Anda di halaman 1dari 53

Audit & Assurance

Company and its Audit

Users of Financial Statements
The Practitioner examines the subject matter made available by the responsible
Party, matches it to the suitable criteria using evidence and reports to the intended
Elements of Assurance Engagement:
1. An assurance Engagement will involves three parties.
The intended users who is the person who requires the assurance report.
The responsible party, which is the organization responsible for preparing the subject
matters (Financial Reports) be reviewed.
The practitioner (i.e. an accountant) who is the professional who will review the
subject matter(financial information) and provide the assurance.
2. Subject Matter: a second element are required in an assurance engagement is
Subject matter information. The subject matter is the data that the responsible party
has prepared and which requires verification.
3. Suitable Criteria: suitable criteria are required in an assurance engagement. The
subject matter is compared to the suitable criteria in order for it to assured and an
opinion provided.
4. Appropriate Evidence: Appropriate evidence has to be obtained by the practitioner
in order to give the required level of assurance.
5. An Assurance Report: An assurance report is the opinion that is given by the
practitioner to the intended users and the responsible party.

Types Of Assurance assignments
High level of assurance but not
absolute assurance
Positive assurance
More testing(Analytical tests, test
of control, and substantive test.
Example is External Audit.
Moderate level of assurance
Negative assurance
Lesser testing-focus on obvious
errors only (analytical testing)
Agency theory

Engages another person
to perform a service on
their behalf
Delegates some decision-making
The owner
The Directors
Problems :
May have concerns over motives of
May question the trust they have placed in
the agent?
Principal and agent may have different
attitude to risk
Possible solutions
Set up mechanisms to align the interests of agents with principles
(eg performance related pay)
Monitoring mechanisms (eg the audit)
Purpose of External Audit
The purpose of external audit is to promote confidence and
trust in financial information.
External audit has been defined as :
The independent examination and expression of opinion on
the financial statements of an entity'.
The primary role of an external audit to is to report on the
truth and fairness of the financial statements of an entity on
behalf of its owners(the shareholders).
The auditor gives an opinion on whether the financial
statements have been prepared in accordance with an
acceptable financial reporting framework, e.g. IFRSs and
Comply with any specific statutory requirements, e.g. to keep
adequate accounting records.
External Audit
The objective of external audit of financial statements is to
enable the auditor to express an opinion on whether the
financial statements are prepared, in all material respect, in
accordance with an applicable financial reporting framework.
An audit of financial statements is an example of an assurance
General Principle of External Audit Engagement:
According to the international standards on Auditing, the
general principles of an audit are:
1. Compliance with Code of Ethics(IFAC)
2. Performance of an audit in accordance with ISAs
3. Audit with professional Skepticism
4. Professional Judgment.
5. Sufficient appropriate audit evidence.
Main important Terms and concepts
True and Fair presentation:
Financial statements are produced by management which give true and fair view of the
entitys result. The auditor in reviewing these financial statements gives an opinion on
the truth and fairness of them. Although there is no definition in the international
standards on Auditing of true and fair it is generally considered to have the following
True information is factual and confirms with reality in that there are no factual errors, in
addition it is assumed that to be true it must comply with accounting standards and any
relevant legislation. Lastly true includes data being correctly transferred from accounting
records to the financial statements.
Fair information is clear, impartial and unbiased, and also reflects plainly the commercial
substance of the transactions of the entity.
Accountability: it often means answerability.(Management is accountable to
Stewardship: Stewardship is the responsibility for taking good care of resources on behalf
of someone else. (Management acts as stewards of shareholders investments).
Agency: Agency is a relationship between a principle(who engage the agent) and another
party, (who is engaged i.e. an agent), where the second party (agent) is authorized to
carry out the principles instructions in the transactions with a third party
Materiality is an expression of the relative
significance or importance of a particular matter in
the context of the financial statements as a whole. A
matter is material if its omission or misstatement
would reasonably influence the economic decision of
users taken on the basis of the financial statements.
Materiality depends on the size of the item or error
judged in the particular circumstances of its
omission or misstatement.
Limitation of Audit
Reason why auditors cannot give absolute assurance.
1. Auditor rely heavily on management to provide information.
2. Auditors have only a limited responsibility to detect fraud.
3. Auditor plan their work to detect material error and fraud only.
4. Auditors need to understand their clients in great depth if they are
to understand how fraud could be carried out and hidden.
However, auditors cannot become too close to their clients
because their independence will be called into question.
5. The lack of accuracy often associated with the subject matter
e.g. financial statements are often subject to estimation and
6. The fact that the evidence is usually gathered on a test/sample
Limitation of Auditors
Auditor can never certify that
the accounts are correct. They
can only ever express an
Limitations of
Not all items
in the FS are
report has
Audit report is
issued after a
long time
after the year-
Audit evidence
indicates what
is probable,
not certain
Auditing is
not objective,
have to be
in accounting
and control
Advantages & Disadvantages of External Auditor
providing consulting services
Advantages of External Auditor Providing Consulting
1. The Auditors are competent and skilled enough to provide
consulting services, as they have detailed knowledge of the
activities of the organization.
2. The auditors are able to use their experience of other industries,
which can be beneficial for the organization and can recommend
the best practices of other industries to the client organization.
Disadvantages of External Auditors:
1. There is a chance that, while providing consulting services, the
auditor can leak some confidential information relating to one
organization to another.
2. There is the danger that the auditors will try to please the
directors by not giving a qualified report to avoid the loss of fees
for their consulting work.
Audit of Small Companies
The majority of companies are required by national Law to have an audit.
A key exemption to this requirement is that given to small companies.
Many EC countries have a small company exemption from audit that is
based on the turnover and total Assets at the end of the year.
Audit Exemption for Small companies:
The main reason for exempting small companies are;
1. For owner-managed companies, those receiving the audit report are
those running the company.
2. The advice/value, which accountants can add to a small company is more
likely to concern other services, such as accounting and tax, rather than
audit which also give rise to a conflict of interest under the ethics rules.
3. The impact of misstatements in the accounts of small companies is
unlikely to be material to the wider economy.
4. It may also be cost beneficial for the small entities
The Auditors Duties
Fundamental duties are;
Form an opinion on whether the financial statements give a true
and fair view and are prepared in accordance with applicable
reporting framework.
Issue an audit report.
Implicit duties to check that;
Return received from all branches of the company.
Accounting records are consistent with The Financial statement.
Proper accounting records have been kept
Information and explanation were received
Directors Report is consistent with Financial Statement.
Duty to check and ensure; Adequate accounting records, compliance
with legislation, truth and fairness, adequate Disclosure.
The Auditors Rights.
The Auditor fundamental Rights is to;
To access all books and records of the company.
To access all information and explanation
The right to receive notice of a general meeting.
Have the right to attend Annual General Meeting.
Also have the rights to speak in AGM
Having the right to resign.
And finally have the right to circulate the
information to the shareholders.

Appointment of Auditors
Only a member of a recognized supervisory body is
eligible to be appointed as an auditor. The person to be
appointed as the auditor is required to hold a
professional accountancy qualification.
1. Appointed by shareholders.
2. Appointment runs from the end of the Annual General
meeting(AGM) until the end of the next AGM.
3. On Appointment, need to get Clearance from
outgoing auditor
4. For entities in which a shares is owned by the state, the
auditor is appointed by the secretary of the state or
Ministry of Finance (or a person authorized by the
Ministry of Finance).
Removal of Auditors
RESIGNATION: Sometimes it is necessary for the auditor to
resign. If an auditor resign, they should do so in writing and
they may wish to speak to the shareholder at Annual General
Meeting(AGM) to Shareholders to explain their reasons.
FORCED REMOVAL: Sometimes, the Board of Directors
or some shareholders may wish to remove the auditors. A
General Meeting must be called so that the shareholders can
vote on the proposal (via an ordinary resolution).
1. Director can not remove the auditors themselves.
2. Can be removed by a simple majority at a General Meeting.
3. The auditor should be given notice of such a meeting.
4. The all allowed to speak at the General Meeting.
International Standards on Auditing (ISAs)
The accounting profession believes in practices both self-
regulated and self-promotion. The profession established
and maintains the international Federation of
Accountants (IFAC). IFAC is a global organization
comprising of 155 members and associates (mostly
national professional institutes) spread across 118
countries. Membership stands at more then 2.5million
accountants that come from public practices, industry,
and commerce, the public sector as well as education
The international Standards on Auditing(ISAs) are
issued by the International Auditing and
Assurance Standards Board(IASB) and provide
guidance on the performance of an audit.
Development of ISA
1. Research and Consultation
A Project task force is
established to develop An ISA
2. Transparent Debate:
A Draft of the Proposed
ISA is discussed and
debated at an open (on the
Public) IAASB Meeting.

3. Exposure for Public
The Draft is then placed on the
IAASB website (for at least 120
days) and widely distributed for
public comments

4. Consideration of Comments:
A Second open IAASB meeting is
held to consider all received
comments. If significant changes
are made, then the draft is again
exposed for public comments
5. Affirmative Approval
The draft is converted into
a finalized standard subject
to an affirmative vote by at
least two-third of meeting
Corporate Governance
Corporate Governance represents the set of polices
and procedures that determine how an organization
is directed, administrated and controlled.
Although the contents of corporate governance will
vary from organization to organization, almost all
will have the following components.
Transparency and

Objective of Corporate Governance
Objectives and importance of corporate Governance:
Align shareholders interest with the interest of the
Direct and control organizations activates.
Review effectiveness, efficiency and ethics of the board of
Builds investors and shareholders confidence in the
Provide a system of check and balance to minimize
power abuse.
Provide a framework and incentive for management,
executives and board of directors to act in the best
interests of their organization and its shareholders.
Those charge with Governance are defined as the
persons who are accountable for ensuring that the
entity achieves its objectives, with regard to reliability
of financial reporting, effectiveness and efficiency of
operation, compliance with applicable laws, and
reporting to interesting parties.
Some important terms in corporate governance:
1. An Executive Directors: An Executive director is a
director responsible for the administration of a
2. A Non-Executive Director(NED): a non-executive
director is a director without day-to-day operational
responsibilities of the Company.

Responsibilities of Board of Directors in corporate
Establish a code of corporate ethics.
Ensure that the organization establishes polices,
procedures and controls to manage the potential risks it
will face .
Compliance with laws and regulation.
Ensuring that an effective systems of internal controls is
in place and functioning.
Ensuring that a high quality and timely independent
audit is conducted.
Establish and oversee the work of audit and
remuneration committee.
Advantages of Audit Committee
1. Improves public confidence.
2. Better quality financial reporting.
3. Guidance to BOD
4. Improves ICS.
5. Helps in Risk Management.
Limitations of Audit Committee:
1. Although audit committees do oversee the work of auditors (both internal
and external) they do not have the authority to appoint or dismiss them.
This limits the amount of power the committee has over the organizations
2. Audit committees generally do not have as much technical expertise and
knowledge as the auditors they are overseeing.
3. Independent directors often do not have as thorough a knowledge of the
organizations operations and functioning as executive director.
4. Most of the members of the audit committee are non-executive director.
The board may feel that the auditor committee has been formed
to limit its power and allow outsiders to run thee company.
5. The non-executive directors have to be paid more for carrying out the
responsibilities associated with the audit committee. Hence, it increases
the cost of the organization.

Internal Audit
An independent Appraisal activity established within
an organization as a service to it. A control in itself
which functions by examining and evaluating the
adequacy and effectiveness of other controls.
Steps to conduct internal audit
1. Identify the risks which may occur if there are no
controls in place.
2. Identify controls in place.
3. Evaluate whether the controls in place reduce the
risk to an acceptable level i.e. they are adequate.
4. Evaluate whether the controls are working
5. Re poeffectively.rt
1. Reviewing accounting and internal control systems.
2. Helping with risk assessment.
3. Reviewing 3Es (Economy, Efficiency and
Effectiveness) of operations.
4. Examining operating and financial information.
5. Reviewing compliance with laws and regulations.
6. Carrying out special investigations(e.g. into
suspected fraud)
Factor determining need of internal audit
Cost benefits analysis
Complexity of operations
Scale of operations
Changes in key risks and process
Problems with existing controls
Ability of Current management to carry out
assignment which would normally be carried out by
internal auditors.
Need of special assignments that normally internal
audit carries out( For example IT audit).
What Dose Corporate Governance Says about
Internal Audit
IA should report to the Audit committee. The AC will
monitor if internal audit is effective. If there is no IA
department, the AC should determine whether there is
need for one. In case they believe the internal audit
department is not required, it needs to explain the reason
for this in the annual report.
Assistance to the Board of Directors:
o The IA department checks reports that are not audited by
the external auditors.
o It can help the Board of Directors with regards to
accounting and auditing standards when required.
o IA cal cooperation with external auditors which can
reduce the time and cost of external audit.

Difference Between External and Internal
Internal Audit External Audit
Objective Add value and improve
Truth and Fairness of the
Financial Statements.
Report to Board of Directors and
Audit Committee
Scope Operations primarily Financial statement
Relationship with the
Employees or outsourced independent
IA and Risk Management:
IA ensures risk management systems are operating effectively
and that the strategies implemented for business risk are
operating effectively.
Business Risk (Risk that the companys objective are not met
or strategy not executed properly or inappropriate objective
and strategies were set).
IA and Fraud:
Assess the adequacy and effectiveness of control.
Be alert to suspicious activities.
Report suspicious activities.
Carry out special investigations.
Limitations of IA:
Independency issues as employees so may be concerned
about job security.
If it is not reporting to the AC, Management can influence
them( They will be checking the work of the people they are
reporting to).

Outsourcing Internal Audit
Greater Expertise, specialist skills and access to better audit technology
without extra cost available.
The risk of staff turnover is passed on the firm
Lesser cost of training staff and retaining staff.
May be more independent.
Lesser management time consumed in administering the department.
IA will be immediately available (also good for short time)
Flexibility in terms of that the staff can be called in according to workload.
May not be independent if the same firm is offering external audit and
internal audit.
May be more expensive
The firm will not have in-depth knowledge of the company.
Lesser control by the management over the standards of services.
If the company has an existing IA department which is to be made
redundant, that may face opposition from the other staff.

Internal Audit Assignments
1. VFM Audit: a value for money audit focuses on whether the best
combination of services has been obtained for the lowest level of
in performing a value for money audit there are three areas which
an auditor will commonly focus on being economy, efficiency
and effectiveness and these are known as 3Es.
2. IT Audit: An information technology audit is an examination of
the control within an information technology infrastructure. This
determines if the information system are:
Safeguarding Assets
Maintaining Data integrity and
Operating effectively and efficiently to achieve the organization
goals or objectives.

Internal Audit Assignments
3. Best Value Audit: the best value reviews involves the following;
Reviewing whether the products/services meet the requirements of the
Determining whether there is balance between cost and quality of the service or
Comparing product/service with competitors to find out the best and the worst
features in the products of the entity so as to make improvements.
The most important ingredients of best value review are explained with the
4Cs these four Cs are;
1) Challenge: indentifies the need of the service and the way it is provided. An
entity should discontinue providing a service if the reason why the service is
provided cannot be identified satisfactory.
2) Compare: Compares the attribute of the services provided with those provided
by similar organization.
3) Consult: Suggests consulting with users in order to know whether or not the
services provided meet the needs of the consumers.
4) Compete: Encourage fair competition so as to secure efficiency and effective
Fundamental Principles of Ethics
1. Integrity: Members should be straightforward and honest in all professional and business
2. Objectivity: Members should not allow bias, conflicts of interest or undue influence of
others to override professional or business judgments.
3. Professional Competence and due care: Members have a continuing duty to maintain
professional knowledge and skill.
4. Confidentiality: Members should represent the confidentiality of information acquired as
a result of professional and business relationship and should not disclose any such
information to third parties without proper and specific authority.
Information can be disclose if;
if the client have given their consent.
If there is an obligation to disclose e.g. if the client is suspected of money laundering,
terrorism, dug trafficking.
If it is required by a regulatory body, e.g. financial services legislation.
If a court order has been obtained.
If a member has defend himself in court or at a disciplinary hearing.
If it is in the public interest.
5. Professional Behavior: Members should comply with relevant laws and regulations and
should avoid any action that discredit the profession.
Threats to objectivity and independence
1. Self-interest Threats: self-interest threats arises when the auditors put their
own interest above those of the client or shareholders e.g. Financial
interests(shares), Receiving Material gifts, fee dependency, personal or business
relationship with client and low balling.
2. Self-Review threats: this threats arises when the auditors perform
work/produce information for the client that they end up reviewing themselves as
part of an assurance engagement e.g. giving advice on accounting or control
systems and then audit them(e.g. by performing internal audit services for the
client), Prepare financial information or assist with calculations then audit this
information, provide services for the client e.g. tax, valuation, corporate finance
and then review this work as part of the audit, Join the audit team after working
for the client.
3. Familiarity Threats: Familiarity threats arise when the auditors develop a
close relationship with the client and as a result become too sympathetic to their
interests or too trusting of the their work.
4. Advocacy threats: when auditors fail to take a balanced view on their clients
affairs and are perceived to be either taking their client side or are biased against
their client.
5. Intimidation threats: this threats is caused by a client being in position to put
pressure on an auditor to prevent them acting objectively.

Procedures before accepting a client
1. Out going auditor clearance: contact outgoing auditor with the clients
permission & ask for any professional reasons why thy should not accept
appointment (if the client has caused problems, you may wish to say no
to the appointment)
2. Client related issues:
i. Formalities( of removal of outgoing auditor fulfilled)
ii. Integrity of the clients management assessed.
iii. Gather knowledge of the business.
iv. Client screening (risk assessment)
v. Check if the client will limit the scope of the auditor.
3. Auditors related issues:
i. Ensure independence.
ii. Ensure competence and skills.
iii. Ensure resource(Staff, time etc)
iv. Ensure no conflicts of interest with other clients.
Procedures before accepting a client
4. Precondition for an audit:
To assess whether the precondition for an audit are present the
auditor must;
i. Determine whether the financial framework to be applied in the
preparation of the financial statements are acceptable.
ii. Assess the nature of the entity and purpose of the financial
statements and whether law or regulation prescribe the
applicable reporting framework.
iii. Obtain the agreement of the management that it acknowledge
and understands its responsibility for the following.
Preparation of the financial statements in accordance with the
applicable reporting framework.
For internal control.
To provide the auditor with access to all relevant information for the
preparation of the financial statements

Engagement Letter
Compulsory for every new engagement.
Sent before the audit start.
Purpose of Engagement: An Engagement letter
provides a written agreement of the terms of the
audit engagement between the auditor and
management or those charged with governance.
It confirms that there is a common understanding
between the auditor and management, or those
charged with governance, of the terms of the audit
engagement helps to avoid misunderstandings with
respect to the audit.
Contents of Engagement Letter
The content of engagement letter for an audit services will include the following.
1. Objective of audit of financial statements.
2. The responsibilities of the directors(for accounting records, the financial statements, and the accounting
policies on which they based on).
3. The responsibilities of auditor and the scope of the audit(their duty to conduct an audit in accordance with
auditing standards, to review accounting policies and disclosures, to perform test and to form an opinion
on the financial statements)
4. Communication between the auditor and the client (e.g. form of audit report, management representation
letter of weakness etc.).
5. The basis for fee calculations.
6. Agreement of management to provide a representation letter.
7. Use of the work of internal audit.
8. The auditors use specialist.
9. Deadline.
10. Access to all information.
11. Complaints procedures and jurisdiction.
12. The need of co-operation and agreement of terms.
What if management refuse to sign the engagement letter?
Identify the reason.
Try to reach a suitable compromise keeping in mind your duties and responsibility.
Refuse the engagement if matter still not resolved

Audit Plan
Its a key requirement of the ISAs that all audit are properly so that:
Auditor can determine the amount of work that needs to be done
and therefore allocate the right amount and type of people to the
The work is properly organized and managed.
The correct fee can be determine.
The work is carried out, within budget, and meets deadlines.
Important or problem areas are identified and dealt with
appropriately so that auditors can identify and deal with risk.
Identify the need for experts and co-ordination of work of others.
An Audit strategies sets the scope, timing and directions of the audit
and guides the development of the more detailed audit plan. Once the
overall strategy has been planned, detailed considerations can be
given to each individual audit objective and how it can be best met.
Key Component's of audit strategies
1. Knowledge of Business:
The market and its competitions.
Legislation and regulation.
Ownership of the entity.
Nature of Products/service and markets.
Locations of production facilities and factories.
Key customers and suppliers.
Accounting policies and industry.
Financing structure.
Inquiry of the management.
And others within entity.
Those charged with governance, internal auditor, employees, Legal counselor,
Observation and inspections.
Analytical procedures.
Other sources.
Previous experience of the auditor with the entity and industry.

Key Component's of audit strategies
Identify Risk:
Audit risk.
Business Risk( Financial risk, operational Risk and compliance risk)
Assess Risk by:
i. Knowledge of the business.
ii. Analytical procedures(to help understand the clients financial statements and to
help spot possible error) Analytical Procedures are comparison with prior years
budgets, industry information.
Importance of the Risk Assessment: ISA 315 identifying and assessing the risk of
material misstatement through understanding the entity and its environment.
Assessing engagement risk at the planning stage. This will ensure that attention is
focused early on the areas most likely to cause material misstatement.
It will help the auditor to fully understand the entity which vital for effective audit.
Any unusual transactions or balances would also be identified early these could be
addressed in timely manner.
Assessing risk early should also result in an efficient audit. The team will only focuse
their time and effort on key areas as opposed on balance or transaction that might
be immaterial or unlikely to contain errors.

Key Components of Audit strategy
Materiality: information is material if its omission or misstatement could influence the
economic decision of the users taken on the basis of financial statements.
Types of Materiality:
1. Materiality by size: such materially refers to the importance depends on value. A number of
immaterial error could add up to be material misstatement.
2. Commonly calculated as:
5% of PBT/
1% of Gross Revenue.
2. Material By Nature: the quality refers to an amount that might be low in value but due to its
prominence could influence the users decision for Example;
Bank balance.
Transactions with directors.
Related party transactions.
3. Performance Materiality Level: this is the amount set by the auditor, it is below the
materiality level, and its use for particular transaction, account balance and disclosures.
Performance materiality for the financial statements is a whole will be lower then materiality of
the financial statements as whole.
Materiality level of particular class of transaction, account balance or disclosure.
Key Components of Audit strategy
4. Scope, timing and direction of audit procedures:
Scope: Financial reporting framework for the financial statements?
Are there industry specific or other special reporting requirement?
Are other factors which influence the overall approach to audit?
i. Multiple location
ii. Group Audit.
iii. Needs of Experts.
Timing: Deadline for
Final reporting.
Any interim reports.
Reports to management.
Reports to those who charged with governance.
Direction: the direction of the audit cover the overall approach and concern such issue as;
Preliminary identification of material components and account balances.
Reliance on control or fully substantive approach.
The need for site vistas and other logical issues.
The impact of resent development of the client, and its industry, in regulatory or financial
reporting requirement.

Audit Risk
Audit Risk: is defined as the risk of that the auditor
expresses an inappropriate opinion when the
financial statements are materially misstated.
Audit Risk need to be at an acceptably low level
The elements of audit risk are as follows;
i. Inherent Risk.
ii. Control Risk.
iii. Detection Risk.
The formula for Audit Risk is as follow
AR = Inherent Risk Control Risk Detection Risk

Elements of Audit Risk
1. Inherent Risk: Inherent Risk describes something's about the
nature of a business or its transaction that make it particularly
susceptible to material misstatements. It can be present in the
nature of the business or balance.
2. Control Risk: the Risk that an organizations internal control
system do not adequately protect the organization either because
they have not been adequate designed and /or implemented.
3. Detection Risk: Detection Risk is all down to the auditors and is
the risk that the auditors procedures fail to detect a material
misstatement. This could be due to a number of factor such as;
Choosing the wrong sample to test.
Human error.
Lack of training.
Audit Plan
An audit plan converts the audit strategy into a more detailed plan and includes the
nature, timing and extent of the audit procedures to be performed by engagement
team members in order to obtain sufficient and appropriate audit evidence to
reduce audit risk to a low level.
Audit planning is a detailed recording of each procedures and process required to
perform an audit. Once the overall strategy has been determined, the auditor should
prepare a detailed plan of the areas determined in the audit strategy. The audit plan
contains the nature, timing and extent of the procedures to be performed.
The audit plan covers:
Allocation of work and duties to the assistants.
Allocation of time and cost.
Formation of various teams.
Audit test.
Data gathering techniques.
Audit objectives.
Types of audit evidence desire.
The audit plan is developed in order to reduce audit risk to an acceptable low level.

In the case of a company, the board of directors acts
as the agents of the body of
shareholders, the principals. The directors are
accountable for their stewardship of the