Introduction What is Auditing

In a corporate world where there are many shareholders, all shareholders can not
participate in managing the Company.
Therefore, such shareholders select a Board of Directors amongst themselves to
manage the Company.
These Board of Directors may not be able to manage the company on day to day
basis because lack of time, knowledge and expertise.
Therefore, Board appoints Management to run the Company. Management includes
CEO, CFO, COO and head of departments.
Management as part of their work ensures good internal control in the organisation
and also prepares financial statements to reflect its financial performance.
An auditor audits these financial statements.
1

What is an audit

Introduction What is Auditing

Audit means Inspection/Examination/Evaluation/Checking/Verification etc. and can
be used in wide ranges of situation and scenarios. However, in the financial context,
An audit is performing procedures to obtain evidence about the amounts and
disclosures in the financial statements. The audit procedures selected depend on
auditors judgement, including the assessment of the risks of material misstatement
of the financial statements, whether due to fraud or error.
In making those risk assessments, an auditor considers internal control relevant to
the entitys preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances.
An audit also includes evaluating the appropriateness of accounting principles used
and the reasonableness of accounting estimates made by management, as well as
evaluating the overall presentation of the financial statements.
Audit is conducted under a framework e.g. International Standards on Auditing.
3

Introduction - History of Auditing

Auditing existed primarily as a method to maintain governmental accountancy, and
record-keeping was its mainstay. It wasn't until the advent of the Industrial
Revolution, from 1750 to 1850, that auditing began its evolution into a field of fraud
detection and financial accountability.
Businesses expanded during this period, resulting in increased job positions
between owners to customers. Management was hired to operate businesses in the
owners' absences, and owners found an increasing need to monitor their financial
activities, both for accuracy and for fraud prevention. In the early 20th century, the
reporting practice of auditors, which involved submitting reports of their duties and
findings, was standardized as the "Independent Auditor's Report.
Audit enhances credibility and therefore it become very popular and most often
mandatory for certain types of Institutions like Company, Banks, etc..

Introduction Auditing and Accounting

I thought both are same!!! Surprised to hear they are different!!!
Accounting is recording, classifying and summarizing economic events in a logical
manner for the purpose of providing financial information for decision making. Such
financial information must be prepared by following a defined set of standards so
that these comparable (i.e. IFRS, US GAAP)
The most common end product of accounting function is the financial statements.
The most important end product of auditing is Independent Auditors Report.
As both accounting and auditing functions are predominantly run by people having
same professional qualification (i.e. Chartered Accountant - CA, Certified Public
Accountant CPA) at times both roles seems familiar.

What is Professional Ethics

A professional carries additional moral responsibilities to those held by the
population in general and in society. This is because professionals are capable of
making and acting on informed decisions in situations that the general public
cannot, because they have not received the relevant training/education.
For example, a lay member of the public could not be held responsible for failing to
act to save a road accident victim because they could not give an emergency
respiration support. This is because they do not have the relevant knowledge. In
contrast, a fully trained doctor would be capable of carrying out the procedure and
we would think it wrong if they stood by and failed to help in this situation. Legally
that doctor may not liable if he/she ignores this accident and do nothing, but as
professional ethics point of view he may be found guilty.
Therefore, all professions try to regulate their members through voluntarily adopting
ethics which usually goes beyond the minimum legal requirements and binding on
their members. All over the world various professional bodies of Accountants,
Engineers, Lawyers, Medical Practitioners have formulated their own professional
ethics with an objective to increase public acceptability of their own profession.
6

Why Auditors Need Professional Ethics

Professional Accountants/Auditors act in a Position of Trust. This Trust is built by the

knowledge that Professional Accountants/Auditors are bound by Ethical Behavior.
Public Interest is what differentiates the Auditing Profession from many other
professions, such as lawyers, doctors and engineers. Auditors work creates major
impacts in the national economy through capital markets as well as through tax
collection for public expenditure.
A distinguishing mark of the auditing profession is its acceptance of the
responsibility to act in the public interest. Therefore, a professional auditors
responsibility is not exclusively to satisfy the needs of an individual client or
employer
Ranging from providing assurance on listed company accounts to just preparing an
individuals tax return, Auditor are relied upon and trusted by millions of public out in
the street. Unlike many other professionals, there is a Third Party involvement in
most of the Auditors work and therefore very strong Ethical Standards are needed to
regulate Auditing Profession.
7

Auditors Independence
In the case of audit engagements, it is in the public interest and, therefore, required
by this Code, that members of audit teams, firms and network firms shall be
independent of audit clients.
The objective of this section is to assist firms and members of audit teams in
applying the conceptual framework approach described below to achieving and
maintaining independence. Independence comprises:
(a) Independence of Mind
The state of mind that permits the expression of a conclusion without being affected
by influences that compromise professional judgment, thereby allowing an
individual to act with integrity and exercise objectivity and professional skepticism.
(b) Independence in Appearance
The avoidance of facts and circumstances that are so significant that a reasonable
and informed third party would be likely to conclude, weighing all the specific facts
and circumstances, that a firms, or a member of the audit teams, integrity,
objectivity or professional skepticism has been compromised.
8

IFAC Code of Ethics

Against this backdrop, International Federation of Accountants (IFAC), the worldwide

organization for the audit and accountancy profession comprising of 159 members
and associates in 124 countries, has established the International Ethics Standards
Board for Accountants (IESBA) to develop and issue, under its own authority, high
quality ethical standards and other pronouncements for professional accountants for
use around the world.
In July 2009, the IESBA issued a revised IESBA Code clarifying the requirements for
all professional accountants and significantly strengthening the independence
requirements of all auditors. The revised IESBA Code become effective from 1
January 2011.
The Code of Ethics for Professional Accountants (IESBA Code) establishes ethical
requirements for professional accountants. A member body of IFAC or firm shall not
apply less stringent standards than those stated in this Code. Some jurisdictions may
have requirements and guidance that differ from those contained in this Code.
Professional accountants in those jurisdictions need to be aware of those differences
and comply with the more stringent requirements and guidance unless prohibited by
law or regulation.
9

IFAC Code of Ethics- Fundamental Principles

A professional accountant shall comply with the following fundamental principles:
(a)Integrity to be straightforward and honest in all professional and business
relationships.
(b)) Objectivity to not allow bias, conflict of interest or undue influence of others to
override professional or business judgments.
(c)Professional Competence and Due Care to maintain professional knowledge and
skill at the level required to ensure that a client or employer receives competent
professional services based on current developments in practice, legislation and
techniques and act diligently and in accordance with applicable technical and
professional standards.
(d)Confidentiality to respect the confidentiality of information acquired as a result
of professional and business relationships and, therefore, not disclose any such
information to third parties without proper and specific authority, unless there is a
legal or professional right or duty to disclose, nor use the information for the
personal advantage of the professional accountant or third parties.
(e)Professional Behavior to comply with relevant laws and regulations and avoid
any action that discredits the profession.
10

IFAC Code of Ethics Threats/Conflicts

When a professional auditor identifies threats to compliance with the fundamental

principles and, based on an evaluation of those threats, determines that they are
not at an acceptable level, the professional auditor shall determine whether
appropriate safeguards are available and can be applied to eliminate the threats or
reduce them to an acceptable level.
In making that determination, the professional auditor shall exercise professional
judgment and take into account whether a reasonable and informed third party,
weighing all the specific facts and circumstances available to the professional
accountant at the time, would be likely to conclude that the threats would be
eliminated or reduced to an acceptable level by the application of the safeguards,
such that compliance with the fundamental principles is not compromised.
A professional auditor shall evaluate any threats to compliance with the
fundamental principles when the professional accountant knows, or could
reasonably be expected to know, of circumstances or relationships that may
compromise compliance with the fundamental principles.
11

IFAC Code of Ethics Types of Threats/Conflicts

Threats fall into one or more of the following categories:

(a)Self-interest threat the threat that a financial or other interest will inappropriately

influence the professional auditors judgment or behavior;

(b)Self-review threat the threat that he/she will not appropriately evaluate the

results of a previous judgment made or service performed by him/her, or by another

individual within the firm or employing organization, on which the auditor will rely
when forming a judgment as part of a current service;
(c)Advocacy threat the threat that he/she will promote a clients or employers

position to the point that his/her objectivity is compromised

(d)Familiarity threat the threat that due to a long or close relationship with a client

or employer, he/she will be too sympathetic or too accepting of their work

(e)Intimidation threat the threat that he/she will be deterred from acting objectively

because of actual or perceived pressures, including attempts to exercise undue

influence over the professional auditor.
12

Common examples of threats

Gifts and hospitality creates self interest threat.

If such gifts are small and common (like a box of chocolate) auditor can accept it. But
if this is high value, like a Watch auditor shall refuse to accept.
Installation of new system by an auditor for a client will create self review threat.
If auditor is involved in major system up gradation they can not audit the same client
If an auditor has Two clients and one client is competitor of another client, it will
create confidentiality threat, so separate team shall be involved. This is call Chinese
wall.
Use of information from one clients work for another engagement is not possible
without consent from the client

13

Safeguarding Confidentiality
An auditor shall maintain client confidentiality. There is a greater risk of
accidental disclosure of confidential information.
Therefore, a number of Security protocol and procedures needed to safeguard
confidentiality of client information at auditors office and also in audit team.
If any member of audit team has any concern about how to maintain
confidentiality they should concern Speak out. Also if they are not sure they
should consult.
An audit team member shall not to discuss any work related information with
family, friends and even within the same office with other teams.
Also audit team members shall not discuss client matters with colleagues at
public place.

Disclosure of confidential information

Normally, only in following cases confidential matters for a client can

be disclosed by the auditor:
- when consent of the client has been received; or
- there is a public duty to disclose; or
- there is a legal or professional duty to disclose.

Conflict of interest

Sharing of information between various teams can pose conflict

To manage this conflict there shall be separation within the same
audit Firm. One team working on a Client can not see information of
other Client/ other team of the same audit firm. This is called
Chinese wall
Physical separation of teams may require within same office
Logical access control may require to prevent access to IT systems

Obtaining an engagement - Source

Informal source
An auditor can approach their friends, former or present colleagues, former
classmates and other acquaintances for obtaining audit or those people themselves
contact auditors.
Formal sources
Invitation for tender, notice published in paper, website to seek auditors. When
auditors are invited to tender for particular audit or other services they quote for
audit fee and often face competition.
Direct selection
Based on reputation, image, expertise sometimes client directly or any regulatory
body or government directly appoint auditors.

17

Appointment consideration
Before accepting an engagement the auditor shall ensure that there is no independence
or other ethical issues that will cause significant problems for the auditor to discharge
his/her obligation.
Recap:
If threats like self interest, self review, advocacy, familiarity and intimidation is/are
present auditor shall consider whether safeguards are available.
The auditor shall ensure that they have been appointed in a proper and legal manner.
Auditors shall ensure that, they are
Professionally qualified to act
Existing resources are adequate
Obtain references about the client
Upon clearing the above steps an auditor shall consider whether this is first audit or it

has been audited previously.

18

Appointment consideration previously different auditor

If this client has been audited previously, before accepting the engagement the new
auditors shall ensure that the removal of previous auditor is lawful or resignation is
conducted properly as per the legal framework
The new auditor shall check that their new appointment is valid.
Finally, in case the client has been audited previously by another auditor the new
auditor shall communicate with the previous auditor to inquire whether there are any
professional reason for which the new auditor shall not accept the audit engagement.
If the previous auditor does not reply within a reasonable time, the new auditor shall
send a reminder and even after that no reply received the new auditor can accept the
engagement.
However, if the previous auditor provided negative comments about the client, the new
auditor shall consider these matters and if needed discuss with the client, before
deciding whether they shall accept the engagement or decline it. Negative comments
by previous auditor will increase the risk but it is not mandatory that new auditor shall
refuse the engagement upon receiving any negative comment.
19

Agreeing Terms/Engagement Letter

An auditor normally agrees the terms of audit through an engagement letter, where
following information are included:
-The Objective of the Audit
- Management/Board/Clients responsibility
- Scope of audit including reference to the laws, regulations, standards, guidance
- The form of any reports, communications
- Fees and billing arrangements

20

Audit Evidence

During the course of an audit, all information are not checked/verified

by an Auditor.
An auditor only check those information/documents which are
relevant for an audit.
Audit evidence collected by an auditor shall be Sufficient and
Appropriate
Sufficient means Quantity of evidence
Appropriate means Quality of evidence

Appropriate Audit Evidence

Quality of evidence can be influenced by following factors

External sources are more reliable than client source (like confirmation from Bank)
Evidence directly obtained by auditors are more reliable (like physical inspection of
an asset)
Written evidence is more reliable (paper or electronic not verbal)
Original document is more reliable than photocopy or scan or fax
If control operates properly than evidence would be more reliable (like attendance
sheet would be more reliable if entry control is ensured)

Following Procedures are followed to gather Audit Evidence

Inspection of tangible assets
Inspection of documents
Observation watching a procedure
Inquiry (asking about something)
Confirmation from third party
Analytical procedures
Re performance of the same work by the auditor
Recalculation by auditor to check accuracy

Materiality
Auditor do not check 100% documents or information or item. In order to efficiently
and effectively utilizing resources auditor mainly check/verify those items which are
considered to be Material. Materiality has Two aspects.
Quantitative aspect: Amounts that are large or big shall be checked.
Qualitative: An amount may not be large or big but its nature is very important. Like a
Fine or Penalty may be smaller but this may indicate the behavior of that
Company/its Management.
For example, if a company has Tk 1,000,000 of salaries and Tk 10,000 travelling
expenses, then salaries is material item not travelling. This is called quantitative
materiality.
On the other hand if a company has Tk 10,000 legal expanses it can be material
because legal costs are paid to lawyers and there may be some cases involved. So
auditor may want to do detail checking of such legal fees. This is qualitative aspect.

Consideration of fraud and error in audit

When any error or mistake is intentionally done this becomes a Fraud. It is at times
difficult to prove whether this error or mistake is intentional or unintentional.
However, when it is identified that because of this error that person is benefitted it
can be assumed that this is an intentional error conducted by that person.
Fraud is two types:
1.Misappropriation of assets (cash or laptop is stolen)
2.2. Financial misreporting (profit is shown less to avoid tax or revenue is shown high
to get bonus)
It is managements responsibility that the Company shall ensure proper control to
ensure prevention and detection of all major fraud and error. An Auditor is not
responsible to prevent or detect all major fraud. check whether the Company has
followed all laws and regulations.
However, an Auditor shall normally check what types of controls management has
implemented to ensure prevention and detection of fraud.
25

Consideration of laws and regulation

It is managements responsibility that the Company shall ensure compliance
with all laws and regulations.
An Auditor is not responsible to check whether the Company has followed all
laws and regulations. However, an Auditor shall normally look into the various
steps that Management has taken to comply applicable regulations.
For example, a Bank is required to maintain minimum capital. It is managements
responsibility to maintain this minimum capital. However, auditor shall check
whether management has taken proper steps to maintain these capital.

26

Audit process

Deliverables:
Engagement letter
Audit Plan
Independence confirmations
Audit / review opinions
Board Reports
Management Letters

Source:

Text

27

Audit planning
As part of the audit process, the auditor performs the following planning activities
Planning of logistics: Timing of start and finishing the audit, staff selection, location
of audit etc.
Materiality calculation: Both quantitative and qualitative aspects
Business understanding: nature of the entity (i.e. private company or listed entity),
products, customers, suppliers, quality of board/management
Planning analytical procedures
Understanding general Information Technology (IT) environment of the client

Control evaluation
As part of the audit process, the auditor also assess the internal control of the client
which they are auditing.
To evaluate the internal control an auditor performs test called walk through test
where a transaction is traced through initiation to finish. For examples an auditor
wants to check the purchase. So in walk through test he will cover the following:
- Ordering of goods
- Receiving of material/goods (checking quality, quality)
-Checking of supplier invoices for this goods/material
- Processing of payment (two signatories in payment cheque)
-Depending on the frequency and nature of control, auditor will do further testing of

control through selecting samples.

-If control is automated and IT system is operating effectively it will require lower

sample as the process is same for all transaction. In manual control higher sample is
required. Like for ATM it is automated control and for branch banking manual
control.