce the detailed audit plan. This division of roles does, however,
vary from firm to firm and it is not unusual for an audit manager to contribute to
the audit strategy document.
b) Changes to the overall audit strategy and audit plan
The auditor shall update and change the overall audit strategy and the audit plan
where necessary during the course of the audit work.
An accurate record of changes to the audit strategy must be maintained in order
to explain the general approach finally adopted for the audit. Any changes to the
audit strategy or the audit plan and the reasons for them must be included in the
audit documentation.
c) Audit programmes
The audit manager will typically use the audit plan as a basis for drawing up
checklists or similar documents for audit staff to use in gathering audit evidence
during the fieldwork stage of the audit. Audit programmes are schedules of
audit procedures to be carried out by audit staff to obtain sufficient appropriate
audit evidence.
Each account area (eg non-current assets, inventory, receivables etc) will have
its own audit programme and each member of the team is likely to be assigned
responsibility for carrying out the audit procedures for one or more account
areas. Audit programmes may be designed with reference to specific audit
objectives; this ensures that audit work is focused and that sufficient appropriate
audit evidence is gathered and documented.
d) Audit matters
Audits should be carried out by staff with appropriate skills and experience.
• Audit team
ISA 220 for Quality control for an audit of financial statements considers the
issue of assignment of engagement teams. The audit engagement partner
(sometimes called the reporting partner) must take responsibility for the quality
of the audit to be carried out (ISA 220: para. 8). He/she should assign staff with
necessary competencies to the audit team (ISA 220: para. 14).
Some audits are wholly carried out by a sole practitioner (an accountant who
practises on his/her own) or a partner.

More commonly, however, the engagement partner will take overall responsibility
for the conduct of the audit and will sign the auditor’s report. The engagement
partner will delegate aspects of the audit work such as the detailed testing to
the staff of the firm. The usual hierarchy of staff on an audit assignment is:
The engagement partner is responsible for ensuring that:
• An appropriate level of professional scepticism is applied by audit staff
in the conduct of the audit; and
• There is proper communication both within the audit team and with the
audited entity.
Achieving these two objectives is likely to involve holding a planning meeting with
the audit staff on the assignment to discuss the risks of material misstatement
that could arise in the financial statements and making them aware of historical
issues on the audit.
Ensuring communication between client staff and audit staff will be more difficult
as the audit engagement partner is unlikely to visit the client site during the audit.
However, given that the audit partner has a responsibility here, he/she must
take appropriate steps. What these should be will depend on the individual
circumstances of the audit. The audit engagement partner should consider the
following:
– Keeping in regular contact with both audit and client staff during the
audit to assess the level of communication between them;
– Attending the site during the audit to facilitate better communication
if he/she feels that it is necessary.Fostering lines of communication
between client staff and audit staff during the period between audits
to ensure a good working relationship is built up between them;
– The availability of audit staff throughout the engagement (taking into
account conflicting audit deadlines, holidays and study leave).
• Dealing with client staff
An important skill that all staff chosen for the audit assignment should have
is the ability to deal with the client staff with whom they come into contact.
Discussions with staff operating the system should be conducted in a manner
which promotes professional relationships between auditing and operational
client staff.
Relationships with the client will be enhanced if auditors aim to provide a high
quality service that caters for the needs of the client. However, more specific
people skills will also be needed. Negotiation skills and interviewing skills are
particularly important.
Auditors should also be trying to understand what managers and staff want
from the audit and how hostility to the time they have to spend dealing with
auditors can be overcome. This does not mean agreeing with management and
staff on every issue, but it does mean enabling the auditors to understand why
difficulties have arisen and how those difficulties can be overcome.
7.1.3. Limitations of audit planning
Even though the audit plan has a number of advantages, it is not free from
limitations. Some of the major disadvantages of audit plan are as follows:
• Rigitity
An audit plan follows a standard approach and set patterns. This may stifle
flexibility and initiative, therefore dampening professional judgement of the
parties involved. Rigidity also makes the process too mechanistic undermining
the audit staffs’liabilities, creativity and talents. This will consequently leave them
with less freedom in performing their task and also technically challenged.
• Overlooking audit staffs’capabilities
A plan will make the audit process automated and will loose the sense of
responsibility for the audit staff. It can potentially decrease initiative and
inventiveness, with less application of staff talents and abilities. They therefore
do not reinforce the plan with any improvements, which will lower it future
effectiveness. The automation also leaves the staff performing their task with
normality, which can cause boredom.
The strategies and pocedures adopted from an audit may not be in accordance
with a client’s standards. An auditor will likely need to prepare a new procedural
plan that meets the need of the client: in some cases, this backtracking may
cause the client to loose faith and /or trust in the auditor. Staff may also feel
manipulated since they will have to participate in the preparation of the new
plan, which can very significantly from the audit standards..
• Constant update
An audit plan needs to change regularly, usually each year to keep it current with
the changing economic environment and business structures. If this change is
not done, the plan may turn out to be too rigid in nature and its application in an
audit process may be in-effective and out-dated. This updating requires more
time and resource devotion to the plan, which would be better used in another
productive activities.
Application activity 7.1
1. Explain the difference between the audit strategy and the audit plan
2. Identify seven key items of information likely to be contained in an
audit strategy document.
7.2. Materiality in Auditing
Learning activity 7.2
Observe the above picture, then answer the following questons:
1. What do you mean by a material misstatement?
2. Explain the difference between the overall materiality and performance
materiality.
7.2.1. Meaning and methods of calculating materiality inauditing
a) Meaning of materiality
Materiality in Auditing is defined as the benchmark used to obtain
reasonableassurance that an audit does not detectany material misstatementthat
can significantlyimpact the usability of financial statements.
The auditor is required to determine the materiality level for the financial
statements as a whole, as well as performance materiality, at the planning stage.
The calculation or estimation of materiality should be based on the auditor’s
experience and judgment. The materiality chosen should be reviewed throughout
the audit.
Materiality relates to the level of misstatement that affects the decisions of users
of the accounts.
Misstatements are considered to be material if they, individually or in aggregate,
could reasonably be expected to influence the economic decisions of users.
Judgments about materiality are made in the light of surrounding circumstances,
and are affected by the size and nature of a misstatement or a combination of
both. Judgments about matters that are material to users of financial statements
are based on a consideration of the common financial information needed users
as a group.
The practical implication of this is that the auditor must be concerned with
identifying ‘material’ errors, omissions and misstatements of transactions,
account balances and disclosures. Both the amount (quantity) and nature
(quality) of misstatements need to be considered (e.g., lack of disclosure
regarding ongoing litigation is likely to be considered material).
Materiality provides a threshold or cut-off point rather than being a primary
qualitative characteristic which information must have to be useful.
E.g. If a company has a profit of FRW 100Millions, a misstatement of FRW1Million
is unlikely to be significant. If a company has a profit of FRW 10Millions, a
misstatement of FRW 1Million will have a more significant impact on the readers
of the accounts.
During planning, the auditor must establish materiality for the financial statements
as a whole, but must also set performance materiality levels.
The concept of materiality is applied by the auditor both in planning and
performing the audit, and in evaluating the effect of identified misstatements on
the audit and of uncorrected misstatements, if any, on the financial statements
and in forming the opinion in the auditor’s report.
Materiality considerations during audit planning are extremely important. The
assessment of materiality at this stage should be based on the most recent and
reliable financial information and will help to determine an effective and efficient
audit approach. Materiality assessment will help the auditors to decide:
• How many and what items to examine;
• Whether to use sampling techniques;
• What level of error is likely to lead to a modified audit opinion.
The resulting combination of audit procedures should help to reduce detection
risk to an appropriately low level.
b) Determining materiality for the financial statements as a whole
Determining materiality for the financial statements as a whole involves the
exercise of professional judgment. Because many users of financial statements
are primarily interested in the profitability of the company, materiality is often
thought in terms of a value associated with the level of profit before tax.
For example, if profit before tax was FRW 40,000,000, auditors might consider
that all matters in the financial statements equal to 5% of FRW 40,000,000 (i.e.
FRW 2,000,000) will be important to users.
However, auditors should avoid thinking of materiality solely in these terms. For
example, some users might be more concerned with asset values or specific
matters in the financial statements rather than ‘value’ at all. Consequently,
auditors may have a monetary guide to what is important to users, but they
should also use their professional judgment at all times to consider what is
important to users.
In addition, certain types of errors should be investigated even if they are small in
monetary terms, because, as stated above, they are important for other reasons.
• Recurring errors as these may indicate weaknesses in the accounting
system
• Errors that would mean breaches of statutory requirements
• Critical point errors, for example, those that change a loss into profit
• Conceptual errors, errors that involve breaches in the accounting
requirements
At the planning stage, auditors will set a ‘value level’ for planning materiality
based on draft financial information available to them. However, this should be
reviewed as the audit progresses and as any changes are made to the financial
information.
Generally, a percentage is applied to a chosen benchmark as a starting point
for determining materiality for the financial statements as a whole. The following
factors may affect the identification of an appropriate benchmark:
• Elements of the financial statements (e.g. assets, liabilities, equity,
revenue, expenses)
• Whether there are items on which users tend to focus
• Nature of the entity, industry and economic environment
• Entity’s ownership structure and financing
• Relative volatility of the benchmark
• The following benchmarks and percentages may be appropriate in the
calculation of materiality for the financial statements as a whole.
c) Determining performance materiality
Consider what would happen if this materiality for the financial statements as a
whole was applied directly to, for example, different accounts balances (such as
receivables, inventory etc.). It could be that a number of balances (or elements
making up those balances) are untested or dismissed on the grounds they are
immaterial. However, a number of errors or misstatements could exist in those
untested balances, and these could aggregate to a material misstatement.
For this reason, the auditor is required to set performance materiality levels,
which are lower than the materiality for the financial statements as a whole and
this means a lower is applied during testing. The risk of misstatements which
could add up to a material misstatement is therefore reduced. As we can see in
the key terms below, performance materiality really has two definitions
Performance materiality is the amount or amounts set by the auditor at less than
materiality for the financial statements as a whole to reduce an appropriately
low level of the probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole.
Performance materiality also refers to the amount or amounts set by the auditor
at less than the materiality level or levels for particular classes of transactions,
account balances or disclosures.
This indicates the auditor sets a level or levels of materiality lower than overall
materiality for the purposes of performing procedures in general (for example on
a low risk area) and this is just to account for aggregation.
However, an even lower level is set for certain balances, transactions or
disclosures where there is an increased risk (for example, the auditor will set
a lower performance materiality level for bank balances if he/she considers
bank balances to be a sensitive area). Lower levels are also set if qualitative
considerations (discussed below) necessitate it.
Determining performance materiality is very much dependent on the auditor’s
professional judgment. In summary it is affected by:
• The nature and extent of misstatements identified in prior audits;
• The auditor’s understanding of the entity;
• Result of risk assessment procedures.
7.2.2. Difference between materiality in government and
in private sector
Materiality in governmental audit is different from materiality in private sector
auditing for several reasons.
Most importantly, due to the format of state and local government financial
statements under GAAP (general accepted accounting principles), the AICPA
(American institute of certified public accountant) audit guide for state and
local governments requires auditors to consider materiality by “opinion unit”
rather than for the financial statements taken as a whole. The guide defines
opinion unit as follows:
Government-wide level
• Government activities;
• Business activity( nature of business);
• Discretely presented component units in the aggregate.
Fund levels:
• General fund (always a major fund)
• Other major funds determined for government funds or enterprise
funds. Each major fund is an opinion unit. If there are no major funds,
then there will be only two opinion units. The general fund and then
remaining fund information; and
• Remaining fund information, consisting of all other non-major
governmental and enterprise funds, internal service fund type, and
fiduciary fund type. (this will generally always be present, although
the individual components and size will change between governmental
entities.)
This functionally decreases materiality for state and local government financial
statements by an order of magnitude compared to materiality for private
company financial statements. Due to the unique concept of materiality, the
auditor’s report expresses an opinion in relation to each opinion unit.
Moreover, the primary users of government financial statements are different:
the citizens and the parliament in the public sector versus investors in the private
sector. It is important to identify the primary users since materiality reflects the
auditors judgment of the needs of users in relation to the information in the
financial statements.
Finally, in government auditing, the political sensitivity to adverse media exposure
often concerns the nature rather than the size of an amount, such as illegal acts,
bribery, corruption and related-party transactions.
Qualitative considerations of materiality are therefore different in private
sector auditing, in which qualitative consideration are focused on the effect on
earnings per share, executive bonuses or other risks that are not applicable to
governments.
Qualitative materiality refers to the nature of a transaction or amount and includes
many financial and non financial items that, independent of the amount, may
influence the decisions of users of the financial statements.
While rules of thumb mentioned in the section above are commonly applied
to state and local government financial statements, government auditors may
also use different means to quantify materiality such as total cost or net cost
( expenses less revenues or expenditure less receipts). In a cash accounting
environment, total expenditures is often used as a benchmark.
7.2.3. Roles of materiality of an error in auditing
The importance of materiality of an error in auditing is that:
• It influnces the auditor’s time budget on specific items;
• It dictates the auditor’s plan;
• It influences the auditor’s plan;
• It determines the amount of audit evidence to be gathered;
• It is required by the professional body ICPAR (Institute of Certified
Public Accountants of Rwanda) as an incidental objective.
Application activity 7.2
1. Which measures of a client’s business is an auditor likely to use when
setting a level of materiality:

a) For a client that has a stable asset base and steady revenue over
the last few years but has only made a small pre-tax profit this
year owing to a large one-off expense?
b) For a client where the outside shareholders have expressed
concern over declining profits over the last few years?
2. Profit before tax at Rilla Ltd is FRW10, 000,000.
Which one of the following balances are the auditors unlikely to plan
to test in detail?
a) Receivable FRW 5, 000,000
b) Bank FRW 450,000
c) Dirctor’s bonus of FRW 400,000
d) Addition to non-current assets FRW 2,000,000
7.3. The entity and its environment
Learning activity 7.3
Observe the above image then answer the following questions:
1. What does the above image show?
2. What information do you think the auditor wants to know when he/
she asks himself/herself the questions in the image?
7.3.1. The entity and its environment
The auditor is required to obtain an understanding of the entity and its environment
in order to be able to assess the risks of material misstatement and direct his/
her audit approach accordingly.
ISA 315 states that ‘the auditor shall perform risk assessment procedures
to provide a basis for the identification and assessment of risks of material
misstatement at the financial statement and assertion levels.
a) Why?
The reasons the auditor is to obtain the understanding of the entity and its
environment are very much bound up with assessing risks and exercising audit
judgment. We shall look at these aspects more in the next two topics of this
Unit.
b) What?
ISA 315 sets out a number of requirements about what the auditors must
consider in relation to obtaining an understanding of the business.
c) How?
ISA 315 sets out the risk assessment procedures that the auditor must use
to obtain the understanding. The auditor does not have to use all of these for
each area, but the ISA requires that risk assessment procedures should, as a
minimum,comprise a combination of these procedures.
• Inquiries of management and others within the entity
• Analytical procedures
• Observation and inspection
The audit team and the engagement partner are also required by ISA 315 to
discuss the susceptibility of the financial statements to material misstatement.
Judgment must be exercised in determining which members of the team should
be involved in which parts of the discussion, but all team members should be
involved in the discussion relevant to the parts of the audit they will be involved
in.
Lastly, if it is a recurring audit, the auditors may have obtained a great deal of
knowledge about the entity and the environment in the course of prior year
audits. The auditor is entitled to use this information in the current year audit,
but he/she must determine whether any changes in the year have affected the
relevance of information obtained in previous years.
Inquiries of management and others within the entity
The auditors will usually obtain most of the information they require from staff in the
accounts department, but may also need to make enquiries of other personnel,
for example, internal audit, production staff or those charged with governance.
Those charged with governance may give insight into the environment in which
the financial statements are prepared. In-house legal counsel may help with
understanding matters such as outstanding litigation, or compliance with laws
and regulations. Sales and marketing personnel may give information about
marketing strategies and sales trends.
Analytical procedures
Analytical procedures are a useful tool in risk assessment. ISA 315 and ISA 520
Analytical procedures provide guidance in this area. ISA 315 requires auditors
to use analytical procedures during the risk assessment phase of the audit.
Analytical procedures consist of the evaluations of financial information made by
a study of plausible relationships among both financial and non-financial data.
Analytical procedures also encompass the investigation of identified fluctuations
and relationships that are inconsistent with other relevant information, or deviate
significantly from predicted amounts.
There are many sources of information available to the auditor at this stage
including interim financial information, budgets, management accounts,
information for prior periods and industry information.
All of this information can be used by auditors to help them understand areas
of risk. For example, ratios (such as the receivables days, inventory turnover
and the current ratio) can be calculated using information from the financial
statements. The financial statements can also be compared to prior years, or
similar firms in the same industry.
Budgets are helpful in indicating the expectations of the organization, and
management accounting information is useful for variance analysis. Variance
analysis involves looking at actual income and expenditure against the expected
figures and determining the reasons for any variances between the two.
Analytical procedures such as these can be extremely helpful at the risk
assessment and planning stages of an audit and help the auditor to identify the
areas of greatest risk, and therefore the areas where the risk of misstatement
in the accounts is highest. These are the areas where the most work will be
required during the audit.
Observation and inspection
These techniques are likely to confirm the answers made to inquiries made of
management. They will include observing the normal operations of a company,
reading documents or manuals relating to the client’s operations or visiting
premises and meeting staff.
The ISA gives guidance on performing these risk assessment procedures in
order to obtain the required understanding of the business.
The table below summarizes some of the key points.
Application activity 7.3
1. What auditors need to know in understanding the entity and its
environment?

2. Why do auditors needs to be familiar with the organization business
model?

3. What are the factors the auditor must valuate to understand the entity
and its environment?

4. What is the most important thing that an auditor does when
understanding the entity?
7.4. Audit risk
Learning activity 7.4
Observe the above picture then answer the following questions:
1. Is it possible that an auditor can give an inappropriate audit opinion
on financial statements?
2. How do we call the case in which an auditor can give an inappropriate
audit opinion on financial statements ?
7.4.1. Meaning and types of audit risks
a) Meaning of audit risk
In an audit of financial statements, audit risk is the risk that the auditor
expresses an inappropriate audit opinion when the financial statements
are materially misstated, i.e., the financial statements are not presented fairly
in conformity with the applicable financial reporting framework.
b) Types of audit risk
Audit risk
Audit risk is the risk that the auditors give an inappropriate audit opinion when
the financial statements are materially misstated. It has two elements: the risk
that the financial statements contain a material misstatement (inherent risk
and control risk) and the risk that the auditors will fail to detect any material
misstatements (detection risk).
In order to obtain assurance about whether the financial statements are free
from material misstatement, the auditor needs to consider how and where
misstatements are most likely to arise.
Carrying out a financial statement risk assessment helps the auditor ensure
that the key areas more susceptible to material misstatement are adequately
investigated and tested during the audit. It also helps the auditor identify low risk
areas where reduced testing may be appropriate, ensuring time is not wasted
by over-testing these areas.
In this way, auditors follow a risk-based approach to auditing. In the risk-based
approach, auditors analyze the risks associated with the client’s business,
transactions and systems, which could lead to misstatements in the financial
statements, and direct their testing to risky areas. Audits conducted in
accordance with ISAs must follow the risk-based approach.
Auditors are therefore not concerned with individual routine transactions,
although they will still be concerned with material, non-routine transactions.
As you can see from the above diagram, audit risk has two major components:

• The risk of material misstatement arising in the financial statements
is dependent on the entity, and cannot be influenced by the auditors.
It is a product of inherent risk and control risk. (ISA 200: para. 13)
Detection risk
Detection risk is dependent on the auditor, and is the risk that the auditor will
not detect material misstatements in the financial statements. (ISA 200: para.
13(e))
Inherent risk
Inherent risk is the risk that items will be misstated due to characteristics of
those items, such as the fact they are estimates or that they are important items
in the accounts. The auditors must use their professional judgment and all
available knowledge to assess inherent risk. If no such information or knowledge
is available, then the inherent risk is high.
Inherent risk is affected by many factors, including:
• The nature of the entity, for example, the industry it is in and the
regulations it falls under
• The attitudes and experience of management
• The geographic spread of the operations
• The future business strategy of the entity
• The presence of complex wage structures, for example, a bonus- or
commission-based salary structure
The information system, for example, computer-based accounting systems
Inherent risk can also vary from account to account. Balances made up of
complex items, such as inventory in a manufacturing company, portable assets
in an engineering company and cash balances are generally more prone to high
levels of inherent risk.
Control risk
Control risk is the risk that a misstatement that could occur in an assertion and
that could be material, individually or when aggregated with other misstatements,
will not be prevented or detected and corrected on a timely basis by the entity’s
internal control.
7.4.2. Model and calculation of audit risk
This aspect of audit risk is known as detection risk.
Detection risk is the risk that the auditor’s procedures will not detect a
misstatement that exists in an assertion that could be material, individually or
when aggregated with other misstatements. (ISA 200)
Detection risk is the component of audit risk that the auditors have a degree of
control over, because, if risk is too high to be tolerated, the auditors can carry
out more work to reduce this aspect of audit risk, and therefore audit risk as a
whole.
ISA 200 Overall objectives of the independent auditor and the conduct of an
audit in accordance with international standards on auditing (ISA 200) states
that ‘the auditor shall obtain sufficient appropriate audit evidence to reduce
audit risk to an acceptably low level and thereby enable the auditor to draw
reasonable conclusions on which to base the auditor’s opinion’, that is, giving
reasonable assurance on the truth and fairness of the financial statements.
Looking at audit risk as a whole, we can see that it can be represented by the
audit risk model as follows:
The implication of this for the auditor is that if inherent risk and control risk are
relatively high, then the amount of work carried out to reduce detection risk will
have to increase to reduce audit risk as a whole to an acceptably low level.
For example, let us assume that an auditor is prepared to accept a 5% chance
that he may give an inappropriate audit opinion on the financial statements. In
other words, the auditor sets the acceptable level of audit risk at 5%.
From his assessment of the client’s risk environment, the auditor has determined
the inherent risk factor to be 80% and the control risk factor for a given area of
the financial statements to be 25%.
By re-arranging the audit risk model [Audit risk (AR) = Inherent risk (IR) * Control
risk (CR) * Detection risk (DR)] we can find the level of detection risk required:
DR= AR/ IR*CR
DR = 0.05/ 0.8*0.25
DR= 0.05/0.2
DR= 0.25*100= 25%
So, the level of detection risk would need to be set at 25%.
However, let us now assume that for a different area of the client’s financial
statements, the auditor has assessed control risk at 12½%. How does this
affect the level of detection risk?
AR= 0.05
DR= AR/ IR*CR
DR= 0.05/ 0.8*0.125
DR= 0.05/ 0.1
DR= 0.5 *100= 50%
Now the level of detection risk should be set at 50%.
These examples illustrate a very important point: that detection risk has an inverse
relationship with risk of material misstatement (inherent risk u control risk). The
lower the risk of material misstatement, the higher the level of detection risk
which can be accepted, and therefore the lower the level of detailed testing
required.
Conversely, if the auditor feels a company has a high risk of material misstatement,
then the acceptable level of detection risk will need to be reduced to compensate
for this, and consequently the auditor will need to increase the level of detailed
testing required.
Remember that the level of detection risk represents the risk that the auditors
will not find a material misstatement. Consequently, there is also an inverse
relationship between the level of detection risk and the level of substantive
testing required: the higher the acceptable level of detection risk, the lower the
amount of substantive testing required, and vice versa.
7.4.3. Assessing the risk of material misstatement and
responding to risk assessment
a) Assessing the risk of material misstatement
The ISA 315) says that the auditor shall identify and assess the risks of material
mistatement at the financial statement level and assertion level. It requires the
auditor to take the following steps:
• Identify risks throughout the process of obtaining an understanding of
the entity’
• Relate the risks to what can go wrong at the assertion level;
• Consider whether the risks are of a magnitude that could result in a
material misstatement;
• Consider the likelihood of the risks causing a material misstatement.
b) responding to risk assessment
The auditors must formulate an approach to the identified risks of material
misstatement. They must formulate overall responses and detailed further audit
procedures, which will comprise tests of controls and substantive procedures
or substantive procedures only.
The objective of ISA 330 The auditor’s responses to assessed risks is ‘to obtain
sufficient appropriate audit evidence regarding to the assessed risks of material
misstatement, through designing and implementing appropriate responses to
those risks’.
In other words, having assessed the risks of material misstatements in the
financial statements, the auditor has to plan the work that will be carried out to
ensure that he/she can give an opinion that the financial statements give a true
and fair view, that is, that any material misstatements have been identified and
amended if necessary.
Overall responses
Overall responses to risks of material misstatement will be changes to the
general audit strategy or re-affirmations to staff of the general audit strategy.
For example (ISA 330):
• Emphasizing to audit staff the need to maintain professional scepticism;
• Assigning additional or more experienced staff to the audit team;
• Using experts;
• Providing more supervision on the audit;
• Incorporating more unpredictability into the audit procedures;
• Making general changes to the nature, timing and extent of audit
procedures.
Responses to the risks of material misstatement at the assertion level
The ISA says that ‘the auditor shall design and perform further audit procedures
whose nature, timing and extent are based upon and are responsive to the
assessed risks of material misstatement at the assertion level. Nature refers
to the purpose and the type of test that is carried out. ISA 330 requires that
auditors should carry out tests of controls and substantive procedures.
Test of controls is an audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting material
misstatements at the assertion level.
Substantive procedure is an audit procedure designed to detect material
misstatements at the assertion level. Substantive procedures comprise tests of
details and substantive analytical procedures.
Application activity 7.4
You are involved with the audit of Kigali Solutions Ltd, a small company. You
have been carrying out procedures to gain an understanding of the entity.
The following matters came to your attention:
The company offers standard credit terms to its customers of 60 days
from the date of invoice. Statements are sent to customers on a monthly
basis. However, Kigali Solutions Ltd does not employ a credit controller,
the company sends statements to clients on a monthly basis, it does not
communicate with them on a systematic basis (regular basis). On certain
days, the receivables ledger clerk may call a customer if the company has
not received a payment. Some clients pay regularly according to the credit
terms offered to them, but others pay on a very haphazard basis and do not
provide a remittance advice. Receivables ledger receipts are entered into
the receivables ledger but not matched to invoices remitted. The company
does not produce an aged list of balances.
Required
From the above information, assess the risks of material misstatement arising
in the financial statements. Outline the potential materiality of the risks and
discuss factors in the likelihood of the risks arising.
Skills lab activity 7
Under the guidance of the teacher, the students can visit the school
accountant, headteacher and other school staffs, to ask them different
questions about organization policy, management framework and financial
informations that can help them to obtain useful information that can be
used in the audit work.
End unit 7 assessment
1. Which of the following would not increae inherent risk
A. Revenue is derived from sales of high-tech products
B. Sales order are not authorised prior to sales being executed
C. A number of customers have significatly old debt
D. Some recent sales have resulted in legal claims against the
company
2. Which of the following statement does not illustrate an inherent risk?
A. The organization is seeking to rise finance to diversity
B. The auditor uses samples when carrying out audit testing
C. Directors participate in a profit-related bonus scheme
D. The financial statements contain complex transactions
3. Can an audit partner delegate responsibility for the audit opinion to
his staff?
4. What procedures might an auditor use in gaining an understanding
of the entity?
5. What information does an audit plan usually contain?
6. The audit partner has set the overall level of audit risk for a client as
10%.
Your risk assessment of the client has indicated that inherent risk is
60% and control risk is 60%.
What level of detection risk should be prescribed for this client?
UNIT 8:AUDIT EVIDENCE AND SAMPLING
Key unit competence: To be able to explain the audit procedures in
sampling and gathering audit evidence
Introductory activity

Observe the above picture then answer the following questions:
1. What do you think this auditor is looking for?
2. Is it necessary that this auditor can check all of these documents? If
yes or no explain.
3. What this auditor can use to find what he/she is looking for?
4. Is it possible that this auditor can do his/her auditing activities by
using the computer? If yes or no explain.
8.1. Audit execution and procedures
Learning activity 8.1

Observe the picture above then answer the following questions:
1. How do we call the terms in small circles surrounding the big circle?
2. Why these terms surround the big circle named audit execution?

8.1.1. Meaning and steps of audit execution
a) Meaning of audit execution
The audit execution consists mainly on the assessment and valuation of the
questions based on the replies in the audit, the determination of the audit result
and the degree of fulfilment, and the rating of the audit. In audit execution, the
auditor has to perform audit procedures i.e. test of controls and substantive
tests. The tests are perfomerd on class of tranactions and balances sampled.
b) Steps of audit execution
The conduct of an audit execution involves various procedures and techniques.
These are various steps, which are taken by the auditor to complete an audit.
These steps are illustrated with the help of the following figure:

The steps involved in the conduct of audit execution are further explained as
under:
• The auditor is appointed by the members or shareholders of a
company. The auditor should make it sure that his/her appointment is in
accordance with provisions of companies Act;

• If the auditor has been appointed in place of another auditor, he/she
should enquire from the retiring auditor, the reasons for his/her removal
as an auditor. If the retiring auditor discloses some information due
to which the new auditor would not be able to work independently
or in accordance with the professional ethics, then he/she should not
accept the appointment;

• When the auditor accepts the appointment then he/she should obtain
definite instructions from his/her client about the nature and scope
of his/her work and duties, for this purpose, the auditor writes an
engagement letter to the client;

• The next step is to investigate relevant internal control and accounting
systems of the company. In this case, he/she obtains a list of the
books maintained and the details of internal systems established in
the respective organization. He/she opens an audit file and draws
up internal control questionnaires (I.C.Q). At this stage, he/she also
prepares an audit programme;
• The auditor carries out audit work to evaluate the operation of internal
control and accounting systems of the concerned company. For this
purpose, he/she applies various compliance and substantive tests;
• The auditor obtains audit evidence to ensure that all accounting records
have been maintained accurately and the financial statements prepared
from these records are also correct;
• The auditor reviews his/her findings critically in order to form his/her
opinion.
• Finally, the auditor prepares his/her audit report and submits this report
to the members of the company or to the concerned parties.
8.1.2. Audit procedures
a) Meaning of audit procedures
Audit procedures are the techniques, processes, and methods that auditors use
to obtain reliable audit evidence, which enable them to gain a sound judgment
about an organization’s financial status. Audit procedures are conducted to
help determine whether or not a company’s financial statement is credible and
factual.
The regular implementation of these procedures helps establish a business’s
financial reputation and strengthen its trustworthiness in the eye of its customers,
the market, and potential investors.
There is no definitive structure when it comes to auditing; its whole process
would depend on the auditor, the company to be audited, and the purpose of
the audit. Learn more about the three main methods of audit procedures below.
• Tests of controls
Tests of controls are audit procedures designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting material
misstatements at the assertion level.
Tests of controls are performed only on those controls that the auditor has
determined and suitably designed to prevent, or detect and correct a material
misstatement in an assertion. If substantially different controls were used at
different times during the period under audit, each control is considered
separately.
Testing the operating effectiveness of controls is different from obtaining an
understanding and evaluating the design and implementation of controls.
However, the same types of audit procedures are used. The auditor may
therefore, decide it is efficient to test the operating effectiveness of controls at
the same time as evaluating their design and determining that they have been
implemented.
• Substantive procedures
Substantive procedures are audit procedures designed to detect material
misstatements at the assertion level.
• Analytical procedures
Analytical procedures pair financial data with non-financial data determine
the correlation between them. Comparison of previous trends versus current
trends, as well as evaluation of the difference between the client’s record and
the substantive evidence, are also considered analytical procedures.
Application activity 8.1
1. Audit execution is said when :
a. audit is done
b. Audit start
c. Audit take place
d. Audit is concluded
e. a and c are correct answers
f. All of the above
2. Differentiate substantive procedures from analytical procedures
8.2. Audit evidence
Learning activity 8.2
Mr. GAKIRE is an external auditor in XYZ company. During his audit activities,
he has discovered some fictious transactions and other frauds in their
books of accounts and financial statement. At first, Mr. GAKIRE thought
that the frauds were committeded by some of the staff at managerial level,
especially the managing director, and other staff working in sensitive areas
like the cashier and the storekeeper but he did not have the information
appropriate information to support it. He started by looking at the information
within the company that can help him to confirm who were responsible
for frauds and failed to get them. Leter, he decided to visit some of the
company’s third parties like banks, suppliers, creditors and debtors with the
aim of identifying the persons who were involved in the frauds. At the end,
Mr. GAKIRE discovered that the frauds were committed by the managing
director, accountant, and cashier.
After reading the above scenario answer the following questions:
1. What is the technical term used for the information found by Mr.
GAKIRE?

2. How do we call the means used by Mr. GAKIRE when he was
searching information? And which one has he used?

3. Is Mr. GAKIRE allowed to accept any kind of information received
from XYZ’s third parties? If yes or no, explain.
8.2.1. Meaning of audit evidence
Audit evidence is all the information, whether obtained from audit procedures or
other sources that is used by the auditor in arriving at the conclusion on which
the auditor’s opinion is based on. The auditor obtains evidence from several
sources. Some of significant source of audit evidence are from:
• Accounting records;
• Audit procedures performed to test accounting records;
• Information obtained during the audit of previous years;
• Audit firm’s quality control procedures for acceptance of audit;
• Work of management’s expert;
• Confirmation from third parties;
• Comparable data of other companies engaged in the same industry;
• Written representations from management to support other evidences
obtained during the audit.
8.2.2. Qualities of audit evidence
There are a number of general principles set out in ISA 500 to assist the auditor
in assessing the relevance of audit evidence. These can be summarized as
follows:
a) Sufficiency
It means that audit evidence should be complete and adequate to prove any
material fact. For example, complete physical counting of items of stock is
sufficient to verify the value of stock.
The auditor must assess whether the evidence is sufficient to allow him/her to
reach the opinion that the financial statements give a true and fair view. If the
auditor decides that the evidence obtained is insufficient to reach this opinion
(or any other opinion), he/she may take any other action depending on the
circumstances that can allow him/her to obtain more evidence by means of
tests of controls and substantive procedures.
b) Relevance
Audit evidence should be relevant to the purpose for which it is required. For
example, checking of physical existence of assets in accordance with the
schedule of assets is relevant for audit purposes.
c) Reliability
Evidence is reliable if it is considered correct and accurate. For example, if the
auditor receives a certificate of stock valuation from an outsider expert instead
of an official of the company then it is more reliable. Similarly, documentary
evidence instead of oral evidence is more reliable. A physical inspection by the
auditor himself/herself is more reliable than evidence obtained from others.
8.2.3. Types of Audit evidence
There are four main types/groups of audit evidences are:
a) Primary audit evidence
This is the type of evidence which the auditor gathers from within the company,
basically from accounting records and source documents. This type of audit
evidence is usually biased or may fall-short of some fact, which renders it less
reliable.
b) Secondary audit evidence
This is the type of audit evidence which the auditor collaborates outside the
company, i.e. which gathers from such sources as third parties ‘confirmation,
e.g. debtors, creditors, bankers, trustees, etc. and this evidence is gathered
by writing to these parties and requesting them to send replies directly to the
auditor. This evidence is usually more reliable except where these parties have
other special relationships with the company in which case they may collude to
give biased information.
c) Circumstantial Audit evidence
This evidence is gathered from circumstances prevailing in a given business at
the time of the audit, e.g. orderliness of the business which is an indication of
strong internal control system, qualification and ability of the staff to co-operate
with the auditor, etc. This evidence may prove to be biased in particular if the
auditor’s visit was known by the client in advance.
d) Hearsay evidence
This is gathered from such sources as: interviews, conversation, posing
intelligent questions to the client’s senior staff and other parties related to the
client in their day-to-day deals.
8.2.4. Techiniques of gathering audit evidence
A number of audit testing procedures are available to the auditor as a means of
gathering audit evidence. More than one procedure may be used in collecting
evidence in a particular area.
Not all procedures may be appropriate to a given objective of the audit. The
auditor should select the most appropriate procedure in each situation. ISA 500
identifies seven (7) main testing procedures for gathering audit evidence:
• Inspection (of an item)
• Observation (of a procedure)
• Inquiry
• External confirmation
• Recalculation
• Reperformance
• Analytical procedures
Application activity 8.2
1. Primary audit evidence is an evidence the auditor gathers from:
a. Inside the company
b. Source documents
c. Accounting records
d. A and C are correct answers
e. All of the above

2. The following audit procedures are used for gathering audit evidence
except:
a. Staff confirmation
b. Recalculation
c. Inquiry
d. Checking procedure
e. A and D are correct answers
f. No one of the above

3. Hearsay evidence is an audit evidence obtained from the followings
except:
A. Interviews
b. Written conversations
c. Questioning
d. Oral presentations
e. No one of the above
4. Enumerate sources of audit evidence.
8.3. Audit sampling
Learning activity 8.3

Observe the above image, answer the questions below:
1. What auditing term can be used for these people in the big circle?
2. What is the term used in auditing for the people who are selected in
the big circle then move in the small circle?
3. What do you think can be based on when selecting these people in
the small circle?
8.3.1. Meaning of audit sampling
a) Meaning
Audit sampling is the application of audit procedures to less than 100% of
items with a population of audit relevance such that all sampling units have a
chance of being selected. This will enable the auditor to obtain and evaluate
audit evidence about some characteristics of the items selected in order to
provide the auditor with reasonable basis on which to draw conclusions about
the entire population. Audit sampling can be applied using either statistical or
non-statistical approaches.
Auditors do not normally examine all the information available to them as it would
be impractical to do so and using audit sampling will produce valid conclusion.
ISA 530 Audit sampling provides guidance to auditors.
Notes: Some testing procedures do not involve sampling, such as:
• Testing 100% of items in a population
• Testing all items with certain characteristics as selection is not
representative
Auditors are unlikely to test 100% of items when carrying out test of controls,
but 100% testing may be appropriate for certain substantive procedure. For
example, if the population is made up of a small number of high value items, there
is a high risk of material misstatement and other means do not provide sufficient
appropriate audit evidence, then 100% examination may be appropriate.
The auditor may alternatively select certain items from population because of
specific characteristics they possess. The results of items selected in this way
cannot be projected onto the whole population but may be used in conjunction
with other audit evidences concerning the rest of the population.
• High value or key items. The auditor may select high value items or
items that are suspicious. Unusual or phone error.
• All items over a certain amount. Selecting items, this way may mean
a large proportion of the population can be verified by testing a few
items.
• Items to obtain information about the client’s business, the nature of
transactions, or the client’s accounting and control systems.
• Items to test procedures, to see whether particular procedures are
being performed.
In designing the audit sampling, the auditor applies judgment in considering:
• Audit objective
• Population
• Sampling unit
• Risk and assurance
• Tolerable error
• Expected error in the population, and
• Stratification
Audit objective: the auditor should first consider the specific audit objectives to
be achieved to enable him/her to determine the audit procedure or combination
of procedures which is likely to best achieve those objectives. In addition, when
audit sampling is appropriate, the nature of the audit evidence sought and
possible error conditions or other characteristics relating to that evidence will
assist the auditor in defining what constitutes an error and what population
should be used for sampling.
The population: the population is the entire set of data from which a sample is
selected and about which the auditor wishes to draw conclusions. The auditor
should determine that the population from which he/she draws the sample is
appropriate for the specific audit objective. For example, if the auditor’s objective
was to test for overstatement of accounts receivable, his/her population could
be defined as the accounts received trial balance.
Sampling unit is the individual items constituting a population. It may be a
physical item (e.g. credit entries on bank statements, sales invoices, receivables’
balances) or a monetary unit.
Risk and assurance: in planning the audit, the auditor uses professional
judgment to assess the level of audit risk that is appropriate. Audit risk means
the chance of damage to the audit firm as result of giving an audit opinion that
is wrong in some particular.
Tolerable error: tolerable error is the maximum error in the population that
the auditor would be willing to accept and still conclude that the result from
the sample has achieved his/her audit objective. Tolerable error is considered
during the planning stage and is related to the auditor’s preliminary judgment
about materiality. The smaller the tolerable error, the larger the sample size the
auditor will require.
Expected error in the population: if the auditor expects error to be present,
he/she will normally have to examine a larger sample to conclude either that
the population values are fairly stated to within the planned tolerable error or
that the planned reliance on a relevant control is justified. Smaller sample sizes
are justified when the population is expected to be error free. In determining
the expected error in a population, the auditor should consider such matters
as error levels identified in previous audits changes in client procedures and
evidence available from his/her evaluation of the system of internal control and
from results of analytical review procedures.
Stratification: stratification is the process of dividing population into sub-
populations, which is a group of sampling units, which have similar characteristics
(often in monetary value). The strata must be explicitly defined so that each
sampling unit can belong to only one stratum. This procedure reduces the
variability of the items within each stratum. Stratification enables the auditor to
direct his/her efforts towards the items he/she considers potentially contain the
greater monetary error. For example, the auditor might direct his/her attention
to larger value items for accounts receivable to detect material overstatement
errors. In addition, stratification may result in a smaller sample size.
8.3.2. Sample size
The auditor shall determine a sufficient sample size to reduce sampling risk to
an acceptably low level.
a) Sampling risk
Sampling risk is the risk that the auditor’s conclusion, based on a sample of a
certain size, may be different from the conclusion that would be reached if the
entire population weas subjected to the same audit procedure.
Non-sampling risk is the risk that the auditor might reach an erroneous
conclusion for any reason not related to sampling risk. For example, most
audit evidence is persuasive rather than conclusive, the auditor might use
inappropriate procedures, or the auditor might misinterpret evidence and fail to
recognize a misstatement or deviation.
Remember: Detection risk is the risk that auditors will not detect a material
misstatement in the financial statements. Sampling risk is a subset of detection
risk, being the risk that the sample is not representative of the population. This
means that the auditor’s sample may not include an item, which contains a
material error, and so the material misstatement would not be detected.
The auditors are faced with sampling risk in both tests of controls and substantive
procedures, as follows.
The risk the auditor will conclude, in the case of a test of controls, that controls
are more effective than they actually are, or in the case of a test of details that
a material misstatement does not exist when in fact it does. This type of risk
affects audit effectiveness and is more likely to lead to an inappropriate audit
opinion.
The risk the auditor will conclude, in the case of a test of controls, that controls
are less effective than they actually are, or in the case of a test of details, that
a material misstatement exists when in fact it does not. This type of risk affects
audit efficiency, as it would usually lead to additional work to establish that initial
conclusions were incorrect.
Auditors need to ensure that risk is managed, so the greater their reliance on the
results of the procedure in question, the lower the sampling risk auditors will be
willing to accept and the larger the sample size will be. The sample size needed
to give acceptable level of audit risk will depend on the assessed levels of
inherent risk and control risk. The higher these risks are, the greater the sample
size needed to offset this.
If both inherent risk and control risk are low, then a smaller sample size will be
necessary than for situations where inherent or control risks are considered to
be high.
For both tests of controls and substantive tests of details, sampling risk can be
reduced by increasing sample size while non-sampling risk can be reduced by
proper engagement planning, supervision and review.
b) Risk and sample size
If you recall, in the previous unit we illustrated how the prescribed level of
detection risk is affected by inherent risk and control risk, given a desired
level of audit risk. This relationship is described by the audit risk model: AR =
IR*CR*DR.
This formula is very important, so we will look at another example of it here, to
reinforce your understanding.
An audit firm sets its acceptable level of risk as 5%. The risk assessment
activities at the firm’s client have indicated that the level of inherent risk is 75%
and control risk is 40%. What is the level of detection risk the auditor can
accept?
Applying the audit risk formula:
AR= IR*CR*DR
DR = AR / IR*DR
DR= 0.05 / 0.75*0.4
DR= 0.05 / 0.3
DR= 0.16666667= 0.167*100= 16.7%
AR= 0.75*0.4*0.167
AR= 0.0501*100= 5%
So, the level of detection risk would need to be set at 16.7% to achieve the
prescribed level of audit risk (5%).

However, we have now also seen that detection risk comprises both sampling
risk and non-sampling risk.

To reflect this, the audit risk model can be rewritten:

Audit risk = Inherent risk * Control risk * Sampling risk (SR) * Non-sampling risk
(NSR)
As above, the audit firm sets its acceptable level of risk as 5%, the level of
inherent risk is 75% and control risk is 40%. However, in addition, the firm
has identified that non-sampling risk is 50%. What is the prescribed level of
sampling risk?
Applying the amended audit risk formula, we find that:

AR= IR*CR*SR*NSR

SR= AR / IR*CR*NSR

SR= 0.05 / 0.75*0.4*0.5

SR= 0.05/0.15

SR= 0.33333333*100= 33%

AR= 0.75*0.4*0.5*0.33

AR= 0.05*100= 5%
So, the level of sampling risk would now need to be set at 33%.
Calculating the actual sample size to be used for an audit test is a complex
exercise involving mathematical tables, and is outside the scope of this paper.
You will not have to perform such a calculation in your exam.
However, you need to appreciate, in general terms, the relationship between
the level of sampling risk and the size of the sample an auditor will need to
choose. That is, the lower the sampling risk the auditor is prepared to accept,
the larger the sample size he/she will have to select. Or conversely, the higher
the sampling risk the auditor is prepared to accept, the smaller the sample size
he/she will have to select.
8.3.3. Techniques of audit sampling
Audit sampling can be done using either statistical sampling or non-statistical
sampling methods.
Statistical sampling is sampling method involving random selection of the
sample items, and the use of probability theory to evaluate sample results,
including measurement of sampling risk.
Non-statistical sampling is another sampling method that does not have these
characteristics.
There are a number of methods available to an auditor to help him/her select a
sample (ISA 530).
a. Random selection uses random number tables or computerized generator
to select the sample.
b. For example, the auditors might tell a computer program there are 450
receivables numbered 1–450 and they want a sample of 30. The computer
would randomly select 30 numbers between 1 and 450 to be the sampled
items.
c. Systematic selection involves selecting items using a constant interval
between selections, the first interval having a random start. So using the
above example of 1–450 again, the sampling interval would be 15, as 15*30
is 450. The computer could randomly choose a number between 1 and 15
to be the 1st sampled item and every 15th item after that (for example, 13,
28, 43 etc.) would be sampled. When using systematic selection auditors
must ensure that the population is not structured in such a manner that the
sampling interval corresponds to a particular pattern in the population.
d. Haphazard selection is where an auditor himself/herself selects items
‘at random’. It may be an alternative to random selection provided that
the auditors are satisfied that the sample is representative of the entire
population. This method requires care to guard against making a selection
which is biased, for example towards items which are easily located, as they
may not be representative. It should not be used if auditors are carrying out
statistical sampling.
e. Sequence or block selection. Sequence sampling may be used to establish
whether certain items have particular characteristics. For example: an auditor
may use a sample of 50 consecutive cheques to verify whether cheques
are signed by authorized signatories rather than picking 50 single cheques
throughout the year. Sequence sampling may however produce samples
that are not representative of the population as a whole, particularly if errors
only occurred during a certain part of the period, and hence the errors found
cannot be projected onto the rest of the population.
f. Monetary unit sampling is a type of value-weighted selection in which
sample size, selection and evaluation result in a conclusion in monetary
amounts.
The auditor shall perform audit procedure, appropriate to the purpose, on each
item selection.
If the particular item is not appropriate, tests can be performed on alternative
items
If however, evidence about the item is not available, the auditor should normally
treat it as an error. For example, if an auditor has chosen a selection of
receivables balances to confirm whether they have subsequently been paid and
one sampled item was actually in credit due to a previous double payment, it
would not be appropriate to test for a subsequent payment and another balance
should be selected.
8.3.4. Factors affecting the sample size
Examples of some factors affecting sample size are given in ISA 530, and
summarized here:
Examples of factors influencing sample size for tests of controls:
Examples of factors influencing sample size for tests of details
An important thing to note is that although the auditor can manage/influence the
level of audit risk by increased sampling, this should always be balanced against
the amount of time and resource available.
Application activity 8.3
1. Give three examples of sample selection methods that can be used
in audit sampling.
2. Differentiate sampling risk from non-sampling risk.
3. Explain the importance of audit sampling during the audit execution.
4. What are the testing procedures that do not involve sampling?
5. State the elements that the auditor may depend upon when designing
the audit sampling before applying judgement.
8.4. Audit in IT environment
Learning activity 8.4
Observe the above picture then answer the following questions:
1. How do we call applications of auditing procedures that can be
performed with the use of a computer as an audit tool?
2. What are those applications?
8.4.1. Computer Assisted Audit Techniques(CAATs)
a) Meaning of CAATs
Computer-assisted audit techniques (CAATs) are commonly used by auditors.
They consist of audit software and test data.
Computer-assisted audit techniques (CAATs) are applications of auditing
procedures to be applied using the computer as an audit tool.
It is by no means unusual to use a computer to help with auditing. You probably
use common CAATs all the time in your daily work without realizing it.
Most modern accounting systems allow data to be manipulated in various ways
and extracted into a report.
Even if reporting capabilities are limited, the data can often be exported directly
into a spreadsheet package (sometimes using simple Windows-type cut and
paste facilities in very modern systems) and then analyzed.
Most systems have searching facilities that are much quicker to use than
searching through print-outs by hand.
There is a variety of packages specially designed either to ease the auditing task
itself, or to carry out audit interrogations of computerized data automatically.
There is also a variety of ways of testing the processing that is carried out.
Much of this work can now be done using computers that are independent of
the organization’s systems.
These uses of the computer for audit work are known as computer-assisted
audit techniques (CAATs). CAATs may be used in performing various auditing
procedures, including the following:
• Tests of details of transactions and balances
• Analytical review procedures
• Tests of computer information system controls
The overall objectives and scope of an audit do not change when an audit is
conducted in a computerized environment. Auditing can be carried out around,
through or with the computer.
b) Auditing around the computer
To audit around the computer, the auditor does not look at the specific workings
of the system itself. A sample of inputs will be traced to outputs, and vice versa.
If they prove to be accurate and valid, it is assumed that the system of controls
is effective and that the system is operating properly.
The main advantage of this method of auditing is that it can be carried out with
very little technical expertise. However, this method is only suitable if there is a
clear audit trail within the system, the system is relatively simple, and up to date
documentation exists about how the system works.
c) Auditing through the computer
Auditing through the computer requires more specific IT audit skills than those
required to audit around the computer as this method directly tests the controls
within the system itself.
Auditors customarily audit ‘through the computer’. This involves an examination
of the detailed processing routines of the computer to determine whether the
controls in the system are adequate to ensure complete and correct processing
of all data. In these situations, it will often be necessary to employ CAATs.
d) Auditing with the computer
Auditing with the computer refers to the use of CAATs to assist in auditing work.
CAATs consist of audit software and test data which we will look at in detail
below.
8.4.2 .Advantages and disadvantages of CAATs
a) The advantages of using CAATs
• Audit testing capability is increased – large volumes, up to 100%,
of information can be tested, thereby reducing or even eliminating
sampling risk.

• Tasks which are manually impossible can be carried out – using the
computer to trace key controls and processes where there is no visible
audit trail.

• Cost-effectiveness – although up-front costs may be considerable,
CAATs can often be used again in subsequent audits.

• Repetitive work is eliminated – this can increase job satisfaction for
auditors and for them up to apply professional judgment to key areas.

• Knowledge of client’s systems is improved – this is an important by-
product that enhances the auditor’s knowledge of the client and aids
future audit planning.

• Results from CAATs can be compared with results from traditional
testing – if the results correlate, overall confidence is increased.
b) The challenges or disadvantages associated with using CAATs
• Setting up the software needed for CAATs can be time consuming and
expensive.
• Audit staff will need to be trained so they have a sufficient level of IT
knowledge to apply CAATs.
• Not all client’s systems will be compatible with the software used with
CAATs.
• There is a risk that the client’s data is corrupted and lost during the use
of CAATs.
• Information in real-time systems is constantly changing.
• Testing can be limited by the data held on the system.
• There is a risk of over-reliance on ‘infallible’ computerization of audit
procedures.
• Auditor judgment must still be applied throughout the testing process.
8.4.3. Audit software
a) Meaning of audit software
Audit software is computer programs used by the auditor to interrogate a
client’s computer files. Audit software consists of computer programs used
by the auditors as part of their auditing procedures, to process data of audit
significance from the entity’s accounting system. It may consist of generalized
audit software or custom audit software. Audit software is used for substantive
procedures.
Generalized audit software allows auditors to perform tests on computer files
and databases, such as reading and extracting data from a client’s systems for
further testing, selecting data that meets certain criteria, performing arithmetic
calculations on data, facilitating audit sampling and producing documents and
reports quickly.
Customized audit software is written by auditors for specific tasks when
generalized audit software cannot be used.
Using audit software, the auditor can scrutinize large volumes of data, and
identify results or anomalies which need further investigation.
Audit software performs the sort of tests on data that auditors might otherwise
have to perform by hand. The following are some examples of the use of audit
software in the course of an audit work.
b) Audit software: Examples of its use
• Access the client’s data files and obtain information without the need to
ask the client for information.
• Perform calculations and comparisons in analytical procedures.
• Sampling programs to extract data for audit testing, e.g. select a sample
of receivables for confirmation.
• Scan a file to ensure that all documents in a series have been accounted
for or to search for large and unusual items.
• Compare data elements in different files for agreement (e.g. prices on
sales invoices to authorized prices in master file).
• Re-perform calculations, e.g. totaling receivables ledger.
• Prepare documents and reports, e.g. Produce receivables’ confirmation
letters and monthly statements.
The use of audit software is particularly appropriate during substantive testing
of transactions and especially balances. Interrogation software in particular can
help auditors prepare tests, by for example selecting a sample of balances or
dividing populations according to set criteria such as amounts owed (this is
called stratification and is discussed further later in this unit).
Interrogation software can also help auditors scrutinize large volumes of data,
and concentrate resources on the investigation of results.
Earlier we looked at the advantages and disadvantages of CAATs in general
and, although some may be similar, we will now look specifically at the benefits
of audit software along with the potential difficulties of using audit software.
c) Benefits and difficulties of using audit software
• Benefits of using audit software
– Audit software can perform calculations and comparisons more
quickly than those done manually.
– Audit software makes it possible to test more transactions than when
simply manually scanning print outs. For example: audit software
may facilitate searches for exceptions, such as negative or very high
quantities when auditing inventory listings. The additional information
will give the auditor increased comfort that the figure being audited is
reasonably stated.
– Audit software may allow the actual computer files (the source files)
to be tested from the originating program, rather than print outs from
spool or previewed files which are dependent on other software (and
therefore could contain errors or could have been tampered with
following export).
– Using audit software is likely to be cost-effective in the long-term if
the client does not change its systems.
• Difficulties of using audit software
– The costs of designing tests using audit software can be substantial
as a great deal of planning time will be needed in order to gain an
in-depth understanding of the client’s systems so that appropriate
software can be produced.
– The audit costs in general may increase because experienced and
specially trained staff will be required to design the software, perform
the testing and review the results of the testing.
– If errors are made in the design of the audit software, audit time, and
hence costs, can be wasted in investigating anomalies that have
arisen because of flaws in how the software was put together rather
than by errors in the client’s processing.
– If audit software has been designed to carry out procedures during
live running of the client’s system, there is a risk that this disrupts the
client’s systems. If the procedures are to be run when the system is
not live, extra costs will be incurred by carrying out procedures to
verify that the version of the system being tested is identical to that
used by the client in live situations.
8.4.4. Test data
a) Meaning of test data
Test data is data submitted by the auditor for processing by the client’s computer
system, to test that the system processes the data as expected.

Test data techniques are used in conducting audit procedures by entering data
(e.g. a sample of transactions) into an entity’s computer system, and comparing
the results obtained with pre-determined results. Test data is used for tests of
controls.
An obvious way of seeing whether a system is processing data in the way that
it should be is to input some example, or test data and see what happens. The
expected results can be calculated in advance and then compared with the
results that actually arise. Test data has two aspects:
• Data representing valid transactions. Here the auditor is looking for
confirming that the system produces the required documentation such
as sales invoices and updates the accounting records.
• Data that is invalid for any reason. Here the auditors are reviewing
controls that prevent processing of data that is clearly wrong, negative
amounts or non-existent customers for example, or which breaches
limits set down by the company (for example transactions which take
credit customers over their credit limit). Auditors are interested in
seeing not only that the system rejects the transaction, but also that
breaches are reported (by means of exception reports).
uses of test data
– Test data used to test specific controls in computer programs such as
on-line password and data access controls.
– Test transactions selected from previously processed transactions
or created by the auditors to test specific processing characteristics
of an entity’s computer system. Such transactions are generally
processed separately from the entity’s normal processing. Test data
can, for example, be used to confirm whether the controls that prevent
the processing of invalid data are operating effectively, for example
by entering data with say a non-existent customer code or worth an
unreasonable amount, or a transaction which may if processed break
customer credit limits.
– Test transactions used in an integrated test facility. This is where a
‘dummy’ unit (e.g. a department or employee) is established, and to
which test transactions are posted during the normal processing
cycle.
b) Benefits and problems of using test data
Bearing the examples above in mind, we can see the main benefits of using test
data techniques as follows:
– Test data provides evidence that the software or computer system
used by the client is working effectively by testing the program
controls and in some cases there may be no other way to test some
program controls.
– Once the basic test data have been designed, the level of ongoing
time needed and costs incurred is likely to be relatively low until the
client’s systems change.
However, there are some problems with using test data as shown below:
– A significant problem with test data is that any resulting corruption of
data files has to be corrected. This is difficult with modern real-time
systems, which often have built-in (and highly desirable) controls to
ensure that data entered cannot be easily removed without leaving a
mark.
– Test data only tests the operation of the system at a single point of
time and therefore the results do not prove that the program was in
use throughout the period under review.
– Initial computer time and costs can be high and the client may change
their programs in subsequent years.
Application activity 8.4
1. Name two types of CAATs that are commonly used.
2. How CAATS may be used in audit execution?
3. Explain the use of audit software
4. Explain the benefits of using test data
5. Diferentiate the aspects of test data
6. State the main audit procedure used for gathering audit evidence
Skills lab activity 8
Accounting records/transactions from the school’s bursar, share with
students the following:
1. Let students apply sampling techeniques to obtains samples
2. Guide students on how some sampling techeniques can increase or
deacrese the sample size.
End unit 8 assessment
1. Explain the challenges associated with using CAATs
2. Differentiate audit software from test data
3. Explain the qualities of an audit evidence
4. Differentiate statistical sampling from non-statistical sampling
UNIT 9: AUDIT DOCUMENTATION
Key unit competence: To be able to evaluate the form, content and
extent of audit documentation.
Introductory activity
KAYIJUKA has been recently appointed as the auditor of ITERAMBERERYACU
Ltd Company located in GATSIBO DISTRICT. The company is operating in
beverage business industry. On his arrival, he was received by the managing
director of the company. They had discussions and later proceeded with
auditing work. He was given various documents from the accountant,
manager, cashier and storekeeper. During his work of audit, the auditor was
collecting some documents that could help him to prepare his audit report.
Question
1. How do you call the documents gathered by the auditor during audit?
2. What do you think could be the purpose of gathering the documents?
9.1. Components of audit documentations
Learning activity 9.1
Observe carefully the pictures above and answer the following questions:
1. Which documents do you observe on the pictures?
2. In few words how do you call the documents observed?
9.1.1. Meaning and objectives of audit documentation
a) Meaning of audit documentation
Audit documentation is the principal record of auditing procedures applied,
evidence obtained, and conclusions reached by the auditor in the engagement.
Audit documentation is the written record of the basis for the auditor’s
conclusions that provides the support for the auditor’s representations, whether
those representations are contained in the auditor’s report or otherwise.
Audit documentation refers to the records or documentation of procedures that
auditors performed, the audit evidence that they obtained and the conclusions
made by them based on the evidence obtained from the field. The quantity, type,
and content of audit documentation are matters of the auditor’s professional
judgment.
b) Objectives of audit documentation
Before the auditor could make a conclusion on financial statements whether
those financial statements are free from material misstatement or they contain the
misstatement, the auditor needs to make sure that they have enough(sufficient
and appropriate) audit evidence to support his/her conclusions. Therefore, audit
documentation is important for the success of audit works. The following are the
objectives of audit documentation:
• It provides evidence of the auditor’s basis for a conclusion about the
achievement of the overall objective;
• It provides evidence that the audit was planned and performed in
accordance with ISAs and other legal and regulatory requirements;
• It assists the engagement team to plan and perform the audit;
• It assists team members responsible for supervision to direct, supervise
and review audit work;
• It enables the team to be accountable for its work;
• It allows a record of matters of continuing significance to be retained;
• It enables the conduct of quality control reviews and inspections (both
internal and external).
Audit documentation is sometimes called audit working papers.
9.1.2. Audit working papers
a) Definition of audit working papers
Audit working papers are documents which contain all information gathered
from the company audited and show all evidences to help the auditor to prepare
the final report and to form his/her opinion. Working papers are records kept
by the auditor of the procedures applied, the tests performed, the information
obtained, and the pertinent conclusions reached in the engagement
Working papers are the record of various audit procedures performed, audit
evidence collected and obtained, allocation of work between audit team
members etc. Audit working papers are the documents and evidence that an
auditor collects and retains with himself/herself during the audit work.
b) The form and contents of working papers
The form and content of working papers are affected by matters such as:
• The size and complexity of the entity;
• The nature of the audit procedures to be performed;
• The identified risks of material misstatement;
• The significance of the audit evidence obtained;
• The nature and extent of exceptions identified;
• The audit methodology and tools used.
c) Features of good working papers
• They should be properly headed.
• They should indicate the period covered by them or when they were
collected or recorded.
• They should be as complete as possible so that they do not call for
further explanation.
• They should be sufficiently detailed.
• They should be kept safely as a safeguard from misuse or destruction.
• Symbols used should be explained.
d) Advantages/benefits of collecting working papers
• They are used as a basis for planning the current year’s audit.
• They are used as a means of controlling the current year’s audit through
their review.
• They enable the auditor to form an opinion.
• They are used to assist in investigations in company’s financial affairs.
• These working papers can be used as evidence of work done in
particular if the auditor has been sued for negligence.
• They are collected as evidence of work done by each audit clerk who
can be questioned if any work was omitted.
e) How Audit working Papers are gathered
• By taking photocopies of the client’s statements.
• By taking notes relating to areas of weak internal control system,
material errors and frauds.
• By filing up evidence from third parties.
• Auditor’s own judgment which is put on record and filed.
• Important documents from the company.
f) Ownership of working papers
Working papers are the property of the auditor. The auditor may, at his/her
discretion, make portions of or extracts from his/her working papers available
to his/her client. They should not, however, be a substitute for the client’s
accounting records.
9.1.3. Audit files
The auditor maintains two audit files for each client. These two files are known
as permanent audit file and current audit file and they are explained as follows:
a) Permanent audit file
Permanent audit file is a file which containst all documents that are required by
the auditor as long as he/she remains the auditor of this particular company.
Permanent audit file is a file which contains informations of continuing importance
/ nature to the auditor i.e.that informations which the auditor will use beyond
one financial period.
A permanent audit file contains information which is of continuous interest and
is relevant in future audits. In preparing this file, the auditor should bear in mind
the following points:
• The objective of the file is to maintain a permanent record of information
of permanent importance to the auditor.
• The file must be updated at each annual audit.
The documents kept in the parmanent file include:
• Statutory or legal documents like Memorandum of association and
Articles of association;
• Details relating to the nature of the business, its operations;
• Organization plan and chart showing the duties and authorities of
various officials of the company;
• Details of accounting systems and internal control in operation;
• Copies of important agreements and minutes of important meetings of
board of Directors;
• List of accounting books or records maintained by the company;
• Copies of previous years financial statement.
b) Current audit file
Current audit file is that file which contains information which related primarly to
the set of accounts being audited i.e. It contains informations which will be used
by the auditor for the current year under audit only. A current audit file contains
information regarding audit conducted for the current period. This file contains
documents in respect of one specific year.
The current file contains the following documents:
• A copy of the final accounts of the respective year.
• Completed internal control questionnaires.
• Audit programme
• Audit time table
• All relevant list e.g. list of fixed asset, a list of debtors, a list of creditors
etc.
• Correspondence with the client in respect of the current audit.
9.1.4. Audit note book
a) Definition and purpose of audit note book
An audit notebook is a register kept by an audit team to record crucial/important
points observed during the audit.
The purpose of an audit notebook is to note down various points, which need
to be either clarified with the client or the chief auditor. Audit notebook is also
used for recording important points to be included in the Auditor’s Report. It is
a complete record of doubts and their clarification.
b) Importance of Audit Note Book
• Audit notebook shall be taken as reliable evidence even by the Court
of law in case of dispute or if the auditor is charged with negligence.
• It is useful for drawing the audit program.
c) Advantages of audit notebook
• Audit note book enables the auditor to record important points, which
arise during the course of his/her audit; otherwise he/she might forget
these points.
• An auditor can produce this book as a documentary evidence in a suit
filed against him/her for negligence or misfeasance.
• It facilitates the preparation of the audit report.
• If the assistant in charge is changed before the completion of a
particular work, it acts as a guide and makes the completion of balance
work easier.
• It can help in making an assessment of the work of audit clerks.
• It provides a key to evaluate the efficiency of the audit staff.
d) Disadvantages of Audit NoteBook
• Very often, it creates misunderstanding between the client staff and the
audit staff.
• If it is not properly and carefully prepared, it cannot be used as evidence
against the auditor for negligence.
• Audit staff has to depend too much upon the client’s staff for its
preparation.
e) Contents of an audit notebook
• A list of books of accounts maitained by the client.
• The technical terms used in the business.
• The names of the principal officers, their powers, duties and
responsibilities.
• The points which require further explanations and clarification.
• The mistakes and errors discovered .
• The total or balance of certain books of accounts, bank reconciliation
statement.
• Accounting methods followed in the business.
• The points which have to be incorporated in the audit report.
• Any matters which require discussions with the senior or with the
auditor.
• Date of commencement and completion of the audit.
Application activity 9.1
1. Define the following concepts:
a. Audit documentation
b. Audit notebook
2. What are the types of audit files?
Skills lab activity 9
Under the guidance of a teacher, the students in their learning groups are
facilitated to design appropriate working papers showing all the required
information as required per International Standards on Auditing.
End unit 9 assessment
1. Identify the objectives of audit documentation.
2. What is the definition and the purpose of audit notebook?
3. Differentiate Permanent audit file from Current audit file
4. Give the features of good audit working papers
5. Complete the following definitions:
a. …...documents which contain all information gathered from the
company audited and show all evidences to help the auditor to
prepare the final report and to form his/her opinion.
b. …...the written record of the basis for the auditor’s conclusions
that provides the support for the auditor’s representations,
whether those representations are contained in the auditor’s
report or otherwise.
UNIT 10: INTERNAL CONTROL SYSTEM
Key unit competence: To be able to evaluate internal control system
Introductory activity
A case study
IHAHIRORYACU Ltd Company is located in Kigali city. Due to the lack of sufficient
staff at both managerial and operational levels staff , the management of the
company requested its staff to perform any tasks assigned to them. This implies
that there were no specific duties and responsibilities assigned to each staff.
Procurement of goods and services are planned and executed by Head of Finance
(HoF). The Head of the Finance is the one who receives the goods and services
and later makes payments for them. Suppliers are paid with the use of cheques. As
part of practice, the issued must bear the signatures of the Hod and accountant.
The accountant is the brother in law to the HoF.
In accordance with company’s human resources policy, the recruitment of staff is
done by a team of staff appointed by the Head of the Human Resources (HRM).
It is the responsibility of the Human Resources unit to conduct the recruitment
process and recommend to Managing Director (MD) the competent candidates for
appointment. This is not done as per the policy; recruitment of staff is conducted
by the Head of Finance and recommend the competent candidates to the MD for
appointment. The Human Resources unit does only prepare monthly payrolls and
ensure that the employees are paid timely.
The management of petty cash is done by the accountant. No one makes follow up
of money spent through petty cash. No records regarding petty cash managements.
IHAHIRORYACU Ltd Company maintains three bank accounts. The signatories to
the bank accountants are the accountant and HoF. Bank reconciliation for the bank
accounts are prepared at the end of financial year.
Question
What are weaknesses that exist in management of IHAHIRORYACU Ltd Company?
10.1. Features of internal control system
Learning activity 10.1
A manager of a company would like to build an overall system, which will
allow the management of the organisation to govern, control of organisational
activities, examine financial information and review operating activities.
1. What do you think this manager can do in order to provide the
company with an effective internal control system?
2. What are main elements of internal control system?
10.1.1. Meaning and features of internal control system
a) Meaning of internal control system
Internal control is the process designed and affected by those charged with
governance, management, and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations and compliance
with applicable laws and regulations.
b) Features of internal control system
Effective internal control depends on good organization. Reducing the level of
errors and irregularities helps to ensure that the objectives of the control system
are effectively achieved.
Organization plan
The first feature of an internal control system is the organization plan. In order for
it to be effective, it must be simple and flexible. This plan should clearly outline
the functions of each unit and its staff members.
• Segregation of functions
Structural independence of an organization means separating the functions of
each area of the company. This is essential for an effective internal control system,
as it ensures that one person is not responsible for all stages of an operation.
In this sense, all processes must go through different phases, and each of them
must be under the responsibility of different persons. Thus, the execution,
authorization or registration of a transaction is performed independently by
different employees.
• Control of access to assets
Effective internal control depends on a large extent on the security of the
processes. An organization achieves an adequate degree of security when
access to assets or accounting records is limited. This involves restricting
physical or remote access to assets or the preparation of documents for
authorizing access to them.
Authorization system and procedure
Effective internal control includes methods to monitor the records of operations
and transactions. The procedures involved in an activity must include periodic
audits and reviews, as well as obtaining control information and authorisation.
10.1.2. Elements of internal control system
Internal control has five elements:
a) The control environment
The control environment is the framework within which controls operate. The
control environment is determined by the management of the business. The
control environment includes the governance and management functions and
the attitudes, awareness and actions of those charged with governance and
management concerning the entity’s internal control and its importance in the
entity.
Communication and enforcement of integrity and ethical values: Essential
elements which influence the effectiveness of the design, administration and
monitoring of controls.
Commitment to competence: Management’s consideration of the competence
levels for particular jobs and how those levels translate into requisite skills and
knowledge.
Organisational structure: The framework within which an entity’s activities for
achieving its objectives are planned, executed, controlled and reviewed.
Assignment of authority and responsibility: How authority and responsibility
for operating activities are assigned and how reporting relationships and
authorisation hierarchies are established.
Human resource policies and practices: Recruitment, orientation, training,
evaluating, counselling, promoting, compensation and remedial actions.
The auditor shall assess whether these elements of the control environment
have been implemented using a combination of inquiries of management and
observation and inspection.
Entity risk assessment process: An auditor must obtain an understanding of
whether the entity has a process for:
– Identifying business risks relevant to financial reporting objectives;
– Estimating the significance of the risks;
– Assessing the likelihood of risks occurrence;
– Deciding upon actions to address those risks.
b) Information system relevant to financial reporting
The information system relevant to financial reporting is a component of
internal control that includes the financial reporting system, and consists of
the procedures and records established to initiate, record, process and report
entity’s transactions and to maintain accountability for the related assets,
liabilities and equity.
The auditor shall obtain an understanding of the information system relevant to
financial reporting objectives, including the following areas:
– The classes of transactions in the entity’s operations that are
significant to the financial statements;

– The procedures, within both IT and manual systems, by which those
transactions are initiated, recorded, processed, corrected, transferred
to the general ledger and reported in the financial statements;

– The related accounting records, supporting information, and specific
accounts in the financial statements, in respect of initiating, recording,
processing and reporting transactions;

– How the information system captures events and conditions, other
than transactions, that are significant to the financial statements;

– The financial reporting process used to prepare the entity’s
financial statements, including significant accounting estimates and
disclosures;

– Controls surrounding journal entries, including non-standard journal
entries used to record non-recurring, unusual transactions or
adjustments.
c) Control activities
Control activities are those policies and procedures that help ensure that
management directives are carried out. This means that the auditor shall obtain
an understanding of control activities relevant to the audit and how the entity
has responded to risks arising from IT. Control activities include those activities
designed to prevent or to detect and correct errors.
Those include activities relating to authorisation, performance reviews,
information processing, physical controls and segregation of duties. Examples
of control activities include:
– Activities relating to authorisation;
– Performance reviews;
– Information processing;
– Physical controls and segregation of duties.
Components of control activities
– Approval and control of documents
– Controls over computerised applications
– Checking the arithmetical accuracy of records
– Maintaining and reviewing control accounts and trial balance
– Reconciliations of accounts balances such as bank account.
– Comparing the results of cash, security and inventory accounts with
accounting records
– Comparing internal data with external sources of information
– Limiting physical access to assets and records
– Segregation of duties
In brief, control activities are those policies and procedures that ensure
management’s directives are carried out. This means that the auditor shall
obtain an understanding of control activities relevant to the audit and how the
entity has responded to risks arising from IT.
Table illustrating control objectives and control activities
d) Entity risk assessment process
An auditor must obtain an understanding of whether the entity has a process
for:
• Identifying business risks relevant to financial reporting objectives;
• Estimating the significance of the risks;
• Assessing the likelihood of risks occurrence;
• Deciding upon actions to address those risks.
As part of managing business risk generally, the directors should have a system
for identifying and dealing with risks affecting the financial statements. If they
have such a system, and it works effectively, the chance of having an error in
the financial statements (control risk) is lower and so audit risk is lower. The
entity’s risk assessment process is an element of the control environment which
encompasses the entity’s process for identifying business risks relevant to
financial reporting objectives and deciding about actions to take to address
those risks.
If the entity has established such a process, the auditor would obtain an
understanding of it. If there is not a process, the auditor shall discuss with
management whether relevant business risks have been identified and how they
have been addressed.
e) Monitoring of controls
Monitoring of controls is a process to assess the effectiveness of internal
control performance over time. It includes assessing the design and operation
of controls on a timely basis and taking necessary corrective actions/measures.
Small companies - the problem of control
Many of the controls which would be relevant to a large entity are neither practical
nor appropriate for a small company. For a small company, the most important
form of internal control is generally the close involvement of the directors or
proprietors. However, that very involvement will enable them to override controls
and, if they wish, to exclude transactions from the records.
Auditors can have difficulties not because there is a general lack of controls but
because the evidence available as to their operation and the completeness of
the records is insufficient.
Segregation of duties will often appear inadequate in enterprises having a small
number of staff.
Similarly, because of the scale of the operation, organisation and management
controls are likely to be rudimentary at best.
The onus is on the proprietor, by virtue of their day-to-day involvement to
compensate for this lack. This involvement should encompass physical,
authorisation, arithmetical and accounting controls as well as supervision.
However, it is important to stress that in a well-run small company, there will be
a system of internal control. In any case, all companies must comply with any
relevant legislation concerning the maintenance of a proper accounting system.
Where the manager of a small business is not himself/herself the owner, he/
she may not possess the same degree of commitment to the running of it as
an owner-manager would. In such cases, the auditors will have to consider
the adequacy of controls exercised by the shareholders over the manager in
assessing internal control.
Controls in a computer environment
Auditors must be able to cope with the special problems that arise when auditing
in a computer environment and keep abreast of technical innovation. There are
two types of controls such as: application controls and general IT controls.
Application controls are ‘manual or automated procedures that typically operate
at a business process level. Application controls can be preventative or detective
in nature and are designed to ensure the integrity of the accounting records.
Accordingly, application controls relate to procedures used to initiate, record,
process and report transactions or other financial data.
General IT controls are ‘policies and procedures that relate to many applications
and support the effective functioning of application controls by helping to
ensure the proper continuity of operations of information systems. General IT
controls commonly include controls over data centre and network operations;
system software acquisition, change and maintenance; access security; and
application system acquisition, development and maintenance.
Application controls and general IT controls are inter-related. Strong general
IT controls contribute to the assurance which may be obtained by an auditor in
relation to application controls.
On the other hand, unsatisfactory general IT controls may undermine strong
application controls or exacerbate unsatisfactory application controls.
The following points will particularly influence the auditors’ approach:
– Before auditors placing reliance on application controls which involve
computer programs, they need to obtain reasonable assurance that
the programs have operated properly, by evaluating and testing the
effect of relevant general IT controls or by other tests on specific parts
of the programs;
– Sometimes, a programmed accounting procedure may not be subject
to effective application controls. In such circumstances, in order to put
themselves in a position to limit the extent of substantive procedures,
the auditors may choose to perform tests of controls by testing the
relevant general IT controls either manually or by using CAATs, to gain
assurance of the continuity and proper operation of the programmed
accounting procedure;
– In a computer environment, there is the possibility of systematic
errors. This may take place because of program faults or hardware
malfunction in computer operations. However, many such potential
recurrent errors should be prevented or detected by general controls
over the development and implementation of applications, the integrity
of the program and data files, and of computer operations;
– The extent to which the auditors can rely on general IT controls may
be limited because many of these controls might not be evidenced, or
because they could have been performed inconsistently.
Table illustrating application controls
Table illustrating general IT controls, controls and where they are needed
Application activity 10.1
1. Find out the requirements to achieve the overall objectives of
application controls.

2. Explain the various ways through which the segregation of duties
should be carried out.
10.2. Assessment and recording of information systems
Learning activity 10.2
BUGIRIMANA is an entrant or beginner in the auditing profession. The
association of accountants where he is a member has offered him an
opportunity to audit TUZAMURANE Ltd Company, one of the medium
business category in the country. He was required to assess its recording
of information system and the entire internal control system.
1. What should the auditor do to assess the accounting system?
2. Explain how an auditor can test controls of the internal control system
of a business organisation.
3. What are several techniques for the assessment of control risk?
10.2.1. Assessment of information systems and internal
control
Auditors should assume control risk is high, unless it is assessed as low, and
the assessment confirmed by tests of controls.
In order to assess the information system and internal control, the auditor may
do the following:
• Assess the adequacy of the accounting system as a basis for preparing
the financial statements;
• Identify the types of potential misstatements that could occur in the
financial statements;
• Consider factors that affect the risk of misstatements;
• Design appropriate audit procedures.
a) Accounting systems and the control environment
Auditors perform procedures to give them an understanding of the accounting
systems at a client and comprise what procedures are carried out, how many
and when depend on the size and complexity of the entity (more procedures are
likely to be required if the system is big and complicated), whether their systems
are documented or not (if so, reading this will give some understanding of the
system).
It will also depend on the auditors’ assessment of the risk of material misstatement
in the financial statements. If the risk is low, fewer procedures will be carried out.
A client is unlikely to change its system substantially on too regular basis, so
normally, auditors simply have to update their understanding of the system from
the previous year (that is, for changes that have occurred during the year). They
do this by:
• Asking staff (inquiry)
• Watching staff operate the system (observation)
• Looking at documents produced by the system (inspection)
The auditor shall design and perform tests of controls to obtain sufficient
appropriate evidence as to the operating effectiveness of relevant controls if:
– The auditor’s assessment of risks of material misstatement at the
assertion level includes an expectation that the controls are operating
effectively (that is, the auditor intends to rely on the operating
effectiveness of controls in determining the nature, timing and extent
of substantive procedures);or
– Substantive procedures alone cannot provide sufficient appropriate
audit evidence at the assertion level.
b) Tests of controls
Tests of controls are audit procedures designed to evaluate the operating
effectiveness of controls in preventing, detecting and correcting material
misstatements at the assertion level and must cover the whole accounting
period.
• They are performed to obtain audit evidence about the effectiveness of
the:
– Design of the accounting and internal control systems, ie whether
they are suitably designed to prevent or detect and correct
material misstatements.
– Operation of the internal controls throughout the period.
The auditor will use inquiry in combination with other procedures (in particular
reperformance and inspection) to obtain evidence about the operating
effectiveness of controls and should consider:
– How controls were applied
– The consistency with which they were applied during the period
– By whom they were applied
Deviations in the operation of controls (caused by change of staff etc) may
increase control risk and tests of controls may need to be modified to confirm
effective operation during and after any change.
c) Questionnaires
Internal Control Questionnaires (ICQs): are used to ask whether controls
exist which meet specific control objectives.
Internal Control Evaluation Questionnaires (ICEQs): are used to determine
whether there are controls which prevent or detect specified errors or omissions.
The specific controls for major transaction systems (sales, purchases, inventory,
payroll etc) are examined in detail in later Units. Here we will look at the overall
objectives of the questionnaires, although we have included examples from
specific transaction systems to illustrate how ICQs and ICEQs are used.
Internal Control Questionnaires (ICQs)
The major question which internal control questionnaires are designed to answer
is ‘How good is the system of controls?’
Where strengths are identified, the auditors will perform work in the relevant
areas. If, however, deficiencies are discovered they should then ask:

a) What errors or irregularities could be made possible by these deficiencies?
b) Could such errors or irregularities be material to the financial statements?
c) What substantive procedures will enable such errors or irregularities to
be discovered and quantified?
Although there are many different forms of ICQ in practice, they all conform to
the following basic principles:

– They comprise a list of questions designed to determine whether
desirable controls are present.

– They are formulated so that there is one to cover each of the major
transaction cycles.
Since it is the primary purpose of an ICQ to evaluate the system rather than
describe it, one of the most effective ways of designing the questionnaire is to
phrase the questions so that all the answers can be given as ‘yes’ or ‘no’ and a
‘no’ answer indicates a deficiency in the system. An example would be:
Are purchase invoices matched to goods received notes before being passed
for payment?
A ‘no’ answer to that question clearly indicates a deficiency in the company’s
payment procedures. The ICQ questions below dealing with goods inward
provide additional illustrations of the ICQ approach.
Goods inward
• Are supplies examined on arrival as to quantity and quality?
• Is such an examination evidenced in some way?
• Is the receipt of supplies recorded, perhaps by means of goods inwards
notes?
• Are receipt records prepared by a person independent of those
responsible for :
– Ordering functions?
– The processing and recording of invoices?
- Are goods inwards record controlled to ensure that invoices are
obtained for all goods received and to enable the liability for unbilled
goods to be determined (by pre-numbering the record and accounting
for all serial numbers)?
– Are goods inward record regularly reviewed for items for which no
invoices have been received?
– Are any such items investigated?
• Are these record reviewed by a person independent of those responsible
for the receipt and control of goods?
However, note that while ICQs are used primarily for evaluating a system, they
can still be used to record a system. If they are used to record a system, then
the questions will be constructed in such a way that they require answers in the
form of descriptive notes on the system.
Internal Control Evaluation Questionnaires (ICEQs)
In recent years, many auditing firms have developed and implemented an
evaluation technique more concerned with assessing whether specific errors
(or frauds) are possible rather than establishing whether certain desirable
controls are present. This is achieved by reducing the control criteria for each
transaction stream down to a handful of key questions (or control questions).
The characteristic of these questions is that they concentrate on the significant
errors or omissions that could occur at each phase of the appropriate cycle if
controls are weak.
Internal control evaluation questionnaire: control questions
The sales (revenue) cycle
Is there reasonable assurance that:
• Sales are properly authorised?
• Sales are made to reliable payers?
• All goods despatched are invoiced?
• All invoices are properly prepared?
• All invoices are recorded?
• Invoices are properly supported?
• All credits to customers’ accounts are valid?
• Cash and cheques received are properly recorded and deposited?
• Slow payers will be chased and that bad and doubtful debts will be
provided against?
• All transactions are properly accounted for?
• Cash sales are properly dealt with?
• Sundry sales are controlled?
• At the period end the system will neither overstate nor understate
receivables?
The purchases (expenditure) cycle
Is there reasonable assurance that :
• Goods or services could not be received without a liability being
recorded?
• Receipt of goods or services is required in order to establish a liability?
• A liability will be recorded:
– Only for authorised items?
– At the proper amount?
• All payments are properly authorised?
• All credits due from suppliers are received?
• All transactions are properly accounted for?
• At the period end liabilities are neither overstated nor understated by
the system?
• The balance at the bank is properly recorded at all times?
• Unauthorized cash payments could not be made and that the balance
of petty cash is correctly stated at all times?
Wages and salaries
Is there reasonable assurance that:
• Employees are only paid for work done?
• Employees are paid the correct amount (gross and net)?
• The right employees actually receive the right amount?
• Accounting for payroll costs and deductions is accurate?
Inventories
Is there reasonable assurance that :
• Inventory is safeguarded from physical loss (eg fire, theft, deterioration)?
• Inventory record are accurate and up to date?
• The recorded inventory exists?
• The recorded inventory is owned by the company?
• The cut-off is reliable?
• The costing system is reliable?
• The inventory sheets are accurately compiled?
• The inventory valuation is fair?
Non-current assets
Is there reasonable assurance that:
• Recorded assets actually exist and belong to the company?
• Capital expenditure is authorised and reported?
• Disposals of non-current assets are authorised and reported?
• Depreciation is realistic?
• Non-current assets are correctly accounted for?
• Income derived from non-current assets is accounted for?
Management information and general controls
Is the nominal ledger satisfactorily controlled?
• Are journal entries adequately controlled?
• Does the organisation structure provide a clear definition of the extent
and limitation of authority?
• Are the systems operated by competent employees, who are adequately
supported?
• If there is an internal audit function, is it adequate?
• Are financial planning procedures adequate?
• Are periodic internal reporting procedures adequate?
Each key control question is supported by detailed control points to be
considered.
For example, the detailed control points to be considered in relation to key
control question (b) for the expenditure cycle (Is there reasonable assurance
that receipt of goods or services is required to establish a liability?) are as
follows:
– Is segregation of duties satisfactory?
– Are controls over relevant master files satisfactory?
– Is there a record showing that all goods received have been reviewed :
• Weight or number?
• Quality and damage?
• Are all goods received taken on charge in the detailed inventory ledgers?
– By means of the goods received note?
– Or by means of purchase invoices?
– Are there, in a computerised system, sensible control totals (hash
totals, money values and so on) to reconcile the inventory system
input with the payables system?
• Are all invoices initialled to show that,
– Receipt of goods has been matched to the goods received record?
– Receipt of services has been verified by the person using it?
– Quality of goods has been reviewed against the inspection?
In a computerised invoice approval system, are there printouts (examined by a
responsible person) of:
– Where order, GRN and invoice are present but they are not equal (equal
within predetermined tolerances of minor discrepancies)?
– Cases where invoices have been input but there is no corresponding
GRN?
• Is there adequate control over direct purchases?
• Are receiving documents effectively cancelled (for example cross-
referenced) to prevent their supporting two invoices
10.2.2. Recording the information system and internal control
The auditor must keep a record of client’s systems, which must be updated
each year. This can be done with narrative notes, flowcharts, questionnaires or
checklists.
There are several techniques for recording the assessment of control risk
and one or more of the following techniques may be used depending on the
complexity of the system:
• Narrative notes
• Questionnaires
• Flowcharts
• Checklists
Whatever method of recording is used, the record will usually be retained on the
permanent file and updated each year. We will look at the use of questionnaires
in a little more detail here. There are two types, each with a different purpose.

• Internal Control Questionnaires (ICQs) are used to ask whether controls
exist which meet specific control objectives.
• Internal Control Evaluation Questionnaires (ICEQs) are used to
determine whether there are controls which prevent or detect specified
errors or omissions.
In most cases, specific controls are applied on major transactions relating to
sales, purchases, inventory, cash, payroll, revenue and capital expenditure.
Confirming understanding
In order to confirm their understanding of the control systems, auditors will often
carry out walk-through tests. This is where they pick up a transaction and follow
it through the system to see whether all the controls they anticipate should be
in existence were in operation with regard to that transaction.
Application activity 10.2
1. what are major questions which internal control questionnaires are
designed to answer?

2. What auditor should do in order to obtain the audit evidence about
the effectiveness of the internal control system?
0.3. Communication and control activities
Learning activity 10.3
MUTUNZI is an auditor who has finished to examine the internal control of
TURWUBAKE Ltd. Company wants to communicate for the first time the
findings of the audit examination to the management.
1. How does the auditor communicate the findings on the internal
control system to the organisation?
2. Give five statements reflecting the deficiencies in the internal control
system of an organisation.
10.3.1. Communication with the management
a) Commucation with managment
The auditor’s communication with the management is about communicating
significant deficiencies in internal controls and shall be communicated in writing
to those charged with governance in a report to management.
b) The deficiency in the internal control of the organisation
A deficiency in internal control exists when a control is designed, implemented or
operated in a way that is unable to prevent, or detect and correct misstatements
in the financial statements on a timely basis, or if a control necessary to prevent,
or detect and correct, misstatements in the financial statements on a timely is
missing.
The likelihood of a misstatement occurring and its potential magnitude. Examples
of matters to consider when determining whether a deficiency in internal control
is a significant deficiency:
• The likelihood of the deficiencies resulting in material misstatements in
the financial statements in the future
• The susceptibility to loss or fraud of the related asset or liability
• The subjectivity and complexity of determining estimated amounts
• The amounts exposed to the deficiencies
• The volume of activity that has occurred or could occur
• The importance of the controls to the financial reporting process
• The cause and frequency of the exceptions identified as a result of the
deficiencies
• The interaction of the deficiency with other deficiencies in internal
control
• Evidence of ineffective aspects of the control environment
• Absence of a risk assessment process
• Evidence of an ineffective entity risk assessment process
• Evidence of an ineffective response to identified significant risks
• Misstatements detected by the auditor’s procedures that were not
prevented, or detected and corrected, by the entity’s internal control
• Restatement of previously issued financial statements that were
corrected for a material misstatement due to fraud or error
c) Necessary information the auditor should communicate to the
management
• Evidence of management’s inability to oversee the preparation of the
financial statements.
• The auditor shall communicate any significant deficiencies in internal
control to those charged with governance on a timely basis.
• The auditor shall also communicate in writing to management on a
timely basis significant deficiencies in internal control that the auditor
has communicated or intends to communicate to those charged with
governance.
• Deficiencies in internal control that have not been communicated to
management by other parties and that the auditor considers are of
sufficient importance to warrant management’s attention.
The auditor shall include the following in the written communication:
• A description of the deficiencies and an explanation of their potential
effects
Sufficient information to enable those charged with governance and management
to understand the context of the communication, in particular that:
• The purpose of the audit was for the auditor to express an opinion on
the financial statements.
• The audit included consideration of internal control relevant to the
preparation of the financial statements in order to design audit
procedures appropriate in the circumstances, but not to express an
opinion on the effectiveness of internal control.
• The matters being reported are limited to those deficiencies identified
during the audit and which the auditor has concluded are sufficiently
important to merit being reported to those charged with governance.
• The auditor may also include suggestions for remedial actions on the
deficiencies.
Note: The communication to management of less important deficiencies in
internal control can be done orally.
10.3.2. Control activities of internal control system
a) Meaning of control activities
Control activities are those policies and procedures that help ensure that
management directives are carried out.
• The auditor should obtain an understanding of control activities relevant
to the audit and how the entity has responded to risks arising from IT.

• Control activities include those activities designed to prevent or to
detect and correct errors. Examples include activities relating to
authorisation, performance reviews, information processing, physical
controls and segregation of duties.
b) Examples of control activities
Approval and control of documents: Transactions should be approved by an
appropriate person. For example, overtime should be approved by departmental
managers.
Controls over computerised applications: These are controls that assess the
overall system of the computerised operations.

Checking the arithmetical accuracy of records: For example, checking to see
if individual invoices have been added up correctly.

Maintaining and reviewing control accounts and trial balances: Control
accounts bring together transactions in individual ledgers. Trial balances bring
together unusual transactions for the organisation as a whole. Preparing these
can highlight unusual transactions or accounts.

Reconciliations: Reconciliations involve comparison of a specific balance in
the accounting records with what another source says the balance should be,
for example, a bank reconciliation. Differences between the two figures should
only be reconciling items.
Comparing the results of cash, security and inventory counts with
accounting records: For example, in a physical count of petty cash, the balance
shown in the cashbook should be the same as the amount held.
Comparing internal data with external sources of information: For example,
comparing records of goods despatched to customers with customers’
acknowledgement of goods that have been received.
Limiting physical access to assets and records: Only authorised personnel
should have access to certain assets (particularly valuable or portable ones). For
example, ensuring that the inventory store is only open when store personnel
are there and is otherwise locked.
Segregation of duties
Segregation of duties should take place in various ways:
Segregation implies a number of people being involved in the accounting
process. This makes it more difficult for fraudulent transactions to be processed
(since a number of people would have to collude in the fraud), and it is also
more difficult for accidental errors to be processed (since the more people are
involved, the more checking there can be). Segregation should take place in
various ways:
• Segregation of function. The key functions that should be segregated
are the carrying out of a transaction, recording that transaction in the
accounting record and maintaining custody of assets that arise from
the transaction;
• The various steps in carrying out the transaction should also be
segregated;
• The carrying out of various accounting operations should be segregated.
For example: the same staff should not record transactions and carry
out the reconciliations at the period-end.
10.3.3. Benefits and limitations of internal control system
a) Benefits
The auditors shall assess the adequacy of the systems as a basis for the financial
statements and shall identify risks of material misstatements to provide a basis
for designing and performing further audit procedures.
Auditors are only concerned with assessing policies and procedures which are
relevant to the financial statements. Auditors shall:
• Assess the adequacy of the accounting system as a basis for preparing
the accounts
• Identify the types of potential misstatements that could occur in the
accounts
• Consider factors that affect the risk of misstatements
• Design appropriate audit procedures

The assessment of the controls of an entity will have an impact on that risk
assessment.

Risks arising from poor control environments are unlikely to be confined to
particular assertions in the financial statements, and, if severe, may even raise
questions about whether the financial statements are capable of being audited,
that is, if control risk is so high that audit risk cannot be reduced to an acceptable
level.
On the other hand, some control procedures may be closely connected to an
assertion in financial statements, for example, controls over the inventory counts
are closely connected with the existence and completeness of inventory in the
financial statements.
There may be occasions where substantive procedures alone are not sufficient
to address the risks arising. Where such risks exist, auditors shall evaluate the
design and determine the implementation of the controls, which is by controls
testing. This is most likely to be the case in a system which is highly computerised
and which does not require much manual intervention.
b) Limitations
There are always inherent limitations to internal controls, including cost-benefit
requirements and the possibility of controls being by-passed and over-ridden.
Management of an entity will set up internal controls in the accounting system
to assess the following:
• Transactions are executed in accordance with proper authorisation.
• All transactions and other events are promptly recorded at the correct
amouns, in the appropriate accounts and in the proper accounting
period.
• Access to assets is permitted only in accordance with proper
authorisation.
• Recorded assets are compared with the existing assets at reasonable
intervals and appropriate action is taken with regard to any differences.
However, any internal control system can only provide the directors with
reasonable assurance that their objectives are reached, because of inherent
limitations, such as the following:
The potential for human error
These include the fact that human judgement in decision-making can be faulty
or produce simple errors and mistakes. For example: if an entity’s information
system personnel do not completely understand how the company’s order entry
system operates, they may incorrectly design changes to this system.
On the other hand, they may design the changes correctly but these may be
misunderstood by the personnel responsible for translating them into program
code. Errors may also occur in the use of information produced by IT. For example:
automated controls may be designed to report transactions over a specified
amount for management review, but individuals responsible for conducting the
review may not understand the purpose of these reports, and fail to review them
or investigate unusual items.
The possibility of controls being by-passed or over-ridden
Controls can be circumvented by the collusion of two or more people or
management may inappropriately override controls. For example: management
could enter into a side agreement with customers that alter the terms and
conditions of sales contracts, which could result in improper revenue recognition.
Also, edit checks in a software program that are designed to identify and report
transactions that exceed specified credit limits may be overridden or disabled.
Collusion among employees
In any organisation collusion exist among employees due to different conflicting
circumstances.
The costs of controls outweighing their benefits
This is a particular problem faced by smaller entities. For example: smaller entities
often have fewer employees which may limit the extent to which segregation of
duties is practicable. It would not make commercial sense to employ additional
staff purely for the purposes of achieving greater segregation of duties.
However, this lack of formal control might be compensated for by a responsible
and ethical owner-manager, who closely monitors his/her company’s business
and accounting processes.
Controls tending to be designed to cope with routine and not non-routine transactions

Non-routine transactions are by their very nature unusual. As a result, it will be
difficult to predict what these might be and therefore is less likely that a system
will have been devised to deal with these effectively. Take a shipping company
that leases cargo ships to transport goods as an example. It may have effective
controls over leasing transactions, but if and when the company acquires a
vessel of its own, the controls around authorising and recording the acquisition
may be much less effective.
These factors show why auditors cannot obtain all their evidence from tests of
the systems of internal control.
The key factors in the limitations of controls system are human error and potential
for fraud. The safeguard of segregation of duties can help deter fraud. However,
if employees decide to perpetrate frauds by collusion, or management commit
fraud by overriding systems, the accounting system will not be able to prevent
such frauds.
Application activity 10.3
1. How do auditors assess policies and procedures which are relevant
to the financial statements?
2. What does the management of an entity assess when it sets up
internal controls in the accounting system?
Skills lab activity 10
Under the supervision of teacher, students in their learning teams’ role
playing the communications with management, where one group play as
management another as auditor.
End unit 10 assessment
1. Define the term internal control system
2. What are the features of the internal control system?
3. Explain briefly the elements of internal control system.
4. What are different ways in which segregation ofduties should be
carried out to ensure that there is an effective internal control system
within the organisation?
5. After defining control activities, give some examples which explain
the application of control activities within an organisation.
6. In order to reflect a clear distinction between control objectives
and control activities, draw a table which illustrates the difference
between the two parts using examples.
7. Describe problems relating to internal control system and application
of controls in small companies.
8. After defining tests of controls, draw a table which demonstrates
how tests of controls are applied in the internal control system of an
organisation.
9. Find examples of matters to consider when determining whether a
deficiency in internal control is a significant deficiency.
10. What are the limitations of internal control system?
11. what are the benefits of internal control
UNIT 11: TEST OF CONTROL
Key unit competence: To be able to describe the characteristics of
effective accounting systems.
Introductory activity
1. Explain the relationship between small circles and big circle
In the last Unit we talked about controls and evaluating internal controls. We
have stated that in all audits, auditors must ascertain the accounting system and
internal control system used. If auditors decide to rely on controls, they must
test them. The next Unit describes the controls that may operate and the tests
auditors may carry out.
It is best to examine controls in terms of the various components of the
accounting system. Most commonly, these will be: sales, purchases, wages
and other systems such as inventory, non-current assets and management
information.
11.1. Sales system
Learning activity 11.1
Analyze the picture above, and answer the following questions:
1. What do you see in this picture?
2. Which elements do you see can be used in sales system?
The tests of controls of the sales system will be based around:
• Selling (authorisation)
• Goods outwards (custody)
• Accounting (recording and valuation)
11.1.1. Control objectives
The most important objectives of internal control relating to receivables and
sales are as follows.
11.1.2. Control activities
The following control activities relate to the ordering and credit control process;
note the importance of controls over credit terms, ensuring that goods are only
sent to customers who are likely to pay promptly.
• Segregation of duties : credit control, invoicing and inventory despatch
• Authorisation of credit terms to customers involves:
– References/credit checks obtained
– Authorisation by senior staff
– Regular review
• Authorisation for changes in other customer data
– Change of address supported by letterhead
– Requests for deletion supported by evidence balances cleared/
customer in liquidation
• Credit limits confirmed before new orders are accepted
• Sequential numbering of blank order documents
• Matching of customer orders with production orders and despatch
notes
The following procedures relate to invoice preparation and despatches:
• Authorisation of despatch of goods
– Despatch only on sales order
– Despatch only to authorised customers
– Special authorisation of despatches of goods free of charge or
on special terms
• Examination of goods outwards as to quantity, quality and condition
• Recording of goods outwards on goods despatched notes
• Agreement of goods outwards records to customer orders,
despatch notes and invoices
• Pre-numbering of despatch notes and delivery notes and regular
checks on sequence
• Condition of returns reviewed
• Recording of goods returned on goods returned notes
• Signature of delivery notes by customers
Procedures for the preparation of invoices and credit notes including the
following:
– Authorisation of selling prices/use of price lists
– Authorisation of credit notes
– Verification of prices, quantities, extensions and totals on invoices
and credit notes
– Sequential numbering of blank invoices and credit notes, and
regular tests on sequence
• Inventory record updated on a timely basis
• Matching of sales invoices with despatch and delivery notes and
sales orders
• Regular review for orders which have not yet been delivered
The following control activities relate to accounting and recording.
• Segregation of duties: recording sales, maintaining customer accounts
and preparing statements
• Recording of sales invoices sequence and control over spoilt
invoices
• Matching of cash receipts with invoices
• Retention of customer remittance advices
• Separate recording of sales returns, price adjustments etc.
• Cut-off procedures to ensure goods despatched and not invoiced (or
vice versa) are properly dealt with in the correct period
• Regular preparation of receivables statements
• Review of receivables’ statements to ensure they have been prepared
correctly
• Safeguarding of receivables statements so that they cannot be
altered before despatch
• Review and follow-up of overdue accounts
• Authorisation of writing off of irrecoverable debts (bad debts)
• Reconciliation of receivables ledger (sales ledger) control account
• Analytical review of receivables ledger (sales ledger) and profit
margins
11.1.3. Tests of controls
The precise nature of the tests of controls performed by the auditor would
depend on the way in which the control is being operated by the audit client.
Procedures however would typically include the following.
• Review the organisation chart and allocation of responsibilities and
assess whether segregation of duties is operating.
• Verify that references are being obtained for a sample of new
customers by reviewing customer files.
• Verify that a sample of new accounts on the sales ledger have been
authorised by senior staff.
• Examine computer application controls for credit limits.
• For a sample of customer orders obtain evidence that they have been
matched with production orders and despatch notes.
• Verify that price lists and terms of trade are properly documented,
authorised and communicated.
• Obtain evidence of authorisation of goods despatched e.g. signature
of despatch note.
• Review and test the entity’s procedures for accounting for numerical
sequences of despatch notes and inspect despatch notes to confirm
that they are sequentially numbered.
• Examine delivery notes for evidence of confirmation of receipt of
goods by customers e.g. customer signature.
• Obtain evidence that procedures relating to the accuracy of invoices
have been performed e.g. evidence that prices have been matched
to the price list, evidence that calculations have been reperformed,
evidence that discounts have been authorised.
• Review and test the entity’s procedures for accounting for numerical
sequences of invoices and inspect invoices to confirm that they are
sequentially numbered.
• Review and observe procedures for matching of invoices to despatch
notes and reperform a sample.
• Obtain evidence of authorisation of credit notes.
• Evaluate procedures for the preparation of customer statements.
• Review supplier statement reconciliations produced by the audit
client.
• Reperform a sample of supplier statement reconciliations produced
by the audit client to determine whether they have been performed
accurately.
• Review control account reconciliations to the receivables ledger
produced by the client.
• Reperform a sample of control account reconciliations to the
receivables ledger to determine whether they have been performed
accurately.
• Confirm authorisation of irrecoverable receivables allowances/write
offs.
Application activity 11.1
1. What should auditors consider when reviewing sales invoices?
2. Which of the following controls identified when evaluating a sales
system would provide positive assurance to an auditor in respect of
the key question ‘can goods and services be supplied to a bad credit
risk?’
a) References are obtained for new customers
b) Goods are verified to sales order prior to dispatch
c) Invoice prices prepared from authorized selling prices
d) Receivables statements are prepared
11.2. The purchases system
Learning activity 11.2
Analyse the image above and answer the following questions:
1. Identify the elements can be used in purchase system
The tests of controls of the purchases system will be around:
• Buying (authorisation)
• Goods inwards (custody)
• Accounting (recording and valuation)
11.2.1. Control objectives
The most important objectives of internal control relating to suppliers and
purchases are:
• Ordering
To ensure that:
– All orders for, and expenditure on, goods and services are properly
authorised, and are for goods and services that are actually received
and are for the company.
– Orders are only made to authorised suppliers.
– Orders are made at competitive prices.
• Receipt and invoices
To ensure that:
– Goods and services received are used for the organisation’s
purposes and not private purposes.
Goods and services are only accepted if they have been ordered,
and the order has been authorised.
– All goods and services received are accurately recorded.
– Liabilities are recognised for all goods and services that have been
received.
– All credits to which the organisation is due are claimed.
– Receipt of goods and services is necessary to establish a liability.
• Accounting
To ensure that:
– All expenditure is authorised and is for goods that are actually
received.
– All expenditure that is made is recorded correctly in the general
(nominal) and payables (purchase) ledgers.
– All credit notes that are received are recorded in the general and
payables ledgers.
– All entries in the payables ledger are made to the correct payables
ledger accounts.
– Cut-off is applied correctly to the payables ledger.
11.2.2. Control activities
The following control activities should be in place over ordering.
– Central policy for choice of suppliers
– Evidence required of requirements for purchase before purchase
authorised (re-order quantities and re-order levels)
– Order forms prepared only when a purchase requisition has been
received
– Authorisation of order forms by appropriate authorised personnel
– Prenumbered order forms
– Safeguarding of blank order forms
– Review of orders not received
– Monitoring of supplier terms and taking advantage of favourable
conditions (bulk order, discount)
The client should carry out the following procedures on goods received and
invoices from suppliers.
• Examination of goods inwards
– Quality
– Quantity
– Condition
• Recording arrival and acceptance of goods (pre-numbered goods
received notes)
• Comparison of goods received notes with purchase orders
• Referencing of supplier invoices; numerical sequence and supplier
reference
• Verification of suppliers’ invoices
– Prices, quantities, accuracy of calculation
– Comparison with order and goods received note
• Recording return of goods (pre-numbered goods returned notes)
• Procedures for obtaining credit notes from suppliers
The following control activities should be in place over accounting procedures.
• Segregation of duties: accounting and verification functions
• Prompt recording of purchases and purchase returns in day books and
ledgers
• Regular maintenance of payables ledger
• Comparison of supplier statements with payables ledger balances on
a regular basis
• Authorisation of payments
– Authority limits
– Confirmation that goods have been received, accord with
purchase order, and are properly priced and invoiced
• Review of allocation of expenditure
• Reconciliation of payables ledger control account to total of payables
ledger balances on a regular basis
• Cut-off accrual of unmatched goods received notes at year end
11.2.3. Tests of controls
A most important test of controls is for auditors to confirm that all purchases have
been authorised. The officials who approve the invoices should be operating
within laid-down authority limits. The precise nature of the tests of controls
performed by the auditor would depend on the way in which the control is
being operated by the audit client. Procedures however would typically include
the following.
• Observe the processing of purchase orders throughout the purchasing
cycle and evaluate whether proper segregation of duties is operating.
• Examine application controls for re-order levels.
• Verify that authorised supplier lists exist and have been communicated.
• Obtain evidence of regular management reviews of supplier terms.
• Examine a sample of purchase orders for evidence that they have been
authorised.
• Observe procedures for receipt of goods to verify that the goods
actually received are matched to the purchase order.
• Review entity’s procedures for accounting for pre-numbered documents
and inspect a sample of goods received notes for evidence of sequential
numbering.
• Review a sample of goods received notes for evidence of matching to
purchase orders.
• Examine supporting documentation for evidence that purchase invoices
are matched to goods received notes and orders.
• Review a sample of purchase invoices for evidence that their accuracy
has been verified (e.g. signature or initials) and reperform the procedures.
• Review evidence of approval of invoice coding to relevant expenditure
account by responsible staff member.
• Test application controls relating to the input of purchase invoices
and credit notes. For example, perform a batch reconciliation to
determine whether purchase invoices have been entered accurately
and a sequence check to determine whether all credit notes have been
recorded.
• Review procedures for reconciling supplier statements to payables
ledger accounts and reperform a sample of reconciliations.
• Review reconciliations of the payables ledger accounts and payables
ledger control account.
• Reperform a sample of reconciliations of the payables ledger accounts
and the payables ledger to ensure that they have been performed
accurately.
Application activity 11.2
1. Which of the following controls undertaken when evaluating a
purchases system would provide positive assurance to the auditor
in respect of the key question ‘Are goods only bought for business
purposes?’
a) Orders should only be raised in response to an authorized
purchase requisition
b) Goods inwards are examined for quality
c) Goods inwards are verified to purchase orders
d) Review of allocation of expenditure
2. What are the important objectives of internal control relating to
suppliers and purchases
11.3. The payroll system
Learning activity 11.3

Analyse the image above and answer the following questions:
1. Explain the relationship between small circles and big circle.

Key controls over payroll cover:
• Documentation and authorisation of staff changes
• Calculation of wages and salaries
• Payment of wages and salaries
• Authorisation of deductions
11.3.1. Control objectives
The most important objectives of internal control relating to wages and salaries
are:
Setting of wages and salaries
To ensure that:
• Employees are only paid for work that they have done.
• Gross pay has been calculated correctly and authorised.
Recording of wages and salaries
To ensure that:
• Gross and net pay and deductions are accurately recorded on the
payroll.
• Wages and salaries paid are recorded correctly in the bank and cash
records.
• Wages and salaries are correctly recorded in the general ledger.
• Payment of wages and salaries
To ensure that:
• The correct employees are paid.
• Wages and salaries are only paid to valid employees.
Deductions
To ensure that:
• Statutory and non-statutory deductions have been calculated correctly
and are authorised.
• The correct amounts paid to the taxation authorities.
11.3.2. Control activities
While in practice separate arrangements are generally made for dealing with
wages and salaries, the considerations involved are broadly similar and for
convenience the two aspects are here treated together
General arrangements
Responsibility for the preparation of pay sheets should be delegated to a suitable
person, and adequate staff appointed to assist him/her. The extent to which the
staff responsible for preparing wages and salaries may perform other duties
should be clearly defined. In this connection full advantage should be taken
where possible of the division of duties, and controls available where automatic
wage-accounting systems are in use.
Setting of wages and salaries
• Staffing and segregation of duties
• Maintenance of personnel records and regular reconciliation of wages
and salaries to details in personnel records
• Authorisation
– Engagement and discharge of employees (new staff are added to
the payroll system correctly, and leavers are removed)
– Changes in pay rates
– Overtime
– Non-statutory deductions (for example pension contributions)
– Advances of pay
• Recording of changes in personnel and pay rates
• Recording of hours worked by timesheets, clocking in and out
arrangements
• Review of hours worked
• Recording of advances of pay
• Holiday pay arrangements
• Answering queries
• Review of wages against budget
Recording of wages and salaries
• Bases for compilation of payroll
• Preparation, review and approval of payroll
• Dealing with non-routine matters
Payment of cash wages
• Segregation of duties
– Cash sheet preparation
– Filling of pay packets
– Distribution of wages
• Authorisation of wage cheque
• Custody of cash
– Encashment of cheque
– Security of pay packets
– Security of transit arrangements
– Security and prompt banking of unclaimed wages
• Verification of identity
• Recording of distribution
Payment of salaries
• Preparation and signing of cheques and bank transfer lists
• Comparison of cheques and bank transfer list with payroll
• Maintenance and reconciliation of wages and salaries bank account
Deductions from pay
• Maintenance of separate employees’ records, with which pay lists may
be compared as necessary
• Reconciliation of total pay and deductions between one pay day and
the next
• Surprise cash counts
• Comparison of actual pay totals with budget estimates or standard
costs and the investigation of variances
• Agreement of gross earnings and total tax deducted with the returns
submitted to the taxation authorities
Appropriate arrangements should be made for dealing with statutory and
other authorised deductions from pay, such as social insurance, tax, pension
fund contributions, and savings held in trust. A primary consideration is the
establishment of adequate controls over the records and authorising deductions.
For the payroll system, as with other systems, it is important that you appreciate
how the control activities we have identified relate to the control objectives.
11.3.3. Tests of controls
Setting of wages and salaries
Auditors should confirm that the wages and salaries summary is approved for
payment. They should confirm that procedures are operating for authorising
changes in rates of pay, overtime, and holiday pay.
A particular concern will be joiners/new employees and leavers. Auditors will
need to obtain evidence that staff only start being paid when they join the
company, and are removed from the payroll when they leave the company. They
should test that the engagement of new employees and discharges have been
confirmed in writing.
Auditors will also wish to verify that the calculation of wages and salaries is
accurate. Tests of controls should be designed to obtain evidence that the
client is carrying out adequate checks on the calculations.
The precise nature of the tests of controls performed by the auditor would
depend on the specific control activities operated by the entity. However, they
would typically include the following:
• Review payroll and HR job descriptions and company policies on the
payroll process, to evaluate whether proper segregation of duties is in
place.
• Review a sample of starters/new employees and leavers in the year and
verify that the correct documentation is in place e.g. personnel files.
• Review the entity’s procedures for reporting changes (e.g. wage
increases) to the payroll department.
• Obtain evidence of authorisation of standing data in payroll system.
• Review and test authorisation procedures for hiring staff, wage rates,
overtime etc.
• Observe employees’ use of clocking-in and out procedures.
• Inspect a sample of clock-cards/timesheets for evidence of approval by
the appropriate level of management.
• Review documentary evidence that a sample of payroll calculations
have been independently reperformed by entity staff e.g. review of
spreadsheet printout.
• Test operation of computerised controls e.g. range checks.
• Inspect documentary evidence of management’s review of agreement
of gross earnings and total tax deducted to taxation returns.
• Examine paid cheques or a certified copy of the bank list for evidence
of proper authorisation.
• Where wages are paid in cash attend the pay-out and observe
procedures.
• Review payroll budgeting procedures adopted by the client.
• Review reconciliation of the payroll master file to the wages and salaries
account in the general ledger.
• Review procedures for classifying payroll costs to ensure that costs are
not incorrectly capitalised.
Application activity 11.3
1. Which of the following controls would not provide assurance that the
correct amounts are paid to employees, in a system where employees
are paid by the hour?
a) Recording of hours worked
b) Reperformance of payroll calculations
c) Comparing bank transfer list with payroll
d) Comparing payroll and income tax returns
2. How should auditors confirm that wages have been paid at the
correct rate to individual employees?
11.4. The inventory system
Learning activity 11.4

Analyse the picture above and answer the following questions:
1. Which activities are carried out there?
2. What elements do you see on the picture can be used in inventory
system?
Inventory controls are designed to ensure safe custody, and appropriate
valuation. These include:
• Restriction of access to inventory
• Documentation and authorisation of movements
• Regular inventory counting/checking and review of inventory condition
11.4.1. Control objectives
The most important objectives of internal control relating to inventory are:
Recording
To ensure that:
• All inventory movements are authorised and recorded.
• Inventory records only include items that belong to the client.
• Inventory records include inventory that exists and is held by the client.
• Inventory quantities have been recorded correctly.
• Cut-off procedures are properly applied to inventory.
Protection of inventory
To ensure that:
• Inventory is safeguarded against loss, pilferage/theft or damage.
Valuation of inventory
To ensure that:
• The costing system values inventory correctly.
• Allowance is made for slow-moving, obsolete or damaged inventory.
Inventory-holding
To ensure that:
• Levels of inventory held are reasonable.
11.4.2. Control activities
Key control activities are as follows.
Recording of inventory:
• Segregation of duties : custody and recording of inventories
• Receipt, review and recording of goods inwards
• Inventory issues supported by appropriate documentation
• Maintenance of inventory records:
– Inventory ledgers
– Bin cards
– Transfer records
Protection of inventory:
• Precautions against theft, misuse and deterioration by:
– Restriction of access to stores
– Controls on stores environment (right temperature, precautions
against damp etc.)
• Security over inventory held by third parties, and third party inventory
held by entity
• Inventory counting:
– Regular inventory counting/checking
– Fair coverage so that all inventory is counted at least once a
year
– Counts by independent persons
– Recording
– Cut-off for goods in transit and time differences
– Reconciliation of inventory counting to book records and
control accounts
Valuation of inventory:
• Computation of inventory valuation
– Accords with IAS 2 Inventories
– Review of calculations
• Review of condition of inventory
– Treatment of slow-moving, damaged and obsolete inventory
– Authorisation of write-offs
Inventory holding:
• Control of inventory levels by:
– Maximum inventory limits
– Minimum inventory limits
– Re-order quantities and levels
• Arrangements for dealing with returnable containers
11.4.3. Tests of controls
Most of the testing relating to inventory has been covered in the purchase and
sales testing outlined.
Auditors will primarily be concerned at this stage with ensuring that the business
keeps track of inventory. To confirm this, tests must be carried out on how
inventory movements are recorded and how inventory is secured.
• Select a sample of inventory movement’s records and reperform
matching to goods received and goods despatched notes.
• Confirm that movements have been authorised as appropriate.
• Select a sample of goods received and goods despatched notes and
agree to inventory movement records.
• Reperform a sample of reconciliations of inventory records with the
general ledger to confirm that they are performed and reviewed.
• Examine evidence of sequence of inventory records.
• If the company uses perpetual inventory counting (i.e. it counts inventory
on a regular basis throughout the year, rather than at the year-end
alone), reperform a sample of the inventory counts and review evidence
to confirm that:
– All discrepancies between book and actual figures have been
fully investigated All discrepancies have been signed off by a
senior manager
– Obsolete, damaged or slow-moving goods have been marked
accordingly and written down to net realisable value
• Observe security arrangements for inventories.
• Consider environment in which inventories are held.
• Review procedures for counting inventory and attend the count.
Application activity 11.4
1. What controls should businesses exercise over inventory levels?
2. Which of the following would be appropriate test of controls in the
audit of inventory :
a) Agree a sample of inventory items to purchase invoices
b) Obtain details of last goods out at the inventory count
c) Review the system for safeguarding inventory
d) Review the overhead allocation system
11.5. Non-current assets
Learning activity 11.5

Analyse the image above and answer the following questions:
1. Which kind of an assets observed on the picture?
Important controls over tangible non-current assets include physical custody
and authorisation of purchases and disposals.
These systems tend to be of lesser importance, although this depends on the
nature of the business.
11.5.1. Control objectives
The most important objectives of internal control relating to non-current assets
are to ensure that:
• Non-current assets are properly accounted for and recorded.
• Security arrangements over non-current assets are sufficient.
• Non-current assets are maintained properly.
• Non-current assets acquisitions are authorised.
• Non-current assets disposals are authorised and proceeds of disposals
are accounted for.
• Depreciation rates are reasonable.
• All income from income-yielding non-current assets is collected.
11.5.2 Control activities
Key control activities are as follows.
• Segregation of duties : authorisation, custody and recording
• Maintenance of appropriate accounting records (including distinction
between capital and revenue expenditure)
Security and maintenance:
• Maintenance of plant and property registers which are regularly
reviewed for:
– Agreement with general ledger
– Inspection of assets recorded
• Inspection of non-current assets to ensure properly maintaining and
using
Acquisition and disposal:
• Authorisation of capital expenditure
• Authorisation of sales, scrapping or transfer of non-current assets
Depreciation:
• Authorisation of depreciation rates:
– Calculation and confirmation of depreciation rates
– Arithmetical accuracy Assessment of asset lives
Income from non-current assets:
• Identification of income-producing assets
• Monitoring of income
• Receipt of cash
• Adequate insurance cover
Asset register
Maintenance of a non-current asset register is a key control activity. The register
should contain details of all the company’s tangible non-current assets. It is an
important control over the completeness of recording and safe custody of those
assets. To preserve segregation of duties, it should be maintained by someone
who does not use, and is not responsible for the custody of non-current assets.
The non-current asset register acts as a point of comparison against which the
non-current assets that physically exist can be compared, and also the non-
current asset accounts in the general ledger. It is of most use for assets that
can easily be stolen. Information that should be included within the register for
individual assets includes the following.
• Cost
• Additions or alterations to the assets
• Total depreciation charged over the asset’s life
• The serial number or other means of identification
• Description of the asset
• The location of the asset
• The manufacturer and supplier
• Insurance details
• Maintenance record
As well as knowing the control objectives and control activities that could be
used in relation to non-current assets, it is important that you appreciate how
the different control activities relate to the control objectives.
11.5.3. Tests of controls
The precise nature of the tests of controls performed by the auditor would
depend on the way in which the control is being operated by the audit client.
Procedures, however, would typically include those listed below.
A key concern of auditors will be proper controls over movements (acquisitions
and disposals) during the year.
• Confirm maintenance of a non-current asset register
• Review annual capital budgets produced by the board and confirm that
they are authorised
• For a sample of acquisitions and disposals recorded in the non-current
asset register confirm authorisation (and board approval if necessary).
• Inspect invoices to confirm that they have been appropriately approved.
• Review reconciliations of the non-current assets register to the general
ledger accounts and confirm that discrepancies are followed up.
• Reperform a sample of reconciliations.
• Verify that depreciation rates are authorised and are in line with company
policy.
• Review evidence of arithmetical accuracy of depreciation and reperform
a sample of calculations.
• Review evidence of calculations of profits or losses on disposal and
reperform a sample of calculations.
• Review adequacy of physical security measures.
Auditors should also carry out some testing on security and maintenance of
non-current assets.

For a sample of non-current assets from the non-current asset register:
• Review procedures used to ensure assets are in good condition eg
inspection procedures.
• Ascertain for a sample of assets when they were last reviewed for
maintenance and whether this is in line with company’s policy.
• Observe for a sample of newly acquired assets the procedures for
ensuring they are labelled and stored.
• Review procedures for insuring new assets and renewal of insurance
for existing assets.
Application activity 11.5
1. What tests would auditors normally carry out on controls over noncurrent asset purchases?
2. Which of the following is not a test of controls over non-current
assets?
a) Review the system of authorizing capital expenditure
b) Review whether a non-current asset register exists
c) Review the system of authorizing non-current asset disposal
d) Review the condition of non-current assets in use.
11.6. Non-current liabilities
Learning activity 11.6

Analyse the picture above and answer the following question:
1. Among the elements above, which ones are non- current liabilities?
2. Why for the auditor, is auditing the liabilities of the client very
important?
Non-current liabilities may comprise payables due more than one year after the
year end, as well as capital lease obligations, mortgages, debentures, and other
loans repayable at a date more than one year after the year end.
The most important objectives of internal control relating to non-current liabilities
are to ensure:
• Authorisation: that loans and any other long-term borrowings are
properly authorised
• Completeness: that all non-current liabilities have been recognised
and disclosed
• Accuracy: that the value of the liability has been correctly recorded,
and that interest payable has been calculated correctly and included in
the correct accounting period
• Classification and understandability: that long-term loans and interest
on loans have been correctly disclosed in the financial statements.
A major complication for the auditors is that debenture and loan agreements
frequently contain conditions with which the company must comply. These may
include restrictions on the company’s total borrowings, and requirements to
adhere to specific borrowing ratios.
In this respect, it is important that internal controls ensure that borrowing limits
imposed by agreements are not exceeded.
New loans should be approved by the Board, and documented in signed Board
minutes.
In the financial statements themselves, it will also be important to ensure
non-current liabilities are correctly disclosed, in accordance with accounting
standards. In particular, the capital element of any loans repayable within one
year should be classified under current liabilities, rather than under non-current
liabilities.
Application activity 11.6
What will be the control activities if non-current liabilities have been properly
recorded?
11.7. Management information
Learning activity 11.7
Analyse the image above and answer the following questions:
1. Explain the relationship between small circles and big circle
The management information system is an important aspect of the control
environment, since timely and accurate information helps management supervise
operations. There should be controls in place to ensure budgets are regularly
set, and reports and information are provided on time to the specified degree of
accuracy and detail.
As well as the control aspects, auditors will be concerned with the management
information system’s ability to provide useful data for analytical procedures.
Auditors will also be particularly concerned of course with the accounting records,
with the procedures that ensure transactions are completely posted, and journal
adjustments are authorised and backed up by appropriate documentation.
11.7.1. Management information procedures
Auditors will review the contents of internal management accounting reports,
and confirm in particular that budgets are being set and that actual results are
being compared with budgeted figures.
As well as testing based on individual components of the accounting system,
the auditor will also perform some general tests, including the following.
• Test postings from books of prime entry to the general ledger.
• Confirm that the general ledger is regularly balanced.
• Test vouch a sample of journal entries to original documentation.
Application activity 11.7
What test of control of management information helps the management
operations?
Skills lab activity 11
Under guidance of the teacher, students in their learning teams act as
auditor of school and test how purchase system, payroll system, inventory
system are recorded, maintained and reported in accounting systems.
End unit 11assessment
1. How can a company ensure that quantities of goods ordered do not
exceed those that are required?
2. What are the important verification procedures that should be made
on invoices received from suppliers?
3. Which of the following controls helps to ensure that non-current
assets are depreciated in line with company policy?
a) Limiting access to non-current assets
b) Periodically verifying that assets listed in the non-current asset
register exist
c) Review of records that show significant profits on disposal
d) Obtaining authorization for capital purchases
4. Mpundu Ltd, a limited liability company, manufactures high fashion
jeans for distribution to wholesalers and retailers.
You have been assigned to the audit of inventory in the company’s
financial statements for the year ended 31 July 2019.
The following points are relevant to the audit.
i. The company has raw materials, consumables and work in
progress inventory at its factory base. Finished goods are
stored in a separate warehouse located five miles away. The
company does not hold inventory owned by third parties.
ii. On 31 July 2019 employees of the company will physically count
the inventory at both of the company’s sites and members of
your audit team will attend.
iii. The company has significant quantities of finished goods
inventory held by independent retail stores under its sale
or return system. Under this system, inventory is displayed
for sale at retail shop premises but remains the property of
Mpundu until it is sold by retailers. Any garments not sold
within three months are returned to Mpundu for bulk sale at
heavily discounted prices.
iv. Some quantities of finished goods inventory were stated at net
realisable value in the financial statements of the company for
the previous year.
Required
a) With explanations, discuss why the inherent risk associated with
inventory in the financial statements of Mpundu would be assessed
as ‘high’.
b) Identify five tasks that members of your audit team should carry out
when attending the company’s physical inventory count on 31 July
2019.
UNIT 12: PROCEDURES IN AUDIT OF FINANCIAL STATEMENTS
Key unit competence: To be able to demonstrate working knowledge in
respect of performance of audit procedures
Introductory activity
UMURAVA Ltd Company is a textile industry with the purpose of selling
its products in Rwanda and outside. As part of corporate governance,
shareholders are supposed to make follow up of the performance of their
company. They often appoint the management and auditor. The auditor is
appointed by the shareholders during the annual meeting.

The main responsibility of the auditor is to audit the financial statements of
the company and ascertain whether the financial statements are prepared
in all material respects and free from material misstatement due to errors
and fraud. The auditor should also review/ carry out an assessment on the
internal control. Thereafter, the auditor should issue the audit report on
financial statements and on internal controls (Management letter).

1. What do you think could be the purpose of the audit?
2. What are the auditable elements of the financial statements?
12.1. Substantive procedures
Learning activity 12.1

1. What do you think the person in picture above could be doing?
2. What do you think would be roles/tasks of the auditor during the
audit of a financial statement?
12.1.1 The nature of substantive procedures
Substantive procedures are audit procedures designed to detect material
misstatements at the assertion level. They consist of tests of details (i.e.
testing classes of transactions, accounts balances and disclosures) and as
well substantive analytical procedures (i.e. where the auditor develops his/her
expectations and reconcile it with balances shown in the financial statements.
a) Substantive procedures
Substantive audit procedures (tests of details), the auditor inspects transactions
and balances taken on sample basis. The auditor is required to establish the
audit procedures and carryout audit. Detailed audit tests are performed to
detect any material misstatement due to errors or fraud.
b) Analytical procedures
Analytical procedures are also another form of substantive procedures.
• The analytical procedures involve comparison with:
– Similar information for prior periods;
– Anticipated results of the entity, from budgets or forecasts;
– Predictions prepared by the auditor’s Industry information.
• The consideration of the relationship between financial information and
relevant non-financial information.
• The consideration also of the relationship between elements of financial
information that are expected to conform to a predicted pattern based
on the entity’s experience, such as the relationship of gross profit to
sales.
• Ratio analysis can be a useful technique when carrying out analytical
procedures.
12.1.2. Financial statement assertions

Financial statement assertions are the representations by management, explicit
or otherwise, that are embodied in the financial statements, as used by the
auditor to consider the different types of potential misstatements that may occur.
Audit tests are therefore designed and performed to obtain the appropriate and
sufficient audit evidences about the financial statements assertions. Assertions
relate to:

• Classes of transactions,
• Accounts balances
• Disclosures
a) Assertions about classes of transactions and events and disclosures
(related to Income statement)
• Occurrence: transactions and events that have been recorded or
disclosed have occurred, and such transactions and events pertain to
the entity.
• Completeness: all transactions and events that should have been
recorded have been recorded, and all related disclosures that should
have been included in the financial statements have been included.
• Accuracy: amounts and other data relating to recorded transactions
and events have been recorded appropriately, and related disclosures
have been appropriately measured and described.
• Cut-off: transactions and events have been recorded in the correct
reporting period.
• Classification: transactions and events have been recorded in the
proper accounts.
• Presentation: transactions and events are appropriately aggregated or
disaggregated and are clearly described, and related disclosures are
relevant and understandable in the context of the requirements of the
applicable financial reporting framework.
b) Assertions about account balances and related disclosures (related
financial position)
• Existence: assets, liabilities and equity interests exist.
• Rights and obligations: the entity holds or controls the rights to assets,
and liabilities are the obligations of the entity.
• Completeness: all assets,aliabilities and equity interests that should
have been recorded have been recorded, and all related disclosures
that should have been included in the financial statements have been
included.
• Accuracy, valuation and allocation: assets, liabilities and equity
interests have been included in the financial statements at appropriate
amounts and any resulting valuation or allocation adjustments have
been appropriately recorded, and related disclosures have been
appropriately measured and described.
• Classification: assets, liabilities and equity interests have been
recorded in the proper accounts.
• Presentation: assets, liabilities and equity interests are appropriately
aggregated or disaggregated and clearly described, and related
disclosures are relevant and understandable in the context of the
requirements of the applicable financial reporting framework.
12.1. Methods of obtaining audit evidences
During the audit, the auditor has to collect sufficient and appropriate evidences
to support his or her conclusion. The audit evidences are collected in the
following ways;
• Inspection: inspection involves examining records or documents,
whether internal or external, in paper form, electronic form, or other
media, or a physical examination of an asset.
• Observation: observation consists of looking at a process or procedure
being performed by others. For example: is where an auditor can attend
inventory counts.
• External confirmation: an external confirmation represents audit
evidence obtained by the auditor as a direct written response to the
auditor from a third party.
• Recalculation: recalculation consists of checking the mathematical
accuracy of documents or records. Recalculation may be performed
manually or electronically.
• Reperformance: reperformance involves the auditor’s independent
execution of procedures or controls that were originally performed as
part of the entity’s internal control.
• Analytical procedures: analytical procedures consist of evaluations of
financial information through analysis of plausible relationships among
both financial and non-financial data. Analytical procedures also look
at identified fluctuations or relationships that are inconsistent with from
the expected values.
• Inquiry: inquiry consists of seeking information of knowledgeable
persons, both financial and non-financial, within the entity or outside
the entity. Inquiry is used extensively throughout the audit in addition to
other audit procedures. Inquiries may range from formal written inquiries
to informal oral inquiries.
Exercise on analytical procedures
The audit XY Company is a company that is involved in sale of its agricultural
produces. The company planned to obtain sales revenue amounting to FRW
300,000,000 for sales during the year. The table below indicates different
agricultural produces, quantities produced and their respective prices. You
are required to audit the above revenue amount disclosed in XY Company’s
financial statements for the period ended 31 Dec 2021.
As an auditor of XY Company, establish how can carry out your substantive
audit procedures and conclude on the revenue amount indicated above.
Following the considering the information shared to the auditor, it easy for the
audit to conclude on revenue amount by conducting substantive analytical
procedures. The auditor can perform the following:
Step 1
Identify the quantities sold and their approved/ market prices
Step 2
Develop the expectation(s)
Step 3
Asses the relationship between computed amount and the amount reported in
the financial statements.
Step 4 seek explanations from the management for the above difference of
185,000,000FRW obtained.
Note
In case it is justified/supported, conclude it by ignoring the difference
If not justified, consider it as a reportable issue and include in the audit report.
Application activity 12.1
1. You have been tasked by your Auditor Manager to carry out the audit
of expense amounting FRW 100,000,000 included in the financial
statements of AB Ltd for the period ended 31 December 2020.
Demonstrate how you will collect the audit evidences during the audit
of this expenditure of AB Ltd.
2. MK Ltd is a company that buys milk from the Milk collectors for the
consumption of its staff. Every month, the company collects 50,000
litres at a price of FRW 500 per Littre. MK reported the expense of FRW
45,000,000. You are assigned by your audit partners to quickly audit
the expense related to milk consumed during the year. Establish the
three audit procedures you will perform to conclude on milk expense
included in MK Ltd for the period ended 31 December 2020.
12.2. Analytical procedures
Learning activity 12.2
1. What are the materials/ items shown in the above picture?
2. What do you think could be their purposes?
3. What are the activities being done by the people shown in the above
picture?
12.2.1. Using analytical procedures
One of the objectives of ISA 520 is that relevant and reliable audit evidence are
obtained when using substantive analytical procedures. The primary purpose of
substantive analytical procedures is to obtain assurance, in combination with
other audit testing (such as tests of controls and substantive tests of details),
with respect to financial statements assertions for one or more auditable areas.
Substantive analytical procedures are generally more applicable to large volumes
of transactions that tend to be more predictable over time.
The application of substantive analytical procedures is based on the expectation
that relationships among data exist and continue in the absence of known
conditions to the contrary.
To derive the most benefit from substantive analytical procedures, the auditor
should perform substantive analytical procedures before other substantive tests
because results of substantive analytical procedures often impact the nature
and extent of detailed testing. Substantive analytical procedures might direct
attention to areas of increased risk, and the assurance obtained from effective
substantive analytical procedures will reduce the amount of assurance needed
from other tests.
12.2.2.The nature of analytical procedures
Analytical procedures involve the analysis of the relationships such as between
items of financial data to identify consistency and predicted patterns or
significant fluctuations, unexpected relationships and results of investigations
thereof. Analytical procedures are used throughout the audit process as follows:
a) Preliminary analytical review-risk assessment (Compliance with
ISA 315)
Preliminary analytical reviews are performed to obtain an understanding of
the business and its environment (e.g. financial performance relative to prior
years and relevant industry and comparison groups), to help assess the risk of
material misstatement in order to determine the nature, timing and extent of audit
procedures, i.e to help the auditor develop the audit strategy and programme.
b) Substantive analytical procedures
Analytical procedures are used as substantive procedures when the auditor
considers that the use of analytical procedures can be more effective or efficient
than tests of details in reducing the risk of material misstatements at the assertion
level to an acceptably low level.
c) Final analytical review (Compliance with ISA 520)
Analytical procedures are performed as an overall review of the financial
statements at the end of the audit to assess whether they are consistent with
the auditor’s understanding of the entity. Final analytical procedures are not
conducted to obtain additional substantive assurance. If irregularities are found,
risk assessment should be performed again to consider any additional audit
procedures deemed necessary.
12.2.3. Analytical procedures in substantive testing
Performing analytical procedures involve the following four steps:
• Develop an expectation of account balance or ratio
• To determine the amount of difference from expectation that can be
accepted without investigation.
• Comparison of company’s account balance or ratio with the expected.
• Investigate and evaluate significant ratio or difference from the
expectation
Substantive analytical procedures are used for accounts balances or classes of
transactions where it is possible to develop an expected value for the recorded
amount or ratio. It should be however, noted that analytical procedures tend
to be appropriate for large volumes of predictable transactions (for example,
wages and salaries).
Analytical procedures can be designed to test several assertions at the same
time. Some examples are shown in the table below:
Gasaka secondary school has 331 students. As per the schools’ standards
procedures, each student is required to consume FRW 4750. The school
calendar of 2022 had 37 weeks/the year. The financial statement for the year
ended 31 December indicated expenditure of FRW 325,000,000 on students’
consumptions. Use analytical procedures to audit the above expenditure
reported in Gasaka secondary school for the period ended 30 June 2022.
Answer:
Step 1
• Obtain the school register and confirm whether the number of students
existed throughout the academic year
• Obtain the approved school standards operating procedures/ guidelines
determining amount to be consumed by each student on daily basis.
Step 2
• Develop the expectations
Step 3
• Obtain explanation(s) on the difference of FRW 82,212,750
• Asses/analyze the reasons or justifications provided
In response to the difference, the management reviewed their records and
noted that 67 were not available at some of days, hence form the basis for the
difference above (67*4750* 259).
Step 4
Conclusion, the auditor concludes that the amount repported is appropriate
(completeness and accurate and cut off)
1. Investigation of fluctuations and relationships
In planning the analytical procedures as a substantive test, the auditor should
consider the amount of difference from the expectation that can be accepted
without further investigation. This consideration is influenced primarily by
materiality and should be consistent with the level of assurance desired from the
procedures. Determination of this amount involves considering the possibility
that a combination of misstatements in the specific accounts balances, or class
of transactions, or other balances or classes could aggregate to an unacceptable
amount.
The auditor should evaluate significant unexpected differences. Reconsidering
the methods and factors used in developing the expectation, the inquiry of
management may assist the auditor in this regard.
Management responses should ordinarily be agreed with other evidential matter.
In those cases, when an explanation for the difference cannot be obtained, the
auditor should obtain sufficient evidence about the assertion by performing
other audit procedures to satisfy himself/herself as to whether the difference is
a likely misstatement. In designing such other procedures, the auditor should
consider that unexplained differences may indicate an increased risk of material
misstatement.
Application activity 12.2
BC ltd company employs staff of different levels. The table below shows
their levels and salaries per month. You have been appointed by audit
supervisor to audit the expense related to salary disclosed in the financial
statements for BC Ltd company. Note that the financial statements for BC
Ltd company for the year ended 31 Dec 2019 under audit show the expense
of FRW 115,000,000.
Demonstrate the audit procedure you should perform during the audit of
the salary expense included in BC Ltd company financial statements for the
period ended 30 December 2019.
12.3. Audit procedures for some elements of financial
statements
Learning activity 12.3

1. What do you think the person in the picture doing?
2. What is the purpose of the tool he has?
12.3.1. Inventory
The valuation and disclosure rules for inventory are laid down in IAS 2. Inventory
should be valued at the lower of cost and net realisable value.
Cost is defined by IAS 2 as comprising all costs of purchase and other costs
incurred in bringing inventory to its present location and condition. Net realisable
value is the estimated selling price in the ordinary course of business, less the
estimated cost of completion and the estimated costs necessary to make the
sale.
a) Audit procedures of inventory
The following procedures should be performed during the audit of inventory
balance disclosed in the financial statements.
• The physical inventory count
Physical inventory count procedures are vital, as they provide evidence which
cannot be obtained elsewhere or at any other time about the quantities and
conditions of inventories and work-in-progress.
ISA 501 Audit evidence – specific considerations for selected items provides
guidance for auditors on attending the physical inventory count to obtain
evidence regarding the existence and condition of inventory. It states that where
inventory is material, auditors shall obtain sufficient appropriate audit evidence
regarding its existence and condition by attending the physical inventory count
(unless this is impracticable) to do the following:
• Evaluate management’s instructions and procedures for recording and
controlling the result of the physical inventory count
• Observe the performance of the count procedures
• Inspect the inventory
• Perform test counts
When observing inventory count, the auditor should also consider the following:
• Observe whether the client’s staff are following instructions, as this will
help to ensure the count is complete and accurate.
• Perform test counts to ensure procedures and internal controls are
working properly, and to gain evidence over existence and completeness
of inventory.
• Ensure that the procedures for identifying damaged, obsolete and
slow-moving inventory operate properly; the auditors should obtain
information about the inventory’s condition, age, and usage and, in the
case of work-in-progress, its stage of completion to ensure that it is
later valued appropriately.
• Confirm that inventory held on behalf of third parties is separately
identified and accounted for so that inventory is not overstated.
• Conclude whether the count has been properly carried out and is
sufficiently reliable as a basis for determining the existence of inventories.
• Consider whether any amendment is necessary to subsequent audit
procedures.
• Gain an overall impression of the levels and values of inventories held
so that the auditors may, in due course, judge whether the figure for
inventory appearing in the financial statements is reasonable.
12.3.2.Non- current assets
a) The audit procedures of Property Plant and Equipment (PPE)
The following are some of the substantive audit procedures for non-current
assets.
Substantive audit procedures for Intangible non-current assets
Key assertions for intangible non-current assets are existence and valuation.
Auditor has to apply different audit procedures during the audit of Intangible
non-current assets. The following are the substantive procedures that should
be performed by the auditors.
1. Audit procedures for good will
• Agree the consideration to sales agreement by inspection.
• Consider whether asset valuation is reasonable.
• Agree that the calculation is correct by recalculation.
• Review the impairment review and discuss with management.
• Ensure valuation of goodwill is reasonable / there has been no
impairment not adjusted through discussion with management.
2. Research and development (R&D) costs
• Confirm that capitalized development costs conform to IAS 38 criteria
by inspecting details of projects and discussions with technical
managers.
• Confirm feasibility and viability by inspection of budgets.
• Recalculate amortization’s calculation to ensure it commences with
production / is reasonable.
• Inspect invoices to verify expenditure incurred on R&D projects.
3. Other intangible assets
• Agree purchased intangibles to purchase documentation agreement
by inspection.
• Inspect specialist valuation of intangibles and ensure it is reasonable.
• Review amortization calculations and ensure they are correct by
recalculation.
12.3.3. Substantive audit procedures for Account Receivables
Receivables are usually audited using a combination of test of details and
analytical procedures. The audit of receivable is important as this is likely to be
a material area. A combination of analytical procedures and tests of details are
used, with sales also being tested in conjunction with trade receivables.
Existence, completeness and valuation are the key assertions relating to the
audit of receivables. Receivables are often tested in conjunction with sales. The
key assertions for sales are occurrence, completeness and accuracy.
The following are the audit procedures that can be performed during the audit
of receivables:
Note that part of the substantive audit procedures, the auditor should always
endeavour to request for confirmation for all financial position balances (those
included in the sample) from third parties ie debtors, creditors and banks.
Part of the audit procedures, the auditor need to request confirmation from the
concerned debtors.
a) Receivables confirmation
ISA 505 states that when it is reasonable to expect customers to respond,
the auditor should ordinarily plan to obtain direct confirmation of receivables
to individual entries in an account balance. Verification of trade receivables by
direct confirmation the normal means of providing audit evidence to satisfy the
objective of checking whether customers exist and owe bonafide amounts to
the company (existence and rights and obligation).
b) Two methods of confirmation
• Positive
A positive external confirmation requests the confirming party to reply to the
auditor in all cases, either by indicating the confirming party’s agreement with
the given information, or by asking the confirming party to provide information.
• Negative
Negative confirmation provides less persuasive audit evidence than positive
confirmation. Accordingly, the auditor shall not use negative confirmation
requests as the sole substantive audit procedure to address an assessed risk
of material misstatement at the assertion level unless all of the following are
present:
• The auditor has assessed the risk of material misstatement as low
and has obtained sufficient appropriate audit evidence regarding the
operating effectiveness of controls relevant to the assertion;
• The population of items subject to negative confirmation procedures
comprises a large number of small, homogeneous account balances,
transactions or conditions;
• A very low exception rate is expected; and
• The auditor is not aware of circumstances or conditions that would
cause recipients of negative confirmation requests to disregard such
requests.
12.3.4. Cash and bank Balances
a) Bank balances
The following are key procedures the auditor should consider during the audit
of bank balances. During the audit of bank balances, the auditor has to test the
assertions of completeness, valuation, existence, cut-off and presentation.
The auditor shall perform the following audit procedures:
• Obtain standard bank confirmations from each bank with which the
client conducted business during the audit period.
• Reperform arithmetic of bank reconciliation.
• Trace cheques shown as outstanding from the bank reconciliation
to the cash book prior to the year end and to the after-date bank
statements and obtain explanations for any large or unusual items
not cleared at the time of the audit.
• Compare cash book(s) and bank statements in detail for the last
month of the year, and match items outstanding at the reconciliation
date to bank statements.
• Review bank reconciliation previous to the year-end bank reconciliation
and test whether all items are cleared in the last period or taken
forward to the year-end bank reconciliation.
• Obtain satisfactory explanations for all items in the cash book for
which there are no corresponding entries in the bank statement and
vice versa by discussion with finance staff.
• Verify contra items appearing in the cash books or bank statements
with original entry.
• Verify by inspecting paying-in slips that unclear banking is paid in
prior to the year end.
• Examine all lodgments in respect of which payment has been refused
by the bank; ensure that they are cleared on representation or that other
appropriate steps have been taken to effect recovery of the amount
due.
• Verify balances per the cash book according to the bank reconciliation
by inspecting cash book, bank statements and general ledger.
• Verify the bank balances with reply to standard bank letter and with
the bank statements.
• Inspect the cash book and bank statements before and after the year
end for exceptional entries or transfers which have a material effect
on the balance shown to be in-hand.
• Identify whether any accounts are secured on the assets of the
company by discussion with management.
Consider whether there is a legal right of set-off of overdrafts against
positive bank balances.
• Determine whether the bank accounts are subject to any restrictions
by enquiries with management.
• Review draft accounts to ensure that disclosures for bank are complete
and accurate and in accordance with accounting standards.
b) Cash balances
Cash balances/floats are often individually immaterial but they may require some
audit emphasis because of the opportunities for fraud that could exist where
internal control is weak.
The auditor will be very much concerned whether the cash exists, is complete,
and belongs to the company (rights and obligations) and is also stated at the
correct value.
The following are some of the substantive audit procedures the auditor has to
perform:
• Count all cash balances and agree to petty cash book or other record
kept.
• Count all cash at same time and ensure all work is done in presence
of staff.
• Obtain a certificate of cash in hand from staff member.
• Enquire about IOUs or cheques cashed.
• Confirm balances are in agreement with the accounts.
• In addition, check whether the IOUs and un-cashed cheques have
subsequently been cleared timely.
12.3.5. Liabilities
Liabilities are classified into:
• Accounts payables and accruals
• Non-current Liabilities
• Capital and
• Reserve
During the audit of these balances, the auditor should consider the nature and
transactions that effect each balance. Below are audit procedures for each of
the balances of the above highlighted balances:
a) Audit procedure for accounts payables and accruals
Note that payables are audited with purchases/expenses. This therefore
requires the auditor to adopt some audit procedures for income statements
items (classes of transactions and events). In this regard, some of assertions
like cut off and occurrence are tested.
• Substantive audit procedures for provisions
The auditor should observe the requirements of IAS 37 during the audit of
provisions. As per IAS 37 provision, a provision is a liability of uncertain timing
and amount. It is therefore of paramount importance for audit to apply appropriate
audit procedures while carrying the audit of the provisions. The auditor should
endeavour to apply these audit procedures.
– Obtain details of all provisions which have been included in the
accounts and all contingencies that have been disclosed

– Obtain a detailed analysis of all provisions showing opening
balances, movements and closing balances.

– Determine for each material provision whether the company has a
present obligation as a result of past events

– Review of correspondence relating to the item

– Discussion with the directors. Have they created a valid
expectation in other parties that they will discharge the obligation?
– Determine for each material provision whether it is probable that
a transfer of economic benefits will be required to settle the
obligation by:
– Checking whether any payments have been made in the post year
end period in respect of the item by reviewing after-date cash
– Review of correspondence with solicitors, banks, customers,
insurance company and suppliers both pre and post year end
– Sending a letter to the solicitor to obtain their views (where
relevant)
– Discussing the position of similar past provisions with the
directors. Were these provisions eventually settled?
– Considering the likelihood of reimbursement.
– Recalculate all provisions made.
– Compare the amount provided with any post year end payments
and with any amount paid in the past for similar items.
– In the event that it is not possible to estimate the amount of the
provision, check that a contingent liability is disclosed in the
accounts.
– Consider the nature of the client’s business. Consider likely
provisions not disclosed by the management of a company under
audit.
– Consider the adequacy of disclosure of provisions, contingent
assets and contingent liabilities in accordance with IAS 37.
b) Audit procedures for Non-Current Liabilities
c) Substantive audit procedures for capital and related issues
The auditor should review transactions and events could have affected the
equity. This helps the auditor in collecting sufficient and appropriate audit
evidences. Thus, come up with the appropriate audit conclusion. The following
are some of audit procedures auditors perform during the review of capital
balance disclosed in the financial statements of a company.
• Share capital
– Agree the authorised share capital with the statutory documents
governing the company’s constitution.
– Agree changes to authorised share capital with properly
authorised resolutions.
• Issue of shares
– Verify any issue of share capital or other changes during the year
with general and board minutes.
– Ensure issue or change is within the terms of the constitution, and
directors possess appropriate authority to issue shares.
– Confirm that cash or other consideration has been received or
receivable(s) is included as called-up share capital not paid.
• Transfer of shares
– Verify transfers of shares by reference to:
• Correspondence
• Completed and stamped transfer forms
• Cancelled share certificates
• Minutes of directors’ meeting
– Review the balances on shareholders’ accounts in the register of
members and the total list with the amount of issued share capital in
the general ledger.
– Agree dividends paid and declared pre year end to authority in
minute books and reperform calculation with total share capital
issued to ascertain whether there are any outstanding or unclaimed
dividends.
– Agree dividends payment to documentary evidence (say, the
returned dividends warrants).
– Test that dividends do not contravene distribution of provisions by
reviewing the legislation.
• Reserves
– Agree movements on reserves to supporting authority.
– Ensure that movements on reserves do not contravene the
legislation and the company’s constitution by reviewing the
legislation.
– Confirm that the company can distinguish distributable reserves
from those that are non-distributable.
– Ensure that appropriate disclosures of movements on reserves
are made in the company’s accounts by inspection of the financial
statements.
12.3.6. Substantive audit procedures for expenses
During the audit of expenses, the auditor should focus on potential risks. The
following are key potential risks:
• Occurrence- recorded transactions may have not occurred /not valid
• Completeness- not all transactions are recorded
• Accuracy- some transactions are inaccurate
• Cut- off- some transactions are recorded in wrong accounting period
The following are some of audit procedures for expenses;
• For transactions sample, obtain their relevant supporting documents
such as invoice, goods received note and payment advice note
• Review the supporting documents and check whether the transactions
occurred and relate to the entity
• Check whether all expenses were recorded in the books of accounts
at the correct amounts by agreeing the recorded amounts with their
relevant supporting documents such as invoices, good delivered note
and good received note and invoice register, verify the accuracy of the
amounts shown on the invoices by reconciling the invoices with good
received note and payment advice.
• Ensure that the transactions were recorded in the correct accounts
following the entity’s chart of accounts by agreeing the entries passed
with the entity’s chart of accounts
• Confirm whether the expenses relate to the correct period( accounting
period) by comparing when services have been consumed/benefited(
in accrual basis of accounting) and the period of accounting for the
expenses.
12.3.7. Substantive procedures for revenue
During the audit of revenue both test of controls and substantive audit procedures
are applied. The following are some of substantive audit procedures that should
be executed by the auditor during the audit of revenue:
• Compare the total revenue with that reported in previous years and the
revenue budgeted, and investigate any significant fluctuations.
• For a sample of customer orders, trace the details to the related
despatch notes and sales invoices and ensure there is a sale recorded
in respect of each (to test the completeness of revenue).
For a sample of sales invoices for larger customers, recalculate the discounts
allowed to ensure that these are accurate.
Select a sample of despatch notes in the month immediately before and
month immediately after the year end. Trace these through the related
sales invoices and resultant accounting entries to ensure each sale
was recorded in the appropriate period.
• Obtain an analysis of sales by major categories of toys manufactured
and compare this to the prior year breakdown and discuss any unusual
movements with management.
• Calculate the gross profit margin for the year and compare this to the
previous year and expectations. Investigate any significant fluctuations.
• Recalculate the sales tax for a sample of invoices and ensure that the
sales tax has been correctly applied to the sales invoice.
• Select a sample of credit notes issued after the year end and trace
these through to the related sales invoices to ensure sales returns were
recorded in the proper period.
Note that the audit of revenue should always linked with audit of
receivables.
Application activity 12.3
You are the Senior auditor at MK CPA Ltd and you are requested to perform
the audit of the following balances disclosed in the financial statements of
MT Ltd for year ended 30 October 2022.
a) Stock of FRW 10,000,000
b) PPE of FRW 50,000,000
c) Receivables FRW 50,000,000
d) Revenue FRW 100,000,000
Identify four substantive audit procedures you would perform during the audit
of the above balances.
Skills lab activity 12
With the guidance of the teacher, the learners should be shared the school
financial statements and underlying records (accounting information).

• Students will use financial information and carry out analytical
review of different informations presented in financial statement
where deemed necessary. They will be asked to carry out the
comparison of the current financial information with the previous
year and asses the relationships of the identified differences , and
be helped to assess the explanations

• Students will use financial information and evaluate the reliability
of the data from which the expectation has been developed

• Students will be helped on how to establish substantive audit tests
on each balance, class of transactions and disclosure included in
the financial statement

• Students will be helped on how to obtain audit evidences
during performance of the substantive audit tests on individual
transactions, balances and disclosures
End unit 12 assessment
1. What is the purpose of substantive audit procedures?
2. Differentiate substantive audit procedures from analytical procedures
3. What are the different methods of collecting audit evidences?
4. What is the main purpose of audit evidences?
5. What are the key audit procedures you would perform on the
following financial statements balances
a) Cash and bank balances
b) Liabilities
c) Property plant and equipment
d) Revenue
e) Expenses
UNIT 13: AUDIT JUDGEMENT
Key unit competence: To be able to form an audit judgement
Introductory activity
Auditors are required to plan and conduct the audit in conformity
withIinternational Standards on Auditing. The standards require an auditor
to plan and conduct the audit accordingly and provide the appropriate audit
opinion on the audited financial statements.
The auditors may issue unqualified or qualified opinion. In the process of
deciding on the appropriate audit opinion, there are cases where an auditor
is obliged to make judgements. Making the appropriate judgements depends
on the auditor’s experience and skills. This calls for an auditor to perform
the audit of financial statements and make proper judgments with view of
forming an audit opinion.
1. In what circumstances do you think the auditor can make judgements?
13.1. Form of audit judgement
Learning activity 13.1

Look at the image above and answer the following questions:
1. What do you see on the above image?
2. When and why an auditor needs to make judgement.
13.1.1. Overall review of financial statement
a. The meaning of audit judgement
Audit judgement can be defined as any decision or evaluation made by an
auditor, which influences or governs the process and outcome of an audit of
financial statements.
b. Financial statements and related disclosures refer to a company’s
financial statements and notes to the financial statements as presented in
accordance with Generally Accepted Accounting Principles (GAAP)
c. Review of financial statements
Auditors must perform and document an overall review of the financial statements
before reaching an opinion. This review should include a review of accounting
policies and a review for consistency and reasonableness.
The auditors will have a draft set of financial statements which should be
supported by appropriate and sufficient audit evidence when the bulk of the
substantive procedures have been carried out. At the beginning of the end of
the audit process, it is usual for the auditors to undertake an overall review of
the financial statement.
Compliance with accounting regulations/policies
The auditors should consider whether:
• The information presented in the financial statements is in accordance
with local/national statutory requirements
• The accounting policies employed are in accordance with accounting
standards, properly disclosed, consistently applied and appropriate to
the entity.
When examining the accounting policies, auditors should consider:
• Policies commonly adopted in particular industries
• Policies for which there is substantial authoritative support
• Whether any departures from applicable accounting standards are
necessary for the financial statements to give a true and faire view
• Whether the financial statements reflect the substance of the underlying
transactions and not merely their form.
Review for consistency and reasonableness
• The auditors should consider whether the financial statements are
consistent with their knowledge of the entity’s business and with the
results of other audit procedures, and the manner of disclosure is fair. The
principal considerations are as follows: whether the financial statements
adequately reflect the information and explanations previously obtained
and conclusions previously reached during the course of the audit.
• Whether it reveals any new factors which may affect the presentation
of, or disclosure in, the financial statements.
• Whether analytical procedures applied when completing the audit,
such as comparing the information in the financial statements with
other pertinent data, produce results which assist in arriving at the
overall conclusion as to whether the financial statements as a whole
are consistent with the knowledge of the entity’s business.
• Whether the presentation adopted in the financial statements may have
been unduly influenced by the director’s desire to present matters in a
favourable or unfavourable light.
• The potential impact on the financial statements of the aggregate of
uncorrected misstatements (including those arising from bias in making
accounting estimates) identified during the course of the audit and the
preceding period’s audit, if any.
Analytical procedures
Analytical review procedures are used as part of the overall review procedures at
the end of an audit, but key factors which should be reviewed include: important
accounting ratios, variances and variations caused by industry or economic
factors.
The auditors would also discuss business matters with the directors, such
as changes in the sales mix, price rises, wages increases, and see if the
directors’ comments about such matters made sense of the figures in the
financial statements.
For example: if a director said that everyone had received a pay increase of 3%,
this would make sense of small rise in wages cost although no new staff had
been hired. The auditors would verify this explanation by looking to see if the
payroll reflects this 3% rise.
The auditors also assess if there are any areas in the financial statements which
are significantly different from the previous financial statements and obtain
explanations from these. At this stage, the auditor is concerned whether the
financial statements are internally consistent, so predictable relationships in
particular will be important.

ISA 700 states that forming an opinion as to whether the financial statements
give a true and fair view involves evaluating the fair presentation of the financial
statements.
The auditor must consider:
• Whether the financial statements (after any adjustments as a result of
the audit process) are consistent with the auditor’s understanding of
the entity and its environment
• The overall presentation, structure and content of the financial
statements
• Whether the financial statements, including disclosures in the notes,
faithfully represent the underlying transactions and events.
Analytical procedures performed at or near the end of the audit help corroborate
conclusions formed during the audit and assist in arriving at the overall
conclusions regarding fair presentations.
13.1.2. Events after the end of the period
The auditors should consider the effect of subsequent events on the financial
statements, up to the date the financial statements are signed
a) Subsequent events
Subsequent events are events occurring between the date of the financial
statements and the date of the auditor’s report, and facts that become known
to the auditor after the date of the auditor’s report. (ISA 560).
Subsequent events include:
• Events occurring between the end of the reporting period and the date
of the auditor’s report
• Facts discovered after the date of the auditor’s report
b) Events after the reporting period
Events after the reporting period deal with the treatment in financial statements
of events, both favourable and unfavourable, occurring after the period-end.
There are two types of events:
Adjusting events: are those that provide further evidence of conditions that
existed at the end of reporting period
Non-adjusting events: are those that are indicative of conditions that arose
after the end of the report period.
Events occurring up to the date of the auditor’s report ISA 560.6
The auditor shall perform procedures designed to obtain sufficient appropriate
audit evidence that all events occurring between the date of the financial
statements and the date of the auditor’s report that require adjustment of, or
disclosure in, the financial statements have been identified.
These procedures should be applied to any matters examined during the audit
which may be susceptible to change after the period end. They are in addition
to tests on specific transactions after the date of the financial statements, e.g.
cut-off tests.
Depending on the auditor’s risk assessment, procedures may involve the review
or testing of accounting records or transactions occurring between the date of
the financial statements and the auditor’s report.
The ISA lists procedures to identify subsequent events which may require
adjustments or disclosures. They should be performed as near as possible to
the date of the auditor’s report. (ISA 560.7)

Reviews and updates of these procedures may be required, depending on the
length of the time between the procedures and the signing of the auditor’s
report and the susceptibility of the items to change over time.
ISA 560.8
If the auditor identifies events that require adjustment of, or disclosure in, the
financial statements the auditor shall determine whether each such event is
appropriately reflected in those financial statements in accordance with the
applicable financial reporting framework.
The ISA also requires the auditor to obtain written representations confirming
that all subsequent events have been adjusted or disclosed.
ISA 560.9
The auditor shall request management and, where appropriate, those charged
with governance, to provide a written representation that all events occurring
subsequent to the date of the financial statements and for which the applicable
financial reporting framework requires adjustment or disclosure have been
adjusted or disclosure.
13.1.3. Going concern
The auditor should communicate to the audit committee, when applicable, the
following matters relating to the auditor’s evaluation of the company’s ability to
continue as a going concern:
• If the auditor believes there is substantial doubt about the company’s
ability to continue as a going concern for a reasonable period of time, the
conditions and events that the auditor identified that, when considered
in the aggregate, indicate that there is substantial doubt.

• If the auditor concludes, after consideration of management plans, that
substantial doubt about the company’s ability to continue as a going
concern is alleviated, the basis for the auditor’s conclusion, including
elements the auditor identified within management’s plans that are
significant to overcoming the adverse effects of the conditions and
events.

• If the auditor concludes, after consideration of management’s plans,
that substantial doubt about the company’s ability to continue as a
going concern for a reasonable period of time remains:

– The effects, if any, on the financial statements and the
adequacy of the related disclosure; and

– The effects on the auditor’s report.
Factors considered when management make an assessment on going
• The degree of uncertainty about the events or conditions being
assessed increases significantly the further into the future the
assessment is made.
• Judgements are made on the basis of the information available at the
time.
• Judgements are affected by the size and complicity of the entity, the
nature and condition of the business and the degree to which it is
affected by external factors.
The examples of possible indicators of going concern problems are as follows:
Financial indications
• Net liabilities or net current liability position where the company has
more liabilities than assets
• The company needs borrowing facilities which have not been agreed
• Relying too heavily on short-term borrowing
• Major debt repayment falling due where the company will need to
borrow again if it can
• Major restructuring of debt – this may indicate difficulties in repaying
the debt which in turn may indicate going concern issues.
• Indications that creditors want to call in loans
• Negative operating cash flows in budgets or financial statements
• Major losses or cash flow problems which have arisen since the
reporting date
• The company stopped paying dividends or falling behind in paying them
• Inability to pay suppliers’ invoices (payables) on due dates
• Inability to comply with terms of loan agreements
• Reduction in normal terms of trade credit by suppliers
• Change from credit to cash-on-delivery transactions with suppliers
• Inability to obtain financing for essential new product development or
other essential investments
• Substantial sales of non-current assets not intended to be replaced
Operating indications
• Loss of key management without replacement
• Loss of key staff without replacement
• Loss of a major market, franchises, licence, or principal supplier
• Labour difficulties or shortages of important supplies as this would
prevent the company from carrying out its business and eventually its
ability to remain in business
• Fundamental changes in market or technology
• Excessive dependence on a few product lines where the market is
depressed
• Technical developments which render a key product obsolete
Other indications
• Non-compliance with capital or other statutory requirements
• Pending legal proceedings against the entity that may, if successful,
result in judgements that could not be met
• Changes in legislation or government policy
• Issues which involve a range of possible outcomes so wide that an
unfavourable result could affect the appropriateness of the going
concern basis
The significance of such indications can often be mitigated/reduced by other
factors.
• The effect of an entity being unable to make its normal debt repayments
may be counterbalanced by management’s plans to maintain adequate
cash flows by alternative means, such as by disposal of assets,
rescheduling of loan repayments, or obtaining additional capital.
• The loss of a principal supplier may be mitigated by the availability of a
suitable alternative source of supply.
13.1.4. Written representations
a) The meaning of key concepts
• Written representation
Written representations are written statements by management, provided to the
auditor, to confirm certain matters or to support other audit evidence.
• Management
Management can be defined as the person (s) with executive responsibility for
the conduct of the entity’s operations.
b) Acknowledgement by Management of their responsibilities

The auditor shall request management to provide a written representation that:
• It has provided the auditor with all relevant information and access as
agreed in the terms of the audit engagement; and
• All transactions have been recorded and are reflected in the financial
statements.
Audit evidence obtained during the audit that management has fulfilled the
responsibilities is not sufficient without obtaining confirmation from management
that it believes that it has fulfilled those responsibilities.
For example, the auditor could not conclude that management has provided the
auditor with all relevant information agreed in the terms of the audit engagement
without asking it whether, and receiving confirmation that, such information has
been provided.
c) Representations by management as audit evidence
The auditor should obtain written representations from management on matters
material to the financial statements when other audit evidence cannot reasonably
be expected to exist. It may be necessary to inform management of the auditor’s
understanding of materiality.
The possibility of misunderstandings between the auditor and management is
reduced when oral representations are confirmed by management in writing.
The auditor should obtain written representations from management that:
– It acknowledges its responsibility for the design and implementation of
internal control to prevent and detect error; and
– It believes the effects of those uncorrected financial misstatements
aggregated by the auditor during the audit are immaterial to the
financial statements taken as a whole.
During the course of an audit, management makes many representations to
the auditor, either unsolicited or in response to specific inquiries. When such
representations relate to matters which are material to the financial statements,
the auditor will need to:
– Seek corroborative audit evidence from sources inside or outside the
entity,
– Evaluate whether the representations made by management appear
reasonable and consistent with other audit evidence obtained and
– Consider whether the individuals making the representations can be
expected to be well informed on the particular matters.
Representations by management cannot be a substitute for other audit evidence
that the auditor could reasonably expect to be available. If the auditor is unable
to obtain sufficient appropriate audit evidence regarding a matter which has a
material effect on the financial statements and such audit evidence is expected
to be available, this will constitute a limitation in the scope of the audit, even if a
representation has been received on the matter.
In certain instances, audit evidence other than that obtained by performing
inquiry may not be reasonably expected to be available; therefore the auditor
obtains a written representation by management.
If a representation by management is contradicted by other audit evidence, the
auditor should investigate the circumstances and, when necessary, reconsider
the reliability of other representations made by management.
ISA 580 lists a number of other ISAs which require specific written
representations. These include the following:
• The effect of uncorrected misstatements is immaterial, both individual
and in aggregate
• All known actual possible litigation and claims have been disclosed
• Whether assumption used in making accounting estimates are
reasonable
• All subsequent events requiring adjustment or disclosure have been
adjusted for or disclosed
• Future actions and feasibility of plans relating to going concern issues.
Documentation of written Representations by Management
The auditor would ordinarily include, in audit working papers, evidence of
management’s representations in the form of a summary of oral discussions
with management or written representations from management.
A written representation is ordinarily more reliable audit evidence than an oral
representation and can take the form of:
• A representation letter from management,
• A letter from the auditor outlining the auditor’s understanding of
management’s representations, duly acknowledged and confirmed by
management,
• Relevant minutes of meetings of the board of directors or similar body
or a signed copy of the financial statements.

Basic elements of a representation letter
A representation letter should:
• Be addressed to the auditors
• Contain specified information
• Be appropriately dated and signed by the management. It would
ordinarily be dated the same date as the auditor’s report.
Actions if management refuse to provide representations
If management does not provide one or more of the requested written
representations the auditor shall:
• Discuss the matters with management;
• Re-evaluate the integrity of management and evaluate the effect that
this may have on the reliability of representations and audit evidence in
general; and
• Take appropriate actions, including determining the possible effect on
the opinion in the auditor’s report;
In these circumstances, the auditors should consider whether it is appropriate
to rely on other representations made by management during the audit.
13.1.5. Completion
a) Summarising uncorrected misstatements
Misstatement is a difference between the amounts, classification, presentation,
or disclosure of a reported financial statement item and the amount, classification,
presentation, or disclosure that is required for the item to be in accordance with
the applicable financial reporting framework, and can arise either from error or
fraud. (IFAC, 2016)
The auditor should consider the cumulative effect of uncorrected misstatements.
The summary of uncorrected misstatements will not only list misstatements
from the current year, but also those in the previous year(s). This will allow
uncorrected misstatements to be highlighted which are reversals of uncorrected
misstatements in the previous year, such as in the valuation of closing/opening
inventory. Cumulative uncorrected misstatements may also be shown, which
have increased from year to year. It is normal to show both the statement of
financial position and the statement of profit or loss and other comprehensive
income effect, as in the example given here.
b) Evaluating the effect of misstatements
Misstatements, including omissions are considered to be material if they,
individual or in the aggregate, could reasonably be expected to influence the
decisions of users taken on the basis of the financial statements.
The concept materiality is applied by the auditor both in planning and performing
the audit, and in evaluating the effect of identified misstatements on the audit
and of uncorrected misstatements, if any, on the financial statements and in
forming the opinion in the auditor’s report.
The aggregate of uncorrected misstatements comprises:
• Specific misstatements identified by the auditors, including the net
effect of uncorrected identified during the audit of the previous period
if they affect the current period’s financial statements;
• Their best estimate of other misstatements which cannot be
quantified specifically (ie .projected errors).
If the auditors consider that the aggregate of misstatements may be material, they
must consider reducing audit risk by extending audit procedures or requesting
management to adjust the financial statements (which management may wish
to do anyway).
If management refuses to correct some or all of the misstatements communicated
by the auditor, the auditor shall obtain an understanding of management’s
reasons for not making the corrections and shall take that understanding into
account when evaluating whether the financial statements as a whole are free
from material misstatement.
The auditor shall request a written representation from management and, where
appropriate, those charged with governance whether they believe the effects of
uncorrected misstatements are immaterial, individually and in aggregate, to the
financial statements as a whole.
If the aggregate of the uncorrected misstatements that the auditors have
identified approaches the materiality level, the auditors should consider
whether it is likely that undetected misstatements, when taken with aggregated
uncorrected misstatements, could exceed the materiality level. Thus, as
aggregate uncorrected misstatements approach the materiality level the auditors
should consider reducing the risk by:
– Performing additional audit procedures;
– Requesting management to adjust the financial statements for
identified misstatements.
The schedule will be used by the audit manager and partner to decide whether
the client should be requested to make adjustments to the financial statements
to correct the errors.
c) Completion checklists
Audit firms frequently use checklists (which must be signed off) to ensure that
all final procedures have been carried out, all material amounts are supported
by sufficient appropriate evidence, and so forth.
For example, extracts from an audit checklist might contain the following points:
Application activity 13.1
Questions
1. What are the principal considerations in a review of the financial
statements for consistency and reasonableness?
2. In certain instances, audit evidences other than that obtained by
performing inquiry may not be reasonably expected to be available.
Therefore the auditor obtains a written representation from
management.
Identify the actions that be taken by the auditor if the management
refuse to provide the representation.
Skills lab activity 13
In their learning team, with guidance of a teacher, students will formulate
audit judgement.
End unit 13 assessment
1. Identify the main purposes of a representation letter and how far can
auditors rely on the audit evidence it provides?
2. What matters should auditors consider when examining accounting
policies?
3. What are the two types of subsequent events?
4. What are the consequences regarding the realisation of assets and
liabilities if the going concern basis of accounting is not appropriate?
5. Which of the following statements concerning written representations
is true?
a. Written representations are appropriate evidence when evidence
the auditors expected to be available is unavailable.
b. If written representations given do not agree with other evidence,
auditors should not trust any other representations made by
management during the course of the audit.
c. The representation letter must not be dated after the auditor’s
report.
d. The representation letter must contain a list of all material
adjustments to the final financial statements.
UNIT 14: AUDIT REPORT
Key unit competence: To be able to prepare an appropriate report
Introductory activity
In modern world, organizations are required to report concerning the general
performance to their stakeholders on regular basis. In this regard, different
reports such as audit reports, activity reports, and financial reports are being
prepared and submitted timely to concerned stakeholders. Some of those
reports are statutory and some are not. Those reports are therefore used by
different stakeholders to make informed decisions.

Question: How do you call the document prepared by the auditor at the end of
audit process which contains his conclusion, opinion and recommendations?
14.1. Auditor’s report
Learning activity 14.1

After observing pictures above, identify the documents related to the audit
work?
14.1.1. Meaning of audit report
An audit report is a document that expresses an auditor’s opinion on a company’s
financial performance and compliance with Generally Accepted Accounting
Principles (GAAP).An audit report is a written opinion of an auditor regarding
an entity’s financial statements.
An audit report is a document from the auditor of a company that is the end result
of the audit process. It states the auditor’s opinion on whether the company’s
financial statements are in compliance with the Generally Accepted Accounting
Principles (GAAP) and if they are free from material misstatement.
The audit report is the end-product of the external audit process. It is the
document in which the auditor expresses his/her professional judgment on
whether the financial statements present a ‘true and fair view’.
Is a document prepared by an auditor at the end of auditing process that
consolidates all of his/her findings and observations about a company’s financial
statements.
14.1.2. Basic elements of an audit report
a) Example of audit report
An example of an unmodified audit report is set out below.
INDEPENDENT AUDITOR’S REPORT
(Appropriate addressee)
Report on the financial statements
We have audited the accompanying financial statements of BATAMU Ltd
Company, which comprise the statement of financial position as at 31
December 2021, and the statement of comprehensive income, statement of
changes in equity, and statement of cash flows for the year then ended, and a
summary of significant accounting policies and other explanatory information.
Management’s responsibility for the financial statements
Management is responsible for the preparation and fair presentation of these
financial statements in accordance with International Financial Reporting
Standards, and for such internal control as management determines is
necessary to enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditor’s responsibility
Our responsibility is to express an opinion on these financial statements
based on our audit. We conducted our audit in accordance with International
Standards on Auditing. Those standards require that we comply with ethical
requirements and plan and perform the audit to obtain reasonable assurance
about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about
the amounts and disclosures in the financial statements. The procedures
selected depend on the auditor’s judgment, including the assessment of
the risks of material misstatement of the financial statements, whether due
to fraud or error. In making those risk assessments, the auditor considers
internal control relevant to the entity’s preparation and fair presentation of the
financial statements in order to design audit procedures that are appropriate
in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of
accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
We believe that the audit evidence that we have obtained is sufficient and
appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements give a true and fair view (or present
fairly, in all material respects,) of the financial position of BATAMU Ltd
Company as at 31 December 2021, and of its financial performance and its
cash flows for the year then ended in accordance with International Financial
Reporting Standards.
(Auditor’s signature)
(Date of the report)
(Auditor’s address)
b) Qualities of a good audit report
Qualities of a good audit report are:
• It should not be biased to any party with financial stake in the business.
• It should be forceful.
• It should be based on constructive criticism/ideas.
• It should offer constructive and timely suggestions to the management
so as to solve problems highlighted in the report.
• It should be clear and concise.
c) Importance of audit report
For the audited company
• Helps to reveal a true and fair view of the company’s financial statements
• Reveals errors and frauds committed or inherent in the company’s
books of accounts
• Traces the strength and weaknesses of the internal control system
• Shows if the internal auditing function is working properly
• Helps to ensure if the company fulfils legal requirements
For the shareholders or associates
• Helps them to ensure if their shares are earning interest by the company
and if it is profitable to continue to invest in the company
• Helps to know if the statutory requirements are being implemented by
the company
For the tax authorities
• The audit report ensures to the government if the taxes due by the
company are properly given by the company
• Ensures if other legal requirements like social security contributions are
being implemented
• Ensures that the company respects accounting principles, company’s
Act and other regulations in application
• Ensures if the public funds are being used properly by government
institutions and other private institutions
For the thirds parties
• For employees audit report helps them to ensure the continuity of the
company’s activities so as to ensure their job security and continuity of
employment
• For the customers they are proud of their relationships with their
supplier (audited company) if good management and fair and true
image are revealed by the audit report
• For suppliers, they ensure their market with the audited company if true
and fair view is revealed by the auditor’s report
• For banks and financial institutions, they ensure refund of their loans
granted to the audited company
14.1.3. The auditor’s report on financial statements
The auditor is required to produce an audit report at the end of the audit which
sets out his/her opinion on the truth and fairness of the financial statements. The
report contains a number of consistent elements so that users know the audit
has been conducted according to recognized standards
The audit report refers to financial statements and you need to know what these
are. They consist of the following:
• The statement of financial position (or balance sheet).sss
• The statement of profit or loss ( Income statement )
• The statement of changes in equity.
• The cash flow statement.
• The notes to the account
ISA 700 Forming an opinion and reporting on financial statements establishes
standards and provides guidance on the form and content of the auditor’s
report issued as a result of an audit performed by an independent auditor on the
financial statements of an entity. It states that the auditor shall form an opinion
on whether the financial statements are prepared, in all material respects, in
accordance with the applicable financial reporting framework.
In order to form the opinion, the auditor needs to conclude as to whether
reasonable assurance has been obtained that the financial statements are free
from material misstatement. The auditor’s conclusion need to consider the
following.
• Whether sufficient appropriate audit evidence has been obtained (ISA
330)
• Whether uncorrected misstatements are material (ISA 450)
• Whether the financial statements adequately disclose the significant
accounting policies selected and applied
• Whether the accounting policies selected and applied are consistent
with the applicable financial reporting framework and are appropriate
• Whether accounting estimates made by management are reasonable
• Whether the information in the financial statements is relevant, reliable,
comparable and understandable
• Whether the financial statements provide adequate disclosures to
allow users to understand the effect of material transactions and events
on the information presented in the financial statements
• Whether the terminology used in the financial statements is appropriate
• The overall presentation, structure and content of the financial
statements
• Whether the financial statements represent the underlying transactions
and events so as to achieve fair presentation
• Whether the financial statements adequately refer to or describe the
applicable financial reporting framework
Application activity 14.1
1. John is a member of ABX ltd Company. Help him to understand the
importance of audit report.
2. What are the qualities of a good audit report?
14.2. Unmodified auditor’s report and Modified opinions
Learning activity 14.2

Read the words on the picture above and give it opposite
Now we are going to look at the types of audit report that exist. First and simplest
is the unmodified audit report.
14.2.1. Unmodified audit’s report
Definition of unmodified audit report
An unmodified audit report is an audit report containing an audit opinion not
modified in any way – either by changing the unmodified opinion or by adding
an extra paragraph such as an ‘emphasis of matter’ or ‘other matters’ paragraph
after the opinion paragraph.
An unmodified opinion is the opinion expressed by the auditor when the auditor
concludes that the financial statements are prepared, in all material respects, in
accordance with the applicable financial reporting framework.
If the auditor concludes that the financial statements as a whole are not free from
material misstatement or cannot obtain sufficient appropriate audit evidence to
make this conclusion, the auditor must modify the opinion in accordance with
ISA 705 Modifications to the opinion in the independent auditor’s report.
We discuss modifications to the opinion in the following sub heading.
14.2.2. Modified opinions
A modified opinion is required when:
The auditor concludes that the financial statements as a whole are not free from
material misstatements or the auditor cannot obtain sufficient appropriate audit
evidence to conclude that the financial statements as a whole are free from
material misstatement.
Types of modifications
There are three types of modified opinions:
a. A qualified opinion
b. An adverse opinion
c. A disclaimer of opinion
Qualified opinion
A qualified opinion must be expressed in the auditor’s report in the following
two situations:
1. The auditor concludes that misstatements are material, but not pervasive to
the financial statements.
Material misstatements could arise in respect of:
• The appropriateness of selected accounting policies
• The application of selected accounting policies
• The appropriateness or adequacy of disclosures in the financial
statements
2. The auditor cannot obtain sufficient appropriate audit evidence on which
to base the opinion but concludes that the possible effects of undetected
misstatements, if any, could be material but not pervasive.
The auditor’s inability to obtain sufficient appropriate audit evidence is also
referred to as a limitation on the scope of the audit and could arise from:
• Circumstances beyond the entity’s control (e.g. accounting records
destroyed)
• Circumstances relating to the nature or timing of the auditor’s work
(e.g. the timing of the auditor’s appointment prevents the observation
of the physical inventory count)
• Limitations imposed by management (e.g. management prevents
the auditor from requesting external confirmation of specific account
balances)
Adverse opinion
An adverse opinion is expressed when the auditor, having obtained sufficient
appropriate audit evidence, concludes that misstatements are both material and
pervasive to the financial statements.
Disclaimers of opinion
An opinion must be disclaimed when the auditor cannot obtain sufficient
appropriate audit evidence on which to base the opinion and concludes that
the possible effects on the financial statements of undetected misstatements, if
any, could be both material and pervasive.
Summary of modifications and impact on the auditor’s report
The following table summarizes the different types of modified opinions that can
arise:
14.2.3. Emphasis of matter and other matter paragraphs in
the auditor’s report
a) Emphasis of matter paragraphs
An emphasis of matter paragraph is a paragraph included in the auditor’s report
that refers to a matter appropriately presented or disclosed in the financial
statements that, in the auditor’s judgment, is of such importance that it is
fundamental to users’ understanding of the financial statements.
Emphasis of matter paragraphs are used to draw readers’ attention to a matter
already presented or disclosed in the financial statements that the auditor feels
is fundamental to their understanding, provided that the auditor has obtained
sufficient appropriate audit evidence that the matter is not materially misstated.
b) Other matter paragraphs
Other matter paragraphs are used where the auditor considers it necessary to
draw readers’ attention to a matter that is relevant to their understanding of the
audit, the auditor’s responsibilities or the auditor’s report.
The other matter paragraph must be included immediately after the opinion
paragraph and any emphasis of matter paragraph, or elsewhere in the auditor’s
report if the content of it is relevant to the other reporting responsibilities section.
The content of the other matter paragraph must reflect clearly that the other
matter is not required to be presented and disclosed in the financial statements,
and does not include information that the auditor is prohibited from providing
by law and regulations or other standards, or information that is required to be
provided by management.
Application activity 14.2
1. Explain unmodified auditor’s report.
2. Identify three (3) types of modified auditor’s opinions.
Skills lab activity 14
In learning group, teacher presents to their students an unmodified audit
report in which some elements are missing, ask them to discuss about it.
Through discussions, the students must discover the missing elements
and rewrite the appropriate report.
End unit 14 assessment
1. What is the importance of audit report to audited company?
2. Explain two main types of audit report.
3. Explain the basic elements of an audit report
4. Define the term audit report
5. Explain emphasis of matter paragraphs.
6. Outline the qualities of a good audit report.
7. What are the auditable finanancial statements
References
1. International, E. W. (2015). Audit and Assurance . Berkshire- United
Kingdom: Emile Woolf International.
2. MANAS’SEH, P. N. (2000). PRINCIPLES OF AUDITING . NAIROBI:
McMore Accounting Books.
3. MEDIA, B. L. (2009). AUDIT AND ASSURANCE (INTERNATIONAL).
London: BPP Learning Media Ltd.
4. MEDIA, B. L. (2019). Audit and Assurance . London: BPP Learning Media
Ltd .
5. MEDIA, B. L. (2020). Audit and Assurance . London : BPP Learning Media.
6. Sagwa, P. N. (2015). Auditing and Assurance . Nairobi-Kenya: Manifested
Publishers Ltd.
7. SALEEMI, N. A. (1997). AUDITING SIMPLIFIED . NAIROBI, KENYA: Uni-Trade Printers Ltd
Topic 15

Topic outline

Table of contents