Chapter 1 Auditing and Types of Auditing

Introduction:
Economic decisions in every society must be based upon the information available at
the time the decision is made. For example, the decision of a bank to make a loan to a business
is based upon previous financial relationships with that business, the financial condition of the
company as reflected by its financial statements and other factors.
If decisions are to be consistent with the intention of the decision makers, the
information used in the decision process must be reliable. Unreliable information can cause
inefficient use of resources to the detriment of the society and to the decision makers
themselves. In the lending decision example, assume that the bank makes the loan on the basis
of misleading financial statements and the borrower Company is ultimately unable to repay.
As a result the bank has lost both the principal and the interest. In addition, another company
that could have used the funds effectively was deprived of the money.
As society become more complex, there is an increased likelihood that unreliable
information will be provided to decision makers. There are several reasons for this: remoteness
of information, voluminous data and the existence of complex exchange transactions.
As a means of overcoming the problem of unreliable information, the decision-maker
must develop a method of assuring him that the information is sufficiently reliable for these
decisions. In doing this he must weigh the cost of obtaining more reliable information against
the expected benefits.
A common way to obtain such reliable information is to have some type of verification
(audit) performed by independent persons. The audited information is then used in the decision
making process on the assumption that it is reasonably complete, accurate and unbiased.
Origin and evolution:
The term audit is derived from the Latin term 'audire.' which means to hear. In early
days an auditor used to listen to the accounts read over by an accountant in order to check them.
Auditing is as old as accounting. It was in use in all ancient countries such as
Mesopotamia, Greece. Egypt. Rome, U.K. and India. The Vedas contain reference to accounts
and auditing. Arthasashthra by Kautilya detailed rules for accounting and auditing of public
finances.
The original objective of auditing was to detect and prevent errors and frauds.
Auditing evolved and grew rapidly after the industrial revolution in the 18th century
with the growth of the joint stock companies the ownership and management became separate.
The shareholders who were the owners needed a report from an independent expert on the
accounts of the company managed by the board of directors who were the employees.
The objective of audit shifted and audit was expected to ascertain whether the accounts
were true and fair rather than detection of errors and frauds.
Definitions:
Lawrence R. Dicksee - An audit is an examination of accounting records undertaken with a
view to establishing whether they correctly and completely reflect the transactions to which
they purport to relate."
Taylor and Perry - "Audit is defined as an investigation of some statements of figures
involving examination of certain evidence, so as to enable an auditor to make a report on the
statement.
F.R.M De Paula - "An audit denotes the examination of Balance Sheet and Profit and Loss
Account prepared by others together with the books of accounts and vouchers relating thereto
in such a manner that the auditor may be able to satisfy himself and honestly report that, in his
opinion, such Balance Sheet is properly drawn up so as to exhibit a true and correct view of
the state of affairs of the particular concern according to the information and explanations given
to him and as shown by the books".
Prof. Montgomery - "Auditing is a systematic examination of the books and records of
business or other organization, in order to ascertain or verify and to report upon the facts
regarding its financial operations and the result thereof."
Spicer & Pegler - "Audit such an examination of the books of accounts and vouchers of a
business, as will enable the auditor to satisfy himself that the Balance Sheet is properly drawn
up, so as to give a true and fair view of the state affairs of the business, and whether the profit
and loss account gives a true and fair view of the profit or loss for the financial period according
to the best of his information and explanations given to him and as shown by the books, and if
not, in what respect he is not satisfied".
The institute of Chartered Accountants of India defines "Auditing is a systematic and
independent examination of data, statements records operations and performance (financial or
otherwise) of an enterprises". In any auditing situations the auditor perceives and recognize the
preposition before him for examination collects evidence evaluations the same and on this
basis., formulated his judgement which its communicated through his Audit Report.
Features of Auditing:
• Audit is a systematic and scientific examination of the books of accounts of a business:
• Audit is undertaken by an independent person or body of persons who are duly qualified
for the job.
• Audit is a verification of the results shown by the profit and loss account and the state
of affairs as shown by the balance sheet.
• Audit is a critical review of the system of accounting and internal control.
• Audit is done with the help of vouchers, documents, information and explanations
received from the authorities.
• The auditor has to satisfy himself with the authenticity of the financial statements and
report that they exhibit a true and fair view of the state of affairs of the concern.
• The auditor has to inspect, compare, check, review, scrutinize the vouchers supporting
the transactions and examine correspondence, minute books of shareholders, directors,
Memorandum of Association and Articles of association etc., in order to establish
correctness of the books of accounts.
Objectives of auditing:
There are two main objectives of auditing. The primary objective and the secondary or
incidental objective.
 Primary objective - the primary duty (objective) of the auditor is to report to the owners
whether the balance sheet gives a true and fair view of the Company's state of affairs
and the profit and loss A/c gives a correct figure of profit of loss for the financial year.
 Secondary objective - it is also called the incidental objective as it is incidental to the
satisfaction of the main objective. The incidental objective of auditing are:
o Detection and prevention of Frauds (Embezzlement of Cash; Misappropriation
of Goods; and Fraudulent manipulation of Accounts) and
o Detection and prevention of Errors (Error of omission, Error of commission,
Error of principle, Compensating or offsetting errors, Error of duplication.)
Classifications of Auditing:
Financial Audit
A financial audit, or more accurately, an audit of financial statements, is a review of an
enterprise's financial statements that results in the publication of an independent opinion on the
relevance, accuracy, completion and fairness (RACF) of the presentation of the financial
statements.
Financial audit is also called as the "Balance sheet audit' or the "Periodical audit". Final
audit is started when the books of accounts closed at the end of the year, it is the most
satisfactory form of audit from the point of view of an auditor. In this audit there is cent percent
checking of the accounts. In case if the business has an effective and proper internal control
system. Then the audit sampling is possible. The following are the main essentials or features
or characteristics of the final audit.
 In one session an auditor make only one visit.
 This type of audit can be conducted on both the large and small type of business.
 It is conducted when the accounting period ended.
 In this audit the auditor can do test checking.
 Auditor report is a prerequisite.
 It is conducted to report to shareholders.
 The audit is completed on a short period.
Operational Audit
Operational auditing is the process of reviewing a department or other unit of a business
or governmental or non-profit organization to measure the effectiveness, efficiency and
economy of operations. It is an evaluation of management's performance and conformity with
policies and budgets. In this approach, the enterprise and its operations are analysed, including
appraisal of structure, controls, procedures and processes. The objective is to appraise the
effectiveness and efficiency (E&E) of a division, an activity or an operation of the entity in
meeting organizational goals.
The operational audit helps the management to detect and correct deficiencies in the
business processes. In short, through the operational audit , what is intended is to evaluate and
assess how the activities are being carried out within the internal fabric of a company, if the
resources are used properly and, thus, conclude whether the policies and procedures that are
developed are acceptable or not. The operational audit allows us to analyse and evaluate all
decisions and strategies taken in the operations plan, with the development of the company’s
production process.
The operational audit is a great alternative to detect shortcomings in time and transform
the activity of the company into a profitable process, which is ultimately what matters most to
a company: doing more with the least amount of resources possible. The objectives of the
operational audit are:
• Analyse administrative, managerial and operational aspects on which the appropriate
modifications will be made in order to improve business operations.
• Identify which areas should reduce costs and support the processes with the greatest
needs.
There are many companies that go wrong, but they do not know how to detect the
reason. That’s where the operational audit comes into play. This will detect the weak point of
the business with total certainty, establish the measures to which the company should be
supported and, thus, finally achieve to overcome and successfully achieve their objectives.
Information Systems (IS) Audit:
This involves a review of the controls over software development, data processing, and
access to computer systems. The intent is to spot any issues that could impair the ability of IT
systems to provide accurate information to users, as well as to ensure that unauthorized parties
do not have access to the data.
In the early days of computers, many people were suspicious of their ability to replace
human beings performing complex tasks. The first business software applications were mostly
in the domain of finance and accounting. The numbers from paper statements and receipts were
entered into the computer, which would perform calculations and create reports. Computers
were audited using sampling techniques. An auditor would collect the original paper statements
and receipts, manually perform the calculations used to create each report, and compare the
results of the manual calculation with those generated by the computer. In the early days,
accountants would often find programming errors, and these were computer audit findings.
 However, these exercises also sometimes yielded findings of fraud. Fraud activities
ranged from data entry clerks changing check payees to programmers making deliberate
rounding errors designed to accumulate cash balances in hidden bank accounts. [Editor's note:
For more, see Essential Reading on Fraud.] As auditors recognized repeating patterns of fraud,
they recommended a variety of security features designed to automatically prevent, detect, or
recover from theft of assets.
As computers became more sophisticated, auditors recognized that they had fewer and
fewer findings related to the correctness of calculations and more and more on the side of
unauthorized access. Moreover, the checks and balances that were devised to maintain
correctness of calculations were implemented as software change control measures. These rely
heavily on security to enforce controls over segregation of duties between programming,
testing, and deployment staff. This meant that even programming changes relied in some
measure for their effectiveness on computer security controls. Nowadays, information systems
audit seems almost synonymous with information security control testing.
Information Systems Audit is to assess the adequacy of environmental, physical
security, logical security, and operational controls designed to protect IS hardware, software,
and data against unauthorized access and accidental or intentional destruction or alteration, and
to ensure that information systems are functioning in an efficient and effective manner to help
the organization achieve its strategic objectives.
The Scope of an IS Audit
However, the normal scope of an information systems audit still does cover the entire
lifecycle of the technology under scrutiny, including the correctness of computer calculations.
The word "scope" is prefaced by "normal" because the scope of an audit is dependent on its
objective. Audits are always a result of some concern over the management of assets. The
concerned party may be a regulatory agency, an asset owner, or any stakeholder in the operation
of the systems environment, including systems managers themselves. That party will have an
objective in commissioning the audit. The objective may be validating the correctness of the
systems calculations, confirming that systems are appropriately accounted for as assets,
assessing the operational integrity of an automated process, verifying that confidential data is
not exposed to unauthorized individuals, and/or multiple combinations of these and other
systems-related matters of importance. The objective of an audit will determine its scope.
It is sometimes a challenge for auditors representing management interests to map the
audit objective onto technology. They first identify business activity that is most likely to yield
the best type of evidence to support the audit objective. They identify what application systems
and networks are used to handle the information that supports the business activity. For
example, an audit may focus on a given IT process, in which case its scope will include the
systems used to create input for, to execute, or to control the IT process. An audit focused on
a given business area will include the systems necessary to support the business process. An
audit that focuses on data privacy will cover technology controls that enforce confidentiality
controls on any database, file system, or application server that provides access to personally
identifiable data.
From the point of view of the IT Manager, scope should be clear from the outset of the
audit. It should be a well-define set of people, process, and technology that clearly correspond
to the audit objective. If an auditor does not understand the technology environment prior to
the beginning of an audit, there may be mistakes in scope definition. Where such mistakes
happen, they are often caught in the course of the audit, and systems that previously were not
in scope may be declared to be in scope. The audit professional calls this "scope creep." They
generally try to avoid it, because the consequence is that more resources than planned will be
necessary to meet the audit objective.
 Once a scope is determined, an auditor will be provided with a contact for the review.
In some organizations, the role of audit liaison is formally assigned. This role often falls to an
information security professional, but there is no expectation on the part of audit that it would
be someone in security. By default, it would be the highest ranking person in the IT
management chain whose responsibilities fully cover the systems within the scope of the audit.
This contact will be requested to provide background information on the systems that an auditor
can use to plan the audit. Policies, architecture diagrams, systems manuals, and other sorts of
documentation will often be requested in advance of an audit.
Integrated Audit
Integrate audit is more than just an audit of financial statements. It is normally including
financial audit integrated with others non-financial statement audit as per client requirement.
Those including operational auditing, compliance audit, and others technical audit like IT audit
as well as environmental audit.
This is happen mostly for the engagement with public entity and non-profit organization
rather than corporation. For example, non-profit organization work for public health projects.
Audit engagement might not scope specifically on the financial audit, but it might also
review the technical reports or projects that organization spend for. The engagement of
integrate audit may join by audit firm with others technical firm.
The following are the common non-financial audit that normally integrated with
financial audit:
• Information technology audit
• ISO audit
• Compliance audit
• Operational audit
• Value for money audit
• Internal audit
Reporting of integrated audit is sometime issue in one report with financial audit and
sometime issued separately depending on the requirement of client.
This kind of audit help and benefit a lot to managements, director and shareholders.
They could assure that the fund or resources that the entity spend for are for the purposes the
entity.
Investigative Audit
This is an investigation of a specific area or individual when there is a suspicion of
inappropriate or fraudulent activity. The intent is to locate and remedy control breaches, as well
as to collect evidence in case charges are to be brought against someone.
An investigative audit is the same as a forensic audit. In forensic auditing, accountants
with specialized knowledge of both accounting and investigation seek to uncover fraud,
missing money, negligence and/or malfeasance. When fraud or theft is uncovered, the
investigative auditor compiles evidence and is often asked to testify if the individual
responsible for the theft is eventually prosecuted.
Forensic accountants focus on investigative accounting and providing litigation
support. Investigative accounting involves skills that regular accountants do not usually
possess. For example, a forensic accountant is trained to introduce evidence in court, answer
questions from attorneys while on the witness stand and understand courtroom rules and
procedure. Investigative auditing firms are staffed with these professionals.
Follow-up Audit
Follow-up audit is a process by which internal auditors evaluate the adequacy,
effectiveness, and timeliness of actions taken by management on reported observations and
recommendations, including those made by external auditors and others.