Appraisal by workflow,
Appraisal by duties,
Appraisal by questionnaire.
The adoption of any of the above methods, does not preclude the use of one or more methods
in connection.
A standard Internal Control Questionnaire has therefore, been presented by the Research
Committee of Chartered Accountants of India. The questions are so framed that most of the
answers can be given by "Yes" or "No" or "Not applicable". Affirmative answers generally
indicate good internal controls while negative answers indicate weaknesses. In such cases, it
would be advisable to add explanatory note. The arrears of coverage by the questionnaire
relate to :-
Methodology For Adoption While Using The Questionnaire: The Auditors may
obtain answers on separate sheets , duly indexed against the questions to which they relate.
Inevitably a standard format for a questionnaire may not be feasible for universal
applicability as individual variations may be required. The following methods could be
adopted:-
Answers could be compiled by the auditor on the basis of his observations and
personal interaction with the auditee.
Alternatively, the questionnaire may be given to auditee who could furnish answers
on separate sheets. The advantage of this method is that the auditee would have an
opportunity to review his own systems of internal control through the mere process of
answering the questionnaire.
The auditor should then conduct a test check in order to ascertain the accuracy of the
replies and the actual operation of the system.
All negative answers are to be reviewed by the auditor with the auditee. The auditor
may also decide whether any qualification would be necessary in his report.
In the light of the questionnaire, the auditor should formulate his Audit Plan and
Programme.
A review of the questionnaire, in the event of any major changes that may have taken
place in the auditee organisation, should be conducted by the auditor.
Having ascertained, confirmed and recorded the system, the auditor now needs to carry out a
preliminary evaluation of the system in order to make a decision as to whether he will:
Features:
Objectives:
Audit Risk is the risk that an auditor expresses an inappropriate opinion on the financial
statements.
Audit risk is the risk that an auditor issues an incorrect opinion on the financial statements.
Examples of inappropriate audit opinions include the following:
Audit risk may be considered as the product of the various risks which may be encountered in
the performance of the audit. In order to keep the overall audit risk of engagements below
acceptable limit, the auditor must assess the level of risk pertaining to each component of
audit risk.
Components
Inherent Risk is the risk of a material misstatement in the financial statements arising due to
error or omission as a result of factors other than the failure of controls (factors that may
cause a misstatement due to absence or lapse of controls are considered separately in the
assessment of control risk).
Inherent risk is generally considered to be higher where a high degree of judgment and
estimation is involved or where transactions of the entity are highly complex.
For example, the inherent risk in the audit of a newly formed financial institution which has a
significant trade and exposure in complex derivative instruments may be considered to be
significantly higher as compared to the audit of a well established manufacturing concern
operating in a relatively stable competitive environment.
Control Risk is the risk of a material misstatement in the financial statements arising due to
absence or failure in the operation of relevant controls of the entity.
Organizations must have adequate internal controls in place to prevent and detect instances of
fraud and error. Control risk is considered to be high where the audit entity does not have
adequate internal controls to prevent and detect instances of fraud and error in the financial
statements.
Assessment of control risk may be higher for example in case of a small sized entity in which
segregation of duties is not well defined and the financial statements are prepared by
individuals who do not have the necessary technical knowledge of accounting and finance.
Detection Risk is the risk that the auditors fail to detect a material misstatement in the
financial statements.
An auditor must apply audit procedures to detect material misstatements in the financial
statements whether due to fraud or error. Misapplication or omission of critical audit
procedures may result in a material misstatement remaining undetected by the auditor. Some
detection risk is always present due to the inherent limitations of the audit such as the use of
sampling for the selection of transactions.
Detection risk can be reduced by auditors by increasing the number of sampled transactions
for detailed testing.
Application
Audit risk model is used by the auditors to manage the overall risk of an audit engagement.
Auditors proceed by examining the inherent and control risks pertaining to an audit
engagement while gaining an understanding of the entity and its environment.
Detection risk forms the residual risk after taking into consideration the inherent and control
risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to
accept.
Where the auditor's assessment of inherent and control risk is high, the detection risk is set at
a lower level to keep the audit risk at an acceptable level. Lower detection risk may be
achieved by increasing the sample size for audit testing. Conversely, where the auditor
believes the inherent and control risks of an engagement to be low, detection risk is allowed
to be set at a relatively higher level.
When performing an audit, you use risk assessment procedures to assess the risk that material
misstatement exists. This step is very important because the whole point of a financial
statement audit is finding out if the financial statements are materially correct.
A clients contribution to audit risk the risk of a material misstatement existing in the
financial records due to errors and fraud influences your firms plans regarding what audit
evidence is necessary and which personnel will be assigned to the job. With higher risk
comes the need for more involved audit risk procedures.
How exactly do you assess audit risk? You follow various risk assessment procedures:
recognizing the nature of the company and management, interviewing employees, performing
analytical procedures, observing employees at work, and inspecting company records. After
you run through all applicable risk-assessment procedures, you use the results to figure out
how high the chance is that your client has material financial-statement mistakes. Not every
mistake is important.
Recognizing the nature of the company: Here are some crucial questions to ask the
client during your risk assessment procedures:
o Who (if anyone) regulates the client? Many businesses dont have an outside
regulatory agency, but any publicly traded company is required to file its
financial statements with the Securities and Exchange Commission (SEC).
If key personnel such as the president, chief financial officer, and chief executive
officer have been with the company for many years, thats usually an indication of
quality management. Another good sign is if prior audits have required few, if any,
accounting adjustments and there have been no financial statement restatements.
Heres why:
Asking employees for information: When asking for information, you should talk to
many different employees in the organization besides management. To get a well-
rounded idea of the business, talk with individuals holding different levels of
authority, from low-level clerks all the way up to the board of directors.
You need to look at problems that can prevent a company from reaching its desired
objectives. Each of your clients functioning departments has different objectives and
risks, and understanding them can help you identify potential sources of inadvertent
errors or intentional fraud that may affect the financial statements. Here are two real-
life examples to consider:
o A tax department objective is to meet all legal and regulatory tax return filing
obligations. Risks associated with this objective include filing returns that
arent materially correct and missing the filing deadline.
Analyzing processes and paperwork: Put simply, analytical procedures test to see if
plausible and expected relationships exist in both financial and nonfinancial data.
Here are three common analytical procedures you do while assessing audit risk:
o Trend analysis: You compare current financial figures to the same figures in
the prior year.
o Ratio analysis: Some common ratios are the current ratio, and inventory
turnover.
o Reasonableness: Does what youre seeing make sense based on other facts?
For example, does the depreciation expense appear accurate when you
consider the book value of all fixed assets on the balance sheet?
Observing the client at work: One common type of observation is to watch the staff
take a count of physical inventory. Visiting the companys business locations is
another. Doing so gives you the opportunity to view the companys operations beyond
whats in the books and records and to find out about the companys internal controls.
When planning how to carry out the sampling the auditor should consider the following:
The objective of the test and the combination of audit procedures which are likely to achieve
these objectives;
The population and sampling units. The population should be appropriate to the objective of
the sampling procedure. E.g. if the auditors objective is to test for overstatement of debtors
an appropriate population would be the debtors listing;
The auditor needs to determine an appropriate size of the sample on which the audit
procedures will be applied. The size is determined by:
The tolerable error or deviation rate- the larger the tolerable error or deviation rate, the
smaller the sample size.
Auditors assessment of inherent risk. The higher the auditors assessment of inherent risk,
the larger the sample size. Higher inherent risk implies that there is a greater risk that the
financial balance will be misstated. To reduce this risk the auditor will need to extend the
level of testing. This is achieved by testing a larger sample.
Auditors assessment of control risk. The higher the auditors assessment of control risk, the
larger the sample size. A high control risk implies that little reliance can be placed on
effective operation of internal controls. To reduce the audit risk the auditor will need to
extend the level of testing, this is achieved by increasing the size of the sample.
Expected error. This refers to the total error that the auditor expects to find in the population.
The greater the amount of error the auditor expects to find in the population, the larger the
size of the sample needed in order to make a reasonable estimate of the actual amount of
error in the population.
Auditors required confidence level. The greater the degree of confidence that the auditor
requires that the results of the sample are in fact representative of the actual amount of error
in the population, the larger the sample needs to be.
(c) Selecting the items to be tested: The sample selected should be representative of the
population so that the auditor can draw conclusions about the entire population. All sampling
units should have an equal chance of being selected. Common methods of selecting samples
include:
Random sampling by use of random number tables or use of computers to select sampling
units
Systematic selection
Haphazard selection
(d) Testing the items: After selecting the sample units, the auditor should carry out the pre-
determined audit tests on each item.
(e) Evaluating the results of the tests: The following procedures should be followed in
evaluating the results of the tests:
Projection of error. The auditor should estimate the expected error or deviation rate in the
whole population by projecting the results of the sample to the population so as to obtain a
broad view of possible error or deviation rates in the entire population. This will then be
compared with the established tolerable error or deviation rate;
Assessing the risk of incorrect conclusion. In general the expected error or deviation is
rarely a precise measure of the actual error or deviation rate present in the population. Actual
error rate may be greater or smaller than projected error. The auditor must therefore consider
on the basis of his sample results and relevant evidence obtained from other audit procedures,
the possible levels which the actual error or deviation rate might take and particularly the
likelihood that the actual error or deviation rate may exceed tolerable error or deviation rate.
Analytical Procedures
Analytical procedures are a form of audit evidence. Analytical procedures are an important
type of evidence on an audit. They involve a comparison of recorded values with
expectations developed by the auditor. They consists of evaluations of financial information
made by a study of plausible relationships among both financial and nonfinancial data. For
example, the current-year accounts receivable balance can be compared to the prior-years'
balances after adjusting for any increase or decrease in sales and other economic factors.
Auditing standards require that the auditor conduct analytical procedures in planning the
audit. Analytical procedures can be helpful in identifying the existence of unusual
transactions or events and amounts, ratios, and trends that might have implications for audit
planning.
Preliminary analytical procedures are used to assist the auditor to better understand the
business and to plan the nature, timing, and extent of audit procedures. They consist of
evaluations of both financial and nonfinancial information. This is a required phase of the
audit. The main objectives of preliminary analytical procedures are (1) to understand the
client's business and transactions and (2) to identify financial statement accounts that are
likely to contain errors.
Analytical procedures are used throughout the audit process and are conducted for three
primary purposes:
One of the objectives of ISA 520 is that relevant and reliable audit evidence is obtained when
using substantive analytical procedures. The primary purpose of substantive analytical
procedures is to obtain assurance, in combination with other audit testing (such as tests of
controls and substantive tests of details), with respect to financial statement assertions for one
or more audit areas. Substantive analytical procedures are generally more applicable to large
volumes of transactions that tend to be more predictable over time.
STEP 2: Define a significant difference (or threshold): While designing and performing
substantive analytical procedures the auditor should consider the amount of difference from
the expectation that can be accepted without further investigation (ISA 520). The maximum
acceptable difference is commonly called the threshold.
Thresholds may be defined either as numerical values or as percentages of the items
being tested. Establishing an appropriate threshold is particularly critical to the effective use
of substantive analytical procedures. To prevent bias in judgment, the auditor should
determine the threshold while planning the substantive analytical procedures, ie before Step
3, in which the difference between the expectation and the recorded amount are computed.
The threshold is the acceptable amount of potential misstatement and therefore should not
exceed planning materiality and must be sufficiently small to enable the auditor to identify
misstatements that could be material either individually or when aggregated with
misstatements in other disaggregated portions of the account balance or in other account
balances.
STEP 3: Compute difference: The third step is the comparison of the expected value with
the recorded amounts and the identification of significant differences, if any. This should be
simply a mechanical calculation. It is important to note that the computation of differences
should be done after the consideration of an expectation and threshold. In applying
substantive analytical procedures, it is not appropriate to first compute differences from prior-
period balances and then let the results influence the expected difference and the acceptable
threshold.
STEP 4: Investigate significant differences and draw conclusions: The fourth step is the
investigation of significant differences and formation of conclusions (ISA 520). Differences
indicate an increased likelihood of misstatements; the greater the degree of precision, the
greater the likelihood that the difference is a misstatement.
Explanations should be sought for the full amount of the difference, not just the part
that exceeds the threshold. There is a chance that the unexplained difference may indicate an
increased risk of material misstatement. The auditor should consider whether the differences
were caused by factors previously overlooked when developing the expectation in Step 1,
such as unexpected changes in the business or changes in accounting treatments.
If the difference is caused by factors previously overlooked, it is important to verify
the new data, to show what impact this would have on the original expectations as if this data
had been considered in the first place, and to understand any accounting or auditing
ramifications of the new data.
There are four key factors that affect the precision of analytical procedures:
1. Disaggregation: The more detailed the level at which analytical procedures are
performed, the greater the potential precision of the procedures. Analytical procedures
performed at a high level may mask significant, but offsetting, differences that are
more likely to come to the auditors attention when procedures are performed on
disaggregated data.
The objective of the audit procedure will determine whether data for an
analytical procedure should be disaggregated and to what degree it should be
disaggregated. Disaggregated analytical procedures can be best thought of as looking
at the composition of a balance(s) based on time (eg by month or by week) and the
source(s) (eg by geographic region or by product) of the underlying data elements.
The reliability of the data is also influenced by the comparability of the information
available and the relevance of the information available.
2. Data reliability: The more reliable the data is, the more precise the expectation. The
data used to form an expectation in an analytical procedure may consist of external
industry and economic data gathered through independent research. The source of the
information available is particularly important. Internal data produced from systems
and records that are covered by the audit, or that are not subject to manipulation by
persons in a position to influence accounting activities, are generally considered more
reliable.
3. Predictability: There is a direct correlation between the predictability of the data and
the quality of the expectation derived from the data. Generally, the more precise an
expectation is for an analytical procedure, the greater will be the potential reliability
of that procedure. The use of non-financial data (eg number of employees, occupancy
rates, units produced) in developing an expectation may increase the auditors ability
to predict account relationships. However, the information is subject to data reliability
considerations mentioned above.
4. Type of analytical procedures: There are several types of analytical procedures
commonly used as substantive procedures and will influence the precision of the
expectation. The auditor chooses among these procedures based on his objectives for
the procedures (ie purpose of the test, desired level of assurance).
Each of the types uses a different method to form an expectation. They are ranked from
lowest to highest in order of their inherent precision. Scanning analytics are different from
the other types of analytical procedures in that scanning analytics search within accounts or
other entity data to identify anomalous individual items, while the other types use aggregated
financial information.
If the auditor needs a high level of assurance from a substantive analytical procedure,
s/he should develop a relatively precise expectation by selecting an appropriate analytical
procedure (eg a reasonableness test instead of a simple trend or flux analysis). Thus,
determining which type of substantive analytical procedure to use is a matter of professional
judgment.
In summary, there is a direct correlation between the type of analytical procedure
selected and the precision it can provide. Generally, the more precision inherent in an
analytical procedure used, the greater the potential reliability of that procedure.