Anda di halaman 1dari 139



The Modern Company

The rise in prominence of the modern company or

incorporation in general has contributed to the
growth of the auditing profession.
The Companies Code of Ghana just like similar
codes elsewhere imposes an obligation on Directors
to produce annual financial statements or accounts.
As a result of mass ownership of shares in the
modern company, ownership is increasingly being
separated from the management and control of the
organisations activities on a day-to-day basis.
The Modern Company (contd)

This has increased the space for the auditor as an

arbitrator and a judge.
The role of the auditor gains prominence in a
context where standards of corporate morality are,
or are seen to be, declining.
The growth in corporate scandals across the globe
in recent times involving misrepresentation,
corruption or even outright theft has led to an
increase demand from investors, regulators and
shareholders on auditors to be more efficient.
Theory and Postulates
Theories of auditing essentially consider the
social purpose of auditing and attempt to
establish some fundamental theories of
We shall consider the following theories;
Theory of Rational Expectations

Mautz and Sharafs Philosophy of Auditing.

Flints Philosophy and Principles of Auditing

Theory of Rational Expectations
This theory has its roots from Prof Theodore
Limpergs theory of inspired confidence. The
theory developed in 1926 eventually came to be
known as the theory of rational expectations.
The central argument of the theory is that the
value of the auditors report derives from the
expert nature of the auditor as an independent,
competent professional .
As the business community changes so the
expectations it has of the auditors function also
Theory of Rational Expectations (contd)

According to Limperg, the work carried out by the auditor

should be governed by the rational expectations of those
who use their reports so auditors should not disappoint those
Auditors should not also raise those expectations by any
more than the work they do justifies.
Again, the usefulness of the auditors opinion is based on the
general understanding society has about the usefulness of
The auditor must meet the expectations of the reasonably
well informed layman .
The auditor thus has a wider responsibility to society and is
not simply a watchdog for the shareholders.
Mautz and Sharafs Philosophy of Auditing

R. K Mautz and H.A Sharaf published a monograph in 1961

titled the philosophy of auditing.
They adopted a scientific approach to auditing,
insisting that auditing practice with its heavy
emphasis on probability and a scientific approach
to evidence, has much in common with scientific
Mautz and Sharaf attempted to create order out of
a somewhat chaotic mix of practices and ideas,
and developed 8 tentative postulates or factors
necessary for audits to achieve the desires
Muatz and Sharaf. The 8 postulates

Financial statements and financial data are verifiable.

There is no necessary conflict of interest between
the auditor and the management of the enterprise
under audit.
The financial statements and other information
submitted for verification are free from collusive and
other unusual irregularities.
The existence of a satisfactory system of internal
control eliminates the probability of irregularities.
Consistent application of generally accepted
principles of accounting result in fair presentation of
the financial position and the results of operations.
Muatz and Sharaf. The 8 postulates

In the absence of clear evidence to the

contrary, what was held true in the past for
the enterprise under examination will hold
true in the future.
When examining financial data for the
purpose of expressing an opinion thereon,
the auditor acts exclusively in the capacity of
an auditor.
The professional status of the independent
auditor imposes commensurate professional
Mautz and Sharafs work; Criticisms

Risk and control were not considered to be important

in the 1960s as they are today.
They didnt pay attention to the concept of
accountability between parties. E.g the accountability
of the entity to investors or the public.
The emphasis on scientific methods of testing
hypothesis and probability may be more relevant
where experiments are repeated. Auditors do not
normally have this opportunity.
Mautz and Sharaf paid less attention to the idea of
auditing as a social phonomenon. Auditing has a value
to society generally and not just those involved in the
commercial entity.
Flints Philosophy and Principles of
Prof David Flint published philosophy and
principles of Auditing in 1988.
His work builds on and updates the work of
Mautz and Sharaf.
Flint also developed a series of postulates as
the basis for the development of a theory of
His postulates rest on the idea that auditing
has a social benefit and not simply a
technical exercise.
Flints Postulates

The fundamental condition for the existence of an

audit is accountability, either private or public.
The subject matter of accountability is too remote, too
complex and/or too great a significance for the
discharge of the duty to be demonstrated without the
process of audit.
Essential distinguishing characteristics of audit are the
independence of its status and its freedom from
investigatory and reporting constraints.
All aspects of an audit, its conduct, the work carried
out and its conclusions must be capable of being
What is an Audit?

An audit is defined as: the independent examination of and

expression of opinion on the financial statements of an entity by a
duly appointed auditor in pursuit of that appointment.

An audit is an investigation or a search for evidence to enable an opinion

to be formed on the truth and fairness of financial and other information by
a person or persons independent of the preparer and persons likely to gain
directly from the use of the information, and the issue of a report on that
information with the intention of increasing its credibility and therefore its
usefulness- Gray and Manson (2000) pp17

Auditing is the process of collecting and evaluating evidence for the

purpose of reporting on the economic information (Gupta and Arora, 1996)
Why audit?
Financial Statements produced by managers may:
Contain errors

Not disclose fraud

Be inadvertently misleading

Be deliberately misleading

Fail to disclose relevant information

Fail to conform to regulations

Audits help to reduce agency costs by protecting

investors from the actions of predatory managers.
Types of an audit
Statutory audits these are audits mandated by the
state such as the requirement that all registered
companies must have an auditor.
Private audits these audits conducted for the benefit
of the owners of an entity not required by law to
produce audited statements.
Internal audits - these are audits into the aspects of the
operations of the entity by the entitys own employee
(principally) to ensure systems are working with the aim
of improving operational efficiency.
Benefits of an audit
Providers of finance such as banks usually require audited
accounts. If such agencies were to ask for their own
independent audits it might increases costs for the entity.
Audits can help in protecting creditors
An audit may help establish credibility for the entity
especially with the advent of so-called long firm frauds.
Shareholder interests are catered for and protected
It provides reassurance for directors that the figures they
are using are reliable.
Major changes in ownership may be facilitated if past
accounts contain unqualified audit reports.
There are arguments that an audit is just for compliance and
doesnt assist management in running the business. Others say it
is simply red tape.
Some argue that the cost of audit may be productively
deployed elsewhere
Historical accounts are of little value as they can be up to nine
months old when they become publicly available.
Banks and other suppliers can even lend on their own without
reference to audited accounts. For example, banks can lend on
security and personal guarantees.
Auditors only give reasonable assurance that the financial
statements are free from material misstatement
Readers may not understand the jargon of audit reports
Agency theory and Corporate Governance

Meaning of agency; Productive resources owned by one

person or group are managed by another person or
Ownership is usually divorced from management
Agency theory is the recognition that the inclination of
agents (management) is to act rather more in their own
interest than those of their employers (shareholders, in
this case).
Agency considerations have implications for how
organisations conduct themselves, and the operational
Interests of Principals and Agents
Safe investment

Regular dividends

Long term capital growth

Maintenance of value

Salary and benefits

Maximum bonus

Personal success etc

These may not necessarily converge, giving rise to agency

What is Corporate Governance?

The most often quoted definition of Corporate

Governance is the one contained in the Cadbury
Report the system by which companies are
directed and controlled.
Parkinson (1995) offers an expanded and suitable
version of this definition; The process of supervision
and control intended to ensure that the companys
management acts in accordance with the interests of
Corporate Governance; Principles-based V Legal

Principles-based approaches are very flexible.

Because of the voluntary nature they can only be
policed by consensus. Sanctions are minimal
Principles based approaches can be applied to any
jurisdiction and any legal system.
Principles-based approaches are difficult to enforce
in any meaningful way without legislation or
Principles are hard to explain so can be vague and
difficult to interpret.
Principles of Corporate Governance
The fundamental principles of good governance which underpin all
the detailed rules contained in major CG codes around the world
Accountability: The Board should take responsibility for actions
with the obligation to report the outcome of those actions.
Transparency: Openness and willingness to communicate. The
Board should respond positively to request for information and
disseminate more than an annual set of accounts.
Probity: honesty, truthfulness and ethical behaviour
Focus: On the sustainable success of an entity over the longer
Recognise the rights of all stakeholders including minority
True and Fair view
True means that the information is accurate.
It doesnt mean accurate to the last cent, but accurate enough to conform
with reality.
Fair is a more difficult concept.
You can have information which is accurate but which is nevertheless
presented in a way which is unfair, and which perhaps conceals or does not
reflect the commercial substance of transactions.
Lets say, for example, that a statement of financial position shows that the
net current assets of a company amounted to 1 million. That might look
good, however what it might mean is that current assets are 5 million and
current liabilities are 4 million. So the current ratio is quite close to one. In
that case the companys health perhaps doesnt look quite so good. As a
result , simply showing net current assets of one billion would be unfair; it
would certainly be misleading.
A matter is material if it omission or misstatement would
reasonably influence the economic decisions by a user of the
audit report
Guidance on materiality
Some rules of thumb have been developed. These are
only guidelines, but if something is wrong to the extent
0.5% to 1% of revenue,
1% to 2% of total assets or
5% to 10% of profit
Note that an audit gives only a reasonable assurance that the financial
statements are free from material misstatement. It is affected by the size
and nature of the misstatement
Going Concern
One of the commonest reasons for an emphasis of
matter paragraph in an audit report is to do with going
Signs that the company may have going concern
difficulties include the following:
Negative operating cash flows.

An inability to pay suppliers when due

Operating losses. These do not mean that the company

is going to fail immediately;
Loss of key customers

Inability to meet customer orders or need on time. etc

Going Concern (contd)
If the borrowing facilities are coming to an end and the new
ones havent been agreed.
The loss of key staff or key customers can mean the
company is unable to trade or unable to sell its products.
Technology changes can render the companys purpose and
main product redundant.
Legislative changes may mean that the companys
operations become illegal or the company has to go through
some sort of regulatory requirements before it can continue
trading and that this is going to be difficult for it.
Non-compliance with regulations may mean a business loses
its right or license to trade and in such a case the company
may simply have to be wound up.
Responsibilities of Directors
The Directors are responsible for keeping proper accounting records
which disclose with reasonable accuracy at any time the financial
position of the entity.
Responsible for taking steps as are reasonably open to them to
safeguard the assets of the Group and to prevent and detect fraud
and other irregularities.
Select suitable accounting policies and then apply them consistently.
Make judgements and estimates that are reasonable and prudent.
State whether applicable accounting standards have been followed,
subject to any material departures disclosed and explained in the
financial statements;
Prepare the financial statements on the going concern basis unless it
is inappropriate to presume that the entity will continue in business.

Must pass an approved set of professional

examinations, set by a Recognised Qualifying Body
(RQB) eg the ICAG
Must become a member (and stay a member!) of a
Recognised Supervisory Body (RSB) eg the ICAG
The auditor must not be a director or employee of the
company, or of any associated companies
The auditor must not be an employee or business
partner of a director or employee of the company, or
of any associated companies.
Appointment of Auditors
Auditors have to be reappointed by resolution at every annual
general meeting.
Note that reappointment is not automatic. This is to prevent the
incumbent auditors from simply staying in office.
The requirement for a resolution means that the members have to take
positive action to get auditors appointed.
Prior to the first annual general meeting the directors can
appoint the first auditors or if an auditor resigns, for example,
because he or she falls ill, the directors can appoint another
auditor to fill a casual vacancy
Removal of Auditors
Auditors can be removed from office. This would normally
be at instigation of the directors, but does have to be
ratified by the shareholders.
They could be removed for failing to the find a material
fraud in the company and the directors have lost faith in
them, or perhaps the company has now become
international and a larger firm of auditors is needed.
However, the big fear is that the auditors were, perhaps, too
good, too strict on insisting that certain aspects of the
financial statements should be changed, or perhaps they
issued a critical audit
This is why the auditors are given the right to make
representations about why they should stay in office.
Rights of the auditor
right to access to the books, records, documents and
accounts of the company
right to require from the officers of the company such
information and explanations as the auditor thinks
necessary for the performance of the auditors duties
right to receive all notices relating to any general
meeting of the company
right to attend any general meeting
right to be heard at any general meeting on any part
of the business which concerns him as an auditor
Duties of the auditor
Compliance with regulation
express an opinion on the truth and fairness of the
Consider in their report whether or not proper records
and returns have been kept for the audit
consider whether or not there is an agreement of the
accounts to the records
consider the consistency of other information published
along with accounts
Disclosure of directors' emoluments
Take Home assignment
The UK Corporate Governance Code and the
Sarbanes-Oxley Act, 2002 of the USA have played
influential roles in the development of corporate
governance codes across the globe. Critically
evaluate this statement.

Submit one week before the end of trimester


Deliberate management effort comprising a series

of actions to enhance operational integrity,
safeguard assets and to maximise operational
ISA 315 requires auditors to obtain an
understanding of internal controls sufficient to plan
the audit and develop an effective audit approach.
One of the most useful approaches to
understanding internal controls is provided in the
COSO Framework. We now look at the components.
Control Environment

The control environment sets the tone for the

Influencing the control consciousness of its people.
Providing discipline and structure.
Control environment factors include the integrity, ethical
values and competence of the entity's people;
management's philosophy and operating style; the way
management assigns authority and responsibility, and
organizes and develops its people; and the attention
and direction provided by the board of directors.
Risk Assessment
Every entity faces a variety of risks from external
and internal sources that must be assessed.
A precondition to risk assessment is establishment of
objectives, linked at different levels and internally
consistent. Risk assessment is the identification and
analysis of relevant risks to achievement of the
objectives, forming a basis for determining how the
risks should be managed.
Because economic, industry, regulatory and operating
conditions will continue to change, mechanisms are
needed to identify and deal with the special risks
associated with change
Control Activities
Control activities are the policies and procedures that
help ensure management directives are carried out.
They help ensure that necessary actions are taken to
address risks to achievement of the entity's objectives.
Control activities occur throughout the organization, at
all levels and in all functions. They include a range of
activities as diverse as approvals, authorizations,
verifications, reconciliations, reviews of operating
performance, security of assets and segregation of
Information and Communication

Pertinent information must be identified, captured and

communicated in a form and timeframe that enable people to carry
out their responsibilities.
Information systems produce reports, containing operational,
financial and compliance-related information, that make it possible
to run and control the business. Effective communication also must
occur in a broader sense, flowing down, across and up the
All personnel must receive a clear message from top management
that control responsibilities must be taken seriously. They must
understand their own role in the internal control system, as well as
how individual activities relate to the work of others. They must have
a means of communicating significant information upstream. There
also needs to be effective communication with external parties.
Internal control systems need to be monitored--a process that
assesses the quality of the system's performance over time.
This is accomplished through ongoing monitoring activities, separate
evaluations or a combination of the two.
Ongoing monitoring occurs in the course of operations. It includes
regular management and supervisory activities, and other actions
personnel take in performing their duties. The scope and frequency
of separate evaluations will depend primarily on an assessment of
risks and the effectiveness of ongoing monitoring procedures.
Internal control deficiencies should be reported upstream, with
serious matters reported to top management and the board.
Internal controls tend to be directed at routine
transactions. Unusual transactions tend not to be the
Potential human errors.
Possibility of circumvention of internal controls either
individually or in collusion with others.
Deliberate fraud committed by management or
Changes in environment rendering controls
Fundamental Ethical Principles

The ethical principles apply to all members of the

professional bodies, and underpin the work auditors
The ethical principles are designed to ensure that
auditors become and remain independent enough
to be able to give a clear and unbiased opinion.
We now consider the principles in the following

Integrity includes not merely honesty but fair

dealing, truthfulness, courage and confidentiality.
Auditors should behave with integrity in all
professional, business and personal financial
One of the issues that may easily compromise
integrity is Conflict of Interest.
Auditors are enjoined not to put themselves in
situations that will lead to this.
Objectivity is the state of mind which has
regard to all considerations relevant to
the task at hand but no other.
It implies intellectual honesty that also
excludes bias, prejudice and
Auditors must strive for objectivity in all
professional and business judgements.
Auditors should not disclose information in the
course of their work to third parties without their
clients permission or unless there is a legal and
professional duty to disclose.
Auditors should not also use information obtained
from clients for personal gain.
It is important that Directors and management of
clients trust auditors to treat with utmost
confidentiality any information obtained during
the audit
Professional Competence

Auditors should carry our their work with due skill,

care and diligence.
Auditors should have proper regard for the
technical and professional standards expected of
As a consequence, auditors should not accept or
perform work which they are not competent to
undertake unless they obtain such advice and
assistance as will enable them to carry out the work
Professional Behaviour
Auditors should comply with relevant laws and
regulations and avoid any behaviour which might
bring their profession into disrepute.
Auditors should behave with courtesy and
consideration to all people with whom they come
into contact during the course of performing their
The auditor is not a policeman but a professional
General Ethical Threats
Many of these threats fall into the following
Self-interest threats

Self-review threats

Advocacy threats

Familiarity threats

Intimidation threats.

We now look at them in turns

Self-Interest threats
This may occur as a result of the financial or other
interest of the auditor or of an immediate or close
family member.
For example if an auditor own shares in the client
company, the auditor could be accused of wanting the
clients profits to look good, so that the share price rises
thereby enriching the auditor. Also, having a partner on
the client board is also unacceptable.
Other threats include close business relationships and close
family and personal relationships.
Self-review threats
This may occur when a previous judgement needs to
be re-evaluated by the accountant responsible for
that judgement.
For example, if the auditor prepares the financial
statements, and then has to audit them, or the auditor
performs internal audit services and then has to check
that the system of internal control is operating
The supply of other services such as taxation, HR etc
Advocacy Threats
Which may occur when an accountant promotes a
position or opinion to the point that subsequent
objectivity may be compromised.
An example would be where the audit firm promotes the
shares in a listed company or supports the company in
some sort of dispute.
Advocacy can interfere with professional scepticism.
As always, the audit firm should weigh up the risks to its
objectivity, integrity and independence and should
withdraw from performing further work if those risks are
too high.
Familiarity Threats
This may occur when because of a close
relationship, the auditor becomes too sympathetic to
the interest of the client.
The close relationship can arise by friendship, family
or through business connections. There is no general
definition of whats meant by close relationships, but
if you were an auditor and your brother was the
Finance Director of a client firm then there probably
is a close relationship!
Intimidation Threat
This may occur when the auditor may be deterred
from acting objectively by perceived or actual
Examples could be threatened litigation, blackmail, or
there might even be physical intimidation, though it is
to be hoped that that is rare.
Blackmail could be more subtly applied and might
relate back, for example, to a period where the
auditor was not acting in accordance with the
required ethical standards.
Threats to Independence
Auditors must approach their work with objectivity
and integrity.
Independence is the cornerstone of the auditing
The auditors work should be unimpaired by any
threat to independence.
We examine some threats to independence in the
following slides.
Undue dependence on audit client
Public perception of independence may be in jeopardy
if the fees from a client or a group of connected clients
constitute a significant portion of total income of the
If the auditor earns a high percentage of total income
from one audit client, then the auditor will rely too much
on that client and cant afford to lose them. This can give
the client too much leverage over the auditor

The 15% rule enjoins auditors to ensure that the fee

from a client does not exceed 15%.
Family or other personal relationships

It is essential that professional relationships are

avoided where there are personal relationships
It will be unethical for the auditor to accept
engagement from a client where members of his or
her family have a major interest.
Where a close relative or the auditors spouse is a
senior officer of the client. This should be avoided.
The auditor had worked for the company prior to
joining the audit firm or a member of the audit had
joined the client in a senior capacity.
Beneficial interests in shares and other
Partners, their spouses and minor children should not
hold shares in or have other investments in client
An audit staff member should not be included in the
team if that staff member or some person
connected with him or her has a beneficial interest
in the audit client.
Audit firms are enjoined to take steps to ensure that
none of their staff or families have any interest in
audit clients.
Loans to and from clients
Auditors should not make loans to its clients.
Firms or individuals within audit firms should not
receive loans from clients unless they are received
on same commercial terms as available to the
general public; arms-length
Delaying collection of fees for unrealistic periods of
time may be construed as a loan to a client.
Fees should be collected under normal terms.
Acceptance of goods and services
Goods and services should not be accepted by an
audit practice or anyone closely connected with it
unless the value of any benefit is modest.
Acceptance of undue corporate hospitality also
poses some threats.
No standards on what constitute excessive but a box
of chocolate for instance may be harmless as
compared to a weekend trip abroad.
Auditor judgement is crucial.
Other threats
Actual or threatened litigation.
Influences outside the practice
Provision of other services (when this is done auditors
should take reasonable steps to ensure audit quality is
not compromised
Commission and fees
Insider dealing
Conflict of interest. E.g. where the auditor is called upon
to advise two clients tendering for the same contract.
Advertising and publicity
There are restrictions on advertising relating to audit
services. Any advertisement should not;
Bring into disrepute any member of the professional
body or the accountancy profession in general.
Discredit the services of others by claiming superiority.
Contain comparisons with other members or firms.
Be misleading either directly or by implication.
Fall short of acceptable standards relating to legality,
decency, honesty and truthfulness.
Why audit committees

To increase public confidence in the credibility and

objectivity of published financial information
To assist the directors in carrying out their
responsibilities for financial reporting.
To strengthen the position of the external auditors
by providing a channel of communication at board
level without the constraint of any executive bias.
Ideally members of the audit committee of any entity
should have a good understanding of the business,
and yet should not have recent involvement with direct
management of the business.
Roles and functions

To monitor the integrity of the financial statements of

the entity, and reviewing significant financial reporting
judgements contained in them.
To review the entitys internal controls and risk
management frameworks
To monitor and review the effectiveness of the entitys
internal audit function.
Review and monitor external auditors independence
and objectivity.
Ensure audit recommendations are implemented as
required. etc
Advantages of audit committees
Increased confidence in the credibility and
objectivity of financial reports.
By specialising in the problems of financial reporting
and thus, to some extent, fulfilling the directors'
responsibility in this area, it will allow the executive
directors to devote their attention to management.
In cases where the interests of the company, the
executive directors and the employees conflict, the
audit committee might provide an impartial body for
the auditors to consult.
The external auditors have an independent point of
Weaknesses of audit committees
There may be difficulty selecting sufficient non-
executive directors with the necessary competence
in auditing matters for the committee to be really
The establishment of such a formalised reporting
procedure may dissuade the auditors from
raising matters of judgement and limit them to
reporting only on matters of fact.
They can result in the perception, if not the reality,
of a two-tier board.
Costs may be increased.
Audit Committees in the Public Sector of Ghana

This is contained in s86 and s87 of the Public

Financial Management Act , 2016 (Act 921).
We will discuss establishment, compositions and
functions of audit committees as stipulated in the
aforementioned sections if Act 921.
Establishment of Audit Committee
86. (1) There is established by this Act, an Audit
Committee that shall serve one particular covered entity
or any other covered entities in a sector.
(2) For the purpose of subsection (1), the Minister shall,
by Regulations, specify
(a) the number of Audit Committees to be established in
each sector;
(b) the qualification for appointment to an Audit
(c) the funding of Audit Committees; and
(d) the procedure for meetings of an Audit Committee.
87. (1) An Audit Committee consists of five
(2) The majority of members of an Audit Committee
shall be independent members.
(3) The Internal Audit Agency and the Institute of
Chartered Accountants, Ghana shall nominate the
majority of members from among persons who do
not work in the covered entity to which the Audit
Committee relates and two other members shall be
nominated by the Principal Account Holder.
Composition (contd)
The chairperson of an Audit Committee shall be
elected from among the independent members of
the Committee.
(5) Without limiting subsection (2), an Audit
Committee may, in the performance of its functions
under this Act, co-opt a senior management
personnel to serve on the Audit Committee.
(6) The Principal Account Holder shall appoint the
chairperson and members of an Audit Committee.
88. (1) An Audit Committee shall ensure that the head
of a covered entity, to which the Audit Committee
(a) pursues the implementation of any recommendation
contained in (i) an internal audit report; (ii) Parliaments
decision on the Auditor-Generals report; (iii) Auditor-
Generals Management Letter; and (iv) the report of an
internal monitoring unit in the covered entity concerned
particularly, in relation to financial matters raised; and
prepares an annual statement showing the status of
implementation of any recommendation contained in
(i) an internal audit report; (ii) Parliaments decision
on the Auditor-Generals report; (iii) Auditor-
Generals Management letter; (iv) the report on
financial matters raised in an internal monitoring
unit of a covered entity; and (v) any other related
directive of Parliament.
An annual statement required under subsection (1) (b)
shall (a) indicate the remedial action taken or proposed
to be taken to avoid or minimise the recurrence of an
undesirable feature in the accounts and operations of a
covered entity;
(b) indicate the period for the completion of the
remedial action; and (c) be endorsed by the relevant
sector Minister and forwarded to the Minister,
Parliament, Office of the President and the Auditor-
General within six months after the end of each
financial year.
Internal Audit
Both the IFAC Code and the UK's Combined Code highlight
the need for businesses to maintain good systems of internal
control to manage the risks the company faces.
It is seen as part of good corporate governance to have an
internal audit function to assess and monitor internal control
policies and procedures.
Assessing the need for Internal Audit.

What is Internal Audit?

It is a review of the accounting and internal control systems within a /agency as
an aid to management. It can be seen as an independent, objective assurance and
consulting activity designed to add value and improve an organisation's
factors to consider in assessing the need for internal audit.
Any trends or current factors relevant to the entitys activities, markets or other
aspects of its external environment that have increased risks.
Internal factors such as organisational restructuring or changes in reporting
processes or underlying information systems.
Adverse trends evident from the monitoring of internal control systems.
Increased incidence of unexpected occurrences.
Internal Audit: what does it entail?

Examination and evaluation of financial and operating information within

the organization
Review of the economy, efficiency, and effectiveness of operations
Review of compliance with external laws, regulations and internal policy and
procedures (this activity is viewed as compliance monitoring or systems and
controls monitoring)
Review and advice on the development of key organization systems and on
the implementation of major change - e.g. control issues in new operating
procedures, new enterprise management software or new product

Internal Audit Vs External Audit

Objective: internal audit is designed to add value and improve organizations

operational efficiency by advising management on whether the organizations
systems of internal control is adequate to protect the organization against loss. The
external auditor on the other hand, works with the view to express an opinion on
financial statements.
Reporting: The internal auditor reports to the board of directors, the audit
committee in most cases, and the reports are for management use only. External
auditors report to members of the company and the report is publicly available to
other users as well as members.
Scope: the external auditors work concerns only the financial statements but the
internal auditors work concerns all areas of operations of the organization as well
the financial aspects of the business.

Internal Audit Vs External Audit (Contd)

Relationship: the internal audit function can be outsourced, however, the internal auditor is
largely an employee (officer) of the company appointed by management. The external
auditor is, obviously, independent of the company and is appointed by members
Approach: internal audit is largely risk-based and focuses on evaluating systems of controls
and testing operations and recommending improvements where necessary. with external
audit, the emphasis is on test of underlying transactions that form the basis of financial
statements in an increasingly risk based manner.
Legal basis: internal audit is highly recommended in corporate governance arrangements
but not a legal requirement like the requirement to have external auditors.
In Ghana the Internal Audit Agency Act 2003, Act 658 S 16(1) stipulates: there shall be
established in each MDA, MMDA an internal audit unit which shall constitute a part of the

Value for Money (VFM) Audits

Value for money (VFM) audits are concerned with evaluating the three Es:

Economy: Buying the resources needed at the cheapest cost

Efficiency: Using the resources purchased as wisely as possible
Effectiveness: Doing the right things and meeting the organisations objectives
Reviews concerned with solely the Economy objective are often termed Best
Value reviews.

Financial Vs Operational Internal Audits

Financial Internal Audit

This was the traditional role of internal audit. It involved gathering evidence
(mainly within the entity's records) to substantiate the information in the
management accounts and financial statements.
Operational Internal Audits
Operational audits are audits of the operational processes of the organisation.
Their prime objective is the monitoring of management's performance,
ensuring company policy is adhered to. They can also be called management or
efficiency audits.

Undertaking Operational Internal Audits

Ensure Policies are adequate. This entails;

Read Policies
Discuss with staff of relevant departments
Assess adequacy
Advise management on improvements
Ensure Policies work effectively
Identify controls.

Outsourcing the Internal Audit function

Increasingly, companies are outsourcing their internal audit function to accountancy

Increased independence of internal auditors
Relevant accounting and auditing skills
Increased reliability
Cost to company
Limited knowledge of specific entity
Independence issues if external auditor provides internal audit function

Prevention and Detection of Fraud and
Role of Internal Auditors
Directors responsible for prevention and detection.
Can contribute to prevention by assessing the effectiveness of control
Existence of Internal Audit department may act as deterrent
Can contribute to detection by reporting suspicions
May be called on to carry out investigation of suspected fraud

Prevention and Detection of Fraud and
Role of External Auditors
No responsibility for prevention
Limited responsibility for detection
Consider risks of material misstatement
Reasonable assurance that financial statements are free from material

Audit Planning and
ISA 300 (revised) Planning an audit of financial statements sets out the basic
reasoning for audit planning: the auditor should plan the audit work so
that the audit will be performed in an effective manner.
Planning' entails developing a general strategy and a detailed approach
for the expected nature, timing and extent of the audit. The auditor
plans to perform the audit in an efficient and timely manner.

Objectives of Audit Planning

Ensuring that appropriate attention is devoted to important areas of the

audit assignment
Ensuring that potential problems are identified
Ensuring that the work is completed expeditiously
Proper assignment of work to assistants and teams
Coordination of work done by other auditors and experts; and
Facilitating review.

What determines the form and nature of
Size of the entity
Complexity of the audit
Auditors experience with the entity
Knowledge of the business
Commercial environment
Method of processing transactions
Reporting requirements

Audit Documentation

ISA 230: (revised) Documentation states that the auditor should document
matters which are important in providing audit evidence to support the
auditor's opinion and evidence that the audit was carried out in accordance
with ISAs. Working papers are essential:
Assist in the planning and performance of the audit
Assist in the supervision and review of audit work
Enable the audit team to be accountable for its work
Retain a record of matters of continuing significance to future audits; and
Enable quality control reviews to be performed.

Contents of Working Papers

They Should:
Be sufficiently complete and detailed to enable an experienced auditor with
no previous connection with the audit subsequently to ascertain from them
what work was performed and to support the conclusions reached.
Record information on the auditors planning the audit, the nature, timing
and extent of the audit procedures performed, and the results thereof, and
the conclusions drawn from the audit evidence obtained
capture Auditors reasoning on all significant matters requiring exercise of
judgement, with auditors conclusions thereon

Types of Documentation

Permanent file (information of continuing importance)

Engagement letters
Legal documents such as prospectuses, leases,
Details of the history of the client's business
Previous years' signed accounts, analytical review and management letters Accounting systems notes, previous
years' control questionnaires.
Current file (information of relevance to current year's audit)
Financial statements
Accounts checklists
Review notes
Audit planning memorandum
Time budgets and summaries
Letter of representation etc

Custody and Retention of Working papers

The firm should establish policies and procedures designed to maintain the
confidentiality, safe custody, integrity, accessibility and retrievability of
documentation. Some measures include:
Passwords to restrict access to electronic documentation to authorised users
Back-up routines
Confidential storage of hard copy documentation.
Local laws are likely to specify retention periods. These are unlikely to be
shorter than five years.

Audit Evidence

When undertaking an audit or a review assignment, the accountant needs to

find evidence through testing of processes, transactions, account balances
and data to support the findings of his report.
ISA 500 Audit Evidence outlines the requirements when conducting an
external audit under International Standards on Auditing.
The auditor should obtain sufficient appropriate audit evidence to be able to
draw reasonable conclusions on which to base the audit opinion. (ISA 500)
Audit evidence is information obtained by the auditor in arriving at the
conclusions on which the audit opinion is based.
Audit evidence should be sufficient, appropriate, relevant and reliable.
Reliability of Audit Evidence

External better than internal

Internal more reliable when controls effective
Auditor generated better than client generated .
Documentary better than oral
Original documents more reliable than copies/ faxes

Procedure for obtaining audit evidence

Analytical procedures
Evaluations of financial information made by a study of plausible relationships
among financial and non-financial data and the investigation of identified
fluctuations and relationships inconsistent with other information.
Enquiry and Direct Confirmation
Seeking information of knowledgeable persons throughout the confirmation entity
or outside the entity and obtaining representation directly from a third party.
Inspection: Examining records, documents and tangible assets
Observation: Looking at a process or procedure being performed by others
Recalculation: Checking the arithmetical accuracy of documents or records and
the auditor's independent execution of procedures and working of controls.

Using the Internal Auditors work

The external auditor has to satisfy himself of the quality of internal audit work
before deciding to place reliance on internal audit work. The following
considerations are essential:
the materiality of the areas or items to be tested, and also the information that
can be obtained from the internal audit
the level of audit risk inherent in the areas to be tested
the level of judgment required
the sufficiency of complementary audit evidence
specialist skills possessed by internal audit staff
testing internal audit work

ISA 620: Using the work of an expert

An expert means a person or firm possessing special skill knowledge and

experience in a particular field other than auditing.
Reliance on the work of an expert might be necessary in the following
Valuation of a non-current asset
Inventory counts or valuations
Legal opinions
Actuarial valuations. Eg on pensions
Auditors need to obtain evidence that the work of the expert is adequate. This will
involve an assessment of the objectivity and professional competence of the

ISA 620: Using the work of an Expert

Before using an expert the auditor should agree in writing;

The nature, scope and objectives of the experts work.
The roles and responsibilities of the auditor and the expert.
The nature, timing and extent of communication between the two
The need for the expert to observe confidentiality
Procedure for evaluating the experts work.
The auditor must also consider:
The consistency of the experts findings with the other audit evidence
The significant assumptions used by the expert
The use and accuracy of source data



Sampling refers to testing, observing or measuring part of a population in order to be able to form a conclusion
about the population.

Audit Sampling is the application of audit procedures to less than 100% of items within a population of audit
relevance such that all sampling units have a chance of selection in order to provide the auditor with
reasonable basis on which to draw conclusions about the entire population.
The objective for the use of audit sampling is to enable the auditor select a sample that is truly representative of
the population of items from which it is chosen, so that the auditor can obtain and evaluate audit evidence
concerning the population from which the sample is chosen.
POPULATION: The entire set of data from which a sample is selected and about which the auditor wishes to draw
Sampling Unit: The Individual item constituting a population.
Stratification: The Process of dividing a population into subpopulations each of which is a group of sampling units
which have similar characteristics (often monetary value).
Statistical Sampling: An approach to sampling that has the following characteristics;
i. Random selection of the sample items; and
ii. The Use of probability theory to evaluate sample results including measurement of sampling risk.

Sampling Risk: The risk that the auditors conclusion based on a sample may be different from the
conclusion if the entire population were subjected to the same audit procedure.
Non-Sampling risk: The risk that an auditor reaches an erroneous conclusion for any reason not related to
Tolerable Misstatement: A monetary amount set by the auditor in respect of which the auditor seeks to
obtain an appropriate level of assurance that the monetary amount set by the auditor is not exceeded by
the actual misstatement in the population.
Tolerable rate of deviation: A rate of deviation from prescribed internal control procedures set by the auditor
in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of
deviation set by the auditor is not exceeded by the actual rate of deviation in the population.
Anomaly: A misstatement or deviation that is demonstrably not representative of misstatements or
deviations in a population.

Reliability Level: This is the complement of sampling risk. For example a 5% sampling risk means a reliability level
of 95%.
Tolerable error: This is the maximum error in the population that the auditor is willing to accept and still conclude
that the audit objective has been achieved.
Representative Sample: This is the one in which the characteristics in the sample of audit interest are
approximately the same as those of the population.

The means by which the most practical sample size is determined out of a whole population with sufficient
accuracy in various circumstances.
The basic aim in the use of statistical sampling is to attain a reasonable balance between the complete
examination of all items.
Statistical sampling involves random selection of the sample items
It makes use of probability theory to evaluate sample results including the measurement of sampling risk.

Results obtained may be expressed in precise mathematical terms.

Population attribute can be predicted from the sample attribute obtained.
It imposes a more formal discipline on the auditor as regards planning the audit of a population.
It invariably involves smaller sample size than the other traditional methods
The degree of probability of the sample as a representation of the whole population can be estimated.

Procedure can be lengthy and unwieldy in certain circumstances.

Multiple results obtainable from a single audit test would each require separate audit test to be statistically valid.
Its practical application may not be possible.
Random sampling used in statistical sampling must be carried out with care to avoid bias, and it is difficult when
for example, transactions are not already ordered or numbered.
The population under examination is very large or the number of units in the population is large.
The population is homogenous
The same rules are applicable to all the units in the population. E.g payment vouchers prepared by the same
person and therefore coming under common characteristics with respect to errors.
Each unit is pre-numbered to facilitate random selection
Every unit in the population has equal chance of being selected.

Random Selection: This method ensures that all items in the population have equal chance of
selection, for example by the use of random number tables.
Systematic Selection: In this method, the number of sampling units in the population is divided by the
sample size to give a sampling interval, for example 50, and having determined a starting point
within the first 50, each 50th sampling unit thereafter is selected.
Monetary Unit Sampling: This method attempts to place a value on the errors in a population. The
auditor is interested not only in the error rates but also in the monetary effects of these errors.
Haphazard Selection: This is a method in which the auditor selects the sample without following any
structured technique. Although no structured technique is used, the auditor would nonetheless
avoid any conscious bias or predictability.
Block Sampling: This method involves the selection of blocks of contiguous items from within the
Attribute sampling: Used to estimate the proportion of items in a population containing a particular

Non-sampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not related to
sampling risk. These may result from factors such as:
Omitting essential audit procedures.
The use of inappropriate audit procedures.
Failure to apply audit procedures properly
Applying audit procedures to inappropriate or incomplete populations.
Failure to draw appropriate conclusions from evidence examined.

Misinterpretation of audit evidence

Failure to recognise a misstatement or deviation
Failure to take appropriate action as a result of audit findings.
Failure to corroborate information obtained from client personnel.
Brief overview of some concepts:
(1) True and Fair View
The auditor is required to report that the financial
statements give a true and fair view of (or present
fairly, in all material respects) the financial position,
results and cash flows of the company concerned.
True and fair view has not been specifically defined.
Reference is mainly to the reporting framework.
The closest definition is the one offered of fair
under IAS 1: Presentation of Financial Statements.
True and Fair view (contd)
Fair presentation requires the faithful representation of the
effects of transactions, other events and conditions in
accordance with the definitions and recognition criteria for
assets, liabilities, income and expenses set out in the Framework
for the Preparation and Presentation of Financial Statements.
The application of IFRSs, with additional disclosure when
necessary, is presumed to result in financial statements that
achieve a fair presentation.'
Ultimately true and fair may need to be decided by a court
where there is contention. The courts will treat compliance with
the identified financial reporting framework as prima facie
evidence that the financial statements are true and fair.
Brief overview of some concepts:
(2) Materiality
Information is material if its omission or misstatement
could influence the economic decisions of users taken on
the basis of the financial statements.
The auditor must be concerned with identifying 'material'
errors, omissions and misstatements. Both the amount
(quantity) and nature (quality) of misstatements need to
be considered.
To put this into practice the auditor therefore has to set
his own materiality levels this will always be a matter of
Letters of Engagement (LE)
ISA 210, Terms of audit engagement, deals with matters relating to letters
of engagement. The purposes of the letter of engagement are:
to define clearly the extent of the auditors responsibilities
to minimize misunderstandings between the auditor and client
to confirm the acceptance by the auditor of his engagement
to inform and educate the client
When to send LE
To all new clients soon after appointment
When they are changes in circumstances in the case of existing
Before accepting the audit
Ensure that the auditor is professionally qualified to act
Ensure that the existing resources of the firm is adequate
for the audit
Obtain appropriate references on the clients and the
directors of the client
Communicate with the present auditors to familiarize
himself with the circumstance surrounding the change of
auditors that he should know about
Procedures after accepting

The auditor after satisfying himself with the nomination as auditor

should then take the following steps after accepting the
nomination before sending an engagement letter:
Ensure that the outgoing auditors removal or resignation has
been properly conducted. This can be done by obtaining a valid
notice of the outgoing auditors resignation or removal
Ensure that the his appointment is valid by obtaining a valid
resolution passed at the AGM of members appointing him as
Set up and submit a letter of engagement.
Contents of the Engagement Letter

The objective of the audit

Management responsibility for the maintenance of proper books of
accounts and to make available to the auditor relevant records and related
The applicable reporting framework
Scope of the audit including reference to applicable legislation, regulations,
or pronouncements of professional bodies to which the auditors adhere
The fact that there is an unavoidable risk that even some material
misstatements may remain undiscovered due to the nature of tests and
inherent limitations of the audit
The need for unrestricted access to records, any reports issued and the
terms under which the could be shared with third parties
Contents of LE (continued)
The following may also be mentioned
Arrangements regarding planning of the audit
Any restriction of the auditors liability should there be
such a situation
Special factors: internal audit relations, audit of divisions
and branches, other auditors, experts, management
supervision reliance
Fees and the basis of their charge
A request for a written acknowledgement of the LE
Professional Responsibility
and liability
Professional Responsibility and
Fraud and error (ISA 240)
Fraud comprises both the use of deception to obtain an unjust or
illegal financial advantage and intentional mis-representations
affecting the financial statements by one or more individuals among
management, employees or third parties.
Fraud is also an intentional act by one or more individuals among
management, those charged with governance, employees or third
parties, involving the use of deception to obtain an unjust or illegal
Fraud risk factors are events or conditions that indicate an incentive
or pressure to commit fraud or provide an opportunity to commit
Fraud and error cont.....

Error would be unintentional mistakes in financial

statements (including the omission of an amount or
When planning the audit, auditors should assess the risk
that fraud or error may cause the financial statements to
contain material misstatements.
Based on this risk assessment, auditors should design
their procedures so that they have a reasonable
expectation of detecting material misstatements arising
from fraud or error.
Fraud and Error cont.......

Responsibility for the prevention and detection of fraud rests

with the management and those charged with governance.
They should create a culture of ethics and honesty within the
This culture should be actively reinforced by active oversight
by those charged with governance by:
i. Considering the potential for controls to be over-
ii. Considering other inappropriate practices eg aggressive
earnings by management
It is more difficult to detect misstatements arising from fraud
rather than from error
Fraud and error cont....

Fraud can involve sophisticated and well-organised schemes

Deliberate failure to record transactions
Intentional mis-representations
Collusion particularly at management level

The auditors ability to detect fraud depends on a combination of

skill of the fraudster
frequency and extent of the manipulation
relative size of the amounts manipulated
degree of collusion
seniority of those involved

The auditor should enquire of management about:

Managements assessment of the risk that the financial
statements may be materially misstated due to fraud
Extent, and Frequency of these assessments
managements procedures for identifying and
responding to risks of fraud include:
specific risks identified by management
risks brought to their attention by others, and classes
of transactions, account balances or disclosures for
which a risk is likely to exist
communications by management with those charged
with corporate governance concerning the processes
adopted for the identification and response to risks
communications by management with employees
concerning their views about business practices and
discussions with the internal auditors
Procedures when there is an indication
that fraud or error may exist:
When auditors become aware of information
which indicates the existence of fraud or error,
they should obtain an understanding of the
nature of the event and the circumstances in
which it has occurred.
They should aim to gain an understanding of the
possible effects on the financial statements.
The auditors should document their findings and
communicate them to the appropriate level of
management. This would usually be the board of
directors or the audit committee.
Reporting to third parties

Auditors should also consider whether the matter should be

reported to a proper authority in the public interest (e.g.
regulatory or enforcement agencies).
If, after obtaining legal advice, the auditors conclude that the
matter ought to be reported to an appropriate authority in
the public interest, they should notify the directors in writing
of their view
And if the entity does not report the matter or is unable to
provide evidence that the matter has been reported, they
should report it themselves.
Reporting to 3rd parties cont...

Where a suspected or actual instance of fraud casts doubt

on the integrity of the directors, auditors should make a
report direct to the proper authority in the public interest
without delay, informing the directors in advance.

The following matters should be taken into account when

deciding whether disclosure is justified in the public
I. the extent to which the suspected or actual fraud is likely
to affect members of the public.
II. whether the directors have rectified the matter or are
taking, or are likely to take, effective corrective action.
Reporting to 3rd parties cont....
III. The extent to which non-disclosure is likely to
enable the suspected or actual fraud to recur.
IV. The seriousness of the matter.
V. the weight of evidence and the degree of the
auditors suspicion that there has been an instance of
Professional liability
An audit firm owes a duty of care to their client, the entity.
They may also owe a duty of care to third parties who rely
upon the financial statements.
In recent years the question of whether the auditor owes a
duty of care to third parties has been controversial and the
subject of considerable media attention.
The auditor may be liable in report to a third party where:
1. A duty of care exists (legal neighbours/proximity);
2. That duty has been breached (ie auditor has been negligent)
3. Third party has relied on the auditors work
Professional liability cont...
4. Financial loss has been suffered
5. The loss suffered was caused by the third partys reliance on
the auditors negligent work.
The Caparo Case
The key case is the Caparo Industries case. In 1987, Caparo Industries
plc brought an action against two of the directors of Fidelity plc and
their auditors, Touche Ross. During 1984, Caparo invested in and
eventually acquired control of Fidelity plc. They alleged that the
financial statements they had relied upon overstated the profits. The
case went to the House of Lords where it was decided that proximity
did not exist. The Lords stated that an essential element of proximity is
that the defendant knew that his statement would be communicated
to the plaintiff, either as an individual or a member of an identifiable
class, specifically in connection with a particular transaction or
transactions of a particular kind and that the plaintiff would be very
likely to rely on it for the purpose of deciding whether or not to enter
upon that transaction. The claim by Caparo Industries was rejected.
The ADT Case (1996)
ADT acquired control of Britannia Securities Group who were
audited by Binder Hamlyn. Before ADT made a bid, they had a
meeting with one of the partners from Binder Hamlyn. At this
meeting, the partner was asked if he stood by the results of the
1989 audit. After the take-over, ADT alleged that these financial
statements were misstated and sued Binder Hamlyn for 65
million. They believed that the meeting between themselves and
the partner created proximity. The judge agreed and Binder
Hamlyn were ordered to pay the 65 million in damages
together with 40 million in interest.
Limiting auditors liability

The Profession is concerned about the extent of their

liability to third parties. They argue that they are
unable to get sufficient insurance cover to meet the
level of claims.
The following suggestions have been put forward as
possible methods of reducing liability.
1. Incorporation
2. Limited Liability Partnership
3. Capping Liability
Incorporation would protect the partners from personal
bankruptcy. However, the firm itself could be forced into
liquidation. Further, there could be adverse tax implications
and the firm would need to publish financial statements
and be subject to an audit.
Limited Liability Partnerships (LLPs) would permit the
partners to avoid personal liability for the debts of the firm.
It has been suggested that auditors should be able to limit
the amount of their liability for an individual audit. The
maximum amount could be based on some multiple of the
audit fee.
Expectation gap
This term is used to describe the difference
between the expectations of those who rely upon
audit reports, concerning audit work performed,
and actual work performed.
Contributing factors
The expectation gap arises due to:
lack of competence,
lack of independence, and
lack of education
Misconduct refers to acts which are likely to bring discredit
upon a member, the ICA or the profession itself.
Convictions relating to the personal life of members and
students such as obtaining money or goods by false
pretences, forgery, theft and other offences involving
dishonesty amount to misconduct.
The Investigations, Disciplinary and Appeals committees will
decide each case on its own merits.
Penalties imposed will reflect the view which the committees
take in respect of the individual offences and the seriousness
of the matter.
Insider dealing

Insider dealing involves the buying or selling of

shares by a person connected with a company who,
when doing so, is in possession of specific
information which is not generally known but which
would be likely, if made public, to have a significant
effect on the market price of the shares.
Clearly an auditor is in possession of such
information. It would be unethical for an auditor to
use that information for personal gain.