FRONTIER INSTITUTE OF PROFESSIONAL AND MANAGEMENT STUDIES

FULLY REGISTERED WITH THE MINISTRY OF EDUCATION, SCIENCE AND

TECHNOLOGY
REG. CERT NO. MOHEST/PC/1383/011

‘Next Level in Your Career’

AUDITING
 lOMoARcPSD|28154144

AUDITING

CONTENT 1. Nature, purpose and scope of auditing

- Definition of auditing, auditor and an audit

- Explain the principles and processes of an audit
- Differences between auditing and accounting
- The types and timing of audits
- Internal versus external and a focus on the complimentary role of internal to external, interim and
final
- The users of audited financial statements and auditor reports

2. Legal and professional requirements

- Appointment of an auditor
- Qualification of an auditor
- Dutiores and rights of an auditor
- Dismissal of a company auditor
- Professional ethics
- Auditing standards and guidelines

2. Planning and conducting an audit

- Objectives of planning for the audit work

- Audit plan for a new client
- Audit plan for an existing client
- Developing an overall audit plan
- Limitations of audit plans
- Methods and techniques of an audit

3. Internal control system

- Definition of internal controls and internal control systems

- Purpose of internal control system
- Designing an internal control system
- Benefits and limitations of internal control system - General controls on:
• Revenue
• Expenditure
• Assets
 lOMoARcPSD|28154144

• Liabilities

4. Errors and fraud

- Definition of error and fraud

- Differences between error and fraud
- Types of errors and fraud
- Causes of frauds and fraud triangle

5. Audit evidence

- Nature and source of audit evidence

- Types of audit evidence
- Gathering audit evidence
- Reliance on the work on internal auditor
- Contents of audit working papers
(excluding their preparation)
- Audit tests
- Substantive tests
- Analytical tests

6. Audit Risk

- Definition of audit risks

- Components of audit risks
- Risk based audit

7. Computerised auditing

- Benefits and drawbacks of

computerised accounting systems
- Computer Aided Auditing
Techniques (CAATs); Auditing
around and through the computer

8. Auditor's report

- Purpose of the auditor's report

- Legal provision on auditor’s report
- Elements of auditor’s report
- Key audit matters
- Forms of audit opinion
 lOMoARcPSD|28154144

TOPICS PAGE NUMBER

Topic 1: Nature, purpose and scope of auditing……………………………………………….…5 Topic

2:Legal and professional requirements………………………………………………...…63

Topic 3: Planning and conducting an audit…………………………………………………...…74

Topic 4: Internal control system ……………………………………………………………..….91

Topic 5: Error and fraud………………………………………………………………...……….112

Topic 6: Audit evidence…………………………………………………………………………123

Topic 7: Audit Risk …………………………………………………………………………….153

Topic 8: Computerised auditing…………………………………………………………………159

Topic 9: Auditor's report……………………………………………………………..….……….182

TOPIC 1
 lOMoARcPSD|28154144

NATURE, PURPOSE AND SCOPE OF AUDITING

DEFINITION OF AUDITING, AUDITOR AND AN AUDIT Auditing

The Institute of Certified Public Accountants of Kenya (ICPAK) defines auditing as the independent
examination of and expression of opinion on, the financial statements of an enterprise by an appointed
auditor in pursuance of that appointment and in compliance with any relevant statutory obligation,

Auditing the independent examination of and expression of opinion on, the financial statements of an
enterprise by an appointed auditor in pursuance of that appointment and in compliance with any relevant
statutory obligation

Auditor---"Auditor" is used to refer to the person or persons conducting the audit, usually the engagement
partner or other members of the engagement team, or, as applicable, the firm. Where an ISA expressly
intends that a requirement or responsibility be fulfilled by the engagement partner, the term "engagement
partner" rather than "auditor" is used. "Engagement partner" and "firm" are to be read as referring to their
public sector equivalents where relevant.

An official whose job it is to carefully check the accuracy of business records. An auditor can be either an
independent auditor unaffiliated with the company being audited or a captive auditor, and some are elected
public officials. The term is sometimes synonymous with "comptroller." Auditors are used to ensure that
organizations are maintaining accurate and honest financial records and statements

Audit This is the independent investigation into the quality of published accounting information.

An audit is the independent examination of and expression of an opinion on the financial statements of an
economic entity by appointed auditor in pursuance of that appointment and incompliance with any relevant
statutory obligation.

The objective of an audit is to enable the auditor express an opinion whether financial statements show a true
and fair view of the company state of affairs in accordance with an identified financial reporting framework.

The purpose of an audit is not to provide additional information but rather it is intended to provide the users
of the accounts with assurance that the information provided to then by directors is reliable. However, the
users should not assume the auditor's opinion is one to efficiency with which management has conducted the
affairs of the entity.

CONDUCT OF AN AUDIT
 lOMoARcPSD|28154144

Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with
International Standards on Auditing (LAS 200)

The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the
financial statements are prepared, in all material respects, in accordance with an applicable financial
reporting framework.

 This International Standard on Auditing (ISA200) deals with the independent auditor's overall
responsibilities when conducting an audit of financial statements in accordance with ISAs.
Specifically, it sets out the overall objectives of the independent auditor, and explains the nature and
scope of an audit designed to enable the independent auditor to meet those objectives. It also explains
the scope, authority and structure of the ISAs, and includes requirements establishing the general
responsibilities of the independent auditor applicable in all audits, including the obligation to comply
with the ISAs. The independent auditor is referred to as "the auditor" hereafter.

 ISAs are written in the context of an audit of financial statements by an auditor. They are to be
adapted as necessary in the circumstances when applied to audits of other historical financial
information. ISAs do not address the responsibilities of the auditor that may exist in legislation,
regulation or otherwise in connection with, for example, the offering of securities to the public. :Such
responsibilities may differ from those established in the ISAs.
Accordingly, while the ;auditor may find aspects of the ISAs helpful in such circumstances, it is the
responsibility of the Auditor to ensure compliance with all relevant legal, regulatory or professional
obligations.

Scope of the Audit

The auditor's opinion on the financial statements deals with whether the financial statements are prepared, in
all material respects, in accordance with the applicable financial reporting framework. Such an opinion is
common to all audits of financial statements.

 The auditor's opinion therefore does not assure, for example, the future viability of the entity nor the
efficiency or effectiveness with which management has conducted the affairs of the entity. In some
jurisdictions, however, applicable law or regulation may require auditors to provide opinions on other
specific matters, such as the effectiveness of internal control, or the consistency of a separate
management report with the financial statements.
 While the ISAs include requirements and guidance in relation to such matters to the extent that they
are relevant to forming an opinion on the financial statements, the auditor would be required to
undertake further work if the auditor had additional responsibilities to provide such opinions.

An Audit of Financial Statements

The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements.
This is achieved by the expression of an opinion by the auditor on whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case
of most general-purpose frameworks, that opinion is on whether the financial statements are presented fairly,
in all material respects, or give a true and fair view in accordance with the framework. An audit conducted in
accordance with ISAs and relevant ethical requirements enables the auditor to form that opinion
 lOMoARcPSD|28154144

The financial statements subject to audit are those of the entity, prepared by management of The entity with
oversight from those charged with governance. ISAs do not impose responsibilities on management or those
charged with governance and do not override laws and regulations that govern their responsibilities.
However, an audit in accordance with ISAs is conducted on the premise that management and, where
appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental
to the conduct of the audit. The audit of the financial statements does not relieve management or those
charged with governance of their responsibilities:

As the basis for the auditor's opinion, ISAs require the auditor to obtain reasonable assurance about whether
the financial statements as a whole are free from material misstatement, whether due to fraud or error.
Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient
appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate
opinion when the financial statements are materially misstated) to an acceptably low level. However,
reasonable assurance is not an absolute level of assurance, because there are inherent limitations of an audit
which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor's
opinion being persuasive rather than conclusive.

The concept of materiality is applied by the auditor both in planning and performing the audit, and in
evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the
financial statements. In general, misstatements, including omissions; are considered to be material if,
individually or in the aggregate, they could reasonably be expected to influence the economic decisions of
users taken on the basis of the financial statements. Judgments about materiality are made in the light of
surrounding circumstances, and are affected by the auditor's perception of the financial information needs of
users of the financial statements, and by the size or nature of a misstatement, or a combination of both... The
auditor's opinion deals with the financial statements as a whole and therefore the auditor is not responsible
for the detection of misstatements that are not material to the financial statements as a whole.

The ISAs contain objectives, requirements and application and other explanatory material that are designed
to support the auditor in obtaining reasonable assurance. The ISAs require that the auditor exercise
professional judgment and maintain professional skepticism throughout the planning and performance of the
audit and, among other things:

• Identify and assess risks of material misstatement, whether due to fraud or error, based on an
understanding of the entity and its environment, including the entity's internal control.
• Obtain sufficient appropriate audit evidence about whether material misstatements exist, through
designing and implementing appropriate responses to the assessed risks.
• Form an opinion on the financial statements based on conclusions drawn from the audit evidence
obtained.

The form of opinion expressed by the auditor will depend upon the applicable financial reporting framework
and any applicable law or regulation.

The auditor may also have certain other communication and reporting responsibilities to users, management,
those charged with governance, or parties outside the entity, in relation to matters arising from the audit.
These may be established by the ISAs or by applicable law or regulation.
 lOMoARcPSD|28154144

Preparation of the Financial Statements

 Law or regulation may establish the responsibilities of management and, where appropriate, those
charged with governance in relation to financial reporting.
 However, the extent of these responsibilities, or the way in which they are described, may differ
across jurisdictions. Despite these differences, an audit in accordance with ISAs is conducted on the
premise that management and, where appropriate, those charged with governance have acknowledged
and understand that they have responsibility:
a) For the preparation of the financial statements in accordance with the applicable financial
reporting framework, including, where relevant, their fair presentation;
b) h) For such internal control as management and, where appropriate, those charged with
governance determine is necessary to enable the preparation of financial statements that are free
from material misstatement, whether due to fraud or error; and
c) To provide the auditor with:
i. Access to all information of which management and, where appropriate, those charged
with governance are aware that is relevant to the preparation of the financial statements
such as records, documentation and other matters;
ii. Additional information that the auditor may request from management and, where
appropriate, those charged with governance for the purpose of the audit; and
iii. Unrestricted access to persons within the entity from whom the auditor determines it
necessary to obtain audit evidence.

The preparation of the financial statements by management and, where appropriate, those charged with
governance requires:

• The identification of the applicable financial reporting framework, in the context of any relevant laws
or regulations.
• The preparation of the financial statements in accordance with that framework.
• The inclusion of an adequate description of that framework in the financial statements.

The preparation of the financial statements requires management to exercise judgment in making accounting
estimates that are reasonable in the circumstances, as well as to select and apply appropriate accounting
policies. These judgments are made in the context of the applicable financial reporting framework.

The financial statements may be prepared in accordance with a financial reporting framework designed to
meet:

• The common financial information needs of a wide range of users (that is, "general purpose financial
statements"); or
• The financial information needs of specific users (that is, "special purpose financial statements").

 The applicable financial reporting framework often encompasses financial reporting standards
established by an authorized or recognized standards setting organization, or legislative or regulatory
requirements. In some cases, the financial reporting framework may encompass both financial
reporting standards established by an authorized or recognized standards setting organization and
legislative or regulatory requirements.
 lOMoARcPSD|28154144

 Other sources may provide direction on the application of the applicable financial reporting
framework. In some cases, the applicable financial reporting framework may encompass such other
sources, or may even consist only of such sources. Such other sources may include:
• The legal and ethical environment, including statutes, regulations, court decisions, and
professional ethical obligations in relation to accounting matters;
• Published accounting interpretations of varying authority issued by standards setting,
professional or regulatory organizations;
• Published views of varying authority on emerging accounting issues issued by standards setting,
professional or regulatory organizations;
• General and industry practices widely recognized and prevalent; and • Accounting literature.
 Where conflicts exist between the financial reporting framework and the sources from which
direction on its application may be obtained, or among the sources that encompass the financial
reporting framework, the source with the highest authority prevails.
 The requirements of the applicable financial reporting framework determine the form and content of
the financial statements. Although the framework may not specify how to account for or disclose all
transactions or events, it ordinarily embodies sufficient broad principles
that can serve as a basis for developing and applying accounting policies that are consistent with the
concepts underlying the requirements of the framework.
 Some financial reporting frameworks are fair presentation frameworks, while others are compliance
frameworks. Financial reporting frameworks that encompass primarily the financial reporting
standards established by an organization that is authorized or recognized to promulgate standards to
be used by entities for preparing general purpose financial statements are often designed to achieve
fair presentation, for example, International Financial Reporting Standards (IFRSs) issued by the
International Accounting Standards Board (IASB).
 The requirements of the applicable financial reporting framework also determine what constitutes a
complete set of financial statements. In the case of many frameworks, financial statements are
intended to provide information about the financial position, financial performance and cash flows of
an entity.
 For such frameworks, a complete set of financial statements would include a balance sheet; an
income statement; a statement of changes in equity; a cash flow statement; and related notes. For
some other financial reporting frameworks, a single financial statement and the related notes might
constitute a complete set of financial statements:
• For example, the International Public Sector Accounting Standard (IPSAS), Financial Reporting
under the Cash Basis of Accounting, issued by the International Public Sector Accounting
Standards Board states that the primary financial statement is a statement of cash receipts and
payments when a public sector entity prepares its financial statements in accordance with that
IPSAS.
• Other examples of a single financial statement, each of which would include related notes, are:
i. Balance sheet.
ii. Statement of income or statement of operations. iii. Statement of retained earnings.
iv. Statement of cash flows

Statement of assets and liabilities that does not include owner's equity

i) Statement of changes in owners' equity. ii)

Statement of revenue and expenses.
iii. Statement of operations by product lines.
 lOMoARcPSD|28154144

 ISA 210 establishes requirements and provides guidance on determining the acceptability of the
applicable financial reporting framework. ISA 800 deals with special considerations when financial
statements are prepared in accordance with a special purpose framework.
 Because of the significance of the premise to the conduct of an audit, the auditor is required to obtain
the agreement of management and, where appropriate, those charged with governance that they
acknowledge and understand that they have the responsibilities set out earlier as a precondition for
accepting the audit engagement.
 lOMoARcPSD|28154144

TOPIC 2

LEGAL AND PROFESSIONAL REQUIREMENT

APPOINTMENT OF AN AUDITOR

To safeguard the interests of shareholders, the Companies Act provides for the appointment of auditors.
Auditors are servants of shareholders and their duty is to examine the affairs of the company on their behalf
at the end of the year and report to them what they have found out.

Under Section 159, every company is required to appoint an auditor at each Annual General Meeting, failure
to appoint at this meeting will cause members to make an application to the registrar to appoint the auditor.

The rule of thumb is that a retiring auditor is to be reappointed without any resolution being passed at the
meeting unless:-

i. He is not qualified for re-appointment.

ii. A resolution has been passed appointing someone else instead of him. iii. A resolution
has been passed that he shall not be re-appointed.
iv. He has expressed in writing his unwillingness to be re-appointed.

Under Section 159(6), a casual vacancy of auditors can be filled by directors.

No person other than a retiring auditor may be appointed at an Annual General Meeting unless a special
resolution has been given and a copy of it has been sent to the retiring auditor forthwith.

The retiring auditor is usually entitled to be heard or to make representations in writing and circulated among
the members. The company must state in the notice that the representation has been made and sent a copy of
the representation to each member.

If a copy of representation is not sent, the retiring auditor may request that they may be read at the meeting.

QUALIFICATIONS OF AN AUDITOR

An efficient auditor must possess certain general qualities besides statutory qualification, so that he can carry
out his work efficiently and smoothly. The qualities of an auditor as classified below.

1. Professional Qualification i.e., Statutory Qualification.

2. Professional Qualities i.e., Personal Qualification.
3. Personal Qualities i.e., General Qualities.
 lOMoARcPSD|28154144

TOPIC 3

PLANNING AND CONDUCTING AN AUDIT

INTRODUCTION

An Audit plan is the specific guideline to be followed when conducting an audit. it helps the auditor obtain
sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps
avoid misunderstandings with the client.

It addresses the specifics of what, where, who, when and how:

• What are the audit objectives?

• Where will the audit be done? (i.e. scope)  When will the audit(s) occur? (how long?) 
Who are the auditors?
• How will the audit be done?

Benefits of Audit Plan

• It helps the auditor obtain sufficient appropriate evidence for the circumstances  It
helps to keep audit costs at a reasonable level.
• It helps to avoid misunderstandings with the client.
• It helps to ensure that potential problems are promptly identified  It helps to
know the scope of audit program by an Auditor.

OBJECTIVES OF PLANNING FOR THE AUDIT

Planning for the audit is a vital area of the audit primarily conducted at the beginning of audit process to
ensure that the:-

• Appropriate attention is devoted to important areas

• Potential problems are promptly identified
• work in completed expeditiously
• work is properly coordinated

The plan developed needs to be revised as necessary during the course of audit

TYPES:

Overall Plan

It’s the general strategy for audit, which sets the direction for audit, describe the expected scope and conduct
of audit and provides guiding for the development of audit programme.
 lOMoARcPSD|28154144

Audit Programme

Detailed set of instructions to implement overall plan for the nature, timing and extent of audit procedure.

General Planning Matters

The following administrative details of an audit should be considered while developing audit plan.

1. Logistics
2. Use of IT
3. Time budgets
4. Subsidiary objectives of the assignment
5. Logistics

When planning an audit engagement partners or manager has to considers many practical areas like

1. Staff
2. Client management
3. Location of the audit
4. Dead lines Staff

For the selection of audit staff for a particular assignment following considerations should be made.

1. Appropriate level of qualification

2. Reasonable experience and expertise
3. Availability of staff
4. Relationships with client and within staff members
5. Boarding and lodging requirements

Client Management

The management of the client may have preferences regarding audit staff. Audit manager should consider
their recommendations in the light of independence rule to decide the changing of audit team as consistency
of audit staff helps audit efficiency.

Locations

Following are important issues

• Locations of different premises of client e.g. factory, admin office

• Mobility of audit staff
• Location of audit review by manager engagement partner
• Location of audit staff to each site
• Liaison with client staff to ensure each site visits in congenial.
 lOMoARcPSD|28154144

Dead Line

It is important that the auditors know the deadlines and the key
dates:

• Dates of financial statements approval

• Date of main audit visit
• Date of stock
• Date of manager review
• Date of engagement partner’s review
• Date of engagement partner’s post audit meeting with client
management  Date of which audit report is due to be
signed
• Date of AGM

Uses of IT

There are several factors to be considered

• Whether the client has computerized system

• If so whether the auditor will make use of CAATS
• Whether auditor will use computer for making working papers  If so whether audit team is
appropriately equipped

Time Management

Audit must be cost effective therefore, the time to be taken to conduct each part of the audit is to be
estimated and the fee set accordingly it is important that

 Audit team is aware of time budget

 Audit team record variance from time budget. The time budgets will be based on issues such as:
 lOMoARcPSD|28154144

TOPIC 4

INTERNAL CONTROL SYSTEM

DEFINITION OF INTERNAL CONTROL AND INTERNAL CONTROL SYSTEMS

Internal control is the process, effected by an entity's Board of Trustees, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives in the following
categories:

a. Reliability of financial reporting,

b. Effectiveness and efficiency of operations, and
c. Compliance with applicable laws and regulations.

Internal Control Systems are basic management practices that usually involve two elements: a policy
establishing what should be done and procedures used to support the policy. Internal control systems
typically come from senior management's interpretation of the companes strategic initiatives, laws and
regulations, or industry standards and practices.

Types of Internal Controls:

1. Detective: Designed to detect errors or irregularities that may have occurred.

2. Corrective: Designed to correct errors or irregularities that have been detected.
3. Preventive: Designed to keep errors or irregularities from occurring in the first place.

Key Internal Control Activities

Segregation of Duties

Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions.
For example, responsibilities for receiving cash or checks, preparing the deposit to the Cashier's Office, and
reconciling the deposit to the cashier's receipt and Balances should be separated.

Structure

Organizational structure - lines of authority and responsibility - should be clearly defined so that employees
know where to go to report performance of duties, problems and questions related to position and the
organization as a whole. An organization chart is a good means of defining this structure as long as it is kept
up to date. Part of the structure is also the rules that employees must abide by. Written policies and
procedures provide guidance to employees in carrying out their duties, provide for clear rules on allowable
and expected activity, as well as provide means for enforcement. The department's lines of authority and
policies and procedures should be reviewed periodically to ensure they are in agreement with the
organization's strategic mission.
 lOMoARcPSD|28154144

Authorization and Approval

Transactions should be authorized and approved to help ensure the activity is consistent with departmental or
institutional goals and objectives. For example, a department may have a policy that all purchase requisitions
and invoice vouchers must be approved by the director. The important thing is that the person who approves
transactions must have the authority to do so and the necessary knowledge to make informed decisions.

Reconciliation and Review

Performance reviews of specific functions or activities may focus on compliance, financial or operational
issues. Reconciliation involves comparing transactions or activity recorded to other sources to help ensure
that the information reported is accurate. For example, revenue and expense activity recorded on accounting
reports should be reconciled or compared to supporting documents to ensure that the transactions are
recorded timely, in the correct account, and for the right amount.

Security may be physical or electronic (information system controls) or both. Equipment, inventories,
cash, checks and other assets should be secured physically, and periodically counted and compared
with amounts shown on control records. For example, the periodic physical confirmation of equipment
by individual departments is a physical security control. Virus detection software should be current
and updated regularly to help protect integrity of systems. Hardware and access controls (passwords)
should be changed periodically and rigorously safeguarded to protect from unauthorized access to
database, computer systems, etc. Special physical and software controls (such as encryption software)
should be developed for systems containing sensitive and/or confidential information.

PURPOSE OF INTERNAL CONTROL SYSTEMS

Internal Control objectives are desired goals or conditions for a specific event cycle which, if achieved,
minimize the potential that waste, loss, unauthorized use or misappropriation will occur. They are
conditions which we want the system of internal control to satisfy. For a control objective to be effective,
compliance with it must be measurable and observable.

Internal Audit evaluates Mercer's system of internal control by accessing the ability of individual process
controls to achieve seven pre-defined control objectives. The control objectives include authorization,
completeness, accuracy, validity, physical safeguards and security, error handling and segregation of duties.
• Authorization - The objective is to ensure that all transactions are approved by responsible personnel
in accordance with specific or general authority before the transaction is recorded.
• Completeness - The objective is to ensure that no valid transactions have been omitted from the
accounting records.
• Accuracy - The objective is to ensure that all valid transactions are accurate, consistent with the
originating transaction data and information is recorded in a timely manner.
• Validity - The objective is to ensure that all recorded transactions fairly represent the economic
events that actually occurred, are lawful in nature, and have been executed in accordance with
management's general authorization.
• Physical Safeguards & Security - The objective is to ensure that access to physical assets and
information systems are controlled and properly restricted to authorized personnel.
• Error handling - The objective is to ensure that errors detected at any stage of processing receive
prompt corrective action and are reported to the appropriate level of management.
 lOMoARcPSD|28154144

• Segregation of Duties - The objective is to ensure that duties are assigned to individuals in a manner
that ensures that no one individual can control both the recording function and the procedures relative
to processing the transaction.

A well designed process with appropriate internal controls should meet most, if not all of these control
objectives.

Major Components:

1. Control environment: Factors that set the tone of the organization, influencing the control
consciousness of its people. The seven factors are (ICHAMPBO):
o I - Integrity and ethical values, o C - Commitment to competence, o H -
Human resource policies and practices, o A - Assignment of authority and
responsibility, o M - Management's philosophy and operating style, o B -
Board of Director's or Audit Committee participation, and o O -
Organizational structure.
2. Risk Assessment: Risks that may affect an entity's ability to properly record, process, summarize and
report financial data: o Changes in the Operating Environment (e.g. Increased Competition) o New
Personnel o New Information Systems o Rapid Growth
o New Technology
o New Lines, Products, or Activities o Corporate Restructuring o Foreign
Operations o Accounting Pronouncements
3. Control Activities: Various policies and procedures that help ensure those necessary actions are
taken to address risks affecting achievement of entity's objectives (PIPS):
o P - Performance reviews (review of actual against budgets, forecasts) o I -
Information processing (checks for accuracy, completeness, authorization)
 lOMoARcPSD|28154144

TOPIC 5

ERROR AND FRAUD

DEFINITION OF ERROR AND FRAUD

Misstatements in the financial statements can arise from fraud or error.

The term "error" refers to an unintentional misstatement in financial statements, including the omission of
an amount or a disclosure, such as:

a) a mistake in gathering or processing data from which financial statements are prepared;
b) an incorrect accounting estimate arising from oversight or misinterpretation of facts; and
c) a mistake in the application of accounting principles relating to measurement, recognition,
classification, presentation, or disclosure.

 The term "fraud" refers to an intentional act by one or more individuals among management, those
charged with governance, employees, or third parties, involving the use of deception to obtain an
unjust or illegal advantage. Although fraud is a broad legal concept, the auditors are concerned with
fraudulent acts that cause a material misstatement in the financial statements. Misstatement of the
financial statements may not be the objective of some frauds. Auditors do not . make legal
determinations of whether fraud has actually occurred. Fraud involving one or more members of
management or those charged with governance is referred to as "management fraud"; fraud involving
only employees of the entity is referred to as "employee fraud". In either case, there may be collusion
with third parties outside the entity.

 Two types of intentional misstatements are relevant to the auditors' consideration of fraud -
misstatements resulting from fraudulent financial reporting and misstatements resulting from
misappropriation of assets.

 Fraudulent financial reporting involves intentional misstatements or omissions of amounts or

disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting
may involve:

a) deception such as manipulation, falsification, or alteration of accounting records or supporting

documents from which the financial statements are prepared;

b) misrepresentation in, or intentional omission from, the financial statements of events, transactions
or other significant information; and
c) intentional misapplication of accounting principles relating to measurement, recognition,
classification, presentation, or disclosure.

 Misappropriation of assets involves the theft of an entity's assets. Misappropriation of assets can be
accomplished in a variety of ways (including embezzling receipts, stealing physical or intangible
 lOMoARcPSD|28154144

assets, or causing an entity to pay for goods and services not received); it is often accompanied by
false or misleading records or documents in order to conceal the fact that the assets are missing.

 Fraud involves motivation to commit fraud and a perceived opportunity to do so. Individuals might
be motivated to misappropriate assets, for example, because the individuals are living beyond their
means. Fraudulent financial reporting may be committed because management is under pressure,
from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings
target - particularly since the consequences to management of failing to meet financial goals can be
significant. A perceived opportunity for fraudulent financial reporting or misappropriation of assets
may exist when an individual believes internal control could be circumvented, for example, because
the individual is in a position of trust or has knowledge of specific weaknesses in the internal control
system.

 The distinguishing factor between fraud and error is whether the underlying action that results in the
misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is
intentional and usually involves deliberate concealment of the facts. While the auditors may be able
to identify potential opportunities for fraud to be perpetrated, it is difficult, if not impossible, for the
auditors to determine intent, particularly in matters involving management judgement, such as
accounting estimates and the appropriate application of accounting principles.

THE DIFFERENCE BETWEEN FRAUD AND ERROR

The key distinguishing factor between fraud and error is whether the underlying action that results in a
misstatement of the financial statements is intentional or unintentional. The term ‘fraud’ is a broad legal
concept, but the auditor is concerned with fraud that causes a material misstatement in the financial
statements. ISA 240 defines fraud as: ‘An intentional act by one or more individuals among management,
those charged with governance, employees, or third parties, involving the use of deception to obtain an
unjust or illegal advantage.’ ISA 240
 lOMoARcPSD|28154144

AUDIT EVIDENCE

NATURE AND SOURCE OF AUDIT EVIDENCE

Audit evidence refers to the information obtained by the auditor in arriving at the conclusions on which
audit opinion on the financial statements is based. Audit evidence comprises of source documents and
accounting records underlying the financial statements. The accounting records generally include:

• Records of initial entries and supporting records

• Records of electronic fund transfers, invoices, contracts and cheques.
• General and subsidiary ledgers, journal entries and other adjustments to the financial statements not
reflected in the journal entries
• Records such as work sheets and spread sheets supporting cost allocations, computations and
reconciliations.

Other information the auditor can use as audit evidence are:

• Minutes of meetings
• Confirmations form third parties
• Analysis reports
• Comparable data about competitors.
• Control annuals.
• Information obtained by auditor from audit procedure such as observation and enquiries.

The sources and amount of evidence needed to achieve the required level of assurance is determined by the
auditor’s judgment. The auditor’s judgment will be influenced by the materiality of item being examined, the
relevance and reliability of evidence available from each source and cost involved in obtaining it. Audit
evidence is obtained through an appropriate mix of tests of controls and substantive procedures where
internal control system is considered weak; evidence may be obtained entirely from substantive procedures.

Substantive tests are procedures carried out to test the accuracy and validity of accounting records. They are
of two types i.e. analytical review procedure and test of detail.

Characteristics of reliable evidence

The evidence must be both competent and sufficient. Competence means that the evidence must be
believeable or wothy of trust. The seven characteristics of competent evidence include:

1. Relevance--to the audit objective that the auditor is testing;

2. Independence of the provider--information received from outside the entity is presumed to be more
reliable than from inside the entity.
 lOMoARcPSD|28154144

3. Effectiveness of the client's internal controls--evidence from a client whose internal controls are
effective is more trustworthy.
4. Auditor's direct knowledge--data or calculations prepared by someone inside the organization will
not be as reliable as data computed or discovered by the auditor directly.
5. Qualifications of the individuals providing the information--reliability of the information is
enhanced if the person providing it is qualified to do so.
6. Degree of objectivity--objective evidence is more reliable than evidence that is subjective.
7. Timeliness--data that are timely for the purpose intended are considered more reliable.

Sufficiency of evidence refers to the quantity of evidence, In part, sufficiency relates to the sample size that
the auditor selects, but the individual items selected for the sample may have a bearing as well.

FINANCIAL STATEMENT ASSERTIONS AND AUDIT EVIDENCE

Financial Statement Assertions are the implicit or explicit claims and representations made by the
management responsible for the preparation of financial statements regarding the appropriateness of the
various elements of financial statements and disclosures.

Financial Statement Assertions are also known as Management Assertions and audit Assertions.

In preparing financial statements, management is making implicit or explicit claims (i.e. assertions)
regarding the recognition, measurement and presentation of assets, liabilities, equity, income, expenses and
disclosures in accordance with the applicable financial reporting framework (e.g.
IFRS).
For example, if a balance sheet of an entity shows buildings with carrying amount of sh.10 million, the
auditor shall assume that the management has claimed that:
• The buildings recognized in the balance sheet exist at the period end;
• The entity owns or controls those buildings;
• The buildings are valued accurately in accordance with the measurement basis;
• All buildings owned and controlled by the entity are included within the carrying amount of sh.10
million.
 lOMoARcPSD|28154144

TOPIC 7

AUDIT RISK

DEFINITION OF AUDIT RISK

Audit risk means the risk that the auditor may give an inappropriate audit opinion i.e. the auditor may report
that the financial statements show a true and fair view while in reality they are materially misstated.

TYPES OF AUDIT RISK

Audit risk is composed of:

a) Inherent risk
b) Control risk
c) Detection risk
d) Inherent risk

a) Inherent risk
This is the risk that the account balances are transactions could be materially misstated assuming that there
were no internal control system. Inherent risk could increase a result of an adverse attitude of managers on
the internal control system i.e. if they view internal control system as unimportant.

b) Control risk
This is the risk that a material misstatement could occur in an account balance or clan of transactions which
will not be prevented or detected in a timely manner by the entity’s accounting and internal control system.

c) Detection risk
This is the risk that the auditor’s tests of balances and transactions will not detect a material misstatement
that exists in an accounts balance or class of transactions. This implies that detection risk is the only
component of audit risk under the auditor’s control.

Risk based audit

This audit uses a model called audit risk model. If inherent risk and control risk are assessed to be high, then
to remain within an overall acceptable audit risk, the level of acceptable detection risk
 lOMoARcPSD|28154144

must be low meaning that the level of tests of balances and transactions must be relatively high. If inherent
and control risks are assessed to be low, then the level of acceptable detection risk may be higher leading to
relatively lower level of tests of balances and transactions. Therefore the assessment of inherent and control
risk is an essential part in deciding the overall approach to an audit.

For the audit model, audit risk equals inherent risk multiplied by the control risk and detection risk.

Advantages of audit risk model

• Helps eliminate over or under auditing because the nature, extent and timing of audit  procedures
performed is determined by the risk assessment carried out.
• The results appear more rational and defensible than if the model was not used. i.e. incase the auditor
is called upon to support his decisions in a court of law, he can justify the level of reliance on the
internal control system and the amount of substantive tests carried out
• Helps allow work to be delegated to junior members of audit staff who will be able to carry on
without having to rely too much on their own judgment.
• •The increased use of computer in business has made the calculations of audit risk easier leading to
more efficient and effective audit.

Disadvantages

• The model gives an impression of accuracy which is unrealistic as in practice its difficult to put a
quantitative value on inherent risk.
• For the model to be useful, the number of items being tested need to be sufficiently large to allow for
valid statistical conclusions to be made. This rule out the use of the model in many small audits.
• The model has a danger of adapting an overly mechanistic approach and that the auditor may lose his
„feel‟ for the audit assignment.
• It requires proper knowledge of the burden to be able to assess the audit risk.
• A wrong assessment of inherent and control risk will lead to over or under auditing

RISK-BASED AUDIT

A risk-based audit approach is designed to be used throughout the audit to efficiently and effectively focus
the nature, timing and extent of audit procedures to those areas that have the most potential for causing
material misstatement(s) in the financial report. ASA 315 Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and its Environment and ASA 330
The Auditor’s Responses to Assessed Risks are auditing standards that specifically set out the
 lOMoARcPSD|28154144

TOPIC 8

COMPUTERISED AUDITING

BENEFITS AND DRWABACKS OF COMPUTERIZED ACCOUNTING SYSTEMS:

BENEFITS

1. Speed — data entry onto the computer with its formatted screens and built-in databases of customers
and supplier details and stock records can be carried out far more quickly than any manual
processing.
2. Automatic document production — fast and accurate invoices, credit notes, purchase orders,
printing ,statements and payroll documents are all done automatically.
3. Accuracy — there is less room for errors as only one accounting entry is needed for each transaction
rather than two (or three) for a manual system.
4. Up-to-date information — the accounting records are automatically updated and so account
balances (e.g. customer accounts) will always be up-to-date.
5. Availability of information — the data is instantly available and can be made available to different
users in different locations at the same time.
6. Management information — reports can be produced which will help management monitor and
control the business, for example the aged debtors analysis will show which customer accounts are
overdue, trial balance, trading and profit and loss account and balance sheet.
7. GSTNAT return — the automatic creation of figures for the regular GST/VAT returns.
8. Legibility — the onscreen and printed data should always be legible and so will avoid errors caused
by pOlo figures.
9. Efficiency — better use is made of resources and time; cash flow should improve through better debt
collection and inventory control.
10. Staff motivation — the system will require staff to be trained to use new skills, which can make
them feel more motivated. Further to this with many 'off-the-shelf packages like MYOB the training
can be outsourced and thus making a particular staff member less critical of business operations.

11. Cost savings — computerized accounting programs reduce staff time doing accounts and reduce
audit expenses as records are neat, up-to-date and accurate.
12. Reduce frustration — management can be on top of their accounts and thus reduce stress levels
associated with what is not known.
13. The ability to deal in multiple currencies easily — many computerized accounting packages now
allow a business to trade in multiple currencies with ease. Problems associated with exchange rate
changes are minimized.
 lOMoARcPSD|28154144

DRAWBACKS

1. Power failure, computer viruses and hackers are the inherent problems of using computerized
systems;

2. Once data been input into the system, automatically the output are obtained hence the data being
input needs to be validated for accuracy and completeness, we should not forget concept of GIGO
(Garbage In(Input) Garbage out ( Output) and

3. Accounting system not properly set up to meet the requirement of the business due to badly
programmed or inappropriate software or hardware or personnel problems can caused more havoc
and

4. Danger of computer fraud if proper level of control and security whether internal and external are not
properly been instituted.

A computer system requires procedures to;

• Convert data to machine readable form.

• Input data into the computer.
• Process data.
• Store data in machine readable form.
• Convert data into desired output form.
For these procedures to be undertaken, a mixture of hardware and software is needed. The hardware will
consist of;

i. Input devices. These include keyboards, optical readers, and bar code scanners. ii.
Processing devices. These are the computers themselves. i.e. CPU
iii. Storages devices include hard disk, diskettes and magnetic tapes. iv.
Output devices. These include the visual display unit (VDU) and printers.

The computer software consists of programs and operating systems.

Programs are the instructions telling the computer how each type of transaction is to be processed. These
instructions include routines of checking and controlling data, matching data with master files and
performing mathematical operations on data. E.g. for sales transactions, matching routines will enable the
computer to identify the right sales price from the sales master file and the right customer from debtors
master file. Mathematical routines will include calculating the total debtor’s amount and updating
customer’s balance in the debtors‟ master file.
Operating system relates to a series of related programs to provide instructions as to what filesare required to
be on-line, what output devices are required to be ready and what additional file need to be created for
further processing. E.g. with a batch of sales transactions, the sales price file and debtor’s file need to be on-
line. The printer must be loaded with blank invoice forms and the totals must be retained for posting to the
sales and debtors control accounts in the general ledger master file.
 lOMoARcPSD|28154144

An operating system will provide details of further processing runs within the system. So, for example, in
sales these will include updating the general ledger, processing cash receipts and credit notes to the debtor’s
file, printing out monthly statements and printing out analysis of due accounts for credit control purposes.

In a batch processing system, the operating system may consist of a set of instructions provided to the
operator but increasingly the operating system is part of the computer software such that with real time
system, the computer identifies source of an incoming signal and automatically processes that transaction
using the appropriate programs and the right file.

Computer files.

These are equivalent of books and records in a manual system and are described as either transaction files or
master files.

a) Transaction files.

These are equivalent of journal such as sales journal, the purchases journal or the cash book. They contain
details of individual transactions, but unlike books, a transaction file is not a cumulative record. A separate
file is set up for each batch. Thus in real time systems, a transaction file is not necessary, but good systems
will always create a transaction file for control purposes to provide a security back up, incase of errors or
computer malfunctions during processing data to master file.

b) Master files.

These contain what is referred as standing data. They may be the equivalent of ledgers but may also contain
semi permanent data needed to process transactions. E.g. a debtor‟s master file the equivalent of debtor’s
ledger but will also include data that in a manual system may be kept separately such as invoicing address,
discount terms and credit limits, even non accounting data as cumulative sales to specific customers.

When master files are updated by processing them against a transaction file, the entire contents of the file are
usually re-written in a separate location so that after processing, the two files can be compared and the
difference agreed to the total of the transaction file. Any errors in updating the master file will thus be
detected and the process repeated. In practice, the old copy of the master file
 lOMoARcPSD|28154144

TOPIC 9

AUDIT REPORT

INTRODUCTION

An audit report is a written opinion of an auditor regarding an entity's financial statements. The report is
written in a standard format, as mandated by international standard reporting

An audit report may also be described as an an appraisal of A business’s complete financial status.
Completed by an independent accounting professional, this document covers a company’s assets and
liabilities, and presents the auditor’s educated assessment of the firm’s financial position and future.
Audit reports are required by law if a company is publicly traded or in an industry regulated by the Securities
and Exchange Commission. Companies seeking funding, as well as those looking to improve internal
controls, also find this information valuable. There are four types of audit report

Companies Act stipulates the statements that should be expressly stated in the auditor’s report.
These are;

1. Whether they have obtained all the information and explanations which to the best of their knowledge
and belief were necessary for the purposes of their audit.
2. Whether in their opinion, proper books of account have been kept by the company, so far as appears
from their examination of those books, and proper returns adequate for the purposes of their audit
have been received from branches not visited by them.
3.
- Whether the company's balance sheet and (unless it is framed as a consolidated profit and loss
account) profit and loss account dealt with by the report are in agreement with the books of account
and returns.
- Whether, in their opinion and to the best of their information and according to the explanations
given to them, the said accounts give the information required by this Act in the manner so required
and give a true and fair view—
(a) in the case of the balance sheet, of the state of the company's affairs as at the end of its
financial year; and
(b) in the case of the profit and loss account, of the profit or loss for its financial year; or, as
the case may be, give a true and fair view thereof subject to the non-disclosure of any
matters (to be indicated in the report) which by virtue of Part III of the Sixth Schedule are
not required to be disclosed.
4. In the case of a company which is a holding company and which submits group accounts whether, in
their opinion, the group accounts have been properly prepared in accordance with the provisions of
this Act so as to give a true and fair view of the state of affairs and profit or

loss of the company and its subsidiaries dealt with thereby, so far as concerns members of the company,
or, as the case may be, so as to give a true and fair view thereof subject to the nondisclosure of any
matters (to be indicated in the report) which by virtue of Part III of the Sixth Schedule are not required to
be disclosed.

When financial statements are finalised, they usually must contain an evaluation – an auditor's report - from
a licensed accountant or auditor. This report provides an overview of the evaluation of the validity and
reliability of a company or organization’s financial statements.
 lOMoARcPSD|28154144

PURPOSE OF THE AUDITORS REPORT

The main purpose of an auditor's report is to document reasonable assurance that a company’s financial
statements are free from error.

An audit of a company’s financial statements should result in a report wherein the accountant or auditor is
free to share their opinion about the validity and reliability of a company’s financial statements.

In this report, the auditor should provide an accurate picture of the company and their financial statements.
The auditor should also state whether they are externally or internally connected to the company.

Within the report, the auditor can share any reservations about the condition of the company’s finances or
relevant additional information. Reservations could arise if the auditor disagrees with something found in the
financial statements, e.g. if the auditor disagrees with management about the valuation of an asset because
they believe that this has a more significant impact on the financial statements.

In the report there are rules concerning what an auditor's report should include and the order in which various
items should be reported.

Auditor's reports must adhere to accepted standards established by governing bodies. The governing bodies
help to assure external users that the auditor's opinion on the fairness of financial statements is based on a
commonly accepted framework.

ELEMENTS OF THE AUDITORS REPORT

Basic elements of auditor's report

The Companies Act does not stipulate the form the auditor's report should take. The auditing standards seek
to ensure that the auditor's report is clear and unambiguous. To this end, it seeks to standardize the form of
the auditor's report.

Downloaded by Christine ([email protected])