8/11/2019 Auditing Process of a Company
1/33
Page | 1
Abstract
Auditing is nothing but the pillar of an organizations decision making capacity. An
organization involved in auditing due to the confirmation that the work that continuing in the
organization is exact or not. It is a process of objectively obtain and evaluating evidenceregarding assertion about the economic action and events to ascertain the degree of
correspondence between those ascertains, established criteria and communicating the result to
interest user. So it provides a clear conception about the clearance of the annual report or the
financial statement. We are the group SALVOmade an audit report with the help of the
balance sheet of the NAVANA CNG LTD 2013. Here we gathered all the relevant
information. Then we started to test the information. After completing all the testing,
evaluation and interpretation we have provided them an unqualified audit report.
Objective of the study
The main objective of the study is to analyze the procedure of providing an audit report.
Based on this specific objective, the following complementary objectives will be highlighted-
To know how an auditor become engaged with a firm.
To know how audit compliance with laws and regulations
To gather knowledge about different terms and symbols of auditing.
Scope of the study
As, we are the student of business it is our duty to know how an organization walks and how
the movement of the organization can be controlled. The most important matter is here that
very recently we have studied our audit course under a great and intellectual personality Md.
Zakir Hosen, Asst. professor& Chairman, Accounting and Information System. In this
course we have learned the accounting standards and the way to provide an audit report. Here
we have also learned the way analyze the information that is needed to prepare the report.
Here we gather the knowledge about the importance of the auditing in the achievement of an
organizations goal. So when we took the step to prepare the report then it became clear to usthat there are some deviations in the preparation of the audit report. SO it is a fact that there
are some deviation of the theoretical and the practical use of auditing method. So, the
preparation of this report helped us to know the deviation between the audit report
preparation process in practical and the theoretical stage. With the preparation of this report
we will be able to know how to control the conduct an audit operation and how it can help to
control the quality of the company. So preparation of this report will help us to prepare our
self for the future competitive world.
8/11/2019 Auditing Process of a Company
2/33
Page | 2
Methods of gathering information
According to the nature of the report we have used the descriptive method to prepare the
report.There are two sources of data; primary and secondary. Primary data means datacollected from the field survey through the active participation of the CA firm. Secondary
data means data collected from the published journals, books, internet, etc. In this study the
researchers have used secondary data to complete the report and the data is collected from the
books of assurance and internet.
Limitation of the study
Though we have tried our level best to prepare a prudent report, but at the period of preparing
the report we have to face a lot of obstacles. Because of the existence of these obstacles here
exist some limitations of the study-
We could not found any specific information.
Huge deviation in the practical and theoretical concept in our country.
The report is nothing but a hypothetical report.
8/11/2019 Auditing Process of a Company
3/33
Page | 3
ChapterOne (Concept of and need for assurance)
01.1. What is Assurance?
An assurance engagement is one in which a practitioner expresses a conclusion designed to
enhance the degree of confidence of the intended users other than the responsible party about
the outcome of the evaluation or measurement of a subject matter against criteria.
The key elements of an assurance engagement are as follows:
Three people or groups of people involved-
The practitioner (accountant)
The intended users
The responsible party (persons who prepared the subject matter)
A subject matter:It is likely to fall following categories-
Date (for example, financial statement or business projections)
Systems or process (internal control systems or computer systems)
Behavior (social and environmental performance or corporate governance)
Suitable criteria: The person providing the assurance must have something by which to
judge whether the information is reliable and can be trusted.
Sufficient and appropriate evidence to support the assurance opinion
A written report in appropriate form
01.2. Level of assurance:
Reasonable assurance engagement-
Sufficient and appropriate evidence: In a reasonable assurance the auditor look up a whole
system of a subject matter so the sufficient and appropriate evidence is very high.
Types of opinion:Here the auditor provides the opinion is positive and straight forward like-
The statement by the Chairman X is reasonable.
Limited assurance engagement-
Sufficient and appropriate evidence:As the auditor has limited access to the subject matter
so in a limited engagement evidence is relatively low.
Types of opinion: In limited engagement the auditor expressed opinion is negative and
indirect like- Nothing has come to attention indicating that the statement is reasonable.
01.3. Limitations of assurance:
The limitations of assurance services include-
The fact that testing is used.
Accounting systems may have inherent limitation.
8/11/2019 Auditing Process of a Company
4/33
Page | 4
Audit is persuasive rather than conclusive.
Assurance providers would not test every item in the subject matter.
Assurance provision can be subjective and professional judgments have to be made.
Nature of the assurance report might itself be limiting.
The fact that client members may collude in fraud.01.4.What is Audit?
Auditing is a systematic process of objectively obtaining and evaluating evidence regarding
assertions (Financial Statements including footnotes) about economic actions and events to
ascertain the degree of correspondence between the assertions and established criteria
(GAAP,GAAS) and communicating the results (Auditor's Report/Other Reports) to interested
users or stakeholders (Persons who rely on the financial reports i.e. Creditors, Investors etc.).
The objective of audit of financial statements is to enable the auditor to express whether the
financial statements are prepared, in all material respects, in accordance with an applicable
financial reporting framework.
All assurance is audit but all audits are not assurance.
Assurance subject matter may be data, systems or behaviors but the audit is only on the
economic actions or financial statements.
Evidence: Evidence includes all the information contained within the accounting records
underlying the financial statements, and other information gathered by the assurance
providers, such as confirmations from third parties.
Assertions:Representations by management, explicit or otherwise, that are embodied in the
financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur.
Criteria:The benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure. Criteria can be formal or less formal.
There can be different criteria for the same subject matter.
01.5.Suitable criteria exhibit the following characteristics:
Relevance: relevant criteria contribute to conclusions that assist decision-making by the
intended users.
Completeness: criteria are sufficiently complete when relevant factors that could affect the
conclusions in the context of the engagement circumstances are not omitted. Complete
criteria include, where relevant, benchmarks for presentation and disclosure.
Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the
subject matter including, where relevant, presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners.
Neutrality:neutral criteria contribute to conclusions that are free from bias.
8/11/2019 Auditing Process of a Company
5/33
8/11/2019 Auditing Process of a Company
6/33
Page | 6
01.8.Value of an Audit:
To society:capital markets benefit
To owners and prospective owners: remote ownership, complex transactions, investmentdecisions
To corporate governance, the Board of Directors and audit committee: representing
shareholders interests
To management
running the company with good information
cost of and access to capital
operating efficiency and effectiveness
credibility of performance indicators
properly accounting for complex transactions
Constituents: society, owners and prospective owners, corporate governance, management
All of these constituents need good information. Even nonpublic companies elect to have
audits, although they are not required to do so by any law or regulation.
01.9. The Auditing Process:
Management produces financial statements and ICFR report
Auditor gathers and evaluates evidence
Many forms of evidence; anything the auditor uses
Auditor uses established standards to compare evidence to the financial statementsand ICFR report
Looks for correspondence between what is presented and the underlying evidence
Uses processes described/required in auditing standards.
Auditor issues report
01.10. GenerallyAccepting Auditing System (GAAS):
In 1947, the American Institute of Certified Public Accountants (AICPA)adopted GAAS toestablish standards foraudits.The standards cover the following three categories:
General Standards relates to professional and technical competence, independence, and
professional due care.
Field Work Standardsrelates to the planning of an audit, evaluation of internal control,
and obtaining sufficient evidential matter upon which an opinion is based.
Reporting Standardsrelates to the compliance of all auditing standards and adequacy of
disclosure of opinion in the audit reports. If an opinion cannot be reached, the auditor is
required to explicitly state their assertions.
http://en.wikipedia.org/wiki/American_Institute_of_Certified_Public_Accountantshttp://en.wikipedia.org/wiki/Audithttp://en.wikipedia.org/wiki/Field_Workhttp://en.wikipedia.org/wiki/Field_Workhttp://en.wikipedia.org/wiki/Audithttp://en.wikipedia.org/wiki/American_Institute_of_Certified_Public_Accountants8/11/2019 Auditing Process of a Company
7/33
Page | 7
01.11. Different types of comments/opinions against the report:
There are five types of audit report opinion. The details about these opinions are given below-
Standard unqualified: Auditors frequently issue the standard unqualified audit report
opinion. There have some conditions for standard unqualified audit report. These are given in
below:
Here all financial statements are included.
The three general standards have been followed in all aspects on the engagement.
Sufficient evidence has been accumulated to conclude that the three standards of field
work have been met.
The financial statements are presented in accordance with generally accepted
accounting principles.
There are no circumstances requiring the addition of an explanatory paragraph or
modification of the wording of the report.
Unqualified report with explanatory paragraph:Auditors may issue the unqualified audit
report with explanatory paragraph or modified wording report. Here also some conditions, as-
Lack of consistent application of generally accepted accounting principles.
Substantial doubt about going concern.
Auditor agrees with a departure from promulgated accounting principles.
Emphasis of a specific matter.
Repots involving other auditors.
Qualified Audit report or Opinion:Qualified opinion report can result from a limitation on
the scope of the audit or failure to follow generally accepted accounting principles.
Adverse Audit Report or Opinion:It is used only when the auditor believes that the overall
financial statements are so materially misstated or misleading that they do not present fairly
the financial position or results of operations and cash flows in conformity of generally
accepted accounting principles.
Disclaimer of Audit Report or Opinion: It is issued when the auditor is unable to be
satisfied that the overall financial statements are fairly presented.
8/11/2019 Auditing Process of a Company
8/33
Page | 8
01.12. The relationships among auditing, attestation, and assurance services:
10.13. Beneficiaries of Audits:
Assurance Services
Any Information
Attestation Services
Primarily Financial Information
Auditing
Financial Statements
8/11/2019 Auditing Process of a Company
9/33
Page | 9
ChapterTwo (Process of assurance: Obtaining an engagement)
Engagement Overview:
02.1. Obtaining an engagement:
Accountants are permitted to advertise for clients, within certain professional guidelines.
Accountants may sometimes be invited to tender for an audit. It means that they offer a quote
for services, outlining the benefits of their firm and personnel, usually in competition with
other firms which are tendering at the same time.
02.2. Accepting an engagement:
The present and proposed auditors should normally communicate about the client prior to the
audit being accepted.
The client must be asked to give permission for communication to occur. If the client refuses
to give permission, the proposed auditors must consider the reasons for such refusal.The auditors must ensure they have sufficient resources (time and staff, for example) to carry
out the appointment.
The audit firm must have client due diligence procedures in place in order to comply with the
Money Laundering Regulations 2003.
This section covers the procedures that the auditors must undertake to ensure that their
appointment is valid and that they are clear to act.
02.2.1. Acceptance procedures:
At the very beginning, the client organization calls for tender to the audit firms. Then the
audit firms drop tenders to be involved with the organization as a external auditor. When the
client organization gets all the tenders they start to evaluate all the tenders which will be more
profitable to their organization. At the period of evaluation the organization first have to
search for the following characteristics as the minimum requirement for accepting the
auditor-
The auditors must carry out the following characteristics-
Ensure professionally qualified to act:Consider whether disqualified on legal or ethical
grounds, for example, if there would be a conflict of interest with another client.
Obtain
(Or retain)
client
Risk
Assessmen
Substantive
Procedures
Issue
Report
Engagement
Planning
8/11/2019 Auditing Process of a Company
10/33
Page | 10
Ensure existing resources adequate:Consider available time, stuff and technical expertise
are available for the service.
Obtain references:Make independent enquiries if directors no personally known.
Communicate with present auditors:Enquire whether there are reasons or circumstances
behind the change which the new auditors ought to know, also as a matter of courtesy.02.2.2. Sources of information of new clients:
The can take information about the new clients from the following sources-
Enquires of other sources:Bankers, solicitors.
Review of documents:Most recent annual accounts, listing particulars, credit ratings.
Previous accountants or auditors: Previous auditors should be invited to disclose fully all
relevant information.
Review of rules and standards: Consider specific laws or standards that relate to industry.
8/11/2019 Auditing Process of a Company
11/33
Page | 11
02.2.3. Appoint decision chart:
Yes
No
No
Yes
No
Yes
No
Yes
Yes
Accept or Reject the Appointment.
A roach b otential new audit client.
Does client giveold auditor
permission to
reply?
Prospective auditor
should consider carefully
the reason for this
Does client
give
permission tocontact old
auditor?
Is this
the first
audit?
Does old
auditor reply
with
information?
Prospective can make own
decision.
Write for all information pertinent to the
Appointment.
Give old auditor due
notice then decide onbasis of knowled e
8/11/2019 Auditing Process of a Company
12/33
Page | 12
02.3. Agreeing terms of an engagement:
An engagement letter should be sent to all clients to clarify the terms of the engagement.
Agreement of audit engagement terms must be in writing.
It must include an explanation of the scope of the audit, the limitations of an audit and theresponsibilities of auditors and those charged with governance.
It may contain other information concerning practical details of the audit.
02.3.1. The purpose of an engagement letter:
At this stage the auditor has to provide an engagement letter to the client organization.
Auditing standards requires that the auditor and the client should agree on terms of the
engagement. The auditing terms must be writing and the form would be a letter of
engagement. The purpose of letter of engagement is to-
Define clearly the extent of audit of the auditors responsibilities and so minimize the
possibility of any misunderstanding between the client and the firm.
Provide written confirmation of the firms acceptance of the appointment, the scope of the
engagement and the form of their report.
02.3.2. Content of audit engagement letters:
The audit engagement letter should include the following-
The objective of the audit of financial statement.
Managements responsibility for the financial statements.
The scope of the audit, including reference to applicable legislation, regulations, orpronouncements of professional bodies.
The form of any reports or others communication of the results of the engagement.
Unrestricted access to whatever records, documentation and other information is
requested in connection with the audit.
Arrangements regarding the planning of the audit.
Expectation of receiving from management written confirmation of representation
made in connection with the audit.
Description of any others letters or reports the auditor expects to issue to the client.
Unrestricted access to whatever records, documentation and other information isrequested in connection with the audit.
Request for the client to confirm the terms of the engagement by acknowledging
receipt of the engagement letter.
The confidentiality of any reports issued, and, if relevant, the terms under which they
can be shared with third parties.
Basis on which fees are computed and any billing arrangements.
Arrangements concerning the involvement of other auditors and experts in some
aspects of the audit.
Arrangements concerning the involvement of internal auditors and other client staff.
8/11/2019 Auditing Process of a Company
13/33
Page | 13
Arrangements to be made with the predecessor auditor, if any, in the case of an initial
audit.
Any restriction of the auditor's liability when such possibility exists.
A reference to any further agreements between the auditor and the client.
ChapterThree (Process of assurance: Planning the assignment)
03.1. Audit strategy:
The formulation of the general strategy for the audit, which sets the scope, timing and
direction of the audit and guides development of the audit plans. Strategy is the direction and
scope of an organization over the long term, which achieves advantage for organization
through its configuration of resources within a changing environment, meets the needs of the
markets and to fulfill stakeholders expectations. Strategies are about the long term
development and survival of the business.
03.1.1. Key contents of an overall audit strategy:
The audit strategy includes the following-
Understanding the entitys environment:It includes the important characteristics of the
client like business, principal business, financial performance, reporting requirements, etc.
Understanding the accounting and internal control system:It encompasses the accounting
policies of the entity and changes in the policy, effect of new accounting or auditing
pronouncements, etc.Risk and materiality: The expected assessment of the risks of fraud or error and
identification of significant audit areas.
Consequent nature, timing and extent of procedures:Possible changes of emphasis on
specific audit areas and the effect of information technology on the audit.
Coordination, direction, supervision and review: This includes the numbers of locations,
staffing requirements; need to attend client premises, etc.
Others matters:The possibility that going concern basis may be subject to question,
conditions requiring special attention, the terms of the engagement and any statutory
responsibilities will be the special audit strategy.At this stage we tried to understand the entitys situation. Here we followed the rationale
(why), what and process (how) are behind understanding the entity-
8/11/2019 Auditing Process of a Company
14/33
Page | 14
03.1.2. Why obtaining an understanding of the entity and its environment?
To identify and assess the risks of material misstatement in the financial statements.To enable the auditor to design and perform further audit procedures.
To provide a frame of reference for exercising audit judgment, for example, when setting
audit materiality
03.1.3. What obtaining an understanding of the entity and its environment?
03.1.4. How obtaining an understanding of the entity and its environment?
Inquiries of management and others within the entity.
Analytical procedures (which we shall look at in the next section of this chapter).
Observation and inspection.
Prior period knowledge.
Discussion of the susceptibility of the financial statements to material misstatement
among the engagement team.
Understanding the
Entitys environment
Nature
Of the
entity
Objectives
And strategies
And relating
Business risks
Measurement
And review of
The entities
Financial
erformance
Internal
Control
Industry,
Regulatory
And other
External
Factors
8/11/2019 Auditing Process of a Company
15/33
Page | 15
03.2. Audit plan:
An audit plan is more detailed than the strategy and sets out the nature, timing and extent ofaudit procedures to be performed by the engagement team members in order to obtain
sufficient appropriate audit evidence.
03.2.1. Why audit should be well planned?
An audit plan shows how the overall audit strategy will be implemented.
Audits are planned to:
Ensure appropriate attention is devoted to important areas of the audit
Identify potential problems and resolve them on a timely basis
Ensure that the audit is properly organized and managed
Assign work to engagement team members properly
Facilitate direction and supervision of engagement team members
Facilitate review of work
03.2.2. A structured approach to planning will include:
Step 1
Ensuring that ethical requirements continue to be met.
Step 2
Ensuring the terms of the engagement are understood.
Step 3
Establishing the overall audit strategy
03.3. Professional skepticism:
An attitude of professional skepticism means the auditor makes a critical assessment, with aquestioningmind, of the validity of audit evidence obtained and is alert to audit evidence that
contradicts, or brings into question, the reliability of documents and responses to inquiries
and other information obtained from management and those charged with governance.
Misstatements which are significant to readers may exist in financial statements and auditors
will plan their work on this basis, that is, with professional skepticism. The concept of
'significance to readers' is theconcept of materiality.
Professional skepticism does not mean that auditors should disbelieve everything they are
told; however, they must have a questioning attitude.
8/11/2019 Auditing Process of a Company
16/33
Page | 16
03.4. Analytical procedures:
Analytical procedures mean evaluation of financial information made by a study of plausiblerelationships among both financial and non-financial data. Analytical procedures also
encompass the investigation of identified fluctuations and relationships that are inconsistent
with other relevant information or deviate significantly from predicted amounts.They include
consideration of comparisons of the entity's financial information with other information, and
the consideration of relationships among elements in that financial information or between
financial information and non-financial information.
Analytical procedures include:
The consideration of comparisons with:
Comparable information for prior periods
Anticipated results of the entity, from budgets or forecasts or expectations of the auditor
Similar industry information, such as a comparison of the client's ratio of sales to trade
receivables with industry averages, or with the ratios relating to other entities of comparable
size in the same industry.
Consideration of relationships between:
Elements of financial information that are expected to conform to a predicted pattern based
on the entity's experience, such as the relationship of gross profit to sales.
Financial information and relevant non-financial information, such as the relationship ofpayroll costs to number of employees.
A variety of methods can be used to perform the procedures discussed above, ranging from
simple comparisons to complex analysis using statistics. The choice of procedures is a matter
for the auditor's professional judgment.
03.5.Enterprise Risk Management Framework:
MonitoringInternal Environment
Objective
Setting
Event
Identification
Risk
Assessment
Risk
Response
Control
Procedures
Information
And
Communication
8/11/2019 Auditing Process of a Company
17/33
Page | 17
03.5.1. Risk assessment:
The auditor usually adopts a risk-based approach to auditing and focuses his testing on the
riskiest balances and classes of transactions.Audit risk has two elements, the risk that the financial statements contain a material
misstatement and the risk that the auditors will fail to detect any material misstatements.
Risk of material misstatement in the financial statements has two elements, inherent and
control risk.
The risk that the auditor will fail to detect material misstatements is known as detection risk.
Auditors set an acceptable level for overall audit risk and carry out sufficient tests to ensure
this level is met.
When the auditor has obtained an understanding of the entity, he must assess the risks of
material misstatement in the financial statements, also identifying significant risks.
Significant risks are complex or unusual transactions, i.e. those that may indicate fraud or
other special risks.
Audit risk:The risk that the auditors give an inappropriate opinion on the financial
statements.
Inheren
t risk
Detecti
on risk
Contr
ol
risk
Audit
AUDIT RISK = RISK OF MATERIAL MISSTATEMENT + DETECTION RISK
RISK OF MATERIAL MISSTATEMENT=Inherent risk + Control risk
8/11/2019 Auditing Process of a Company
18/33
Page | 18
Inherent risk: The susceptibility of an account balance or class of transactions to
misstatement that could be material individually or when aggregated with misstatements in
other balances or classes, assuming there were no related internal controls.
Inherent risk is the risk that items will be misstated due to characteristics of those items.
Control risk: The risk that a material misstatement would not be prevented detected or
corrected by the accounting and internal control systems.
Detection risk:The risk that the auditors' procedures will not detect a misstatement that exists
in an account balance or class of transactions that could be material, either individually or
when aggregated with misstatements in other balances or classes.
03.5.2. Identifying and assessing the risks:
Step 1
Identify risks throughout the process of obtaining an understanding of the entity
Step 2
Relate the risks to what can go wrong at the assertion level (this is the assertions made in the
financial statements by the directors, for example, that inventory is X)
Step 3
Consider whether the risks are of a magnitude that could result in a material misstatement
Step 4Consider the likelihood of the risks causing a material misstatement
8/11/2019 Auditing Process of a Company
19/33
Page | 19
Inherent, Control and Detection Risk
03.5.3. Significant risks:
Some risks may be significant risks, which require special audit consideration. The following
factors which indicate that a risk might be a significant risk:
Risk of fraud
Related to recent significant economic, accounting or other development
The complexity of the transaction
It is a significant transaction with a related party
`The degree of subjectivity in the financial information
It is an unusual transaction
Routine, non-complex transactions are less likely to give rise to significant risk than unusual
transactions or matters of director judgment. This is because unusual transactions are likely to
have more:
Management intervention
Manual intervention
Complex accounting principles or calculations
Opportunity for control procedures not to be followed
When the auditor identifies a significant risk, if he hasn't done so already, he. must evaluate
the design and implementation of the entity's controls in that area
Events,
Transacti
ons
AccountingInformation
Internal
Controls
Substantive
Procedures
Financia
l
AUDIT RISK
The likelihood thatan error or fraud will occur,
and not get caught
by either the internal controls
or auditors procedures.
DETECTION RISK
The likelihood that
an error or fraud
will not be caughtby the auditors
procedures.
CONTROL RISK
The likelihood that an error
or fraud will not get caught by the
clients internal controls.
INHERENT RISK
The likelihood that,in the absence of
internal controls,
an error or fraud
will enter the accounting
information system
Risk of Material Misstatement (RMM)
8/11/2019 Auditing Process of a Company
20/33
Page | 20
03.5.4. Documentation of Risk Assessment:
Once the assessed level of risk has been determined, so we have documented the following in
our work papers:
A description of the risk assessment technique used.
The identification of significant risks.The risks the audit is going to address.
The audit evidence used to support our assessment of risk.
Chapter- four: (Evidence & Sampling)
04.1. Audit evidence:
All of the information used by the auditor in arriving at the conclusions on which the audit
opinion are based. Audit evidence includes all the information contained within the
accounting records underlying the financial statements, and other information gathered by the
auditors, such as confirmations from third parties. Auditors are not expected to look at all the
information that might exist.In order to reach a position in which they can express a
professional opinion, the auditors need to gather evidence from various sources. There are
potentially two types of test which they will carry out: tests of controls and substantive
procedures.
The audit evidence gathered by us was documented and organized to support our findings and
conclusions. Finally, when we were enforced to believe that sufficient audit evidence cannot
be obtained, we then could disclose this fact as a scope limitation within the audit report.Tests of controls:Performed to obtain audit evidence about the effectiveness of controls in
preventing, or detecting and correcting material misstatements at the assertion level.
Substantive procedures:Audit procedures performed to detect material misstatements at the
assertion level. They include:
Tests of detail of classes of transactions, account balances and disclosures.
Substantive analytical procedures.
04.1.1. Sufficient appropriate audit evidence:
Audit Evidence requires auditors to 'obtain sufficient appropriate audit evidence to be able to
draw reasonable conclusions on which to base the audit opinion'. Sufficiency' and
appropriateness' are interrelated and apply to both tests of controls and substantive
procedures.
Sufficiency is the measure of the quantity of audit evidence.
Appropriateness is the measure of the quality or reliability of the audit evidence.
How much evidence is required will depend on the level of assurance being offered in an
engagement.
The quantity of audit evidence required is affected by the level of risk in the area being
audited. It is also affected by the quality of evidence obtained. If the evidence is high quality,
the auditor may need less than if it were poor quality. However, obtaining a high quantity of
8/11/2019 Auditing Process of a Company
21/33
Page | 21
poor quality evidence will not cancel out its poor quality. The following generalizations may
help in assessing the reliability of audit evidence.
04.1.2. Quality of evidence:
External Audit evidence from external sources is more reliable than that obtained from the
entity's recordsAuditor Evidence obtained directly by auditors is more reliable than that obtained indirectly
or by inference
Entity Evidence obtained from the entity's records is more reliable when related control
systems operate effectively
Written Evidence in the form of documents (paper or electronic) or written representations
are more reliable than oral representations
Originals Original documents are more reliable than photocopies, or facsimiles
04.1.3. Financial statement assertions:
The representations by management, explicit or otherwise, that are embodied in the financial
statements. By approving the financial statements, the directors are making representations
about the information therein. These representations or assertions may be described in
general terms in a number of ways.
The auditor should use assertions for classes of transactions, account balances, and
presentation and disclosures in sufficient detail to form a basis for the assessment of risks of
material misstatement and the design and performance of further audit procedures.
04.2. Sampling technique:
Audit sampling is the application of an audit procedure to less than 100% of the population toenable the auditor to evaluate audit evidence within a class of transactions for the purpose of
forming a conclusion concerning the population. When designing the size and structure of an
audit sample, we have considered the audit objectives determined when planning the audit,
the nature of the population, and the sampling and selection methods.
8/11/2019 Auditing Process of a Company
22/33
Page | 22
04.2.1. Selecting the Sample:
We have selected the sample items in such a way that they are representative of the
population. The most commonly used sampling selection methods are:
Statistical Sampling Methods
Random Samplingensures that all combinations of sampling units in the population have
an equal chance of selection.
Systematic Sampling involves selecting sampling units using a fixed interval between
selections with the first interval having a random start.
Non-Statistical Sampling Methods
Haphazard Sampling the auditor selects the sample without following a structured
technique.
Judgmental Samplingthe auditor places a bias on the sample. For example, selecting only
sampling units over a certain value.
The selection of the sample size is affected by the level of sampling risk that the auditor is
willing to accept.Sampling risk is the risk the auditors conclusion may be different from the
conclusion that would be reached if the entire population were subjected to the same audit
procedure. The two types of sampling risk are:
The Risk of Incorrect Acceptance the risk that a material misstatement is assessed as
unlikely, when in fact the population is materially misstated.
The Risk of Incorrect Rejectionthe risk that a material misstatement is assessed as likely,
when in fact the population is not materially misstated.
Once the sample items have been selected to be tested, we have begun the audit tests usingComputer Assisted Auditing Techniques (CAATs), which will be discussed shortly.
http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_riskhttp://en.wikipedia.org/wiki/Sampling_riskhttp://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%298/11/2019 Auditing Process of a Company
23/33
Page | 23
Non statistical and Statistical Sampling
04.2.2. Evaluation and Documentation of Samples:
The performance and evaluation of a sample must address the following issues:
The effect of not being able to apply a planned procedure to a sample item.
A projection of the sample results to the population being tested, then comparing those results
with the planned amounts.
Appropriate consideration to the assessed level of sampling risk must be performed.
SAS 39 requires the auditor to adequately consider qualitative aspects of misstatements, such
as the nature and cause of the misstatement and the possible relationship of the misstatements
to other phases of the audit.
We have documented in our work papers the sampling objectives and the sampling process
used. The work papers included the source of the population, the sampling method used,
sampling parameters, items selected, details of audit tests performed, and conclusions
reached.
04.2.3. Contents of documentation:
All assurance work must be documented; the working paper papers are the tangible evidence
of the work done in support of the conclusion. Audi documentation or working paper should
provide-
A sufficient and appropriate record of the basis for the assurance providers report.
Evidence that the engagement was performed in accordance with standards and applicable
legal and regulatory requirements.
We have included in our working paper the following matters-
8/11/2019 Auditing Process of a Company
24/33
Page | 24
The name of the client.
The balance sheet date.
The file reference of the working paper.
The name of the prepared.The date of preparation.
The subject of the working paper.
The name of the reviewer.
The source of information.
The objective of the work done.
How any sample was selected?
The size determined.
The work done.
A key to any audit ticks or symbols.Appropriate cross-referencing.
The results obtained.
Analysis of errors.
The conclusions drawn
The key points highlighted.
04.2.4. Filling working paper:
For the proper handling of the audit we divide the records into two files-
Permanent audit files contain information of continuing importance to the audit.
Current audit files contain information of relevance to the current years audit.
The listing of permanent and current audit files are shown below-
04.2.5. Computer Assisted Auditing Techniques (CAATs):
CAATs are used to test application controls as well as perform substantive tests on sampleitems. Types of CAATs include:
Generalized Audit Software (GAS)allows the auditor to perform tests on computer files
and databases.
Custom Audit Software (CAS)generally written by auditors for specific audit tasks. CAS
is necessary when the organizations computer system is not compatible with the auditors
GAS or when the auditor wants to conduct some testing that may not be possible with the
GAS.
Test Data the auditor uses test data for testing the application controls in the clients
computer programs. The auditor includes simulated valid and invalid test data, used to test
Permanent audit files Current audit files
Engagement letters.
New client questionnaire.
The memorandums and articles of
association.Prospectus, leases, sales agreement.
Board minutes.
Accounting systems.
Previous signed accounts, analytical
procedures
Financial statements.
Accounts checklist.
Management account details.
A summary of unadjusted errors.Review notes.
Audit planning memorandum.
Time budgets and summaries.
Letter of representation.
Notes of board minutes.
8/11/2019 Auditing Process of a Company
25/33
Page | 25
the accuracy of the computer systems operations. This technique can be used to check data
validation controls and error detection routines, processing logic controls, and arithmetic
calculations, to name a few.
Parallel Simulation the auditor must construct a computer simulation that mimics the
clients production programs.Integrated test facility the auditor enters test data along with actual data in a normal
application run.
http://en.wikipedia.org/wiki/Integrated_test_facilityhttp://en.wikipedia.org/wiki/Integrated_test_facilityhttp://en.wikipedia.org/wiki/Integrated_test_facility8/11/2019 Auditing Process of a Company
26/33
Page | 26
Chapter- Five: (Internal control)
05.1. Internal control:
Internal control is the process designed and affected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of
the entitys objectives with regard to reliability of financial reporting, effectiveness andefficiency of operations and compliance with applicable laws and regulations. It follows that
internal control is designed and implemented to address identified business risks that threaten
the achievement of any of these objectives.
05.2. Fundamental Concepts of Internal Controls:
Process integrated with an entitys infrastructure
People implement internal control
Can only provide reasonable assurance
Achieve objectives in financial reporting, compliance, and operations
05.3. Reasons for internal controls:
Minimizing the companys business risks
Ensuring the continuing effective functioning of the company
Ensuring the company complies with relevant laws and regulations
Most of these reasons funnel back to the ultimate objective that the company continues to
operate. For example, if the company failed to comply with relevant laws and regulations, itmight be forced to stop operations.
8/11/2019 Auditing Process of a Company
27/33
Page | 27
05.4. Limitations of Internal Control:
Mistakes in Judgment
Breakdowns
Collusion
Management Override Cost versus Benefits
05.5. Observations/components of the internal control:
Internal control can be defined as, a process, influenced by an entitys board of directors,
management, and other personnel, that is designed to provide reasonable assurance in the
effectiveness and efficiency of operations, reliability of financial reporting, and the
compliance of applicable laws and regulations.
We have evaluated the organizations control structure by understanding the organizations
five interrelated control components. These include:
Control EnvironmentProvides the foundation for the other components. Encompasses such
factors as managements philosophy and operating style.
Risk AssessmentConsists of risk identification and analysis.
Control ActivitiesConsists of the policies and procedures that ensure employees carry out
managements directions. Types of control activities an organization must implement are
preventative controls (controls intended to stop an error from occurring), detective controls
(controls intended to detect if an error has occurred), and mitigating controls (control
activities that can mitigate the risks associated with a key control not operating effectively).
Information and CommunicationEnsures the organization obtains pertinent information,
and then communicates it throughout the organization.
Monitoring Reviewing the output generated by control activities and conducting special
evaluations.
In addition to understand the organizations control components, we have also evaluated the
organizations General and Application controls.
Interrelated Components of Internal Control:
05.6. General Controls:
General controls relate to the overall information-processing environment and has a largeeffect on the organizations computer operations. Types of general controls include:
8/11/2019 Auditing Process of a Company
28/33
Page | 28
Organizational Controlsincludessegregation of duties controls.
Data Center and Network OperationsControls ensures the proper entry of data into an
application system and proper oversight of error correction.
Hardware & Software Acquisition and Maintenance Controls includes controls to
compare data for accuracy when it is input twice by two separate components.Access Security Controls ensures the physical protection of computer equipment,
software, and data, and is concerned with the loss of assets and information through theft or
unauthorized use.
Application System Acquisition, Development, and Maintenance Controlsensures the
reliability of information processing.
Managerial controls- To ensure that there is no unauthorized access to assets.
05.7. Application Controls:
Application controls apply to the processing of individual accounting applications and help
ensure the completeness and accuracy of transaction processing, authorization, and validity.
Types of application controls include:
Data Capture Controlsensures that all transactions are recorded in the application system,
transactions are recorded only once, and rejected transactions are identified, controlled,
corrected, and reentered into the system.
Data Validation Controlsensures that all transactions are properly valued.
Processing Controlsensures the proper processing of transactions.
Output Controls ensures that computer output is not distributed or displayed to
unauthorized users.
Error Controlsensures that errors are corrected and resubmitted to the application system
at the correct point in processing.Application controls may be compromised by the following application risks:
Weak security
Unauthorized access to data and unauthorized remote access
Inaccurate information and erroneous or falsified data input
Misuse by authorized end users
Incomplete processing and/or duplicate transactions
Untimely processing
Communication system failure
Inadequate training and support
05.8. Tests of Controls:
Tests of controls are audit procedures performed to evaluate the effectiveness of either the
design or the operation of an internal control. Tests of controls directed toward the design of
the control focuses on evaluating whether the control is suitably designed to prevent material
weaknesses. Tests of controls directed toward the operation of the control focuses on
assessing how the control was applied, the consistency with which it was applied, and who
applied it.
In addition to inquiring with appropriate personnel and observation of the application of the
control, we have focused when testing the controls is to do a re-performance of the
application of the control themselves.
http://en.wikipedia.org/wiki/Separation_of_dutieshttp://en.wikipedia.org/wiki/Separation_of_duties8/11/2019 Auditing Process of a Company
29/33
Page | 29
Identify Necessary Controls
Chapter- Six:(Completing process & Sample of audit report)
06.1. Completing the Audit:
Before choosing the appropriate audit report, we have considered the following issues:
Review for Subsequent Eventstwo types of subsequent events requires an evaluation by
the auditor. They include:
Type I events events that provide additional evidence about the conditions that existed at
the date of the balance sheet.
Type II eventsevents that provide evidence about conditions that did not exist at the date of
the balance sheet, but arose after that date.
Audit procedures used to review for subsequent events include asking management whether
any unusual adjustments to their information systems have been made during the subsequent
events period (after the completion of the audit, but before the audit report is issued), or
obtaining a representation letter from management.
Final Evidential Evaluation Processesaudit steps performed by the auditor in this phaseto determine the most appropriate audit report includes obtaining a representation letter,
reviewing work papers, final assessment of audit results and obtaining an independent review
of the engagement.
Communications with the Audit Committee and Managementcommunications should
include significant audit adjustments, the auditors judgments about the quality of the entitys
accounting principles, disagreements with management, major issues discussed with
management before the auditor was retained, difficulties encountered during the audit, and
fraud involving senior management. Also, the auditor should discuss the draft of the audit
report with management to give management the chance to correct any weaknesses or
8/11/2019 Auditing Process of a Company
30/33
Page | 30
deficiencies before they are reported and released to the public. The auditor may decide to do
this in the form of a Management Comment Letter.
Subsequent Discovery of Facts Existing at the Date of the Auditors Report Auditing
standards 561 provides guidance for auditors when facts have come to the auditors attention
about the organizations processes that might have affected the report had they known aboutthem.
The auditors conclusion and findings, which are based on documented evidence, must be
objective, measurable, complete, and relevant. The findings are disclosed to management in
formal statements, typically an audit report. Any recommendations must be provided for each
audit finding for the report to be useful to management.
06.2. The audit report should include the following basic elements, usually in the
following layout:
Title
Addressee
Introductory paragraph identifying the financial statements audited
A statement of management's responsibility for the financial statements
A statement of the auditor's responsibility
Scope paragraph, including a description of the work performed by the auditor
Opinion paragraph containing an expression of opinion on the financial statements
Date of the report
Auditor's addressAuditor's signature
A measure of uniformity in the form and content of the audit report is desirable because it
helps to promote the reader's understanding and to identify unusual circumstances when they
occur.
8/11/2019 Auditing Process of a Company
31/33
Page | 31
06.3. Sample of an audit report:
Auditors Report
To the shareholders of
Nvana CNG Ltd.
Introduction:
We have audited the accompanying financial statements of Navana CNG Ltd, which
comprise the statement of financial position as at 31 December 2013, and the statement of
comprehensive income, statement of changes in equity and statement of cash flows for the
year then ended, and a summary of significant accounting policies and other explanatory
notes and all related consolidated financial statements of Navana CNG Ltd and its subsidiary
(together referred to as "the group").
Management's responsibility for the financial statements:
Management is responsible for the preparation and fair presentation of these financial
statements in accordance with International Financial Reporting Standards (IFRS),Bangladesh Financial Reporting Standards (BFRS), the Companies Act 1994, the Securities
and Exchange Rules 1987 and other applicable laws and regulations. This responsibility
includes: designing, implementing and maintaining internal control relevant to the
preparation and fair presentation of financial statements that are free from material
misstatements, whether due to fraud or error; selecting and applying appropriate accounting
policies; and making accounting estimates that are reasonable in the circumstances.
Auditors' responsibility:
Our responsibility is to express an opinion on these financial statements based on our audit.
We conducted our audit in accordance with International Standards on Auditing (ISA) and
Bangladesh Standards on Auditing (BSA). Those standards require that we comply with
relevant ethical requirements and plan and perform the audit to obtain reasonable assurance
whether the financial statements are free from material misstatement. An audit involves
performing procedures to obtain audit evidence about the amounts and disclosures in the
financialstatements. The procedures selected depend on the auditors' judgment, including the
assessment of the risks of material misstatement of the financial statements, whether due to
fraud or error. In making those risk assessments, we consider internal control relevant to the
entity's preparation and fair presentation of the financial statements in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing an
Khan Ayub
Chartered Accountants
House# 384(4thFloor)
Road #28.NewDohs.Dhaka 1206, Bangladesh.
Telephone +880-2-8824828
Fax +880-2-8818784
Email [email protected]
8/11/2019 Auditing Process of a Company
32/33
Page | 32
opinion on the effectiveness of the entity's internal control. An audit also includes evaluating
the appropriateness of accounting policies used and the reasonableness of accounting
estimates made by management, as well as evaluating the overall presentation of the financial
statements. We believe that the audit evidence we have obtained is sufficient and appropriate
to provide a basis for our audit opinion.
Opinion:
In our opinion, the financial statements including consolidated financial statements, prepared
in accordance with International Financial Reporting Standards (IFRS) and Bangladesh
Financial Reporting Standards (BFRS), give a true and fair view of the state of the
company's/group's affairs as at 31 December 2013 and of the results of its operations and
cash flows for the year then ended and comply with the Companies Act 1994, the Securities
and Exchange Rules 1987 and other applicable laws and regulations.
We also report that:
a) We have obtained all the information and explanations which to the best of our knowledge
and belief were necessary for the purposes of our audit and made due verification thereof;
b) In our opinion, proper books of account as required by law have been kept by the company
and its subsidiary so far as it appeared from our examination of these books;
c) the statement of financial position (balance sheet) and statement of comprehensive income
(profit and loss account) dealt with by the report are in agreement with the books of account
and returns; andd) the expenditure incurred was for the purposes of the company's/group's business.
Dhaka, February 06, 2013
Khan Ayub
Chartered Accountants
Auditors
8/11/2019 Auditing Process of a Company
33/33
Dhaka, February 06, 2011
References:
Class lecture
Data from CA firm
Assurance (study manual) CA professional stage knowledge level-ICAB
Boynton, Johnson, modern auditing assurance services and the integrity of financialreporting-8
thedition
Auditing and assurance services understanding the integrated services- 1stedition
Louwers, R. Auditing and assurance services
Top Related