SIR ASIF Audit Complete Book

Auditing – Study Notes Chapter 1 Introduction to Assurance Services
CHAPTER ONE
INTRODUCTION TO ASSURANCE SERVICES
ICAP'S STUDY TEXT

LO # LEARNING OBJCTIVE
REFERENCE*
ORIGIN, ADVANTAGES AND DISADVANTAGES OF ASSURANCE 1.1.2, 1.1.3, 1.1.4,
LO 1
SERVICE 1.5.1
LO 2 DEFINITION AND ELEMENTS OF ASSURANCE ENGAGEMENT 1.2.3
TYPES OF ASSURANCE AND WHY ABSOLUTE ASSURANCE
LO 3 1.2.1, 1.2.2, 1.5.2
CANNOT BE PROVIDED
1.2.3 (Definition),
LO 4 TYPES OF ASSURANCE ENGAGEMENTS
1.1.1
*Explanation of Reference:
First digit in Study Text’s Reference represents chapter number, second and third digits represents
section and sub-section number. Contents in brackets (if any) represent part of the sub-section
which is covered by the learning objective.
Coverage from Question Bank:

After completion of this chapter, you will be able to attempt following questions in ICAP's Question
Bank:
 Q. # 2 (available in practice set Q. # 4)
2
LO 1: ORIGIN, ADVANTAGES AND DISADVANTAGES OF ASSURANCE SERVICES:

Origin of Assurance Services:
Since the Industrial Revolution in 18th century, businessmen started forming Joint Stock Companies
to do business. In many situations, people who managed the business (called management and
directors) were different from those who owned the business (called shareholders). Management
and Directors had role of stewardship (i.e. they look after the assets of the company and manage
them on behalf of shareholders) or agent (i.e. they act in accordance with instructions of
shareholders). To judge the performance of management and directors, shareholders asked them to
prepare statements about financial performance and financial position of company (these
statements are now called ‘financial statements’) and to provide them these statements.
Soon after, it was recognized that financial statements prepared by managers/directors presented
“best-view” of business instead of “true-and-fair-view” due to some Incentive (e.g. bonus) or
Pressure (e.g. fear of removal) faced by management. Thus credibility of financial statements was
questioned.
To enhance the credibility/confidence/assurance on these financial statements, an expert person

(called assurance provider or auditor) was hired by shareholders to verify financial statements.
This person:
 is independent of both managers/directors and shareholders.
 gives his report/opinion whether financial statements given true and fair view in all
material respects.
Role of auditors was recognized in a great way. Now a days, audits are performed either because:
 they are required by law (called statutory audits e.g. all companies in Pakistan are required
by law to get their annual financial statements audited before they are given to
shareholders)
 they are not required by law but are voluntarily performed because of value-added benefits
of audits (called non-statutory auditors e.g. sole-proprietorships, partnerships and NGOs
etc. undergoing an audit)
Benefits of Assurance Services:

In today’s world, assurance providers are engaged not only to meet statutory requirements but
many other benefits are also obtained by shareholders from such assurance services e.g. assurance
services:
1) Enhance credibility of financial statements for shareholders.
2) Identify weaknesses in entity’s internal control system and assurance providers suggest
recommendations to management.
3) Confirm management that they have performed their statutory and non-statutory duties.
4) Are check on employees. Therefore, they behave positively.
5) Provide facilitation in:
o Sale of Business or Shares.
o Obtaining bank loans.
o Filing tax returns.
In addition to shareholders, some other stakeholders also get benefits from audit of F/S.
2 By Muhammad Asif, ACA

Disadvantages of Assurance Services:

1) Audit takes time and cost.
2) Entity/Organization has to share its confidential information with auditor.
3) Management/Directors often think audit as a “disturbing activity” instead of a “value added
activity”.
4) Audit does not provide 100% (i.e. absolute) assurance that financial statements are free
from errors or frauds.
CONCEPT REVIEW QUESTION

What are the advantages of an audit to an organization? (05 marks)
(CA Certificate Stage – Spring 2004)
LO 2: DEFINITION AND ELEMENTS OF ASSURANCE ENGAGEMENT:
Assurance Engagement:
“Assurance engagement” means an engagement in which a
practitioner (i.e. assurance provider) obtains evidence about
evaluation of a subject matter against suitable criteria, and expresses
his conclusion to enhance the confidence of the intended users (other
than the responsible party).
Elements of Assurance Engagement:

Every assurance engagement consists of following 5 elements:
Element Explanation (with respect to assurance on financial statements)

1. Intended users (the parties for whom subject matter and assurance report
is prepared i.e. shareholders, bankers)
A three party 2. A responsible party (the party which prepares subject matter i.e.
relationship management) and
3. A practitioner (the party which provides assurance on subject matter i.e.
auditor)
Subject matter is the data which responsible party is required to prepare i.e.
A subject matter
Financial Statements
Criteria means Framework (i.e. rules and regulations) under which financial
Suitable Criteria statements are prepared and evaluated e.g. IFRS or Laws.
Suitable means it should be selected appropriately.
Evidence means information on which practitioner’s conclusion is based.
Evidence
Evidence should be sufficient and appropriate.
Written Assurance It is a page which is written in standard format. It includes conclusion of
Report practitioner, and it is provided by practitioner to intended users.

List down the basic elements of an assurance engagement. (03 marks)

LO 3: LEVELS OF ASSURANCE AND WHY ABSOLUTE ASSURANCE CANNOT BE

PROVIDED:
“Assurance” means confidence with which a practitioner expresses his conclusion. Assurance adds
credibility in financial statements, however level of credibility depends on type of assurance
provided.
Levels/Types of Assurance:
There are three levels/types of assurance i.e.
Absolute Assurance
It is a perfect level of assurance.
Reasonable Assurance (also called High Level or Positive Assurance)

It is a high but not absolute level of assurance which is expressed in positive form of conclusion e.g.
“in our opinion, financial statements give true and fair view”.
Limited Assurance (also called Moderate Level or Negative Assurance)

It is a moderate level of assurance which is expressed in negative form of conclusion e.g. “Based on
our review, nothing has come to our attention that causes us to believe that financial statements do
not give a true and fair view”.
Why absolute assurance cannot be provided:

Auditor cannot provide absolute assurance because audit risk cannot be reduced to Zero due to
inherent limitations of assurance/audit. These limitations are discussed below:
Inherent Limitation Explanation

There is often uncertainty / judgment / estimates/ forecasting involved in
Nature of Financial preparation of financial statements and some areas cannot be accurately
Statements calculated/verified e.g. Provision for bad debts, Depreciation, Outcomes of
legal cases, Warranty expenses, Intangible assets.
Weaknesses in Entity’s internal control system over financial statements always has some
Internal Control weaknesses/limitations e.g. because of humans errors.
1. Many of the auditor’s procedures are based on his judgment. Therefore,
most of the audit evidence is persuasive rather than conclusive.
2. Because of time and cost limitation, auditor checks only a sample of
Nature of Audit transactions.
Procedures 3. Audit is not a fraud-examination i.e. audit procedures may not detect a
sophisticated and carefully organized fraud.
4. Management may not provide complete information to auditor, and
5. Auditor does not have specific legal powers e.g. power to search.

Briefly describe and explain the limitations of external audit. (05 marks)
(PIPFA – Summer 2012)

LO 4: TYPES OF ASSURANCE ENGAGEMENTS:

There are two types of assurance engagements i.e.
Reasonable Assurance Engagement:

Objective of reasonable assurance engagement is to provide reasonable assurance that financial
statements are free from material misstatements. An example is audit of Financial Statements.
Limited Assurance Engagement:

Objective of limited assurance engagement is to provide limited assurance that financial statements
are free from material misstatements. An example is review of Financial Statements.

What do you understand by the term "Assurance Engagement"?
Discuss its types. What are its elements? (09 marks)
(ICMA Pakistan – Winter 2007)

Auditing –Practice Set Chapter 1 Introduction to Assurance Services
CHAPTER ONE
INTRODUCTION TO ASSURANCE SERVICES
QUESTIONS
CONCEPT REVIEW QUESTIONS
Q.1 What are the advantages of an audit to an organization? (05 marks)

(CA CAF Level – Spring 2004)
LO1
Q.2 In achieving the objectives of audit, what possible disadvantages can be suffered by the company.
LO1
Q.3 Briefly describe what you understand by the terms “reasonable assurance” and “limited assurance”.
(02 marks)
LO3 (ICAEW Professional Stage – March 2006)
Q.4 Distinguish between absolute and reasonable assurance. Identify the type of assurance that is
expected in an audit of the financial statements, clearly outlining the reasons to justify your point of
LO3 view. (08 marks)
Q.5 Describe THREE limitations of external audits. (03 marks)

(ACCA Foundation Stage – December 2012)
LO3
Q.6 List and explain the elements of an assurance engagement. (05 marks)
LO2 (ACCA Foundation Stage – June 2010)
Q.7 Describe the level of assurance that the auditor will provide for each of the following
engagements, and how the level of assurance is expressed by the auditor:
LO4 i. Audit engagement
ii. Review engagement
(Malaysian Institute of Accountants – September 2010)
1 By: Muhammad Asif, ACA

Q.8 Assurance engagement is an independent professional service in which a practitioner

expresses a conclusion designed to enhance the degree of confidence of the intended users other
LO4 than the responsible party about the outcome of the evaluation of a subject matter against criteria.
Required:
Briefly explain two types of assurance engagement. (03 marks)
(Malaysian Institute of Accountants – March 2012)
Q.9 What is the difference between an “assurance engagement” and an “audit engagement”? (02 marks)
LO4
SUGGESTED SOLUTIONS
Q.1 (1) Audit enhances credibility of financial statements for shareholders.

(2)Audit Identifies weaknesses in entity’s internal control system and auditor suggests
recommendations to management.
(3)Audit confirms management that they have performed their statutory and non-statutory duties.
(4)Audit is a check on employees. Therefore, they behave positively.
(5)Audit provides facilitation in Sale of Business or Shares, Obtaining bank loans, Filing tax returns.
Examiners’ Comments:
It was a basic question that was well answered by the students.
Q.2 (1) Audit takes time and cost.

(2) Entity has to share its confidential information with auditor.
(3) Management/Directors often think audit as a “disturbing activity” instead of a “value added
activity”.
(4) Audit does not provide 100% (i.e. absolute) assurance that financial statements are free from
errors or frauds.
Q.3
Reasonable Assurance:
It is a high but not absolute level of assurance which is expressed in positive form of conclusion e.g.
“in our opinion, financial statements give true and fair view”.
Limited Assurance:
It is a moderate level of assurance which is expressed in negative form of conclusion e.g. “Based on
our review, nothing has come to our attention that causes us to believe that financial statements do
not give a true and fair view”.
This question was very well answered overall. Nearly all candidates obtained full marks on this
question.
Exam Tip
Carefully note the requirement of the question. Question requires to describe “reasonable
assurance”, and not “reasonable assurance engagement”.

Q.4 Distinction between absolute and reasonable assurance:

Absolute assurance is a perfect level of assurance.
Reasonable assurance is a high but not absolute level of assurance which is expressed in positive
form of conclusion e.g. “in our opinion, financial statements give true and fair view”.
Type of assurance expected in an audit:

Reasonable assurance is provided in an audit.
Reasons why absolute assurance cannot be provided:

(1)There is often uncertainty / judgment / estimates/ forecasting involved in preparation of
financial statements and some areas cannot be accurately calculated/verified.
(2)Entity’s internal control system over financial statements always has some
weaknesses/limitations e.g. because of humans errors.
(3)Many of the auditor’s procedures are based on his judgment. Therefore, most of the audit
evidence is persuasive rather than conclusive.
(4) Because of time and cost limitation, auditor checks only a sample of transactions.
(5) Audit is not a fraud-examination i.e. audit procedures may not detect a sophisticated and
carefully organized fraud.
(6) Management may not provide complete information to auditor, and
(7) Auditor does not have specific legal powers e.g. power to search.
Seemingly, a significant number of candidates found it to be the easiest question. This question was set
to test the candidate’s knowledge about the concept of absolute and reasonable assurance and their
relevance in audit, and was based on ISA 200.
Most candidates answered it to a pass standard with an encouraging number obtaining 7 or more
marks.
Exam Tip
This is a poorly drafted question with three sub-parts. As a good practice, whenever a question with
sub-parts is drafted, marks are allocated to each part separately to indicate weightage to be given to
each sub-part. If such a question appears in your exam, you are advised to answer each part
separately and judge yourself weightage to be given.
Q.5 (1)There is often uncertainty / judgment / estimates/ forecasting involved in preparation of

financial statements and some areas cannot be accurately calculated/verified.
(2)Entity’s internal control system over financial statements always has some
weaknesses/limitations e.g. because of humans errors.
(3)Many of the auditor’s procedures are based on his judgment. Therefore, most of the audit
evidence is persuasive rather than conclusive.
Performance was inadequate on this question. This question was left unanswered by a significant
minority of candidates. Those who attempted it were often unable to provide more than one relevant
answer. Some candidates seemed to think the question wanted disadvantages of having an audit,
rather than the limitations of an audit, these are two different requirements.
Q.6
Element Explanation (with respect to assurance on financial statements)
1. Intended users (the party which requires subject matter and assurance
i.e. stakeholders)
A three party 2. a responsible party (the party which prepares subject matter i.e.
relationship management) and
3. a practitioner (the party which provides assurance on subject matter i.e.
auditor)
Subject matter is the information which management is required to
A subject matter
prepare i.e. Financial Statements
Criteria means Framework (i.e. rules and regulations) under which
Suitable Criteria financial statements are prepared e.g. GAAP or IFRS.
Suitable means it should be selected appropriately.
Evidence means information on which practitioner’s conclusion is based.
Evidence
Every conclusion should be backed by sufficient appropriate evidence.
Written It is a page which is written in standard format. It includes conclusion of
Assurance report practitioner, and it is provided by practitioner to intended users.
A large number of candidates did not attempt this question, and where it was attempted it was
inadequately answered. Most candidates who provided an answer clearly did not know what the
elements of an assurance engagement were and therefore proceeded to write down anything they
knew about assurance. The usual answers focused on positive and negative assurance or on the
different types of assurance engagements. Only a small minority of candidates actually understood the
requirement and provided valid answers.
Q.7
Audit engagement Review engagement
Reasonable/High level of Limited/Moderate level of
Level of Assurance
assurance. assurance.
How Level of assurance Positive form of conclusion is Negative form of conclusion is
is expressed expressed in Report. expressed in Report.
Q.8 Two types of assurance engagement are:

1. Reasonable Assurance Engagement
2. Limited Assurance Engagement
Reasonable Assurance Engagement:

Objective of reasonable assurance engagement is to provide reasonable assurance that financial
statements are free from material misstatements. An example is audit of Financial Statements.

Limited Assurance Engagement:

Objective of limited assurance engagement is to provide limited assurance that financial statements
are free from material misstatements. An example is review of Financial Statements.
Q.9 “Assurance engagement” means an engagement in which a practitioner (i.e. assurance provider)
obtains evidence about evaluation of a subject matter against suitable criteria, and expresses his
conclusion to enhance the confidence of the intended users (other than the responsible party).
Audit engagement is a type of assurance engagement. Objective of an audit engagement is to

provide reasonable assurance that financial statements are free from material misstatements.
Students confused the question with engagement letter. Even very few students wrote correctly about
the audit engagement.

Auditing – Study Notes Chapter 2 Basic Concepts of Auditing
CHAPTER TWO
BASIC CONCEPTS OF AUDITING
ICAP'S STUDY TEXT
LO # LEARNING OBJCTIVE REFERENCE*
PART A – FINANCIAL REPORTING FRAMEWORK
Q. # 59(c i) of
LO 1 FINANCIAL REPORTING FRAMEWORKS
Question Bank
1.1.3 (True and fair
LO 2 WHAT IS MEANT BY TRUE AND FAIR VIEW
view)
PART B – RESPONSIBILITIES OF PARTIES INVOLVED IN AUDIT
1.3.9 (Responsibility
LO 3 MANAGEMENT’S (AND TCWG’S) RESPONSIBILITIES
of management…)
LO 4 AUDITOR’S RESPONSIBILITIES/OBJECTIVE 1.4.5
LO 5 STAKEHOLDERS’ RESPONSIBILITIES 15.4.2
PART C – SCOPE OF AUDIT

1.4.6 (excluding Audit
LO 6 SCOPE OF AUDIT
Field work)
1.4.4(Professional
LO 7 ESSENTIALS OF PROPER CONDUCT OF AUDIT
judgment), 3.1.2
PART D – REGULATORY ENVIRONMENT OF AUDITING
INTERNATIONAL FEDERATION OF ACCOUNTANTS 1.4.1, 1.4.2,
LO 8
(IFAC) 1.4.3, 1.4.4
INSTITUTE OF CHARTERED ACCOUNTANTS OF
LO 9 1.3.9
PAKISTAN (ICAP)
1.4.4 (Other
AUTHORITY/STATUS OF INTERNATIONAL
LO 10 International
STANDARDS ON AUDITING (ISAs) Standards)

Bank:
 Q. # 4 (available in practice set Q. # 3)
 Q. # 59 ci (available in practice set Q. # 1)

PART A – FINANCIAL REPORTING FRAMEWORK
LO 1: FINANCIAL REPORTING FRAMEWORKS AND APPLICALBE FINANCIAL

REPORTING FRAMEWORK:
A financial reporting framework is a set of criteria used to prepare financial statements.
There are two main types of financial reporting frameworks i.e. Compliance Framework and Fair
Presentation Framework
Compliance Framework:
Compliance framework is a financial reporting framework that requires compliance with
requirements of the framework, and does not contain acknowledgment of fair presentation
framework.
For example, Tax-basis Framework.
Fair Presentation Framework:

Fair presentation framework is a financial reporting framework that requires compliance with
requirements of the framework, and contains acknowledgment that, to achieve fair presentation, it
may be necessary for management:
 To provide additional disclosures beyond requirements of framework or
 To depart from a requirement of framework
For example, IFRS.
Applicable Financial Reporting Framework/AFRF:

AFRF is the financial reporting framework which management adopts
in preparation of financial statements considering legal requirements,
nature of entity, nature of financial statements, and purpose of
financial statements.
LO 2: WHAT IS TRUE AND FAIR VIEW:

If AFRF is a fair presentation framework, auditor also checks whether financial statements presents
true and fair view.
True and Fair View:

The term “True and Fair View” has not been defined in the Companies Ordinance 1984 or in ISAs or
in IASs. Therefore, it is the most difficult and judgmental aspect of audit. Generally,
 true means “free from error” and
 fair means “free from undue bias in financial statements or the way in which they are
presented”.
Study Tip
Terms “give true and fair view” and “present fairly, in all material respects” are
equivalent. However, first term is more common in practice.

PART B – RESPONSIBILITIES OF PARTIES INVOLVED IN AUDIT
LO 3: MANAGEMENT’S (AND TCWG’S) RESPONSIBILITIES:

In an audit of financial statements, management (and where applicable TCWG) is responsible:
1. For the preparation of financial statements in accordance with AFRF. This responsibility
includes:
 Selecting the applicable financial reporting framework (AFRF).
 Applying appropriate accounting policies and reasonable accounting estimates.
 Prevention and detection of fraud.
2. For design, implementation and operating effectiveness of internal control which is
necessary to prepare financial statements in accordance with AFRF; and
3. To provide the auditor with:
i. Access to all information relevant to the preparation of the financial statements of
which management is aware;
ii. Additional information that the auditor may request from management for the
purpose of the audit engagement; and
iii. Unrestricted access to persons within the entity to obtain audit evidence.
Study Tips
1. Same responsibilities are included in Engagement Letter and in Auditor’s Report.
2. “Premise of an audit” means management has acknowledged and understands
that it has above responsibilities.
LO 4: AUDITOR’S OVERALL OBJECTIVE/RESPONSIBILITY:

Auditor’s Primary responsibility/Overall objective is:
 To obtain reasonable assurance that financial statements are free from material misstatement
(whether due to error or fraud); and express an opinion on financial statements (through
auditor’s report) and
 To communicate in accordance with the auditor’s findings. (e.g. communication to TCWG if there
is non-compliance of laws and regulation or significant deficiencies in internal control).
To meet overall objective, auditor is also responsible to:

• Perform procedures in accordance with ISAs and regulatory and professional requirements.
• Apply professional judgment and professional skepticism in planning and performing audit.
• Comply with code of ethics.
Study Tip
These responsibilities are included in Engagement Letter as well as in Auditor’s
Report.

LO 5: STAKEHOLDERS’ RESPONSIBILITIES:
It is the responsibility of general public (i.e. stakeholders) to understand and eliminate expectation
gap so that scope of audit is not misunderstood.
Expectation Gap:
Expectation Gap is the difference between ‘what general public
perceives of role and responsibilities of auditor’ and ‘what statutory
role and responsibilities of auditor are’.
Some Common Misunderstandings (i.e. Expectation Gap) about Audit:

Some examples of misunderstandings in public’s expectations are as follows:
1. Auditor checks all transactions of entity.
2. Auditor has a duty to detect and prevent fraud.
3. Auditor is responsible to detect all misstatements.
4. Auditor provides absolute assurance (guarantee) about F/S.
5. Audit assures that entity will be Going Concern.
Consequences of Expectation Gap:

There is increasing tendency to file legal actions against auditors without any valid basis.
How to Reduce Expectation Gap:

 By steps taken by SECP and ICAP e.g. changes in Code of Corporate Governance to
strengthen the role and responsibilities of directors for good internal control and
accounting systems.
 By expanding the format of auditor’s report.
 By mentioning Management’s Responsibilities, Auditor’s Responsibilities and Inherent
limitations of audit in Engagement Letter.
 By mentioning Management’s Responsibilities and Auditor’s Responsibilities in Auditor’s
Report.
PART C – SCOPE OF AUDIT
LO 6: SCOPE OF AUDIT:
Scope of audit means nature, timing and extent of audit procedures which are necessary to achieve
the overall objective of audit (i.e. to obtain reasonable assurance that financial statements are free
from material misstatement). Scope of audit is determined by ISAs, legal and professional
requirements and auditor’s professional judgment.
An audit also includes:

 Assessment of risk of material misstatement. In making risk assessment, auditor considers
understanding of entity and understanding of internal control relevant to preparation of
 evaluating appropriateness of accounting policies, reasonableness of accounting estimates
and overall presentation of financial statements
Study Tip
If auditor is unable to obtain reasonable assurance about financial statements, this
is called “Limitation on Scope of Audit” or precisely “Scope Limitation”.

LO 7: ESSENTIALS OF PROPER CONDUCT OF AUDIT:

For the successful completion of a good audit, it is necessary that auditor has following attributes
throughout the audit engagement:
Characteristic Explanation
Professional Judgment is the application of Cumulative Audit Knowledge,
Professional Experience and Training, in different circumstances to reach an appropriate
Judgment course of action or conclusion.
Application of professional judgment is necessary to comply with ISAs.
Professional skepticism is an attitude which includes questioning mind
(being alert to circumstances which may indicate possible misstatement),
Professional and critical assessment of audit evidence.
Skepticism Consequently, auditor should not believe everything management tells. He
should remain alert to circumstances that indicate the possibility/risk of
misstatement or fraud.
PART D – REGULATORY ENVIRONMENT OF AUDITING
LO 8: INTERNATIONAL FEDERATION OF ACCOUNTANTS (IFAC):

International Federation of Accountants:
IFAC is the global organization of professional accountants dedicated to serving the public interest
by strengthening the profession in the area of auditing, ethics, professional education and public
sector.
IFAC’s mission is to serve the public interest by:

 development of high-quality standards and guidance
 Facilitating the adoption and implementation of standards and guidance
 promoting the value of professional accountants worldwide
 Speaking out on public interest issues
IFAC includes following four boards:

 International Auditing and Assurance Standards Board (IAASB);
 International Accounting Education Standards Board (IAESB);
 International Ethics Standards Board for Accountants (IESBA); and
 International Public Sector Accounting Standards Board (IPSASB).
International Auditing and Assurance Standards Board:

IAASB is one of the boards within IFAC. It serves the public interest by enhancing quality and
consistency of auditing and assurance practice throughout the world. It is a standard-setting body
which issues standards to be applied in providing the audit, review and related services. It also
provides facilitation in adoption and implementation of international standards.
Following types of international standards are issued by IAASB:

 International Standards on Assurance Engagements (ISAEs). These are applied on all types of
assurance engagements (i.e. on Audits and Review).
 International Standards on Auditing (ISAs). These are applied on audit of financial statements.

 International Standards on Review Engagements (ISREs). These are applied on review of

 International Standards on Related Services (ISRSs). These are applied on Agreed upon
Procedures Engagement and Compilation Engagement.
 International Standards on Quality Controls (ISQCs). These are applied for all of the above
engagement.
IASB also issues International Auditing Practice Statements (IAPS) to help auditors in implementing
ISAs and to promote good auditing practice in general.
Process of Producing a new ISA by IAASB:

 A subcommittee of IAASB determines an appropriate subject matter to issue a new ISA or to
revise an existing ISA.
 After study and research, an exposure draft is produced for consideration by IAASB.
 If exposure draft is approved by IAASB, it is circulated to member bodies and is published
on IAASB website.
 Comments and proposed amendments are considered by IAASB and draft is amended as
necessary.
 Finally exposure draft is issued an ISA or IAPS.
LO 9: INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN (ICAP):

At national level, auditors can be regulated by their own professional bodies (called self-regulation)
or/and by government (called independent/state-regulation).
In Pakistan, ICAP is the professional body regulating auditors. Role of ICAP is as follows:
− Offers professional qualification to become auditor in Pakistan.
− Establishes procedures to ensure professional competence of auditors e.g. Continuing
Professional Development (CPD) of members, Quality Control Reviews of audits (QCR).
− Maintains a list of “registered auditors” for public.
− Adopts international accounting and auditing standards for implementation in Pakistan and also
provides guidance on their implementation.
LO 10: AUTHORITY/STATUS OF INTERNATIONAL STANDARDS ON AUDITING (ISAs):

In Pakistan, ISAs are adopted by ICAP (being a member of IFAC). ICAP has adopted most of ISAs.
In Pakistan, format of auditor’s report states that audit was conducted in accordance with auditing
standards as applicable in Pakistan, therefore, it is compulsory for auditors to comply with all
required procedures of all adopted ISAs unless:
 a required procedure is not relevant, or
 a required procedure is not practicable and is necessary to depart. In this case auditor has
to document reason of departure from required procedure and alternative procedures
performed to obtain evidence.

Auditing –Practice Set Chapter 2 Basic Concepts of Auditing
CHAPTER TWO
BASIC CONCEPTS OF AUDITING
QUESTIONS
CONCEPT REVIEW QUESTIONS
Q.1 Differentiate between the following:

 Fair presentation framework and compliance framework (04 marks)
LO1
Q. 2 Briefly discuss the term “true and fair view” in the context of an audit. (05 marks)
LO2 (CA Certificate Stage – Spring 2004)
Q.3 (a) Briefly highlight the management’s responsibilities relating to the financial statements?
(07 marks)
LO3
LO7
(b) During the audit team planning meeting, a member of the audit team passed a comment that
based on past experience with the client, he was confident that the management of the client was
honest and there was no issue as regards management integrity or risk of fraud in the Company.
The audit manager responded that the auditor should always maintain an attitude of professional
skepticism throughout the audit.
Required:
Briefly describe ‘Audit Skepticism’ and elaborate on the response of the audit manager. (08 marks)
(CA Certificate Stage – Autumn 2009)
Q.4 What is the primary objective of an audit? (04 marks)

(CA Certificate Stage – Autumn 2001)
LO4
Q.5 What is the “expectation gap” and how could it be removed or reduced by the auditing profession?
(04 marks)
LO5 (CA Final, Summer 1994)
Q.6 What is the scope of an audit? Also discuss as to who is responsible to prepare financial statements.
(07 marks)
LO3 (CA Certificate Stage – Spring 2002)
LO6

Q. 7 Briefly describe the meaning of professional judgment.

(CA Inter, Spring 2013)
LO7
Q.8 During the course of the audit of Smart Services Limited for the year ended March 31, 2010,
LO7
the auditor noted certain contradictions between the results of inquiries from company’s legal
advisor and the representation provided by the management in respect of certain contingencies.
Considering the above scenario:

(i) Define “Professional Skepticism”. (02 marks)
(ii) Explain how the attitude of “Professional Skepticism” would help the auditor to deal
with such matters? (03 marks)
(ICMA Pakistan – Summer 2010)
Q. 9 (a) Discuss briefly the role of the following:

(i) International Federation of Accountants (03 marks)
LO8 (ii) International Auditing and Assurance Standards Board (03 marks)
LO10
(b) Briefly discuss the authority attaching to International Standards on Auditing (ISAs) with
respect to audit of a limited company in Pakistan. (03 marks)
Q. 10 What do you understand by ‘governance’? Who is normally charged with governance in an

organization? (03 marks)
N/A
CONCEPT APPLICATION QUESTIONS
Q. 11 You were the engagement partner on the audit of a commercial bank which has a network of more
than 200 branches, across the country. During a recent meeting, a member of the audit committee
LO4
referred to an instance of irregularity in a branch, whereby the Branch Manager had extended
credit to a close relative without following the bank’s credit disbursement procedures. The member
criticized the auditors for their failure to highlight such instances.
Required:
As an engagement partner, write a letter to the audit committee explaining your point of view in
detail with specific references to the International Standards on Auditing, wherever applicable.
(09 marks)
(CA Final – Winter 2008)

SUGGESTED SOLUTIONS
Q.1 Fair Presentation Framework:

Fair presentation framework is a financial reporting framework that requires compliance with
requirements of the framework, and contains acknowledgment that, to achieve fair presentation, it
may be necessary for management:
 To provide additional disclosures beyond requirements of framework or
 To depart from a requirement of framework
Compliance Framework:
Compliance framework is a financial reporting framework that requires compliance with
requirements of the framework, and does not contain acknowledgment of fair presentation
framework.
Q. 2 The term “True and Fair View” has not been defined in the Companies Ordinance 1984 or in ISAs or
in IASs. Therefore, it is the most difficult and judgmental aspect of audit. Generally,
 true means “free from error” and
 fair means “free from undue bias in financial statements or the way in which they are
presented”.
It was a routine question at this level that was not well answered by the students in general. Most of
the students did not define truth and fairness separately.
A minority also confused their explanations between true and fair, for example, stating “true means
unbiased”.
Q.3 (a)
Management has following responsibilities relating to financial statements:
1. For the preparation of financial statements in accordance with AFRF. This responsibility
includes:
1. Selecting the applicable financial reporting framework (AFRF).
2. Applying appropriate accounting policies and reasonable accounting estimates.
3. Prevention and detection of fraud.
2. For design, implementation and operating effectiveness of internal control which is
(b)
Audit Skepticism:
Professional skepticism is an attitude which includes questioning mind (being alert to
circumstances which may indicate possible misstatement), and critical assessment of audit
evidence.
Consequently, auditor should not believe everything management tells. He should remain alert to
circumstances that indicate the possibility/risk of misstatement or fraud.
Elaboration on the response of the audit team manager:

Viewpoint expressed by member of the audit team is Incorrect and viewpoint of by audit manager
is correct.
Though Professional skepticism does not mean to disregard past experience about competence and
integrity of management; but auditor should remain alert in every audit that there may be
circumstances that indicate the possibility/risk of misstatement or fraud.
A belief that management and those charged with governance are honest and have integrity does
not relieve the auditor of the need to maintain professional skepticism or allow the auditor to be
satisfied with less than persuasive audit evidence when obtaining reasonable assurance.
Q.4 Auditor’s Primary responsibility/Overall objective is:

 To obtain reasonable assurance that financial statements are free from material misstatement
(whether due to error or fraud); and express an opinion on financial statements (through
auditor’s report) and
 To communicate in accordance with the auditor’s findings. (e.g. communication to TCWG if there
is non-compliance of laws and regulation or significant deficiencies in internal control).
To meet overall objective, auditor is also responsible to:

• Perform procedures in accordance with ISAs and regulatory and professional requirements.
• Apply professional judgment and professional skepticism in planning and performing audit.
• Comply with code of ethics.
Q.5 What is the expectation gap:

Expectation Gap is the difference between ‘what general public perceives of role and
responsibilities of auditor’ and ‘what statutory role and responsibilities of auditor are’. e.g. public
thinks that auditor checks all transactions of entity or auditor has a duty to detect and prevent
fraud.
How could expectation gap be removed or reduced:

 By steps taken by SECP and ICAP e.g. changes in Code of Corporate Governance to
strengthen the role and responsibilities of directors for good internal control and
accounting systems.
 By expanding the format of auditor’s report.
 By mentioning Management’s Responsibilities, Auditor’s Responsibilities and Inherent
limitations of audit in Engagement Letter.
 By mentioning Management’s Responsibilities and Auditor’s Responsibilities in Auditor’s
Report.
Q.6 Scope of an audit:

Scope of audit means nature, timing and extent of audit procedures which are necessary to achieve
the overall objective of audit (i.e. to obtain reasonable assurance that financial statements are free
from material misstatement). Scope of audit is determined by ISAs, legal and professional
requirements and auditor’s professional judgment.
An audit also includes:

 Assessment of risk of material misstatement. In making risk assessment, auditor considers

understanding of entity and understanding of internal control relevant to preparation of
 evaluating appropriateness of accounting policies, reasonableness of accounting estimates
and overall presentation of financial statements
Who is responsible to prepare financial statements:

It is the responsibility of management and, where appropriate, TCWG to prepare financial
statements in accordance with applicable financial reporting framework.
This was an ISA based question but the students could not answer this part in an organized and
concise manner. However, majority of the students managed to pass in this part.
Q. 7 Professional Judgment is the application of Cumulative Audit Knowledge, Experience and Training,
in different circumstances to reach an appropriate course of action or conclusion.
Application of professional judgment is necessary to comply with ISAs.
Q.8 (i)
Professional skepticism is an attitude which includes questioning mind (being alert to
circumstances which may indicate possible misstatement), and critical assessment of audit
evidence.
(ii)
Auditor should perform further specific procedures to determine which source of evidence is
reliable e.g.
1. further inquiry of management and legal advisor about reasons of difference.
2. inspect documents relating to litigations and contingencies.
3. obtain opinion from other lawyers.
4. consider effect of events after the balance sheet date.
(i) Professional Skepticism:
Majority of the examinees could not appropriately define the term.
(ii) Ways in which Professional Skepticism is Helpful for Auditor:
Majority of examinees failed to explain the application of the attitude of Professional Skepticism to
handle and resolve the contradictions between audit evidence collected from two different sources.
Q. 9 (a)
(i) IFAC is the global organization of professional accountants dedicated to serving the public
interest by strengthening the profession in the area of auditing, ethics, professional education and
public sector.
IFAC’s mission is to serve the public interest by:

 development of high-quality standards and guidance
 Facilitating the adoption and implementation of standards and guidance
 promoting the value of professional accountants worldwide
 Speaking out on public interest issues

(ii) IAASB is one of the boards within IFAC. It serves the public interest by enhancing quality and
consistency of auditing and assurance practice throughout the world. It is a standard-setting body
which issues standards to be applied in providing the audit, review and related services. It also
provides facilitation in adoption and implementation of international standards.
(b) In Pakistan, ISAs are adopted by ICAP (being a member of IFAC). ICAP has adopted most of ISAs.
In Pakistan, format of auditor’s report states that audit was conducted in accordance with auditing
standards as applicable in Pakistan, therefore, it is compulsory for auditors to comply with all
required procedures of all adopted ISAs
(a) Students had a surface knowledge of such roles.
(b) This part was designed to test the candidates’ knowledge about the applicability of the ISAs in
Pakistan. Very few candidates mentioned the relevant points.
Q. 10 Meaning of Governance:
Governance means act of supervision, direction and control.
Who is charged with Governance in an organization:

1. Board Of Directors of company, and
2. Audit Committee
Very few students knew the exact definition of the term ‘governance’, that is, act of supervision,
direction and control.
Q. 11 Viewpoint expressed is Incorrect, hence I do not agree with it.

Auditor’s responsibility is to obtain reasonable assurance whether financial statements have been
prepared in accordance with AFRF and express an opinion on financial statements.
There is no responsibility of auditor in this case on following grounds:

1. Granting a credit without following bank’s procedures is a weakness in Internal Control, not a
misstatement in financial statements. Auditor considers internal internal control but for risk
assessment and it is not his responsibility to express opinion on internal control.
2. Auditor checks only sample of transactions; therefore auditor is not responsible to detect a
certain weakness in internal control or misstatement because it may not have been selected for
the purpose of audit.
3. Primary responsibility to design, implement and operate internal control is of
management/TCWG.
Answers to this question were disappointing as the majority of candidates failed to appreciate that
the irregularity cited in the scenario did not, in itself, result in a misstatement in the financial
statements and consequently its detection was not part of the external auditor’s responsibilities.

Auditing – Study Notes Chapter 3 Evidence, Audit Procedures and Documentation
CHAPTER THREE
AUDIT EVIDENCE,
AUDIT PROCEDURES, AND
AUDIT DOCUMENTATION
ICAP'S STUDY TEXT
PART A – AUDIT EVIDENCE
LO 1 WHAT IS MEANT BY AUDIT EVIDENCE 4.1.1 (1st half)
LO 2 WHAT IS MEANT BY SUFFICIENT EVIDNENCE 4.1.2
LO 3 WHAT IS MEANT BY APPROPRIATE EVIDENCE 4.1.3, 8.1.6 (How reliable

is audit evidence)
SOME SPECIAL SITUATIONS IN OBTAINING
LO 4 4.1.1 (2nd half)
EVIDENCE
PART B – AUDIT PROCEDURES
LO 5 BASIC AUDIT MODEL 5.1.4
4.1.4
LO 6 PROCEDURES TO OBTAIN AUDIT EVIDENCE
8.1.6
LO 7 TYPES OF AUDIT PROCEDURES 4.1.7
4.1.6
DIRECTIONAL TESTING AND ASSERTIONS TESTING
LO 8 8.1.2
APPROACH IN OBTAINING EVIDENCE 8.1.7
PART C – AUDIT DOCUMENTATION
4.2.1, 4.2.2
LO 9 AUDIT DOCUMENTATION AND ITS PURPOSES
4.2.4, 4.2.5
LO 10 EXAMPLES OF DOCUMENTATION 4.2.3
LO 11 AUDIT FILE AND ITS TYPES 4.2.1, 4.2.3

F OR M , CONTENT AND EXTENT OF AUDIT
LO 12 4.2.1 , 4.2.3
DOCUMENTATION
LO 13 SIGNIFICANT MATTERS AND THEIR DOCUMENTATION 4.2.1
CHANGE IN DOCUMENTATION AFTER AUDITOR’S
LO 14 4.2.3 (Last 2 paras)
REPORT

PART A – AUDIT EVIDENCE
LO 1: WHAT IS MEANT BY AUDIT EVIDENCE:

To obtain reasonable assurance, auditor shall:
 obtain sufficient and appropriate audit evidence
 by performing “Audit Procedures” (also called “Audit Tests”) on each assertions of financial
statements and
 shall retain documentation of procedures performed as proof.
Audit Evidence
Audit Evidence is the information used by auditor to draw reasonable
conclusions about financial statements on which the auditor’s opinion is
based. Audit evidence should be sufficient and appropriate.
LO 2: WHAT IS MEANT BY SUFFICIENT EVIDNENCE:

Sufficiency is a measure of quantity (i.e. deciding how much evidence is needed). Sufficiency is a
matter of auditor’s professional judgment and depends on following:
 Risk assessment (The higher the risk, the more evidence required and vice versa).
 Quality of evidence (the higher the quality, the less evidence required and vice versa).
 Materiality of the item.
 Internal Control of relevant accounting system.
 Sampling method used to obtain evidence.
LO 3: WHAT IS MEANT BY APPROPRIATE EVIDENCE:

Appropriateness is a measure of quality and is affected by its Relevance and Reliability.
Relevance:
Following are principles in assessing relevance of audit evidence:
1. Relevance of evidence means there should be logical connection between audit procedure
and assertion under consideration e.g.
a. to verify that sales are not overstated, relevant procedures will be to test the recorded
amount (i.e. select recorded amounts in F/S and compare with GDN).
b. to verify that sales are not understated, relevant procedures will be to test the
unrecorded information (i.e. select GDN and compare with recorded amounts in F/S).
2. An audit procedure may be relevant for one assertion but not for other.
3. For tests of controls, relevant evidence includes information that indicates performance or
deviation of a control.
4. For substantive procedures, relevant evidence includes information that indicates
misstatement or correctness of assertion.
Reliability:
Reliability of evidence means its source, nature, and circumstances should be trust-worthy e.g.
 Evidence from independent external source is more reliable than internal evidence (e.g.
confirmation from customer is more reliable than a sales invoice)

 Documentary evidence is more reliable than oral (e.g. a written confirmation from a debtor
is more reliable than a telephone confirmation)
 Evidence in the form of original document is more reliable than photocopy
 Evidence obtained directly by the auditor is more reliable than evidence obtained through
client (e.g. a confirmation obtained directly from the bank is more reliable than inspecting a
copy of a bank statement held by the client)
 Evidence generated internally is more reliable when internal control is effective (e.g. pre-
numbered documents are more reliable than unnumbered documents because sequence
check can be verified.)
Exam Tip
A mnemonic to remember the reliability criteria of evidence is that evidence
should be “CODED” i.e. Controlled, Original, Documentary, External and Direct.

The reliability of each audit evidence is influenced by its individual circumstances. However, there
are certain factors which are generally taken into consideration to determine the extent of
reliability of audit evidences. Describe such factors briefly. (06 marks)
LO 4: SOME SPECIAL SITUATIONS IN OBTAINING EVIDENCE:

Inconsistency or doubts over reliability of evidence:
1. Auditor should apply professional skepticism because this situation indicates possibility of
misstatement.
2. Auditor should perform further specific procedures (depending on situation) to resolve the
matter.
3. Considering result of audit procedures, auditor shall also consider effect of this matter on
other aspects of audit e.g. risk of misstatement may increase.
If information produced by entity is used as audit evidence:

 Auditor shall ensure that such information is “Accurate” and “Complete”. For this purpose,
auditor may test controls over preparation and maintenance of information.
 If information is to be used in analytical procedures, it should also be sufficiently precise or
detailed in accordance with auditor’s purpose.
If work of expert is used as audit evidence:

 Auditor shall evaluate competence, capabilities and objectivity of the expert
 Auditor shall obtain understanding of field of expert.
 Auditor shall evaluate adequacy/appropriateness of expert’s work/report.

PART B – AUDIT PROCEDURES
LO 5: BASIC AUDIT MODEL (IN RISK-BASED APPROACH):

Below is the graphical presentation of “audit model” which is applied by auditor in audit of all areas
of financial statements:
To asses inherent risk To asses control risk
Nature of Business & Internal Control Financial

Management/
Nature of Transactions Statements
Risk
Assessment
procedures
Audit
Tests of To confirm control risk
Procedures (if controls are assessed strong)
Control
(7 Types)
Substantive To detect misstatements in F/S

Procedures
LO 6: PROCEDURES TO OBTAIN AUDIT EVIDENCE:
Audit Procedure Description Examples

Inquiry means seeking information from –Inquiry about frequency of BRS.
knowledgeable persons inside or outside –Representations from management
entity.
Inquiry
(evidence through inquiry alone is not
enough; it should be supported by other
procedures)
Observation means watching on-going –Watching physical inventory counts,
procedures (e.g. controls) performed by distribution of wages, opening of mail.
Observation entity’s personnel. –Walk-through Test
(of procedures) (evidence is limited to the time of observation
and is also affected when persons know that
they are being observed)

Inspection means examination of documents –Inspection of accounting records (e.g.

or physical assets. Sales invoices, Purchase invoices, Title
Inspection
(evidence is affected by reliability of documents).
documents) –Inspection of tangible assets
Reperformance means independently –Preparation of BRS
Reperformance performing procedures or controls originally –Preparation of Aging of debtors
performed by client.
Recalculation means checking mathematical –Recalculation of depreciation expense
Recalculation accuracy of the calculations. –Recalculation of inventory valuation
–Recalculation of list of debtors
A specific type of inquiry directly obtained by –Debtors/Creditors Confirmation
External
auditor from third parties in writing. –Bank Confirmation
Confirmation
–Lawyer Confirmation
Analytical Procedures means: –Comparing G.P. Ratio of current year
 Evaluating financial data through with previous year and investigating
Analytical plausible relationship with other financial difference.
Procedures and non-financial data, and –Comparison of Salaries expense with
 Comparing and investigating unusual no. of employees
differences.

Briefly explain any six methods for collecting audit evidence. (12 marks)
(CA Inter, Autumn 2013)
LO 7: TYPES OF AUDIT PROCEDURES:
Risk Assessment
Tests of Control (TOC) Substantive Procedures
Procedures (RAP)
RAPs are procedures to Objective of TOC is to confirm Objective of Substantive
obtain understanding of the the operating effectiveness of Procedures is to detect
entity and its internal controls in preventing, misstatements in financial
control to assess the risk of detecting and correcting statements at assertion level.
material misstatement at misstatements at assertion These include:
financial statement level and level.  Analytical Procedures and
at assertion level.  Tests of Details.
RAPs are required in all TOC are required only if auditor Substantive Procedures are
audits and for all material assess that controls are required in all audits and for
areas. operating effectively and he all material areas. However,
plans to rely on Internal their extent depends on risk
Control in his risk assessment. of material misstatement.
LO 8: DIRECTIONAL TESTING AND ASSERTIONS TESTING APPROACH IN OBTAINING

EVIDENCE:
There are two approaches to detect misstatements in financial statements i.e. Directional Testing
and Assertions-Testing.

Directional Testing:
Directional testing means debit items (assets and expenses) are tested for overstatement and credit
items (liabilities, income and equity) are tested for understatement; thereby opposite accounts are
automatically tested because of double-entry characteristic of accounting system.
How to make directional testing effective:

 Take trial balance of client in which debit side is equal to credit side.
 If the auditor wants to detect overstatement, the starting point should be the figures in the
accounting records.
 If the auditor wants to detect understatement, the starting point should be a source outside
the accounting records.
Assertions Testing:
Assertions/Management Assertions/Financial Statement Assertions:
Assertions are representations by management, explicit or otherwise, that are embodied in the
financial statements. These are used by the auditor:
 to consider different types of misstatements that may occur and
 to obtain evidence supporting these assertions.
Categories of Assertions:
Assertions about classes of transactions and events for the period
All Transactions (that have been recorded) have actually been occurred
Occurrence
i.e. there is no overstatement.
All transactions (that have occurred) have been recorded i.e. there is no
Completeness
understatement.
Amounts and other data relating to transactions have been recorded
Accuracy
appropriately.
Cutoff Transactions have been recorded in correct accounting period.
Classification Transactions have been recorded in the proper accounts.
Assertions about account balances at the period end:

Existence Assets, liabilities, and equity exist.
Completeness All assets, liabilities and equity have been recorded.
Rights and obligations Entity holds the rights to assets, and liabilities are obligations of entity.
Assets, liabilities, and equity are included in the financial statements at
Valuation and
appropriate amounts; and adjustments relating to valuation/allocation
allocation
have been recorded.
Assertions about Presentation and Disclosures:

Occurrence and rights Disclosed events, transactions, and other matters have occurred and
and obligations relate to the entity.
Completeness All disclosures have been included in financial statements.
Classification and Financial information is appropriately presented and described, and
understandability disclosures are clearly expressed.
Financial and other information are disclosed fairly and at appropriate
Accuracy and valuation
amounts.
Audit programmes are sets of instructions to the audit team, specifying the audit procedures that
should be performed in each area of the audit to verify relevant assertions.


Briefly describe the assertions used by the auditors in respect of the following:
(i) account balances
(ii) classes of transactions; and
(iii) presentation and disclosures (07 marks)
PART C – AUDIT DOCUMENTATION
LO 9: AUDIT DOCUMENTATION AND ITS PURPOSES:
Audit Documentation/Working Papers:

Audit Documentation is the written record of audit procedures
performed, evidence obtained and conclusions reached by auditor.
Purposes/Objectives/Benefits of Preparation of Audit Documentation:
To provide evidence that:

Primary  audit is planned and performed in accordance with ISAs and regulatory
Purposes requirements, and
 audit report is appropriate according to circumstances.
Audit documentation also helps to:
i. assist audit team to plan and perform audit.
Additional ii. assist senior team members in direction, supervision and review of audit team.
Purposes iii. enable quality control reviews.
iv. enable accountability.
v. be used as a reference in future years.
Benefits of Preparation of Audit Documentation on Timely Basis:

Audit documentation should be prepared on timely basis i.e. at the time when work is performed.
Timely prepared documents:
 enhance the quality of audit.
 facilitate the effective review.
 are more accurate.
Benefits of computer-based audit working papers:

 Standardized and easy to use formats.
 Preparation of working papers becomes speedy and less costly.
 Analytical procedures are easy to perform.
 Automated processing of adjustments saves time and reduces risk of errors.
 “Online review” is possible from distant locations.
 Working papers can be integrated with other areas.
Ownership, Confidentiality and Retention of Audit Documentation:

 Audit documentation is the property/ownership of auditor.

 Auditor is required to retain documentation (forming part of his opinion) in safe custody for
atleast 5 years from date of auditor’s report or group auditor’s report, whichever is later.
 Auditor is also required to observe confidentiality of documentation.

ISA 230 Audit Documentation deals with the auditor’s responsibility to prepare audit
documentation for an audit of financial statements.
Required:
State FOUR benefits of documenting audit work. (04 marks)
(ACCA F8 – December 2010)
LO 10: EXAMPLES OF DOCUMENTATION:

Usually following documents are found in a complete set of audit documentation:
1. Engagement Letter (contains terms and conditions of engagement agreed between auditor
and client)
2. Overall audit strategy (decisions about scope, timing and direction of whole audit)
3. Audit Plan/Audit Program (i.e. audit procedures to be performed at each area)
4. For each audit area (e.g. sales, inventory etc.)
o Lead Schedule (giving figures of the audit area as they appear in F/S, and their
referencing to pages where these are verified)
o Items selected and basis of selection.
o Test/Procedure performed (including who performed and who reviewed with date)
o Conclusion reached. (i.e. is there any scope limitation or misstatement)
5. Abstracts or copies of client’s documents e.g.
 Agreements (e.g. sales agreement, purchase agreements or loan agreements)
 Minutes of meetings (e.g. of directors, shareholders)
6. Summary of corrected and uncorrected misstatements
7. Summary of significant matters i.e.
o Significant matters identified during the audit
o Discussion with management, TCWG or external parties on significant matters.
o How significant matters (and inconsistency of evidence, if any) were resolved
8. Confirmation Letter (written reply from external parties)
9. Representation Letter (written reply from management)
10. Audit Report (auditor’s report on financial statements)
11. Letter of Weakness/Management Letter (auditor’s letter on weaknesses in internal control)
Significant Matters are those matters which may affect auditor’s risk assessment or report.

What documentation would you as a final reviewer expect to be included in a set of completed
working papers relating to the audit of a limited company. (You are not required to state the
documentation specific to individual components of the financial statements). (10 marks)
(CA Final, Summer 1987)

LO 11: AUDIT FILE AND ITS TYPES:
Audit Files:
“Audit Files” are folders or other storage media (in physical or
electronic form) containing audit documentation for an engagement.
There are two types of audit files i.e. Current File and Permanent File
Current File Permanent File
This file contains documents relevant to This file contains documents of
Definition current audit only. continuance relevance i.e. relevant
to current as well as future audits.
 Engagement Letter  Long term loan agreements.
 Planning Material (i.e. Overall audit  Copies of Legal and Tax Status of
strategy including Risk Assessment and client.
Materiality determination, Audit Plan)  Organizational hierarchy chart
 Documents for each audit area  Notes for Accounting System (i.e.
Examples  Confirmation Letter documentation of understanding
 Representation Letter of system)
 Summary of corrected and uncorrected  Minutes of meetings of
misstatements. shareholders and directors.
 Current year’s financial statements.  Previous years’ financial
 Audit Report statements

Briefly describe various types of audit files and state at least five contents of each type of audit file
maintained by an audit firm. (08 marks)
(ICMA Pakistan, Summer 2005)
LO 12: FORM, CONTENT AND EXTENT OF AUDIT DOCUMENTATION:

Experienced Auditor Principle:
Audit Documentation shall be sufficient to enable an Experienced Auditor (having no previous
connection with the ongoing audit) to understand:
 Nature, timing and extent of audit procedures performed
 Evidence obtained and conclusion reached.
 Significant matters and significant judgments in reaching conclusions.
Factors affecting Form, Content and Extent of Audit Documentation:

Following factors are considered in determining form, content and extent of audit documentation:
i. Audit methodology and tools used
ii. Assessed risk of material misstatement
iii. Size and Complexity of Entity
iv. Nature and significance of:
a. audit procedures performed (e.g. how much judgment involved)
b. evidence obtained
c. exceptions identified
v. Whether a conclusion is readily determinable from documentation.

Contents to be shown on each working paper:

In every working paper, following information is included:
 Name of Audit Client
 Period under audit
 Area for which working paper is prepared
 Page References
 Who prepared the working paper and when
 Who reviewed the working paper and when
 Conclusion of auditor on area (i.e. whether or not there is any scope limitation or misstatement)

The preparation of working papers is an integral part of the auditor’s responsibilities.
Identify the factors that the auditor should consider while determining the form, content and extent
of audit working papers. (07 marks)
LO 14: CHANGE IN DOCUMENTATION AFTER AUDITOR’S REPORT:

Normally, auditor does not change its documents after issuance of auditor’s report. However, ISAs
allow auditor to change its documents after auditor’s report in following situations.
Additional matters to be
Situation Type of Changes in documentation
documented
Following types of administrative changes can
be made in audit files during file assembly
period***:
(a) Deleting superseded/duplicate pages.
Changes in
(b) Sorting and cross- referencing working
documentation
papers. N/A
during file
(c) Sign-off completion checklist.
assembly period
(d) Adding/replacing documentation for
which evidence has been obtained before
audit report.
(e) To clarify/explain a matter.
Changes in Administrative type of changes can be made in – Circumstances encountered.
documentation documentation even after file assembly period. – when and by whom changes
after file assembly (e.g. because of an external QCR). were made and reviewed
period
– Circumstances encountered.
– New audit procedures
Indication of New audit procedures performed, new performed, new conclusion
misstatement after conclusion drawn and their effect on audit drawn and their effect on audit
auditor’s report report. report.
– When and by whom changes
were made and reviewed.
***ISAs state that an appropriate time for assembly (i.e. completion) of audit files is 60 days from the
date of auditor’s report.

Auditing – Study Notes Chapter 4 Auditor’s Report & Types of Opinions
CHAPTER FOUR
AUDITOR’S REPORT & TYPES OF
OPINIONS
ICAP'S STUDY TEXT

REFERENCE*
PART A – AUDITOR’S REPORT
15.5.3
LO 1 ELEMENTS OF AUDITOR’S REPORT
15.5.4
FORMAT OF AUDITOR’S REPORT (FORM 35A OF COMPANIES
LO 2 15.6.1
RULES 1985)
PART B – AUDITOR’S OPINIONS ON FINANCIAL STATEMETNS
LO 3 MATTERS TO BE EVALUATED BEFORE FORMING OPINION 15.5.2

WHAT IS MEANT BY MISSTATEMENTS AND SCOPE 15.7.2
LO 4
LIMITATIONS 15.7.3
15.7.4
WHAT IS MEANT BY IMMATERIAL, MATERIAL AND
LO 5 3.2.4
PERVASIVE 1.1.3
DECIDING TYPE OF OPINION ON FINANCIAL 15.7.1
LO 6
STATEMENTS 15.7.4
PART C – APPENDICES
Appendix DIFFERENCE BETWEEN FORMATS OF AUDITOR’S
15.6.4
1 REPORT (FORM 35A VS. ISA)
Appendix 15.7.2
HOW TO ATTEMPT REPORTING CASE STUDY IN EXAM
2 15.7.3

PART A – AUDITOR’S REPORT
LO 1: ELEMENTS OF AUDITOR’S REPORT:

Auditor’s Report is always in written form with following elements/contents:
Sr. # Content Brief Explanation

Auditor’s report shall have a title clearly indicating that it is “auditor’s
1. Title report”. Title is necessary to differentiate auditor’s report from other
type of reports included in annual report.
Addressee is the stakeholder to whom report is issued. Report may be
2. Addressee addressed to any appropriate addressee according to circumstances
e.g. “Members”, or “Board of Directors”.
This paragraph states:
 That an audit has been conducted.
Introductory
3.  Entity whose financial statements have been audited.
Paragraph
 Description of financial statements that have been audited.
 Period covered by each statement.
This paragraph describes responsibilities of management:
Management’s
 for preparation of financial statements in accordance with
4. Responsibility
AFRF.
Paragraph
 for such internal controls as are necessary.
This paragraph describes
Auditor’s 1.auditor’s responsibility to express an opinion on financial
5. Responsibility statements based on audit .
Paragraph 2. brief description of audit.
3. that his audit provides a reasonable basis for his opinion
Basis for Modified Whenever auditor modifies the opinion on financial statements, he
Opinion Paragraph includes an additional paragraph in auditor’s report that provides
6.
(if modified opinion information of the matter giving rise to the modification. This is called
is expressed) “Basis for Qualified/Adverse/ Disclaimer of Opinion Paragraph”.
This is most important paragraph in which auditor states:
 whether financial statements are prepared in accordance with
Auditor’s Opinion AFRF and (Where IFRSs are not used as the FRF, auditor shall
7.
Paragraph jurisdiction of FRF).
 whether financial statements present true and fair view (if fair
presentation framework is used).
Other Reporting If auditor is required by local laws and regulations to report on
8. Responsibilities matters other than financial statements, such matter shall also be
(if any) covered by auditor in his report.
Emphasis of Matter Paragraph is included if auditor considers it
Emphasis of Matter necessary to draw users’ attention to a disclosure in the financial
Paragraph statements that is fundamental to users’ understanding of the
or financial statements.
9.
Other Matter Other Matter Paragraph is included if auditor considers it necessary
Paragraph to communicate a matter which is not disclosed in the financial
(if any) statements but is relevant to users’ understanding of the audit,
auditor’s responsibilities or auditor’s report

This section contains signature by auditor:

10. Signature  in his personal name (if auditor is sole-proprietor)
 in the name of partnership firm (if auditor is partnership firm)
Date indicates the date on which auditor signs auditor’s report after
obtaining sufficient appropriate audit evidence. This will not be
11. Date earlier than date of approval of F/S by directors/management.
Date also indicates that auditor has considered the effect of
subsequent events on F/S and auditor’s report till that date.
12. Auditor’s Address This is the name of city where auditor practices.
If local laws/regulations require different format/wording of auditor’s report, auditor shall refer to
ISAs only when, at minimum, element # 1, 2, 3, 4, 5, 7, 10, 11 and 12 are included in auditor’s
report.
LO 2: FORMAT OF AUDITOR’S REPORT (FORM 35A OF COMPANIES RULES 1985):

Auditor’s Report to the Members
We have audited the annexed balance sheet of Star Chemicals Limited (the Company) as at June 30,
2014 and the related profit and loss account, cash flow statement and statement of changes in
equity together with the notes forming part thereof, for the year then ended and we state that we
have obtained all the information and explanations which, to the best of our knowledge and belief,
were necessary for the purposes of our audit.
It is the responsibility of the company’s management to establish and maintain a system of internal
control, and prepare and present the above said statements in conformity with the approved
accounting standards and the requirements of the Companies Ordinance, 1984. Our responsibility
is to express an opinion on these statements based on our audit.
We conducted our audit in accordance with the auditing standards as applicable in Pakistan. These
standards require that we plan and perform the audit to obtain reasonable assurance about
whether the above said statements are free of any material misstatement. An audit includes
examining, on a test basis, evidence supporting the amounts and disclosures in the above said
statements. An audit also includes assessing the accounting policies and significant estimates made
by management, as well as, evaluating the overall presentation of the above said statements. We
believe that our audit provides a reasonable basis for our opinion and, after due verification, we
report that:
(a) in our opinion, proper books of accounts have been kept by the company as required by the
Companies Ordinance, 1984;
(b) in our opinion:

(i) the balance sheet and profit and loss account together with the notes thereon have
been drawn up in conformity with the Companies Ordinance, 1984, and are in
agreement with the books of accounts and are further in accordance with accounting
policies consistently applied, except for the changes as stated in note # xxx with
which we concur;
(ii) the expenditure incurred during the year was for the purpose of the company’s
business; and
(iii) the business conducted, investments made and the expenditure incurred during the
year were in accordance with the objects of the company;

(c) in our opinion and to the best of our information and according to the explanations given to
us, the balance sheet, profit and loss account, cash flow statement and statement of changes
in equity together with the notes forming part thereof conform with approved accounting
standards as applicable in Pakistan, and, give the information required by the Companies
Ordinance, 1984, in the manner so required and respectively give a true and fair view of the
state of the company’s affairs as at June 30, 2014 and of the profit (or loss), its cash flows
and changes in equity for the year then ended; and
(d) in our opinion, Zakat deductible at source under the Zakat and Ushr Ordinance, 1980 (XVIII
of 1980), was deducted by the company and deposited in the Central Zakat Fund established
under section 7 of that Ordinance(N–1).
ABC & Co.
August 13, 2014
Lahore
Engagement partner: XYZ
N – 1: Where no Zakat is deductible, substitute “in our opinion, no Zakat was deductible at source
under the Zakat and Ushr Ordinance, 1980”.
PART B – AUDITOR’S OPINIONS ON FINANCIAL STATEMETNS
LO 3: MATTERS TO BE EVALUATED BEFORE EXPRESSING OPINION:

Before forming an opinion, auditor shall conclude:
1) Whether there is a misstatement or scope limitation.
2) Whether effect of misstatements or scope limitation is immaterial, material or pervasive.
Auditor shall also evaluate following:

 Whether AFRF is adequately described.
 Whether accounting policies are selected, applied and disclosed in accordance with AFRF.
 Whether accounting estimates are reasonable.
 If an accounting policy is changed, auditor shall:
a. Obtain evidence that it has been changed, applied and disclosed in accordance with
AFRF.
b. Refer to the change in auditor’s report.
c. State in auditor’s report whether he concurs with the change or not.
 Financial statements provide adequate disclosures.
 Financial statements present true and fair view (if fair presentation framework is used).
LO 4: WHAT IS MEANT BY MISSTATEMENTS AND SCOPE LIMITATIONS:
Types/Situations Examples
1. Accounting Policy is not selected in accordance with AFRF.
Accounting Policies 2. Accounting policy is not applied correctly (errors in application)
are not appropriate. 3. Accounting policy is not applied consistently and auditor does not
concur with change.
Transactions/Events 1. Not recording depreciation on fixed assets.
are not recorded in 2. Impairment loss not recorded on fixed assets.
financial statements. 3. Not recording inventory at lower of cost and NRV.

4. Not recording provision for bad debts on bankrupt debtor.

5. Not recording provision on legal cases filed against company.
6. Not recording liabilities (e.g. gratuity, finance lease obligations).
Disclosures are not 1. Non-disclosure of information (which is required by AFRF to be
appropriate in disclosed.)
financial statements. 2. Wrong disclosure of information (i.e. not in accordance with AFRF).
Study Tip
Disclosure of misstatement in financial statements is not a substitute for correct
accounting treatment.
Types/Situations Examples
a. Management prevents auditor from requesting confirmation from
debtors.
Limitations imposed b. Management does not provide representation letter to auditor.
by c. Management does not provide minutes of meetings of
management/entity Shareholders/TCWG to auditor.
d. Management does not allow auditor to communicate with predecessor
auditor.
Limitations by a. Accounting records of entity have been destroyed due to fire,
circumstances beyond computer virus or other natural disaster.
the control of entity b. Accounting records of entity have been seized by govt. authorities.
Limitations by a. Auditor is appointed after year-end and is unable to observe the
circumstances relating inventory count.
to the nature or timing b. For Consolidation, financial statements of subsidiary are not available.
of the auditor’s work
Study Tip
1. There will be no scope limitation if auditor is able to obtain evidence from
alternative audit procedures in above cases.
2. Scope limitation (of any type) affects auditor’s report. However if there is a
scope limitation by management which is unreasonable, it also affects other
aspects of audit.
LO 5: WHAT IS MEANT BY IMMATERIAL, MATERIAL AND PERVASIVE:

Material and Pervasive are terms used to describe the effects of misstatement or scope limitation
on financial statements and audit.
Material:
Effects of misstatement/scope limitation are considered material if they,
individually or in aggregate, could reasonably be expected to influence the
economic decisions of users taken on the basis of the financial statements.

Pervasive:
Effects of misstatement/scope limitation are considered pervasive, if they:
i. Are not confined to specific accounts of the financial statements;
ii. If so confined, represent substantial proportion of the financial
statements; or
iii. In relation to disclosures, are fundamental to users’ understanding of
the financial statements.
(Pervasive effect is greater than Material effect and both depend on auditor’s
judgment.)
LO 6: DECIDING TYPE OF OPINION ON FINANCIAL STATEMENTS:

Which opinion to express in what Circumstances:
There are four types of audit opinions, expressed by an auditor.
Immaterial effect Material effect Pervasive effect
Misstatement Adverse Opinion

Unmodified Opinion Qualified Opinion
Scope Limitation Disclaimer of Opinion
When to express Unmodified Opinion:

1. In compliance framework, when auditor has obtained sufficient appropriate evidence that
financial statements have been prepared, in all material respects, in accordance with AFRF.
2. In fair presentation framework, when auditor has obtained sufficient appropriate evidence that
financial statements given a true and fair view in accordance with AFRF.
When to express Modified Opinion:

1. When auditor has obtained sufficient appropriate audit evidence that there are misstatements
in financial statements whose effect is either Material or Pervasive.
2. When auditor is unable to obtain sufficient appropriate evidence on which to base the opinion
and possible effect of undetected misstatements in financial statements is either Material or
Pervasive.
When to express Qualified Opinion:

1. When auditor has obtained sufficient appropriate evidence that there are misstatements in
financial statements whose effect is material (but not pervasive).
and possible effect of undetected misstatements in financial statements is material (but not
pervasive).
When to express Adverse Opinion:

When auditor has obtained sufficient appropriate evidence that there are misstatements in
financial statements whose effect is pervasive.
When to express Disclaimer of Opinion:

and possible effect of undetected misstatements in financial statements is pervasive.

2. When there are multiple uncertainties and it is not possible to form an opinion due to these
uncertainties.
Study Tips
1. There will be only one opinion in an audit report.
2. Qualified Opinion, Adverse Opinion and Disclaimer of Opinion are collectively
called “Modified Opinions”.
3. The term “Modified Report” means report contains either:
(a) Modified Opinion or
(b) “Emphasis of Matter” or “Other Matter”.
PART C – APPENDICES
APPENDIX 1: DIFFERENCE BETWEEN FORMATS OF AUDITOR’S REPORT (FORM 35A

VS. ISA):
Form 35A Requirements ISA Requirements

This report is used in Statutory This Report is used in non-statutory audits only e.g. in
Use of Report Audits only. audits of Sole-proprietor, Partnership, non-statutory
audit of a company.
Title does not include the word Title is “Independent Auditor’s Report”
Title
“Independent”.
Report of statutory audit shall be Report may be addressed to any appropriate
Addressee addressed to Members of the addressee according to circumstances e.g. “Board of
company. Directors”, “Bankers” or “Prospective Investors”.
Introductory paragraph states No such statement is given.
Introductory whether auditor has obtained
Paragraph necessary information and
explanations from management.
Management’s No heading prescribed. A heading is required.
Responsibility for AFRF is “approved accounting Any framework may be used e.g. IFRS or GAAP.
the Financial standards and the requirements of
Statements the Companies Ordinance 1984”.
No heading prescribed. A heading is required.
Audit shall be conducted in Audit shall be conducted in accordance with
accordance with “auditing “International Standards on Auditing”
standards as applicable in
Pakistan”
Auditor’s
Following statements are added in auditor’s
Responsibility
responsibility paragraph:
(i) Auditor complies with ethical requirements.
N/A
(ii) Auditor’s procedures depend on auditor’s judgment
and risk assessment, and auditor considers internal
control for risk assessment.

No heading prescribed. A heading is required.

Auditor’s opinion is under “Fair Auditor’s opinion could be under “Fair Presentation
Presentation Framework” Framework” or “Compliance Framework”.
Auditor expresses opinion on Auditor expresses opinion on Financial Statements
Financial Statements as well as only.
Auditor’s Opinion
Five Additional Opinions ***
Auditor’s opinion mentions Auditor’s opinion does not mention statement of
complete set of financial changes in equity and notes to the accounts.
statements as mentioned in
introductory paragraph.
No difference in requirements. Signature could be in individual’s name (in case of sole-
proprietor) or in firm’s name (in case of partnership).
Signature
However, ICAP’s ATR – 19 requires that if signature is in firm’s name, Name of Engagement
Partner shall also be mentioned.
*** Refer to Auditor’s Report (under Form 35A) for detail of such opinions.
APPENDIX 2: HOW TO ATTEMPT REPORTING CASE STUDY IN EXAM:

Types of Question:
In exam, usually three types of questions are set to test reporting skill of students i.e.
1. You will be given a short situation, and requirement will be to explain implication of
situation on auditor’s opinion or auditor’s report.
2. You will be asked to draft whole or part of auditor’s report.
3. You will be asked to identify errors from whole or part of auditor’s report.
Exam Tips
1. In the absence of information, assume that Auditor’s Report is to be drafted in accordance with
“Form 35A of Companies Rules 1985”.
2. If you are required to identify errors, write errors alongwith correct treatment. But, DO NOT
redraft report; otherwise you will get zero marks.
Suggested Approach (when expressing effect on opinion/report):
SUGGESTED APPROACH TO SOLVE REPORTING CASE STUDIES IN EXAM
1. State the basis for your decisions i.e.

 Whether it is case of misstatement or scope limitation. (prove from facts given in case)
 Whether effect is Immaterial, Material or Pervasive (mention how you determined this).
2. State your decision i.e.
 If effect on Opinion is required:
o State opinion on financial statements
o State additional opinions (when relevant)
 If effect on Report is required, in addition to opinion, also include following:
o Basis for qualified/adverse/disclaimer of opinion Paragraph (whichever is relevant)
o Emphasis of Matter or Other Matter Paragraphs (when relevant)
o Reference to change in accounting policy (when relevant)
(You can get FULL marks in such questions if you follow this simple-systematic approach)

Exam Tip: Is Effect Immaterial, Material or Pervasive

Three situations are possible in exam in this regard:
1. It will be clearly mentioned whether item is material or pervasive. (words “significant” or
“major” in question means “not immaterial”).
2. If it is not clearly mentioned, use Financials (given in question) to determine materiality
using Rule of Thumb:
 Materiality = 5% or more of Profit before tax
 Pervasive = 50% or more of Profit before tax
3. If Financials are also not given, cover Both situations i.e. if Material, if Pervasive.
HOW TO ATTEMPT REPORTING CASE STUDY IN EXAM – AN EXAMPLE

Question:
Below are two independent situations, you are required to state type of opinion you would express in each
situation.
(a) Net realizable value of inventory is lower than cost of inventory but management has not written down
inventory to net realizable value. Effect of this event is material.
(b) Auditor was appointed after the year end date and the accounting records are not sufficiently reliable to
ensure accuracy of the year-end inventory balances.
Solution:
(a)
̶ This is a case of misstatement in financial statements. IFRSs require to record inventory at lower of cost
and NRV but management has not written down inventory to NRV.
̶ Effect is Material (clearly mentioned in case).
̶ Auditor shall express Qualified Opinion.
(b)
̶ This is a case of scope limitation on audit. Auditor is unable to obtain evidence on inventory balance.
Alternative procedures also, do not provide sufficient appropriate audit evidence.
̶ Effect could be Material or Pervasive.
̶ If effect is material, auditor shall express Qualified Opinion. If effect is pervasive, auditor shall express
Disclaimer of Opinion.

Auditing – Study Notes Chapter 5 Acceptance and Continuance Procedures
CHAPTER FIVE
ACCEPTANCE AND CONTINUANCE
PROCEDURES
ICAP'S STUDY TEXT
2.1.3 (Client acceptance,

LO 1 ACCEPTANCE AND CONTINUANCE PROCEDURES
Engagement acceptance)
3.1.3 (Preliminary
LO 2 PRELIMINARY ENGAGEMENT ACTIVITIES
engagement activities)

Bank:
 Q. # 17a (available in practice set Q. # )

Auditing – Study Notes Chapter 5 Acceptance and Continuance Procedures
ACCEPTANCE AND CONTINUANCE PROCEDURES
LO 1: ACCEPTANCE AND CONTINUANCE PROCEDURES:

Acceptance and Continuance Procedures/Steps include considering:
1. Integrity of owners, TCWG and key management (called Client Screening).
2. Whether firm is competent to perform the audit and has sufficient time, knowledge,
resources and expertise to complete the engagement within time.
3. Whether the firm and the engagement team can comply with ethical requirements.
Client Screening:
Matters/Factors to be considered, in evaluating client integrity, include:
 Identity and business reputation of owners, TCWG and key management.
 Attitude of owners, TCWG and key management towards interpretation of accounting
standards and internal control environment.
 Identity and business reputation of related parties
 Reason of change of auditors.
 Indication of any inappropriate scope limitation by management.
 Indication of involvement of client in money laundering and other criminal activities
Client Screening procedures (i.e. sources to obtain information about integrity of client) include:
1. Communicate with third parties dealing with client e.g.
a. Predecessor auditor through “Professional Clearance/ Etiquette Letter”
b. Bankers, Lawyers, Debtors, Creditors.
2. Inquire/discussion with management.
3. Appropriate background research of business information database (e.g. industry specific
databases, Internet searching, inspection of previous annual reports and auditor’s report)
4. Evaluation of information obtained and significant matters arisen during previous
assurance and non-assurance engagements, if any.
PRELIMINARY ENGAGEMENT ACTIVITIES
LO 2: PRELIMINARY ENGAGEMENT ACTIVITIES:

Preliminary engagement activities are those activities which are performed by an auditor at the
beginning of current audit engagement i.e.:
(a) Performing procedures required by ISA 220 regarding continuance of engagement. (i.e.
engagement partner will ensure that appropriate acceptance and continuance procedures
have been performed and conclusion reached is appropriate).
(b) Evaluating compliance with independence requirements including legal and ethical
requirements (to be discussed in chapter # 6 & 7), and
(c) Establishing an understanding of the terms of engagement (to be discussed in chapter # 8).

Auditing – Study Notes Chapter 6 Compliance with Legal Requirements
CHAPTER SIX
COMPLIANCE WITH LEGAL
REQUIREMENTS
ICAP'S STUDY TEXT

REFERENCE*
LO 1 WHO WILL APPOINT THE STATUTORY AUDITOR 1.3.1
PROCEDURES FOR APPOINTMENT AND REMOVAL 1.3.2

LO 2
OF STATUTORY AUDITOR 1.3.3
LO 3 RIGHTS AND DUTIES OF STATUTORY AUDITOR 1.3.6

QUALIFICATION AND DISQUALIFICATION OF
LO 4 1.3.4
STATUTORY AUDITOR
LO 5 AUDIT OF COST ACCOUNTS 1.3.7
LO 6 PENALTY FOR NON-COMPLIANCE 15.6.3
STEP-WISE APPROACH TO SOLVE CASE STUDY FOR
LO 7 N/A
APPOINTMENT OF AUDITOR (LEGAL + ETHICAL)

Bank:
 Q. # 7  Q. # 24
 Q. # 15  Q. # 76b
 Q. # 19

LO 1: WHO WILL APPOINT THE STATUTORY AUDITOR:
Type of Appointment Appointing Authority

1. Directors (within 60 days of incorporation)
2. Members (within 61st to 120th day of incorporation, if directors fail to
First Auditor exercise their power within 60 days of incorporation)
3. SECP (after 120th day of incorporation, if auditor is appointed neither
by directors nor by members)
1. Members at each AGM.
Subsequent Auditor
2. SECP (if no auditor is appointed by members in AGM)
Casual Vacancy 1. Directors (within 30 days of occurrence of casual vacancy)
(e.g. death or 2. SECP (if casual vacancy is not filled by directors within 30 days)
disqualification)
If auditor removed/ 1. SECP
resigned before AGM
Important Points
1. Tenure of auditor appointed in each case is from date of appointment till the
conclusion of next AGM.
2. Remuneration of auditor shall be fixed by SECP (if appointment is made by
SECP), or by Directors (if appointment is made by directors) or by company
in general meeting (in all other cases).
3. If a company appoints disqualified person as auditor, this appointment shall
be void ab-initio and SECP will fill vacancy.
4. Company shall inform SECP within 1 week if its power becomes exercisable.
LO 2: PROCEDURES FOR REMOVAL/APPOINTMENT OF STATUTORY AUDITOR:

Procedure for Removal/Appointment of Statutory Auditor on expiry of his term:
Legal Procedure:
1. A member shall send notice to change auditor for the next period. Such notices shall be
given to company atleast 14 days before AGM.
2. Company shall send copy of notice:
a. to retiring and nominated auditors immediately.
b. to members atleast 7 days before AGM.
c. to publish in 1 English and 1 Urdu news paper having circulation in province where
relevant stock exchange is situated (in case of listed company only).
3. If retiring auditor wishes, he can make a written representation which will be circularized
by company to all members***.
4. Nominated auditors perform their acceptance and continuance procedures before AGM, and
if willing, communicate their willingness to company.
5. At AGM, members will pass ordinary resolution to appoint an auditor from willing auditors.
6. Company shall also inform Registrar within 14 days of appointment/removal of auditor.

*** It is not necessary for company to circularize representation given by auditor if:
 Representation made is too lengthy or too late (in this case, representation will be read-out in
AGM) or
 Registrar is satisfied, on application of company or other aggrieved person, that this right is
being misused to obtain needless publicity or for defamatory purpose.
Ethical Procedures:
7. Outgoing auditor will file with ICAP a copy of Representation (if made to members).
8. Incoming auditor shall obtain a copy of the Representation before acceptance.
Procedure for Removal of Statutory Auditor before expiry of his term:

Legal Procedures:
1. First auditor may be removed by members in a general meeting. Members can appoint
another auditor in his place provided new auditor has been nominated by a member and
notice of nomination has been sent atleast 14 days before general meeting.
2. An auditor appointed at AGM can be removed by members only through Special Resolution.
If removed, company shall inform SECP (because authority to fill vacancy in such case rests
with SECP and not with company).
Ethical Procedures:
3. Outgoing auditor must immediately file with ICAP a “Statement of Facts/Circumstances”.
4. Incoming auditor should inform ICAP about the offer of appointment and should not accept
offer without prior clearance from ICAP (ICAP gives clearance within 15 days).
LO 3: RIGHTS AND DUTIES OF STATUTORY AUDITOR:

Statutory Rights of Auditor:
Rights during audit
1. Right of access to books, papers and vouchers of company (including those of branches
outside Pakistan that have been transmitted to the principal office of Pakistan).
2. Right of requiring necessary information and explanation from management to perform
duties.
3. Right to receive notices of general meetings,
4. Right to attend general meetings (auditor can also authorize any other person to attend
general meeting on his behalf)
5. Right to speak at general meetings on audit related matters.
Rights on removal:
1. Right to receive notice of removal.
2. Right to make representation in writing to company.
3. Right to have representation circulated to all members.
4. Right to receive notices of general meetings, attend general meetings and speak at general
meetings at which he is being removed.
Statutory Duties of Auditor:

An auditor is required to express his opinion on:
 True and Fair view of Financial statements
 Additional matters as required by Form 35A (refer to chapter # 4 for these matters)
If any of the above matters is answered in “negative” or in “qualification”; auditor shall state its reason
with factual position in auditor’s report.

LO 4: QUALIFICATION AND DISQUALIFICATION OF STATUTORY AUDITOR:

Annual audit is required for all types of companies. There is no exemption in Pakistan for any
company whether public or private and whether small or large.
Qualification Criteria:
Type of Company Qualification for Statutory Auditor

1. Public company  A Chartered Accountant (as per Chartered Accountants
2. Private company which is subsidiary Ordinance, 1961)or
of a public company  A firm of Chartered Accountants (provided all
3. Private company with paid up capital partners of firm are chartered accountants)
of 3 million rupees or more
4. Every company other than above Audit is required but qualification of auditor is not
prescribed by law.
Disqualification Criteria:
Following persons are disqualified for appointment as auditor in a company:
1. If person (i.e. sole-practitioner or any partner in a firm) or his spouse or minor child holds
any shares in that company (or its associated company). However, such a person can be
appointed if he discloses the fact at time of appointment and disposes shares within 90 days
of appointment.
2. If person is indebted to the company.
However following are not considered debt in this regard:
a. sum payable to a credit card issuer up to Rs. 500,000.
b. sum payable to a utility company outstanding for 90 days.
3. If person is or was an employee (or officer or director) of the company in last 3 years.
4. If person is a partner or employee of an employee (or officer or director)of the company.
5. If person is Spouse of a director.
6. If person is a Body corporate.
If a person is disqualified for a company, he is also disqualified for its subsidiaries, its holding, and
holding’s other subsidiaries.
Exam Tips
1. All conditions of disqualification apply at time of appointment as well as during
term of appointment.
2. Appointment by firm’s name shall be appointment of all partners. Therefore,
ALL partner should meet qualification and disqualification criteria.
3. Indebtedness includes Lease Arrangements (whether operating or finance).
4. How to know whether auditor is a Corporate Body?
Word of “Limited” in the name of auditor confirms that it is a corporate body.
Word of “Company” in the name of auditor does not confirm this.

LO 5: AUDIT OF COST ACCOUNTS:

Cost Accounting Records:
A company engaged in production, processing, manufacturing or mining activities is required to
keep prescribed particulars relating to following cost accounting records:
1. Utilisation of Material or
2. Utilisation of Labour
3. Utilisation of Other inputs or items of cost.
Audit of Cost Accounting Records:

Where a company is required to keep Cost Accounting records, Federal Govt. may direct that an audit
of cost accounts of the company shall be conducted in the manner as may be specified in the order.
Audit of cost accounts shall be conducted by an auditor who is a:

 chartered accountant within the meaning of the Chartered Accountant Ordinance, 1961, or
 a cost and management accountant within the meaning of the Cost and Management
Accountants Act, 1966.
Such auditor shall have the same powers and duties as a statutory auditor of the company and such
other powers and duties as may be prescribed.
LO 6: PENALTY FOR NON-COMPLIANCE WITH COMPANIES ORDINANCE 1984:

Penalty for non-compliance by companies:
If default is made, company and every officer of the company who is responsible for default, shall be
punishable with fine upto Rs. 50,000 + 2,000 per day (if default is continuing).
Penalty for non-compliance by auditor:

If auditor’s report is not signed appropriately or report is untrue or report fails to bring out
material facts about affairs of company, auditor (or all partners in case of partnership) shall be
punishable with fine upto Rs. 100,000.
Further, if such a report is made with an intent to make profit or for material consideration or to
put another person at loss, auditor shall be punishable with fine upto Rs. 100,000 and
imprisonment up to one year.
LO 7: STEP-WISE APPROACH TO SOLVE CASE STUDY FOR APPOINTMENT OF

AUDITOR (LEGAL + ETHICAL):
Decide whether it is a situation of legal requirements or ethical requirements:
 If words like “Companies Ordinance”, “Legal”, “Statutory” are used, apply legal provisions.
 If words like “Code of Ethics”, “Ethical”, “Threats, Safeguards” are used apply ethical provisions.
 If words “applicable rules and regulation” are used, apply legal provision if situation is
discussed in law. Otherwise, apply ethical provisions.
Remember: In exam, both (legal and ethical) regulations are not discussed in a single situation.
If question relates to legal requirements:

1. Do not reproduce provision of law; rather state your decision by applying legal provisions
directly to the facts of case.
2. If a situation involves more than one criteria regarding qualification/disqualification, you will
cover BOTH, one by one.

If question relates to ethical requirements:

1. Identify threat and explain why this threat arises. If a situation involves more than one threats,
you will describe all.
2. Discuss relevant safeguards which could be applied in the situation to reduce threat(s).

Auditing – Study Notes Chapter 8 Agreeing on audit engagement
CHAPTER EIGHT
AGREEING ON AUDIT ENGAGEMENT
ICAP'S STUDY TEXT
PART A – AGREEING ON AUDIT ENGAGEMENT
LO 1 PURPOSES/OBJECTIVES OF ENGAGEMENT LETTER N/A
LO 2 FORM AND CONTENTS OF ENGAGEMENT LETTER 2.2.2

ACCEPTANCE OF CHANGE IN THE TERMS OF AUDIT
LO 3 2.2.2
ENGAGEMENT
LO 4 ENGAGEMENT LETTER ON RECURRING AUDITS 2.2.2
PART B – PRECONDITIONS FOR AUDIT
LO 5 MATERIALITY 2.2.1

Bank:
 Q. # 16a  Q. # 27
 Q. # 17  Q. # 28
 Q. # 23

PART A – AGREEING TERMS OF ENGAGEMENT
LO 1: PURPOSES/OBJECTIVES OF ENGAGEMENT LETTER:
Engagement Letter:
Engagement letter is a written agreement between auditor and client
(through appropriate representative e.g. CFO, CEO) on terms and
conditions of audit engagement.
Purposes of Engagement Letter:

 It confirms appointment of auditor.
 It removes expectation gap.
LO 2: FORM AND CONTENTS OF ENGAGEMENT LETTER:

Audit Engagement Letter shall include:
a) The objective and scope of the audit;
b) Identification of the AFRF;
c) The responsibilities of the auditor;
d) The responsibilities of management (also called Premise);
e) Expected form and content of reports to be issued by the auditor and a statement that there
may be circumstances in which a report may be different from its expected form and
content.
An audit engagement letter may also include following:

a) Elaboration of the scope of the audit.
b) Inherent limitations of an audit
c) Inherent limitations of internal control.
d) Arrangements regarding the planning and performance of the audit, including composition
of the audit team and timing.
e) Fee or Basis of fee.
f) Agreement of management to inform the auditor of subsequent events affecting financial
statements (after date of auditor’s report till issuance of financial statements).
g) The expectation that management will provide written representation letter.
h) Reference to any other communication as a result of the audit engagement (e.g. Letter of
Weakness).
i) Arrangements concerning involvement of predecessor auditor, component auditor, expert,
internal auditor, quality control reviewer.
LO 3: ACCEPTANCE OF CHANGE IN THE TERMS OF AUDIT ENGAGEMENT:

Circumstances leading to change in terms of audit engagement:
Client can request auditor to change terms of audit engagement in following circumstances:
1. If there is change in circumstances affecting need for audit.
2. If there was a misunderstanding of client about nature of audit.
3. If auditor is unable to obtain sufficient appropriate audit evidence on a material or
pervasive item.

Factors to be considered by auditor before accepting change:
Factors to be considered Explanation

Legal or Contractual Change should not violate any legal or contractual requirements.
implications of the change
1. A change is considered reasonable if it is due to change in
circumstances affecting need for audit or a misunderstanding of
Whether there is a
client about nature of audit.
reasonable justification for
2. A change is considered unreasonable if it is due to
the change
incomplete/incorrect information (indicating inappropriate
scope limitation or risk of fraud).
Acceptance of Change by Auditor:
If auditor accepts the change If auditor does not accept the change
1. Revised terms of engagement shall be agreed. Auditor shall continue to perform the audit
2. Procedures to be performed and Report to be engagement as per original terms of engagement.
issued shall be according to revised If management does not permit auditor to
engagement. continue original engagement, auditor shall:
3. Report shall NOT refer to:  withdraw from engagement where possible
 Original audit engagement or under local laws and regulations.
 Any procedures performed in original  Determine whether there is any contractual
audit engagement or other obligation to report the
circumstances to other parties (e.g. TCWG,
Shareholders, Regulatory or Professional
bodies).
LO 4: ENGAGEMENT LETTER ON RECURRING AUDITS:

Auditor should consider following factors in deciding whether to sent a new engagement letter on
recurring audit:
1) Legal requirements.
2) Any indication that client misunderstands the objective and scope of the audit.
3) Any major change in entity’s ownership.
4) Any major change in entity’s senior management.
5) Any major change in entity’s nature or size of business.
6) Any major change in entity’s applicable financial reporting framework.
7) Changes in terms of engagement
PART B – PRECONDITIONS FOR AUDIT
LO 5: PRECONDITIONS FOR AUDIT:

What are Preconditions for audit:
 AFRF used by management in preparation of F/S is acceptable.
 Management, and TCWG where applicable, agrees to the premise on which an audit is
conducted.

Establishing Preconditions for Audit:

1. Auditor shall determine whether financial reporting framework adopted by management in
preparation of financial statements is acceptable, considering, nature of F/S, purpose of F/S,
nature of entity, legal requirements.
2. Auditor shall obtain agreement of management (via engagement letter) that it understands
and acknowledges its responsibilities:
a. For the preparation of financial statements in accordance with AFRF. This
responsibility includes:
b. For design, implementation and operating effectiveness of internal control which is
c. to provide the auditor with all relevant and requested information and unrestricted
access to all personnel.
Course of Action of Preconditions are NOT present:

If management does not agree to premise on which audit is conducted:
Auditor shall not accept the proposed audit engagement.
If AFRF is not acceptable:

Auditor shall refuse the engagement unless AFRF is required by law.
If AFRF is required by law, auditor shall accept engagement under ISAs only if following conditions
are met:
1. Management agrees to provide additional disclosure (which will explain deficiencies in
framework to avoid F/S being misleading), and
2. It is mentioned in Engagement Letter that:
 auditor’s report will not include phrases “give a true and fair view” or “present
fairly, in all material respects”.
 auditor’s report will include additional paragraph (to draw users’ attention towards
additional disclosure)
If AFRF is required by law, and above conditions are also NOT met:
1. Auditor shall evaluate the effect of misleading F/S on auditor’s report.
2. Auditor shall refer to this effect in engagement letter.

Auditing – Study Notes Chapter 9 Planning an Audit
CHAPTER NINE
PLANNING AN AUDIT
ICAP'S STUDY TEXT
PART A – PLANNING OF AN AUDIT
3.1.3 (Overview &
LO 1 PLANNING ACTIVITIES
Involvement of ....)
3.1.3 (Planning
DIFFERENCE BETWEEN OVERALL AUDIT STRATEGY AND
LO 2 Activities)
AUDIT PLAN
3.1.4
ADDITIONAL CONSIDERATIONS FOR INITIAL AUDIT
LO 3 3.1.6
ENGAGEMENT
LO 4 INTERIM AUDIT AND FINAL AUDIT 3.1.5
PART B – AUDIT MATERIALITY
1.1.3
LO 5 MATERIALITY
3.2.4
LO 6 PERFORMANCE MATERIALITY 3.2.4
LO 7 QUALITATIVE MATERIALITY 3.2.4
LO 8 REVISION IN MATERIALITY 3.2.4

Bank:
 Q. # 8  Q. # 62c
 Q. # 22  Q. # 67b
 Q. # 31a
1
PART A – PLANNING OF AN AUDIT
LO 1: PLANNING ACTIVITIES:
Planning Activities:
Planning an audit involves establishing the overall audit strategy for the engagement and
developing audit plan.
Who is involved in Planning of audit:

The engagement partner and other key members of the engagement team shall be involved in:
 planning the audit, and
 planning and participating in the discussion among engagement team members.
Objectives/Benefits of Planning:
Planning helps to:
1. pay attention to important areas
2. identify and resolve potential problems on timely basis.
3. select appropriately experienced staff and proper assignment of work to them.
4. perform engagement in efficient and effective way.
5. perform direction, supervision and review of engagement team.
LO 2: DIFFERENCE BETWEEN OVERALL AUDIT STRATEGY AND AUDIT PLAN:
Audit Strategy Audit Plan

Audit strategy sets the scope, timing and The audit plan is more detailed than the
direction of audit, and guides the overall audit strategy and includes the nature,
Definition
development of the audit plan. timing and extent of audit procedures to be
performed by engagement team members.
 Characteristics of the engagement that It includes nature, timing and extent of
define its scope. planned:
 Reporting objectives of the engagement  Risk Assessment Procedures
(to plan the audit and nature of  Tests of controls and substantive
communication required). procedures at assertion level.
Matters  Factors that are significant in directing
discussed the engagement team’s efforts.
 Results of Preliminary Engagement
Activities and other engagements
performed.
 Nature, timing and extent of resources
necessary to perform the engagement.
Explanation of matters of Audit Strategy:

Characteristics of the engagement that define its scope:
 Applicable Financial Reporting Framework.
 Industry specific requirements.
 The expected audit coverage, including the number and locations of components to be
included.
2
Factors that are significant in directing the engagement team’s efforts:

 Determination of materiality.
 Preliminary identification of areas where there may be high risk of misstatement.
 Audit approach (e.g. whether or not to rely on internal controls based on previous audits)
 Change in financial reporting framework or industry requirements
Nature, timing and extent of resources necessary to perform the engagement:

 When resources are needed (e.g. whether resources are to be used at interim audit).
 How much resources are used where (e.g. high number and experience of staff needed on
high risk areas)
 How to direct, supervise and review resources during audit.
LO 3: ADDITIONAL CONSIDERATIONS FOR INITIAL AUDIT ENGAGEMENT:

For an initial audit engagement, additional matters/activities that auditor may consider in
establishing the overall audit strategy and audit plan include the following:
1. Performing procedures regarding acceptance of client.
2. Communication with predecessor auditor.
3. Arrangements to be made to review the working papers of predecessor auditor.
4. Any major issues discussed with the management regarding initial selection as auditor
(including any disagreement on accounting treatment or any scope limitation),
communication of these matters to TCWG and their effect on Audit strategy and Audit Plan.
5. Procedures to obtain sufficient appropriate audit evidence regarding opening balance
6. Other procedures in accordance with firm’s quality control procedures applicable on initial
audits (e.g. for initial audit engagement, firm may require review of audit strategy by
another partner/senior, quality control review before issuing report)
LO 4: INTERIM AUDIT AND FINAL AUDIT:

Meaning of Interim audit and Final audit:
Interim audit means performing some of audit procedures before year-end
Final audit means performing remaining audit procedures at/after year-end.
The higher the risk, the more audit procedures are performed at/after year-end.
Typical Procedures performed at Interim Audit and Final Audit:

Typical Interim Audit Procedures Typical Final Audit Procedures
 Obtaining understanding of entity and  Agreeing financial statements to accounting records
assessing inherent risk.  Examining adjustments made during preparation of
 Preliminary analytical procedures financial statements
 Obtaining understanding of internal  Ensure proper cut-off on sales and purchases.
control and assessing control risk.  Substantive Procedures for the intervening period
 Performing tests of controls. (i.e. between Interim audit and Final audit)
 Performing limited substantive  Obtaining Confirmation Letters (e.g. from banks,
procedures. debtors and creditors)
 Obtaining Representation Letter from Management.
 Physical verification of assets
 Review of subsequent events.
 Final analytical procedures
3
Advantages of Interim audit:

Interim Audit gives following benefits:
a) Earlier identification of significant matters.
b) Flexible planning of human resources.
c) Stakeholders receive audit report quickly.
d) Burden of audit team is spread, therefore, efficiency and effectiveness of audit team is
increased.
PART B – AUDIT MATERIALITY
LO 5: MATERIALITY:
What is Materiality:
Effects of items are considered material if they, individually or in aggregate, could reasonably be
expected to influence the economic decisions of users taken on the basis of the financial statements.
Materiality depends on size as well as nature of misstatement.
Why is Materiality determined:

Materiality is determined at the start of the audit but is used:
1. When planning and performing the audit
 to determine nature, timing and extent of audit procedures to be performed
 to ensure that misstatements within an area do not exceed performance materiality
2. When evaluating effect of misstatements on audit report
 to ensure that aggregate of uncorrected misstatements of all areas do not exceed
overall materiality level.
How is Materiality determined:

Materiality = Chosen Benchmark * Chosen Percentage
 Benchmark depends on whether entity is profit oriented or not-for-profit.
 Percentage depends on Benchmark and Risk (i.e. risk and materiality have inverse
relationship).
Exam Tip
Following “rule of thumb” has been established to determine materiality:
1. For profit oriented entity, materiality= Profit before tax * 5%
2. For not-for-profit entity, materiality = Total Revenue or Expenses * 0.5%
LO 6: PERFORMANCE MATERIALITY:
What is Performance Materiality:
Performance Materiality is the amount set by the auditor, less than materiality for the financial
statements as a whole, to reduce the risk that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole.
How is Performance Materiality determined:

Determination of performance materiality is not a mathematical calculation. It involves the exercise
of professional judgment and is affected by:
4
 misstatements identified in previous periods; and

 expected misstatements in current periods (based on auditor’s risk assessment procedures)
LO 7: QUALITATIVE MATERIALITY:
What is Qualitative Materiality:
Qualitative materiality means ignoring the amounts of misstatements and considering its
“qualitative characteristics” to determine whether it is material or not.
Examples Areas where Materiality is determined on Qualitative basis:

1. Non-compliance of legal requirements (e.g illegal payments, money laundering)
2. Non-compliance of contractual requirements (e.g. debt-covenant)
3. Fraud
4. Related Party Transactions
5. Key disclosures in financial statements e.g.:
o Conversion of loss into profit
o Directors’ remuneration
o Share capital
LO 8: REVISION IN MATERIALITY:
When is Materiality Revised:
Materiality is revised if auditor obtains new information/evidence which is different from
information/evidence on which original assessment was based e.g.
1. Occurrence of events substantially affecting draft financial statements
2. Revision in risk
3. Change in the auditor’s understanding of the entity and its operations
4. Change in circumstances during audit
Effect of Revision of Materiality on Audit:

If materiality is revised, it may have impact on following aspects of audit:
 Performance materiality
 Nature, timing and extent of audit procedures
 Risk of material misstatement
5
Auditing – Study Notes Chapter 10 Risk Assessment Procedures
CHAPTER TEN
RISK ASSESSMENT PROCEDURES
ICAP'S STUDY TEXT
PART A – AUDIT RISK MODEL
LO 1 APPROACHES TO AUDITING 3.3.1, 3.2.3, 5.1.3, 5.1.4
LO 2 AUDIT RISK MODEL 3.3.3

PART B – RISK ASSESSMENT
3.2.1 exc luding last
LO 3 RISK ASSESSMENT PROCEDURES
paragraph, 5.2.10
LO 4 OBTAINING UNDERSTANDING OF ENTITY (3.2.1 last paragraph)
LO 5 INHERENT RISK ASSESSMENT THROUGH FACTS 3.3.4

8.2.2 ( Analytic al
LO 6 INHERENT RISK ASSESSMENT THROUGH FIGURES proc edures and the
exam), 8.2.5
PART C – CLASSIFICATION OF RISKS AND RESPONSE TO RISKS
RISK AT FINANCIAL STATEMENT LEVEL AND 3.2.3
LO 7
RESPONSE 3.3.2
LO 8 RISK AT ASSERTION LEV EL AND RESPONSE 3.2.3
PART D – FRAUD
DEFINITION AND RESPONSIBILITIES OF
LO 9 3.4.1, 3.4.2
MANAGEMENT AND AUDITOR
RISK ASSESSMENT PROCEDURES RELATING TO
LO 10 3.4.2, 5.3.3
FRAUD AND FRAUD RISK FACTORS
TECHNIQUES OF FRAUD AND CIRCUMSTANCES
LO 11 3.4.2, 3.4.5
INDICATING FRAUD
LO 12 RESPONSE TO MANAGEMENT OV ERRIDE OF CONTROL 5.3.3
LO 13 COMMUNICATION TO MANAGEMENT AND TCWG 3.4.4

PART E – RISK ASSESSMENT IN SPECIALIZED ENTITIES
RISK ASSESSMENT IN SMALL ENTITIES AND EFFECT ON
LO 14 5.3.2
AUDIT
RISK ASSESSMENT IN NOT -FOR-PROFIT
LO 15 3.5.1
ORGANIZATIONS


Bank:
 Q. # 18a & 18b  Q. # 33a
 Q. # 25  Q. # 35
 Q. # 26  Q. # 36a
 Q. # 29  Q. # 39a
 Q. # 31b  Q. # 44
 Q. # 32b  Q. # 67

PART A – AUDIT RISK MODEL
LO 1: APPROACHES TO AUDITING:
Transaction-based approach / Substantive Approach:
This approach is used where:
1. Internal controls are weak, and
2. there are a few transactions or auditor is also providing accountancy services
Under this approach, auditor does not rely on internal control system and almost every item in the
financial statements is tested and vouched to supporting documents.
The systems-based approach

This approach is used where:
1. Internal controls are strong.
2. Auditor decides to rely on internal control.
Under this approach, underlying accounting and internal control system is tested (through tests of
controls) to ensure system is operating effectively. Individual transactions and balances are tested
with less emphasis.
Risk-Based Approach:
Under risk-based approach to auditing, auditor performs risk assessment procedures and identifies
risk of material misstatement at financial statement level and at assertion level. Thereafter, auditor
performs audit procedures at financial statement level and at assertion level to address these risks.
LO 2: AUDIT RISK MODEL:

Table below illustrates example of how auditors use audit risk model to decide audit procedures to
be performed.
Risk Assessment Procedures

Understanding Understanding of Internal
of entity Control
Detection
Weakness i.e. RMM Audit Risk
Inherent Risk Strength Risk Audit Procedures
Control Risk (IR * CR) (set by firm)
(AR/RMM)
 Extensive TOC (because auditor
relies more on internal control)
60% 80% 20% 12% 40% 4.8%
 Reduced Substantive Procedures
(because detection risk is high)
 Reduced TOC (because auditor
relies less on internal control)
60% 20% 80% 48% 10% 4.8%
 Extensive Substantive Procedures
(because detection risk is low)
Inherent Risk:
The susceptibility of an assertion about a class of transaction, account balance or disclosure to a
misstatement that could be material, either individually or when aggregated with other
misstatements, before consideration of any related controls.

Control Risk:
The risk that a misstatement that could occur in an assertion about a class of transaction, account
balance or disclosure and that could be material (either individually or when aggregated with other
misstatements) will not be prevented, detected or corrected on a timely basis by the entity’s
internal control.
Risk of Material Misstatement:

The risk that the financial statements are materially misstated prior to audit. This consists of two
components i.e. Inherent Risk and Control Risk. i.e.
Risk of Material Misstatement (RMM) = Inherent Risk (IR) * Control Risk (CR)
Detection Risk:
The risk that the procedures performed by the auditor (to reduce audit risk to an acceptably low
level) will not detect a misstatement that exists and that could be material, either individually or
when aggregated with other misstatements.
Audit Risk:
The risk that the auditor expresses an inappropriate audit opinion when the financial statements
are materially misstated. Audit risk is a function of the risks of material misstatement and detection
risk i.e.
Audit Risk (A.R.) = Risk of Material Misstatement (RMM) * Detection Risk (D.R.)
Study Tip
1. Audit Risk = Inherent Risk * Control Risk * Detection Risk.
2. Inherent risk cannot be controlled.
3. Control risk can be controlled by client through internal control.
4. Detection risk can be controlled by auditor through audit procedures.
PART B – RISK ASSESSMENT
LO 3: RISK ASSESSMENT PROCEDURES:

Definition:
Risk Assessment Procedures are procedures to obtain understanding of the entity and its internal
control to assess the risk of material misstatement at financial statement level and at assertion
level.
Examples of Risk Assessment Procedures:

1) Inquiries of Management, TCWG and others within the entity which may have information
relating to risk assessment (e.g. internal audit department)
2) Observation (e.g. walk-through tests*** on each major type of transaction)
3) Inspection of records or documents (e.g. internal control manual of client)
4) Analytical procedures (e.g. study of ratios to identify unusual relationships)
***Walk-through Tests:
Walk-through testing involves selecting a small sample of transactions and following them through
the various stages in their processing in accounting system to understand the system and related
controls.

LO 4: OBTAINING UNDERSTANDING OF ENTITY:

Auditor is required to obtain understanding of entity and its environment. This understanding shall
cover following:
1. Relevant industry, regulatory and other external factors, including relevant accounting
requirements.
2. The nature of the entity and its operations, ownership and management structures.
3. The entity’s selection and application of accounting policies, including whether they are
appropriate for its business and consistent with the industry and the applicable financial
reporting framework.
4. The entity’s objectives and strategies and those related business risks*** that may result in
risks of material misstatement.
5. The measurement and review of the entity’s financial performance (through analytical
procedures).
***Business Risk:
Business risk is a risk resulting from significant conditions, events, circumstances, actions or
inactions that could adversely affect an entity’s ability to achieve its objectives and execute its
strategies, or from the setting of inappropriate objectives and strategies.
(Auditor understands business risks because most of business risks result in inherent/audit risks.)
LO 5: INHERENT RISK ASSESSMENT THROUGH FACTS :
Area Risk Assessed Explanation of Risk

Sales/operations being made at concerns over accuracy and completeness of transactions in
various location financial statements
Taste-based Goods sold over
because high return is expected because of wrong
internet/phone e.g. Clothes,
specification/late-delivery/dissatisfaction of customer
jewellery, cosmetics
Sales There is a risk of incorrect cut-off of Goods in Transit and,
consequently sales and debtors may be incorrect. Further there is
Significant exports
a risk of using inappropriate exchange rates in recording of
foreign currency transactions
Cash is received before/after
because revenue may be recognized early or delayed
sale of goods
There is a risk of incorrect cut-off of Goods in Transit and,
consequently purchases and creditors may be incorrect. Further
Purchases Significant imports
there is a risk of using inappropriate exchange rates in recording
of foreign currency transactions
Fashion/Technology based
because inventory may become obsolete quickly with change in
products or Damaged/Faulty
technology/fashion or when it is damaged.
Goods
because absorption of overheads is complex and estimation of
Work-in-Porgress
Inventory stage of completion is highly subjective
No physical count or count at
because correct amount of inventory is difficult to determine at
date other than B/S date or
balance sheet date, further there may be errors on cut-off of sales
Inventory is at various locations
and purchases
or is with third parties.

Launch of new product/services because product may have to be sold at below cost to attract
by entity customers
“Standard costing” or “S.P less
because Actual Cost may be different from standard cost/S.P less
profit margin” method is used
profit margin method
for Inventory valuation
Specialized/Customized if customer cancels orders or goes bankrupt, inventory may
Inventory become obsolete
Debtors Dispute with debtors because full recovery is not expected
because of concern about accuracy and completeness of
transactions, concern about correct categorization of costs
Self-construction of fixed assets
between revenue and capital expenditure, Capitalization of
borrowing cost if self-construction is financed by loan
concern about accuracy and completeness of transactions, concern
Heavy repair and maintenance
about correct categorization of costs between revenue and capital
Fixed during the year
expenditure
Assets
Disposal of fixed assets because profit/loss on disposal may be not correctly calculated
Destroyed/Unused PPE because PPE may have been impaired.
Purchase of fixed assets during
because Cost of Purchase may not be calculated accurately
the year
because there is subjectivity e.g. issues of life, selective
Revaluation of fixed assets
revaluation, and complexity e.g. implications of deferred tax
Large volume of payroll
transactions e.g. numerous
accuracy and completeness of transactions may be difficult to
Payroll joiners/leavers, part-
determine
time/temporary employees,
overtimes
Pending litigations against
company e.g. claims regarding Because Provision/disclosure may be misstated, Going concern
unfair dismissal of staff, food (if affects major customers), NRV (if due to malfunctioning of
Litigations, poisoning, physical Injury due to inventory
Intangible malfunctioning of product.
because these may be overstated/understated because of
Intangible Assets and Provisions estimates, judgments, uncertainty, subjectivity in their
measurement
because Classification and Disclosures of loan may not be
Loan Increased borrowings appropriate, Going Concern Assumption may not be appropriate if
debt-covenant requirements are violated
LO 6: INHERENT RISK ASSESSMENT THROUGH FIGURES :
Area General Reason for change Risk Assessed

Sales should remain constant over
If sales is unusually high, it indicates overstatement of sales or cut-
the years unless there is:
off errors in sales.
 Increase/decrease in sales
Sales price or
If sales is unusually low, it indicates obsolescence of inventory and
 Launch or discontinuance of
impairment of PPE. It also indicates omitted sales transactions or
products
cut-off errors in sales.
 Customer-base is increased.

Cost of sales (as a percentage of If cost of sales is unusually high, it indicates overstatement of
sales) should remain constant purchases or cut-off errors in purchases. It also indicates
over the period unless there is: understatement of closing stock or incorrect valuation of stock.
Cost of
 Increase/decrease in cost of
Sales
material or labor or overheads If cost of sales is unusually low, it indicates understatement of
 Change in production purchases or cut-off errors in purchases. It also indicates
technology overstatement of closing stock, or incorrect valuation of stock.
Operating expenses (as a
If operating expenses are unusually high, it indicates
percentage of sales) should
overstatement of operating expenses or misclassification between
remain constant over the years
operating expenses and cost of sales/capital expenditures.
unless there is:
Operating
 Increase or decrease in
Expenses If operating expenses are unusually low, it indicates
number of administrative or
understatement of operating expenses or misclassification
selling employees.
between operating expenses and cost of sales/capital
 Heavy advertisement or
expenditures.
promotional schemes.
Finance charges (as a percentage
If finance charges are unusually high, it indicates overstatement or
of Borrowings) should remain
incorrect calculation of interest expense.
Finance constant over the years unless
Charges there is:
If finance charges are unusually low, it indicates some finance
 Increase or decrease in interest
charges are unrecorded.
rates during the year.
If Debtors’ Turnover Ratio is unusually high, it indicates necessary
Debtors’ Turnover Ratio should provision for doubtful or uncollectible debtors may not have been
remain constant over the year made. It also indicates overstatement of debtors or cut-off errors
Debtors unless there is: in sales.
 Increase or decrease in credit
period by entity. If Debtors’ Turnover Ratio is unusually low, it indicates
understatement of debtors or cut-off errors in sales.
Inventory Turnover Ratio (in If Inventory’ Turnover Ratio is unusually high, it indicates
days) should remain constant over necessary provision for obsolete or out-of-date inventory may not
the year unless there is: have been made. It also indicates overstatement of inventory, or
Inventory  Increase or decrease in cost of incorrect valuation of inventory or cut-off errors.
inventory
 Increase or decrease in If Inventory’ Turnover Ratio is unusually low, understatement of
quantity of inventory inventory, or incorrect valuation of inventory or cut-off errors.
If Creditors’ Turnover Ratio is unusually high, it indicates
Creditors’ Turnover Ratio (in
overstatement of creditors or cut-off errors in Purchases. It also
days) should remain constant over
indicates company is unable to pay creditors timely.
Creditors the year unless there is:
 Increase or decrease in credit
If Creditors’ Turnover Ratio is unusually low, it indicates
period by suppliers.
understatement of creditors or cut-off errors in Purchases.
If PPE is unusually high, it indicates impairment of PPE or some
PPE (as a percentage of sales) revenue expenditure may have been recorded as capital
should remain constant over the expenditure.
PPE period unless:
 new products are launched by If PPE is unusually low, it indicates some capital expenditure may
entity. have been recorded as revenue expenditure.

Company may be facing problems in continuing as a Going Concern if there are liquidity and solvency
problems e.g.
 Decrease in Current Ratio and Quick Ratio.
Going
 Decrease in Gross Profit Margin and Net Profit Margin.
Concern
 Decrease in Interest Coverage Ratio.
 Increase in Borrowings/Debts.
 Increase in Creditors’ Turnover Ratio.
PART C – CLASSIFICATION OF RISKS AND RESPONSE TO RISKS
LO 7: RISK AT FINANCIAL STATEMENT LEVEL AND RESPONSE :

Risk at Financial Statement Level:
Risks at the financial statement level refer to risks that affect financial statements pervasively and
potentially affect many assertions.
Examples:
Examples of risks at financial statement level include:
1. Management Override of Control.
2. Financial statement level risks mostly relate to situations arising from fraud.
3. Financial statement level risks also relate to Weak Control environment e.g. management’s
lack of competence.
Response to Risk at Financial Statement Level:

Auditor shall design and implement overall responses to address the assessed risks of material
misstatement at financial statement level e.g.:
 Adequate planning
 Adequate application of professional skepticism
 Assigning more experienced and specialized staff e.g. use of experts if necessary.
 Adequate supervision and review of the audit work performed
 Incorporating unpredictability in nature, timing and extent of audit procedures
o Performing procedures on account balances not usually tested.
o Using different sampling methods.
o Performing audit procedures at different locations on unannounced basis.
 Making changes to audit procedures.
 More audit procedures at period end rather than at interim date.
 Obtaining more reliable audit evidence.
LO 8: RISK AT ASSERTION LEV EL AND RESPONSE :

Risk at Assertion Level:
Risk at assertion level refers to risks that do not affect financial statements pervasively and affect
only specific identifiable assertions.
Examples:
Examples of significant risks at assertion level include:
1. Transactions involving new or complex regulatory/accounting requirements
2. Non-routine transactions**
3. Estimation Transactions (also called Judgmental Matters)***

**Non-routine transactions:
Non-routine transactions are transactions that are unusual and occur infrequently e.g. stock-taking,
calculating depreciation expense, and calculating foreign currency gains and losses.
***Judgmental Matters:
Judgmental matters are transactions that involve accounting estimates, judgments, uncertainty e.g.
provision for bad debts, provision for warranty, impairment of assets.
Response to Risk at Assertion Level:

Auditor performs Substantive Procedures to address the risks at assertion level. These will be
discussed in detail in chapter # 12.
PART D – FRAUD
LO 9: DEFINITION AND RESPONSIBILITIES OF MANAGEMENT AND AUDITOR:

Definition of Fraud:
Fraud is an intentional misstatement involving use of deception to obtain an illegal advantage.
Responsibilities of Management and TCWG:
Responsibilities of Management Responsibilities of Auditor

Primary responsibility for the ̶ Auditor’s responsibility is to obtain reasonable assurance whether
prevention and detection of fraud financial statements are free from material misstatement. It is not
rests with both TCWG and auditor’s responsibility to prevent or detect fraud.
management of the entity. ̶ However, auditor is required by ISAs to:
 To perform risk assessment procedures to assess risk of fraud
 Perform substantive procedures to address the risk of fraud.
 Maintain professional skepticism throughout the audit that fraud
may exist.
LO 10: RISK ASSESSMENT PROCEDURES RELATING TO FRAUD AND FRAUD RISK FACTORS :
Risk Assessment Procedures:
ISAs require the auditor to perform the following procedures to identify the risks of material
misstatement due to fraud:
1. Make enquiries of management in respect of:
a. their assessment of the risk of fraud
b. their process in place for identifying and responding to the risks of fraud
c. any specific risks of fraud identified or likely to exist
d. any communications within the entity in respect of fraud (e.g. code of conduct).
2. Make inquiries of management and others within the entity as to whether they have any
knowledge of any actual, suspected or alleged frauds.
3. Evaluate any unusual or unexpected relationships identified in performing analytical
procedures which may indicate a risk of material fraud.
4. Evaluate whether any fraud risk factors are present.

Fraud Risk Factors:
Misappropriation of Assets Fraudulent Financial Reporting

1. Personal Financial Obligations. 1. Intended sale of shares or business.
2. Adverse Relationships between entity 2. Management holds majority shareholding.
and employee. 3. Bonuses based on financial performance.
4. Pressure on management to meet financial targets e.g.
Incentives
debt-covenant or investor’s expectations.
/Pressures
5. Personal guarantee of management for repayments of
loans.
6. Going Concern Issues e.g. increased competition,
product failures, operating losses
1. Excessive cash in hand. 1. Domination of management by a single person or
2. Portable and precious inventory or small group without audit committee or internal audit
fixed assets. function.
3. Deficiencies in internal control over 2. Ineffective oversight by audit committee or internal
assets e.g. audit function (due to lack of independence from
a. Inadequate segregation of duties management).
for assets (e.g. cash, inventory). 3. Significant transactions outside the normal course of
Opportunity
b. Inadequate record keeping and business with related parties.
reconciliations for assets. 4. Deficiencies in internal control over financial
c. Inadequate physical safeguards reporting.
over tangible assets. 5. High turnover of senior management.
6. Nature of entity’s operations e.g. operations in
diversified jurisdictions and use of business
intermediaries.
1. Disregard for monitoring of control. 1. Lack of integrity in management.
2. Tolerance on petty theft. 2. Ineffective communication of code of conduct.
Attitudes/
3. Disregard for internal control by 3. Non-financial management’s excessive participation in
Rationalizati
overriding. accounting policies and estimates.
ons
4. Dissatisfied or unhappy employees 4. Management failing to correct material weakness in
5. Change in lifestyle. internal controls.
LO 11: TECHNIQUES OF FRAUD AND CIRCUMSTANCES INDICATING FRAUD :

Techniques of Fraud:
Techniques for Fraudulent Financial Reporting
Techniques for Misappropriation of Assets
(through management override of controls)
i) Embezzling receipts (e.g. collection from i) Recording fictitious journal entries (e.g. significant
debtors/bad debts recovery) sales at end of the year which is returned or unsettled
ii) Stealing physical assets or intellectual property after year end)
(e.g. cash, inventory, data) ii) Overstating Closing Stock
iii) Causing an entity to pay for goods and services not iii) Premature or Delayed revenue/expenses recognition
received (e.g. Payment to fictitious iv) Inappropriately changing assumptions, judgments,
vendors/employees) estimates
iv) Using entity’s assets for personal use (e.g. car, loan v) Concealing side agreements and other facts (e.g.
or security of loan) warranty, right of return)
vi) Engaging in complex transactions to misrepresent
facts

Circumstances indicating Misstatement in Financial Statements due to Fraud:

Following are examples of circumstances which indicate possibility of fraud in financial statements.
− Transactions not recorded/completed in timely manner or improperly

recorded as to amount, period, or classification.
Discrepancies in
− Supporting documents are not available for transactions/balances.
accounting records
− Last minute adjustments that significantly affect financial statements
− Tips or complaints to the auditor about the alleged fraud.
− Missing accounting records
− Altered accounting records
Conflicting or − Unavailability of original documents when they are expected to exist
missing evidence − Significant unexplained items on reconciliations
− Unusual discrepancies between the entity’s record and confirmation replies
− Large amount of credit entries and other adjustments at year end.
Problematic or − Denial of access to records, employees or other evidence
unusual − Undue time pressure by management to resolve complex or contentious
relationships issues
between the auditor − Management intimidation
and management − Unusual delays by entity in providing requested information
− Accounting policies at variance with industry norms
Others
− Frequent changes in accounting estimates
LO 12: RESPONSE TO MANAGEMENT OVERRIDE OF CONTROL:

Auditor shall perform following audit procedures to respond to the risk of management override of
controls:
a) Test the appropriateness of journal entries (for fake entries)
b) Review accounting estimates (for biases)
c) Obtain an understanding of the business rationale for significant transactions outside the
normal course of business
In designing and performing audit procedures for such tests, auditor shall:
i. Inquire of individuals involved in the financial reporting process about
inappropriate or unusual activity relating to the processing of journal entries
and other adjustments;
ii. Select (judgementally) and Test the journal entries and other adjustments made
at the end of a reporting period; and
Test the iii. Select (judgementally) and Test the journal entries and other adjustments
appropriateness of throughout the reporting period. (if considered necessary)
journal entries (for
fake entries) When selecting journal entries and other adjustments for testing and examining their
underlying support, following matters are relevant:
 Assessment of risk of material misstatement.
 Controls over journal entries.
 Characteristics of fraudulent journal entries or other adjustments.
 Nature and complexity of accounts.
 Journal entries processed outside the normal course of business.

In performing this review, auditor shall:

i. Perform comparative review with other estimates for indication of possible
biases.
ii. Perform a retrospective review of significant accounting estimates reflected
Review accounting
in the financial statements of the prior periods.
estimates (for
iii. Use an expert to develop an independent estimate for comparison to
biases)
management’s estimate.
iv. Extend inquiries to individuals outside of management and the accounting
department to corroborate management’s ability and intent to carry out
plans that are relevant to developing the estimate.
Following characteristics of significant transactions outside the normal course of
business suggests/indicates fraud:
 Transaction:
 Lacks an apparent logical business reason for its occurrence.
Understand
 Has unusual terms of trade.
business rationale
 Is processed in an unusual manner.
of significant
 Is overly complex (for example, it may involve multiple related parties
transactions outside
within a consolidated group).
the normal course
 Management has not discussed such transaction with TCWG.
of business
 Management is placing more emphasis on a particular accounting treatment
instead of underlying substance of the transaction.
 Transaction involves parties which do not have financial strength to support the
transaction.
LO 13: COMMUNICATION TO MANAGEMENT AND TCWG :

If the auditor has identified or suspects fraud, the auditor shall communicate these matters on a
timely basis to the appropriate level of management (regardless of size of fraud).
Auditor shall also communicate identified/suspected fraud to TCWG if fraud involves management
or is significant.
If management is involved in a fraud, integrity of management becomes doubtful and auditor may
consider appropriate action (e.g. withdrawal) based on advice of his legal advisor.
PART E – RISK ASSESSMENT IN SPECIALIZED ENTITIES
LO 14: RISK ASSESSMENT IN SMALL ENTITIES AND EFFECT ON AUDIT :
Features/Problems of Small Entity Effect on Audit

Concentration of ownership and management in Increased risk of management override of
one/few people and no monitoring by controls by owner-manager
independent persons (like TCWG)
 Only a few employees. Auditor is likely to place lower reliance on
 Limited internal controls because of lack controls and large amount of substantive
of segregation of duties. procedures will be performed.
Less sophisticated accounting system Auditor is unlikely to use CAATs.
Unlikely to have a qualified accountant Auditor is likely to himself prepare financial
statements.

LO 15: RISK ASSESSMENT IN NOT-FOR-PROFIT ORGANIZATIONS :

What is a Charity or NFPO:
A charity organisation is an example of an NFPO:
1. It has certain defined beneficiaries.
2. It raises funds from the public.
3. It seeks to spend those funds to help its beneficiaries.
Problems in audit of Not-for-Profit Organization (NFPO):

 There may be specific legal/constitutional requirements:
o Applicable on operations of NFP organization.
o Applicable on reporting requirements of NPF organization.
 Income is raised from various general public at various points.
 Use of volunteers who may lack competence and integrity.
Audit Approach in audit a Charity/NFP Organization:
Area Audit Approach

Auditor shall consider following matters in planning of an NFP audit:
 Objective and scope of audit
Planning
 Local regulations that apply on entity.
 Form and contents of financial statements and audit opinion
 Uncertainty of future income (affecting going concern assumption)
 Lack of controls over completeness of Income as there is no sales invoices to
check completeness (which may cause modification in auditor’s report)
 Lack of control over authorization of expenses (Funds may be spent outside
the objects of the charity.)
Risk Assessment
 Donations may be stolen by volunteer.
 Specific donation received may be recorded/spent inappropriately.
 Window-dressing in F/S to meet constitutional/statutory requirements (e.g.
when requirements is that admin expenses should not exceed a certain
%age).
 A substantive testing approach (rather than a systems based approach) will
be used because of weaknesses in its internal control system.
Evidence
 Key audit areas will be
Gathering
(a) Completeness of Income and
(b) application of funds in accordance with objects.
 If an audit is required by law, a prescribed format will be used.
Reporting
 If audit is voluntary, format of ISA – 700 may be used.

Auditing – Study Notes Chapter 11 Tests of Controls
CHAPTER ELEVEN
TESTS OF CONTROLS
ICAP'S STUDY TEXT
PART A – OBTAINING UNDERSTANDING OF INTERNAL CONTROLS
LO 1 DEFINITION AND LIMITATIONS OF INTERNAL CONTROL 5.1.2, 5.3.1

5.2.1, 5.2.3, 5.2.4,
LO 2 OBTAINING UNDERSTANDING OF INTERNAL CONTROL
5.2.5, 5.2.6, 5.2.9
7.2.1, 7.2.2, 7.2.3,
LO 3 CONTROLS OV ER THE SALES SYSTEM
7.2.4
7.3.1, 7.3.2, 7.3.3,
LO 4 CONTROLS OV ER THE PURCHASES SYSTEM
7.3.4
7.4.1, 7.4.2, 7.4.3,
LO 5 CONTROLS OV ER THE PAYROLL SYSTEM
7.4.4, 7.4.5, 7.4.6
LO 6 CONTROLS OV ER BANK AND CASH SYSTEM 7.5.1, 7.5.2, 7.5.3
CONTROLS OV ER INV ENTORY AND NON-CURRENT
LO 7 7.6.1, 7.6.2
ASSETS SYSTEM
PART B – DOCUMENTATION OF UNDERSTANDING OF ENTITY AND INTERNAL CONTROL
LO 8 METHODS OF DOCUMENTATION OF A SYSTEM 6.1.1, 6.1.2, 6.1.3
LO 9 DIFFERENCE BETWEEN ICQ AND ICEQ 6.1.3
LO 10 CHECKING THE ACCURACY OF PREV IOUS YEAR’S ICQ 6.1.3
1
PART A – UNDERSTANDING OF INTERNAL CONTROL
LO 1: DEFINITION AND LIMITATIONS OF INTERNAL CONTROL:

Definition of Internal Control:
Internal Control means policies and procedures designed, implemented and operated by
management and TCWG (to address business risks and) to provide reasonable assurance about
achievement of entity’s objectives with regard to:
 Reliability of the entity’s financial reporting
 Effectiveness and efficiency of its operations
 Compliance with applicable laws and regulations
Limitations of Internal Control:

Internal Control system is never perfect. It cannot provide absolute assurance about achievement of
objectives because of Inherent Limitations of Internal Control i.e.
i. Breakdowns caused by human errors
ii. Management override of controls.
iii. Collusion i.e. internal control is circumvented intentionally through collusion among more
than one person.
iv. Cost-benefit trade off may not justify a control
v. Often non-routine transactions are not subject to internal control.
vi. Segregation of duties in smaller entities not possible.
vii. Often Judgments are involved in risk assessment, and implementation of control which can
be faulty
LO 2: OBTAINING UNDERSTANDING OF INTERNAL CONTROL:

Auditor is required to obtain understanding of entity and its environment. This understanding shall
cover following elements:
Control Environment:
Control environment includes attitude, awareness and actions of TCWG and management regarding
entity’s internal control and its importance in the entity.
In evaluating the control environment, auditor considers the following matters:

 Audit committee and board directors have significant influence in the organization and
actively participate in business.
 Management actions and attitudes show character, integrity, and ethics.
 Management is committed towards Competence.
 No tolerance over code of conduct (e.g. petty theft)
 Management's operating style and philosophy is not aggressive towards financial reporting.
 Organizational structure is appropriate according to business.
 Management assigns authority and responsibility appropriately.
 Human resource policies emphasize on strong control environment.
Information System Relevant to Financial Statements:

Relevant Information system means processes by which entity obtains, records and presents
transactions to prepare financial statements. This system could be manual as well as IT-based (i.e.
computerized).
2
Auditor should consider following aspects of information system:

 Entity’s principal business transactions.
 How information system captures and records these transactions (including process to
prepare financial statements).
 Related accounting records in support of transactions.
Entity’s Risk Assessment Process:

Auditor shall obtain an understanding of whether or not entity has a good Risk Assessment Process
to identify, assess and manage business risks.
Identifying risk means recognizing existence of risk. Assessing risk means deciding whether risk is
significant or not. Managing risk means designing and operating internal controls to minimize the
risk.
Control Activities Relevant to Audit:

Control activities are the policies and procedures (other than control environment) to ensure that
entity’s objectives are achieved. Their objective is to stop errors from occurring in the first place
(called Preventive Controls), identify errors which have occurred (called Detective Controls) and
correct errors which have been detected (called Corrective Controls).
In evaluating the control activates, auditor considers the following categories:

 Authorization Controls (All significant transactions should be authorised/approved by an
appropriate level of management.)
 Physical Controls (These are controls to prevent unauthorized access to tangible assets and
computer programs/data files)
 Segregation of duties (It means assigning responsibilities of authorising transactions,
recording transactions and custody of assets to different people. Thereby, error/fraud by a
single person is detected by other persons).
 Controls over using Information Processing (These are used to check accuracy,
completeness and authorization of transactions. These could be either General Controls or
Application Controls)
 Reconciliations (These include comparing data from one source with data from other
source to confirm accuracy and completeness of data e.g. bank reconciliation, inventory
reconciliation, debtors’ reconciliation etc.)
 Performance Reviews/ Management Controls (These are reviews/analysis of actual
performance against budget, forecasts and prior period. These are usually performed by
management to supervise subordinates.)
Monitoring of Controls:
Monitoring of control is a process to evaluate the internal control. It includes evaluation of whether
internal control system is operating effectively and , if necessary, taking necessary remedial actions.
LO 3: THE SALES SYSTEM – OBJECTIV ES, ACTIV ITIES AND TESTS OF CONTROLS :
There should be segregation of duties between Sales Order (to prepare sales order), Despatch
Department (to despatch goods and prepare GRN), Invoicing Department (to prepare invoice) and
Accounts Department (to post invoices into Sales Journal & Ledgers).
3
Orde r Department: (Main Function: Preparation of Sales Order)
Control Objectives Control Activities Tests of Controls
-Select a sample of customers and inspect

complete documentations for approval of
-A separate credit department should set credit
credit limits.
limit for every new customer.
-Select sample of debtors and should
-Orders exceeding credit limit should be
Goods are supplied to compare their outstanding balances with
rejected.
customers within their credit limits.
-An exception report should be periodically
authorized credit -Auditor should use "Test data" to check
produced and reviewed for accounts where
limit. that an order over authorized limit is
outstanding balance has exceeded credit limit;
rejected (If IT system is used).
and it should be manually followed up by an
-Inspect exception reports (of balances
independent person.
exceeding credit limit) as evidence of
preparation and follow up.
-Select a sample of sales orders, and
-Senior management should set authorized
compare with authorized price list and
Price and discounts.
discounts.
-System should reject unauthorized prices and
Orders are approved -Auditor should use "Test data" to check
discounts.
on the basis of that an unauthorized price/discount is
authorized Price and rejected (If IT system is used).
produced and reviewed for sales orders where
Discounts. -Inspect exception reports (of
unauthorized price and discounts are used; and
unauthorized price and discounts on
it should be manually followed up by an
sales orders) as evidence of preparation
independent person.
and follow up.
Orders are recorded -Auditor should inspect numerical
Sales Orders should be sequentially
correct regarding sequence of sales orders.
prenumbered and should be
price, quantity, item -Auditor should observe whether oral
accepted/confirmed in writing only.
and customer details sales orders are accepted.
To ensure that orders -Auditor should observe whether
-System should reject sales order if inventory
are only accepted if inventory balance is checked before
balance is not available.
goods are available approving sales order.
Dispatch Departme nt: (Main Function: Preparation of Goods Dispatch Note)
Goods are despatched for -Auditor should inspect numerical

all sales orders. (and -Sequentially prenumbered Sales orders sequence of GDN.
shipment is not made should be reconciled with sequentially -Inspect exception reports (of sales
twice for same sales prenumbered GDN. orders not despatched) as evidence of
order) preparation and follow up.
To ensure that goods are -Goods should be cross-checked with -Observe the desptach department to
despatched correctly to sales order before despatch and GDN is assess that goods are despatched As
customers and that they signed by an authorized officer. per valid sales order.
are of an adequate -Customer signs a copy of the GDN and -Inspect a sample of GDN for signatures
quality. returns it to confirm receipt of goods. of the despatch staff and customer.
4
Invoicing/Billing Department: (Main Function: Preparation of Sales Invoice)
-Sequentially-pre-numbered GDN should

be compared with sequentially-pre-
-Auditor should inspect numerical
numbered sales invoices.
To ensure that invoice is sequence of Sales Invoices.
raised for all goods -Inspect exception reports (of GDN
produced and reviewed for un-invoiced
despatched. (invoice is not invoiced) as evidence of
GDNs; and it should be manually followed
not raised twice for same preparation and follow up.
up by an independent person.
GDN) -Inspect reconciliation of quantity
-Quantities despatched should be
shipped to quantity invoiced.
reconciled to quantities invoiced
periodically by an independent person.
-Invoice should be prepared on the basis of
Invoices are prepared -Select a sample of sales invoices, and
GDN and authorized Rates.
with correct quantity, compare with GDN and authorized
-Sales invoices should be reviewed by an
price and discount. price list.
independent person.
-Select a sample of credit notes, and
For goods returned,
Credit notes should be sequentially check for numerical sequence,
there must be authorized
prenumbered and authorized. authorization and cross reference to
credit note.
relevant sales invoice number.
Accounting Departme nt: (Main Function: Recording of Sales Invoices)
-Review exception report on numerical

sequences of GDN and Sales Invoice.
Inquire about follow up actions.
-GDN and Invoices should be
-Select sales invoices for sample of days,
-Invoices are recorded sequentially prenumbered.
and compare with sales daybook (number
completely and correctly -Sales invoices are reconciled with
as well as amounts).
in Books of Accounts. Sales daybook daily.
-Inspect monthly reconciliation of
-Invoices are recorded in -Debtors' Control Account and Sales
subsidiary ledger and general ledger on
correct customers' Ledger should be reconciled monthly.
sample basis as evidence of preparation
account. -Monthly statements mailed to
and follow up of exceptions.
customers and queries followed up.
-Inspect monthly customer account
statements on sample basis as evidence of
preparation and follow up of exceptions.
Accountant should check complete
Only valid/genuine sales Select a sample of sales invoices from
audit trail (i.e. sales order, GDN and
are recorded in books of sales journal and check whether GDN,
sales invoice) before recording a sales
accounts. Shipping documents and Sales order exist.
invoice in sales journal.
-An exception report should be -Inspect exception reports (of overdue
Bad debts are written off
periodically produced and reviewed for debts) as evidence of preparation and
only when authorized.
overdue debts; and it should be follow up.
5
manually followed up by an -Inspect approval of write-offs of

independent person. uncollectable amounts
-Approval of write-offs of uncollectable
accounts
Sales are recorded Select a sample of sales recorded in sales
All GDNs and sales invoices are
promptly in books of daybook and compare date of recording
processed and posted in accounts daily.
accounts. with date of GDN.
LO 4: THE PURCHASES SYSTEM – OBJECTIVES, ACTIV ITIES AND TESTS OF CONTROLS :

There should be segregation of duties between Purchase Order Department, Despatch Department,
Invoicing Department and Accounts Department.
Orde r Department: (Main Function: Preparation of Purchase Order)
 Purchase Orders should be sequentially

-Inspect sequentially prenumbering of
All Purchase Orders
prenumbered. purchase orders.
must be properly
 All Purchase orders must be authorized by
-Examine evidence of approval of sample
authorized.
Purchase Manager. of purchase orders.
Orders are made only -Inspect documentary evidence that
 There must be approved list of suppliers to
with authorized procedure for placing suppliers on
whom orders are made.
suppliers approved list is being followed.
-Select a sample of purchase orders and
 Tenders/Quotations should be obtained
Orders are made at inspect documentary evidence to ensure
before approving a sales order.
competitive prices quotations were called and order is given
to lowest quotation.
Receiving Department: (Main Function: Preparation of GRN)
-Observe the receiving department to

To ensure that goods -Quality and Quantity of goods should be cross-
assess that goods are received as per
are received inchecked with purchase order before
valid purchase order.
accordance with validacceptance and GRN is signed by an authorized
-Inspect a sample of GRN for signatures
purchase order. officer of receiving department.
of the receiving staff.
Goods are received -Auditor should inspect numerical
A sequentially prenumbered GRN is produced
against all purchase sequence of GRN and should also inspect
for every receipt of goods.
orders. reconciliation of purchase orders to GRN.
6
Billing Departme nt: (Main Function is to process Suppliers’ Invoices:)
- Auditor should select sample of GRN

To ensure that invoice -Sequentially-pre-numbered GRN should be and should compare with suppliers’
is received for goods compared with suppliers’ invoices. invoice.
received from -Quantities received should be reconciled to - Auditor should select sample of
supplier. (invoice is quantities invoiced periodically by an purchase invoice and should compare
not received twice for independent person. with GRN.
same GRN) -Inspect reconciliation of quantity
shipped to quantity invoiced.
Invoices are prepared A staff member should be responsible to check -Select a sample of purchase invoices, and
with correct quantity, whether appropriate rates and discounts are compare with GRN and approved
price and discount. used in supplier’s invoice. purchase order.
-A debit note should be created each time that
The auditor should be able to check a list
goods are returned to a supplier.
Credit is taken for of sequentially-numbered debit notes,
-Debit notes should be sequentially numbered
purchases returns. cross-referenced to a supplier’s credit
and matched with the supplier’s credit note
note.
when it is received.
Accounts Department: (Main Function is to record transactions in Books of Accounts)
-Review exception report on numerical

sequences of GRN. Inquire about follow
up actions.
-GRN should be sequentially prenumbered. -Select purchase invoices for sample of
-Invoices are recorded
-Purchase invoices are reconciled with days, and compare with sales daybook
completely and
Purchase daybook daily. (number as well as amounts).
correctly in Books of
-Creditors' Control Account and Purchase -Inspect monthly reconciliation of
Accounts.
Ledger should be reconciled monthly and subsidiary ledger and general ledger on
-Invoices are recorded
should be reviewed by an independent person. sample basis as evidence of preparation
in correct suppliers'
-Monthly statements mailed to suppliers and and follow up of exceptions.
account.
queries followed up. -Inspect monthly supplier’s account
statements on sample basis as evidence
of preparation and follow up of
exceptions.
Only valid/genuine Accountant should check complete audit trail Select a sample of purchases from
purchases are (i.e. purchase order, GRN and purchase purchase journal and check whether
recorded in books of invoice) before recording a purchase in GRN, Shipping documents and purchase
accounts. purchase journal. order exist.
Purchases are Select a sample of purchases recorded in
All GRNs and purchase invoices are processed
recorded promptly in purchases daybook and compare date of
and posted in accounts daily.
books of accounts. recording with date of GRN.
7
Supplier’s Statement:
A supplier’s statement is a printed statement, received at regular intervals from a supplier (usually
each month), showing details of transactions between the supplier and its customer (purchases,
purchase returns and payments) since the previous statement, and the amount owing as at the date
of the statement.
LO 5: THE PAYROLL SYSTEM – OBJECTIVES, ACTIVITIES AND TESTS OF CONTROLS :

Calculation of gross wages:
-HR departmetn authorizes all joiners

and leaves and notifications of joiners
-select a sample of joiners during the year
and leavers are sent to the payroll
and check documentation for
Wages are calculated only department on timely basis.
authorization of new employees.
for genuine employees. -There should be segregation of duties
-select a sample of workers from payroll
(i.e. no payment to 'ghost' between prepration of payroll and
sheet and check whether they are
or 'left' employees) distribution of payroll.
physically present.
-An independent person should check
-observe that segregation of duties exists.
documentation of employees added on
payroll.
-Review a sample of timesheets cards for
-Supervisor should maintain and
evidence of authorisation by a responsible
authorize "Time Sheet" for each
official.
employee.
Wages are calculated only -Observe whether clocking-in process is
-Alternatively, Clock-card system
in respect of work carried being monitored so that a worker cannot
should be maintained and "clocking-in"
out. clock in for multiple workers.
process should be monitored.
-Review a sample of overtime sheets for
-All overtimes should be approved by
evidence of authorization of overtime by
departmental heads.
relevant department head.
-Inspect that hours worked and rates of
pay are in accordance with Time-Sheet
-Payroll clerk should use:
and Approved Rates.
(a) Sequentially prenumbered Time-
-Re-calculation of gross pay for a number
Sheet/Clock-Card
of employees to ensure that mathematical
(b) Approved Rates of Pay
calculation is correct.
- A senior member should recalculate
-review a sample of payrolls for evidence
the gross and net pay workings for a
Payroll should be of recalculation and approval by a
sample of employees and should
calculated correctly. responsible official.
approve Payroll Sheet.
-Use Test Data to check that exception
-An exception report should be
reporting system is working properly if
periodically produced and reviewed for
salary exceeds or falls below pre-set
wages beyond pre-set limits; and it
limits.
should be manually followed up by an
-Inspect exception reports (of salaries
independent person.
beyond pre-set limits) as evidence of
preparation and follow up.
8
Calculation of deductions from wages:
-Use Test-Data to for calculation of tax and

compare results with independently
-Payroll procedures should include calculated figures.
deduction of tax using up-to-date rates -Re-calculation of deductions for a number
-Taxes are correctly
and other voluntary deductions. of employees to ensure that deduction is
calculated and paid to
-All voluntary deductions must be correctly made.
authorities.
authorized by employee in writing. -review a sample of payrolls for evidence
-Voluntary deductions are
-Senior management should check the of approval of total deductions by a
correctly calculated.
total amount of deductions from responsible official.
payroll and should approve it. -Inspect written consent of employee
regarding voluntary deductions and their
amounts.
Recording of payroll in accounts:

-Review reconciliation of payroll file to

general ledger. Confirm whether
-Accounts should be prepared from
discrepancies are followed-up promptly
Wages transactions are Approved Payroll file.
and resolved.
recorded completely and -Payroll should be accounted for within
-check whether payroll is being recorded
accurately in the a strict deadline.
within timescale.
accounting records. -Accounts should be reconciled with
-inspect documentary evidence of control
Payroll file before and after posting.
account reconciliations and review of
these reconciliations.
Payment of wages and salaries:
Correct amount of net pay

Inspect authorized bank transfer list and
should be paid to Bank transfer list should be compared
compare with relevant payroll. Check that
employees. with payroll and should be authorized
correct amount is transferred to the same
Payments are made only to before sending to bank.
account title.
proper employee.
Correct amount of
There should be formal timetable and Auditor should check whether procedure
deductions [e.g. tax] is paid
procedure for payment of deductions. is being followed.
to appropriate authority.
9
LO 6: BANK AND CASH SYSTEM – OBJECTIVES, ACTIV ITIES AND TESTS OF CONTROLS :
BANK AND CASH SYSTEM
–Process of Opening the mail should be –Observe whether the process is being
All cash received by monitored. monitored.
Post is recorded –A listing should be prepared for all cash and –Check amounts recorded as receipts from
cheques received through mail. customers against Listing.
–There should be segregation of duties
between Receipt of Cash and Recording of –Check that segregation of duties does
Cash. exist.
–Only a restricted number of employees –Check whether authority to receive cash
All cash received should be authorized to receive cash. is limited.
from cash sales is –Another person should check the actual –Check for evidence that Till roll totals of
recorded. cash received against the till roll total. Receipts Total are checked against cash
–Cash Till and Till Rolls should be used to received by an authorized person.
record cash sales. Alternatively, sequentially –Observe whether the process is being
prenumbered Receipts should be given for monitored.
cash received.
–At day end, cash received should be
recorded and deposited daily in bank
–Check frequency of deposit into bank.
All money received is account.
–Check whether bank statement matches
banked –Cash recorded and deposited into bank
with total of Till Roll.
account should be cross matched with
deposit slip.
–All payments (except petty expenses)
–Review the documents supporting
should be made through cross cheque and
requisition for payment.
should be backed by supporting documents.
–Review that supporting documents are
All Payments should –Supporting documents should be cancelled
being cancelled.
be properly once cheque is prepared (to avoid duplicate
–Review that only authorized persons are
authorized, made to payment).
signing the cheques.
correct person and –There should be established authority levels
–Review the sequence of cheque number.
properly recorded. for cheque signing.
–Agree entries into cheque book or in
–All cheques should be sequentially
listing of direct transfer to G.L., Bank
prenumbered.
Statement and Subsidiary Ledger.
–Payments must be recorded promptly.
–New bank accounts should be opened only
in accordance with established procedures.
–Confirm that new accounts are opened
–Responsibility for holding of cheque book
only under established procedures.
and preparation of cheques should be given
–Observe which persons are involved with
to restricted persons.
Proper Safeguards handling and preparation of cheques of
–There should be safe custody of cheque
should exist over company.
book and cheques should not be pre-signed.
money held –Inquire about custody of cheqeu books
CASH:
and chek to see whether any cheques are
–Cash and Coins should be kept in a secure
pre-signed.
place (e.g. safe).
-Observe cash custody procedures.
–Access to cash should be restricted to
authorized employees.
10
PETTY CASH
Maximum Limit for petty cash should be one month's petty cash
spending.
To avoid or reduce the risk
Petty cash should be kept in a locked cash box.
of petty cash being stolen.
There should be 'occasional checks' of petty cash by a senior
person.
All Petty cash expenses should be authorized in advance by a
To ensure that all spending properly authorized person.
out of petty cash is All withdrawals of petty cash should be recorded on a
properly authorized sequentially prenumbered Petty Cash Voucher. Supporting
documents should be attached with the voucher.
To ensure that only correct
amount of cash are When petty cash is 'topped up', the amount of withdrawal from
withdrawn from bank to bank should be equal to total of petty cash vouchers.
go into Petty Cash.
To ensure that all spending There should be a system for the regular recording of petty
out of petty cash is cash expenses in the petty cash book. Each entry should include
accounted for. the voucher number to ensure completeness.
LO 7: INV ENTORY AND NON-CURRENT ASSETS SYSTEM – OBJECTIVES, ACTIVITIES AND

TESTS OF CONTROLS:
INVENTORY SYSTEM
Inventory records should

There should be segregation of duties
be complete, accurate and Auditor should observe whether
between Ordering, Recording and
include only items segregation of duties exist.
Custody of inventory.
belonging to the company.
Auditor should check whether inventory
received agrees with GRN and inventory
All inventory movements There should be proper documentation
issued agrees with GDN. Auditor should
should be recorded and for all inventory received and issued
also check doucmentations to ensure
authroized. from store.
inventory movements are properly
authorized.
-Auditor should check compliance with
-Access to secure storage areas should access restrictions.
Inventory is protected be restricted. -Auditor should check for evidence that
against damage or theft. -Regular inventory counts should be periodic inventory counts are performed,
performed. and any difference between physical
balance and book balance is identified.
-IAS 2 should be applied in -Auditor should check for evidence that
Inventory should be determination of cost of inventory. cost of inventory is appropriately
correctly valued at lower -There should be procedures for calculated and there are procedures in
of Cost and NRV. identification of obsolete and slow place for identification of obsolete items.
moving items. Auditor should monitor these procedures.
11
-Auditor should check whether inventory

balances are below minimum level or
There should be maximum and above maximum level.
Appropriate levels of
minimum inventory levels for all -Auditor should inspect exception reports
inventory should be held
inventory items. There should also be to check whether inventory balance
at all times.
re-order level and re-order quantities. exceeds or falls below reasonable levels.
-Auditor should check frequency of out of
stock situations.
Controls Over Inventory Count:

1. Movements of inventory should be stopped during inventory counts.
2. Inventory counting sheets should be pre-printed with a description or item code of the goods,
but the quantities per the records should not be pre-recorded.
3. Count-teams should be independent of warehouse department and should be sufficiently
experienced and permanent employees of company.
4. Count-teams should consist of two members. One should count items, other should record item
description and quantity.
5. Clear instructions should be given to all teams as to which area of warehouse is to be counted by
which team to avoid omission or duplication of counting of items.
6. Count-sheets are signed by each staff member to determine accountability.
7. Inventory should be marked/tagged to indicate that it has been counted.
8. All inventory sheets should be prenumbered.
9. Damaged inventory should be separately identified.
NON-CURRENT ASSET SYSTEM
-Auditor should look for documentary

-There should be proper
evidence of capital expenditure
documentation for requisition and
All expenditures on non- authorization.
authorization for capital expenditure.
current assets should be -Auditor should also perform other tests
-Invoices of suppliers of non-current
properly authorized. of controls on acquisition of non-current
assets should be approved before
assets, which are applicable on purchase
payments.
of inventory.
All expenditure on non- -Invoices must be bifurcated between
-Auditor should check capital/revenue
current assets should be capital expenditure and revenue
analysis of invoices.
properly recorded. expenditure.
-Auditor should check appropriateness of
Expenditures should be -Management should review the
entries made in non-current assets and in
properly analysed as analysis of purchased items as capital
repair and maintenance.
capital or revenue. or revenue items.
12
Exam Tips
In exam if a concept review question is set from “Controls”, you may be required to:
1. State control objectives for whole system or for a specific department.
2. State control activities for a specific department (sometimes, you may also be
required to state reason of each control activity. If so, control objective is reason).
3. State tests of controls for a specific department (sometimes, you may also be required
to state reason of each test of control. If so, control objective is reason)
In exam if a case study is set from “Controls”, you may be given a typical system and you may
be required to:
1. Identify strengths or weakness/deficiencies in the system. (Weakness = Lack of
Control Activity with specific reference to case)
2. Explain the effect/implication of each weakness/deficiency (Effect of Weakness =
Objective of Absent Control Activity will not fulfilled).
3. Provide a recommendation to address/improve each weakness/deficiency (State
control activity with specific reference to case).
4. State tests of controls which you will perform on system. (state tests of controls with
specific reference to case).
PART B – DOCUMENTATION OF UNDERSTANDING OF ENTITY AND

INTERNAL CONTROL
LO 8: METHODS OF DOCUMENTATION OF A SYSTEM:

There are three methods of documentation of a system/internal control system i.e.
1. Narrative Notes
2. Questionnaires
3. Flowcharts
Narrative Notes
Narrative notes consist of a written description of the system; they would detail what occurs in the
system at each stage and would include any controls which operate at each stage.
Advantages of this method include:

– They are simple to record; after discussion with staff members of Oregano, these discussions are
easily written up as notes.
– They can facilitate understanding by all members of the internal audit team, especially more
junior members who might find alternative methods too complex.
Disadvantages of this method include:

– Narrative notes may prove to be too lengthy.
13
– This method can make it more difficult to identify missing internal controls as the notes record
the detail but do not identify control weaknesses clearly.
Questionnaires
Internal control questionnaires (ICQ) or internal control evaluation questionnaires (ICEQ) contain a
list of questions; ICQs are used to assess whether controls exist whereas ICEQs test the
effectiveness of the controls.

– Questionnaires are quick to prepare, which means they are a timely method for recording the
system.
– They ensure that all controls present within the system are considered and recorded; hence
missing controls or deficiencies are easily highlighted by the team.

– It can be easy for client to overstate the level of the controls present as they are asked a series of
questions relating to potential controls.
– A standard list of questions may miss out unusual controls of client.
Flowcharts
Flowcharts are a graphic illustration of showing how a system (e.g. sales system) is processed in
different steps. Lines usually demonstrate the sequence of events and standard symbols are used to
signify controls or documents.

– It is easy to view the system in its entirety as it is all presented together in one diagram.
– Due to the use of standard symbols for controls, they are easy to spot as are any missing controls.

– They can sometimes be difficult to amend, as any amendments may require the whole flowchart
to be redrawn.
– There is still the need for narrative notes to accompany the flowchart and hence it can be a time
consuming method.
LO 9: DIFFERENCE BETWEEN ICQ AND ICEQ:
Internal Control Evaluation Questionnaires

Internal Control Questionnaires (ICQs)
(ICEQs)
ICQs are used to check whether a particular ICEQs are used to check whether a certain
control exists or not. existing control is operating effectively or not.
ICQs are used to evaluate design of controls. ICEQs are used to evaluate operating
effectiveness of controls.
ICQs are developed by auditor as part of risk ICEQs are developed by auditor as part of tests
assessment process (after obtaining of controls (after obtaining understanding of
understanding of entity). entity and its Internal Control)
14
LO 10: CHECKING THE ACCURACY OF PREVIOUS YEAR’S ICQ:

Following are the necessary steps to check the accuracy of the previous year’s internal control
questionnaires.
1. Inspect last year’s audit working papers:
Review the last year’s audit file for indications of weaknesses in the system (e.g. sales
system) and note these for investigation this year.
2. Inspect current year’s system documentation of client:
Obtain system documentation from the client. Review this to identify any changes since last
year.
3. Inquire client:
Interview client staff to ascertain whether systems have changed this year and to ensure
that the internal control questionnaires produced last year are correct and relevant.
4. Perform walk-through tests.
During walk-through checks, ensure that the controls documented in the system notes are
actually working, for example, verifying that documents are signed as indicated in the notes.
15
Auditing – Study Notes Chapter 12 Substantive Procedures
CHAPTER TWELVE
SUBSTANTIVE PROCEDURES
ICAP'S STUDY TEXT
9.1 (whole sectio n)

LO 1 TANGIBLE NON-CURRENT ASSETS
Q68, Q69, Q76c
LO 2 INTANGIBLE NON-CURRENT ASSETS 9.2 (whole sectio n)
10.1, 10.2, 10.3,
LO 3 INV ENTORY
Q49, Q58, Q70, Q71
10.4,
LO 4 TRADE RECEIV ABLES
Q49
LO 5 PREPAYMENTS 10.4
10.5,
LO 6 BANK
Q61
LO 7 CASH 10.5
11.1,
LO 8 TRADE PAYABLES
Q74, Q75
LO 9 ACCRUALS 11.2.2
11.2.4,
LO 10 PROV ISIONS
Q13, Q42
11.2.4,
LO 11 CONTINGENCIES
Q13, Q42
11.3,
LO 12 BANK LOAN
Q73
LO 13 EQUITY 11.4
LO 14 DIRECTORS’ EMOLUMENTS 11.5

11.6.2,
LO 15 REV ENUE
Q68
11.6.3,
LO 16 PURCHASES
Q61, Q75, Q78a
11.6.4,
LO 17 PAYROLL
Q61
LO 18 INTEREST EXPENSE AND INTEREST INCOME 11.6.5
LO 19 OTHER EXPENSES 11.6.6
1
LO 1: TANGIBLE NON-CURRENT ASSETS:

Obtain “Fixed Assets’ Schedule” and “Fixed Assets’ Register”. Cast them to ensure mathematical
accuracy and agree balances with financial statements.
Substantive Procedures for additions during the year:

For Purchased Fixed Assets:
1. Obtain list of all fixed asset purchased during the period and agree with fixed assets’
schedule and fixed assets register (completeness and occurrence).
2. Check authorization of the purchase of fixed assets.
3. Select sample of additions and agree cost to supplier’s invoice. Also inspect invoice to verify
cost does not include revenue expenses (valuation).
4. Review repair and maintenance account to verify repairs do not include capital
expenditures. (completeness)
5. Inspect sale deed, purchase invoices, and legal documents as evidence of transfer of
ownership in the name of company. (rights and obligation)
6. Verify existence of fixed assets acquired during the year (existence).
For self-constructed Fixed Assets:

1. Obtain list of all fixed asset constructed during the period and agree with fixed assets’
schedule and fixed assets register (completeness and occurrence).
2. Select a sample of costs and agree with supporting documentation i.e.:
 Site acquisition costs to purchase invoice and legal papers/surveyor’s report,
 Materials (such as cement, bricks, and fittings) to suppliers’ invoice.
 Labour costs to approved payroll records, time sheets, etc,
 Overheads to relevant evidence.
3. Review the list of amounts capitalised to ensure that revenue items have not been
capitalized.
4. Physical inspection of the construction at the year end to confirm work to date and assess
the reasonableness of stage of completion.
5. Borrowing cost associated with project should be recalculated to ensure its accuracy.
6. Ensure that depreciation starts as and when asset become ‘available for use’.
7. Review expert’s assessment of stage of completion.
8. Budgeted cost should be compared with actual cost and significant differences should be
investigated.
Substantive Procedures for disposals during the year:

 Obtain list of all fixed asset disposed during the period and agree with fixed assets’ schedule
and fixed assets register (Completeness and Occurrence).
 Check authorization of the disposals of fixed assets.
 Check that cost and accumulated depreciation has been removed from books of accounts.
 Select a sample of disposals and agree Cost and Accumulated Depreciation with Fixed
Assets’ Register and Sale Price with Invoice. Recalculate profit or loss recognized on
disposal of assets (Accuracy).
Substantive Procedures for Closing Balance:

1. Obtain list of all fixed asset at year end and agree with fixed assets’ schedule and fixed
assets register (Completeness and Occurrence).
2. Select a sample of assets from non-current assets’ register and:
2
a. physically inspect them. (Existence).

b. During physical verification, also select assets from the floor and trace them into
fixed assets’ register (Completeness).
c. During physical verification, also check for conditions and usage of asset for
indications of impairment (Valuation).
3. If non-current assets are stated at revaluated amount, ensure that:
a. valuation is performed by a professional valuer,
b. amount of valuation is reasonable,
c. valuation is performed for all assets in the same class,
d. valuation is regularly updated and
e. valuation is appropriately accounted for in accounts.
4. Inspect sale deed, purchase invoices, and legal documents as evidence of transfer of
ownership in the name of company.
Substantive Procedures for depreciation/impairment expense:

1. Review Fixed Assets' Register to ensure:
 depreciation has been charged on all depreciable fixed assets.
 depreciation on addition starts when asset is available for use.
 fully depreciated assets are separately identifiable and no depreciation is charged
on such assets.
2. Check whether residual value, useful life/depreciation rate, depreciation method are:
 reasonable (considering nature of asset), and
 consistent with last year and industry practice and AFRF.
3. Recalculate depreciation expense (using analytical procedures) and compare with actual
expense to ensure reasonableness of depreciation expense.
4. Check whether allocation of depreciation expense between manufacturing and operating
expenses is on reasonable basis.
5. Review gain or losses on disposal as indication of possible understatement or
overstatement of depreciation expense. (if depreciation is reasonable, there should not be
significant gain or loss)
Study Tip
Main sources of evidence in audit of Tangible Non-current Assets are “Fixed Assets’
Schedule” and “Fixed Assets’ Register”.
LO 2: INTANGIBLE NON-CURRENT ASSETS :

Purchased Goodwill:
1. Confirm from documents prepared to acquire business:
a. the cost of acquisition and
b. reasonableness of fair value of assets acquired.
2. Check that cost of Goodwill is difference between the cost of acquisition and fair value of net
assets.
3. Review the possibility of impairment of goodwill subsequent to acquisition. If so, ensure
impairment loss has been correctly calculated and recorded.
3
Development Cost:
1. Ensure that criteria required by IAS - 38 to recognize development cost as intangible asset
has been met.
2. Discuss the feasibility of the project with management i.e.
a. Review projects and forecasts.
b. Production and marketing plans.
c. Obtain representation from management regarding intention to complete the
project.
3. For a sample of costs, inspect supporting documents e.g. development contracts, billing and
timesheets.
4. Test controls over documentation and safekeeping of scientists’ notes, discoveries and
conclusions.
Other Intangibles:
1. Inspect legal and purchase documents to ensure existence, valuation and right of entity over
intangible asset.
2. Check amortization calculation using client’s policy to ensure its accuracy (audit procedures
for amortization are same as of depreciation).
3. Review the possibility of impairment subsequent to acquisition. If so, ensure impairment
loss has been correctly calculated and recorded.
LO 3: INVENTORY:
1. Obtain “inventory lists” from client. Cast them to ensure mathematical accuracy and agree
balances with financial statements.
2. Select a sample of items from inventory lists and:
a. physically inspect them. (Existence).
b. During physical verification, also select assets from the floor and trace them into
inventory list (Completeness).
c. During physical verification, also check for conditions of inventory for indications of
impairment (Valuation).
3. Review reconciliation between physical balance and book balance at year end if total of
listing differs with book value. (Completeness)
Valuation:
Inventory is valued at lower of Cost and NRV.
1. Cost of Raw Material and Goods held for resale will be verified by auditor as follows:
 Check figure of cost by comparing with prices as per purchase invoice.
 Recalculate the cost using approach adopted by management (e.g. FIFO or Weighted
Average).
2. Cost of Work in Process and Manufactured Finished Good will be verified by auditor as
follows:
 Obtain a breakup of cost of each item of Work in Process and Manufactured Finished
Good and agree the total to the general ledger.
 Check that correct cost and quantity of Material has been used in valuation.
 Check Labor cost to approved payroll records, time sheets, etc,
 Check only production overheads are included in the valuation (selling/admin
overheads are excluded). Also check that overheads are based on normal levels of
output.
 Review expert’s assessment of stage of completion.
4
3. NRV of inventory will be verified by auditor as follows:

 Review client’s procedures for comparing NRV with cost of each item of inventory.
 During physical verification, also check for conditions of obsolescence, damage
indicating that NRV may be lower than Cost.
 Review prices at which inventory has been sold subsequent to year end as evidence
of NRV.
 Review aged inventory reports and identify any damaged, slow moving or obsolete
goods, and ensure they have been recorded at lower of Cost and NRV in Balance
Sheet.
 Inquire management about estimated selling price of inventory, cost of completion
and cost to make sale.
Rights and Obligation:

1. Check inventory owned by a third party (e.g. on "consignment basis" or "approval basis") is
separately identifiable, and not included in closing inventory.
Presentation and Disclosure:

1. Ensure that all disclosures as required by IAS – 2 have been included in the financial
statements.
2. Review that disclosures in the financial statements are correct and clear.
Audit Procedures/Responsibilities before, during and after inventory count:
Before Inventory count (i.e. During inventory count (i.e. After inventory count (i.e.
Planning) Observing and Recording) Follow up)
 Review client’s instruction  Observe the count to  Ensure quantity of final
for inventory count to endure that instructions valuation match with
assess effectiveness of are being followed. inventory list.
count.  Perform test count by  Inspect aging of inventory
 Determine if any inventory checking items from to identify slow moving and
is held by third parties to inventory sheet to obsolete stock and discuss
assess need to send warehouse and vice-versa. provisioning with
confirmation letter.  Observe conditions of management.
 Determine whether there is inventory for possible NRV  Ensure that inventory is
need of an expert or adjustment. valued at lower of cost and
component auditor.  Ensure that inventory NRV.
 Decide which counts and belonging to third parties  Ensure that Cutoff
locations will be observed but held by client is procedures have been
by audit team. segregated. appropriately applied while
 Perform cutoff test on sales recording sales and
and purchases. purchases.
 Obtain signed copies of
prenumbered count sheets
from client.
Study Tip
Main source of evidence in audit of Inventory is “Inventory Count” at year end.
5
LO 4: TRADE RECEIVABLES:
Existence, Completeness, and Rights and Obligation:
1. Obtain a listing of trade receivables from the sales ledger. Cast it and agree to the control
account and financial statements. Review reconciliation between control account and sales
ledger if difference exists.
2. Calculate debtors’ turnover ratio and compare with prior years. Investigate any significant
differences.
3. Review the list of trade receivables against prior years to identify any significant
variations/omissions.
4. Select a sample of debtors from sales ledger at year end (focusing on major customers,
customers with long outstanding balances, customers with credit balances) and perform a
trade receivables’ circularization. Perform alternative audit procedures in case of non-
response and additional audit procedures in case of exceptions identified.
5. Select a sample of debtors from sales ledger at year end and agree back to valid supporting
documentations of GDN and Sales orders.
6. Review whether effect of cut-off on sales have been appropriately accounted for in debtors.
7. Review the control account entries shortly before and after the year end for unusual items
and investigate them.
8. Review cash receipts after year end and trace to debtors at year end.
9. Review credit notes after year end to identify any sales transactions before year end which
should be reversed.
Evaluate adequacy of Provision for bad debts:

a) Inquire management regarding estimates used in calculation of provision for bad debts.
b) Obtain aged receivable ledger. Compare it with control account and test the aging. Review the
aged receivable ledger to identify any slow moving or old receivable balances. Discuss the status
with the credit controller to assess whether they are likely to pay.
c) Examine whether there are any cash recovery of doubtful debts or bankruptcy after balance
sheet date.
d) For large overdue balances, review financial statements of debtors and discuss with credit
manager likelihood of their collection.
e) Recalculate provision for bad-debts using sales, write-offs and current economic conditions of
customers.
f) Inquire management about any disputes with customers and review board minutes for disputed
receivables.
g) Review communication of client with customers, lawyers and collection agencies regarding
debts which are in dispute or unlikely to be paid.
For Presentation & Disclosures:

 Determine if any receivables have been pledged, discounted, factored.
 Inquire about receivables from officers, directors or other related parties.
 Ensure that receivables are correctly disclosed and classified in financial statements.
Study Tip
Main sources of evidence in audit of Receivables are “Debtors’ Confirmation Letter”
and “Aging of Debtors”.
6
LO 5: PREPAYMENTS:
1. Obtain a schedule of all prepayments. Cast list to ensure mathematical accuracy and agree
balances with financial statements.
2. Nature and amount of all prepayments should be compared with prior periods.
3. For sample of prepayments, recalculate their amounts with supporting documents and
payment from bank statement.
4. Agree prepayments to the adjustments after the end of the year.
LO 6: BANK:
1. Obtain a list of all bank accounts (including accounts closed during the year) along with
closing balances. Cast list to ensure mathematical accuracy and agree balances with
2. Obtain bank confirmation letter for all bank accounts (including accounts closed during the
year) and perform following procedures:
 Agree balances as per bank confirmation letter with bank reconciliation statements
(to ensure accuracy) and with list of bank accounts (to ensure completeness).
 Confirmation should be reviewed for evidence of loans, collateral or any
lien/restriction on balance.
3. Obtain Bank Reconciliation Statements (BRS) and perform following procedures:
 Cast BRS to ensure mathematical accuracy and agree balances of BRS with bank
statement and cash book.
 Trace deposits in transit into deposit slips and cash book of current month; and in
bank statement of subsequent month. For significant delays inquire explanation
from management.
 trace unpresented cheques into cash book of current month; and in bank statement
of subsequent month. For significant delays inquire explanation from management.
 for untraced items examine supporting documentation.
4. Perform cutoff test on cheque receipts and cheque payments.
5. Review cash book and bank statement for large transfers near year-end as indication of
window-dressing.
Study Tip
Main sources of evidence in audit of Bank are “Bank Reconciliation Statement” and
“Bank Confirmation Letter”.
LO 7: CASH:
1. Perform cash count at year end (including petty cash) and agree the total to the balance
includes in financial statements.
2. Review reconciliation for difference between book balance and physical balance.
3. Perform cutoff test on cash receipts and cash payments.
4. Ensure cash is under proper lock and key, and in safe custody.
7
LO 8: TRADE PAYABLES:
1. Obtain a listing of trade payables from the purchase ledger. Cast it and agree to the control
account and financial statements. Review reconciliation between control account and
purchase ledger if difference exists.
2. Calculate creditors’ turnover ratio and compare with prior years. Investigate any significant
differences.
3. Review the list of trade payables against prior years to identify any significant
variations/omissions.
4. Select a sample of creditors from purchase ledger at year end (focusing on major suppliers,
suppliers with long outstanding balances, and suppliers with credit balances) and perform
circularization i.e. sending confirmation letter. Perform alternative audit procedures in case
of non-response and additional audit procedures in case of exceptions identified.
5. Select a sample of creditors from purchase ledger at year end and agree back to valid
supporting documentations of GRN and Purchase Orders.
6. Review whether effect of cut-off on purchases have been appropriately accounted for in
creditors.
7. Review the control account entries shortly before and after the year end for unusual items
and investigate them.
8. Review cash payments after year end and trace to creditors at year end.
9. Review debit notes after year end to identify any purchases transactions before year end
which should be reversed.
LO 9: ACCRUALS:
1. A schedule of accruals should be obtained. Check for arithmetical accuracy and agree to the
general ledger and financial statements.
2. Individual accruals should be compared with prior periods.
3. Ensure that period end accruals of expenses includes necessary items (e.g. Salaries accrual,
Accruals for Utility bills, Withholding tax payable, Provision for Warranty etc.)
4. Agree accruals to the payments made after the end of the year e.g. tax on salaries paid to
FBR.
5. Check calculations of individual accruals to supporting documentation e.g. tax payable on
salaries should be based on payroll.
6. For Accrued Wages and Salaries:
a. Check whether accrual is based on last month’s payroll using correct records of
time, records of wage rates and salaries.
b. Confirm that additional costs (e.g. employer’s contributions) have been accounted
for.
c. Test reasonableness of accrual balance by performing analytical procedures e.g.
calculate ratio of accrued expenses to total salaries expenses and compare with last
year.
LO 10: PROV ISIONS:

1. Obtain a schedule of provisions. Check for arithmetical accuracy and agree to the general
ledger and financial statements.
2. Ensure that recognition and measurement of each element of provision in appropriate in
accordance with IAS 37.
3. Individual provisions should be compared with prior periods, and any changes should be
reviewed.
8
4. Ensure that period end provisions includes necessary items (e.g. Provision for bad debts,
Provision for slow moving stock, Provision for warranty, Provision for redundancy,
Provision for Legal cases, Provision for site restoration, etc.)
5. Review whether provisions have been adjusted in accordance with events occurring after
the balance sheet date.
6. Check calculations of individual provisions.
7. Relate the testing of provisions to other areas of the audit work e.g. correspondence with
lawyers.
LO 11: CONTINGENCIES (e.g. litigations):

 Follow up contingencies reported in last year.
 Discuss with management (also obtain written representation if necessary).
 Review minutes of BOD meetings.
 Review client’s correspondence with lawyers and invoices for legal services.
 Send confirmation to external legal counsel (listing specific areas where contingencies may
exist).
 Check status subsequent to reporting period.
 Consider whether expert advice may be required from outside sources other than lawyers.
 Review business press and trade journals for possibility of industry-wide contingencies.
LO 12: BANK LOAN:

1. Obtain a list of all borrowings/loans from client (with opening balance, new borrowings,
repayments and closing balance).
2. Cast list to ensure mathematical accuracy and agree balances with financial statements.
3. For new borrowings:
a. Check authorization.
b. Inspect loan agreements (for securities, repayment schedule, interest rate and
restrictive conditions etc.)
c. Check that interest payments have been presented separately from long-term loans
in accounts.
4. Trace payments from bank account for borrowings paid during the year.
5. Obtain confirmation letter from lenders.
For Presentation and Disclosure:

6. Review disclosure of interest rates and split between current and non-current portion.
LO 13: EQUITY:
Share Capital:
1. Check authorized and issued share capital complies with legal requirements.
2. For share capital issued during the year, auditor should check:
a. Cash received is properly recorded in accounts.
b. supporting documents and ensure that all legal requirements have been complied
with.
3. Agree amount of share capital in balance sheet with register of members.
9
Reserves:
1. Obtain a list of all reserves from client (with opening balance, additions, deletions and
closing balance).
2. Check accuracy of listing of client with supporting documents.
3. Ensure that legal requirements relating to reserves have been complied (e.g. regarding use
of share premium)
4. Check calculation of dividend and ensure that payment is consistent with issued share
capital.
5. Check authorization of payment of dividend and ensure that it has been paid in accordance
with legal requirements.
LO 14: DIRECTORS’ EMOLUMENTS:

1. Obtain a schedule of emoluments paid to directors during the year and agree with financial
statements’ disclosure.
2. Inspect minutes of BOD and obtain confirmations from directors to ensure there are no
undisclosed bonuses or other remuneration.
3. Inspect bank statements to verify actual amounts paid to directors.
4. Review the tax returns of directors to ensure these agree with emoluments as per listing.
5. Develop an expectation of current year’s directors’ emolument to ensure emoluments in
accounts is complete.
6. Obtain written representation from directors that they have disclosed all directors’
remuneration and related party transactions to the auditor.
LO 15: REVENUE:
Completeness:
Select a sample of customer orders and agree these to the despatch notes and sales invoices and
sales/subsidiary ledger to ensure completeness of revenue.
Occurrence:
Select a sample of sales recorded in Sales Journal and vouch back to sales invoices, shipping
documents and customer orders.
Accuracy:
Select a sample of sales invoices and perform following procedures to ensure these are accurate:
(a) compare prices, discounts and terms and conditions with authorized price list and authorized
terms and conditions.
(b) recalculate sales tax on invoice.
Cut-off on Sales:
1. When attending the warehouse for the inventory count at year end, the auditors should
select the last goods despatched note made on that day. He should then select further goods
despatched notes for despatches both soon before and soon after the year end date.
2. The sample of goods despatched notes should be traced to the associated sales invoices to
ensure that sales invoices have been posted as sales in the correct accounting period.
Presentation & Disclosures:

-Review accounting policies for revenue recognition and ensure they comply with AFRF and are
properly disclosed.
-Read notes to the accounts to ensure they are accurate, complete, and easy to understand.
10
LO 16: PURCHASES:
Completeness:
Select a sample of purchases orders and agree these to the goods receipt notes and purchase
invoices and purchase/subsidiary ledger to ensure completeness of purchases.
Occurrence:
Select a sample of purchases recorded in Purchase Journal and vouch back to purchase invoices,
receiving documents, and purchase orders.
Accuracy:
Select a sample of purchase invoices and perform following procedures to ensure these are
accurate:
(a) compare prices, discounts and terms and conditions with authorized terms and conditions.
(b) recalculate tax on invoice.
Cut-off on Purchases:
1. When attending the warehouse for the inventory count at year end, the auditors should
select the last goods received note made on that day. He should then select further goods
received notes for receipts both soon before and soon after the year end date.
2. The sample of goods received notes should be traced to the associated purchase invoices to
ensure that purchase invoices have been posted as purchases in the correct accounting
period.
LO 17: PAYROLL:
1. Obtain all payroll sheets processed during the year. Agree total of payroll sheets with
2. Cast a sample of payroll sheets to confirm completeness and accuracy of the payroll
expense.
3. For a sample of employees, recalculate the gross and net pay and agree to the payroll
records to verify accuracy.
4. Re-perform calculation of statutory deductions to confirm whether correct deductions for
this year have been included within the payroll expense.
5. Compare the total payroll expense to the prior year and investigate any significant
differences.
6. Perform analytical procedures on total salaries expense, incorporating joiners and leavers
and the pay increase. Compare this to the actual wages and salaries in the financial
statements and investigate any significant differences.
7. Agree the individual wages and salaries per the payroll to the personnel records and
records of hours worked per clocking in cards.
8. Select a sample of employees from payroll and check whether employees exist.
Study Tip
Main source of evidence in audit of Payroll is “Payroll Sheet”.
11
LO 18: INTEREST EXPENSE AND INTEREST INCOME :

1. Inspect legal documents (e.g. loan agreements) creating right of entity to receive/pay
interest.
2. Confirm reasonableness of interest by following formula
Interest Expense = Principal x Applicable Interest Rate x Period
3. Vouch the payment from recording into G.L. and tracing into bank statement.
LO 19: OTHER EXPENSES:

Select a sample of transactions from expense account and perform following procedures:
 Check approval and authorisation.
 Check supporting documents (e.g. acknowledgement of receipt of services).
 Check rates used are appropriate (based on market), appropriate tax deduction and
mathematical accuracy of invoices.
 Check evidence of payment (e.g. copy of cheque, receiving signature, and/or payment from
bank statement).
 Ensure that the expense relates to the year and business.
12
Auditing – Study Notes Chapter 13 External Confirmation
CHAPTER THIRTEEN
EXTERNAL CONFIRMATION
ICAP'S STUDY TEXT

REFERENCE*
LO 1 DEFINITION AND USE OF EXTERNAL CONFIRMATION N/A
LO 2 ASSERTIONS ADDRESSED BY CONFIRMATION 10.4.1

10.4.3
LO 3 PLANNING THE CONFIRMATION EXERCISE
10.4.4
SAMPLE SELECTION AND PERFORMING THE
LO 4 10.4.5
CONFIRMATION EXERCISE
AUDIT PROCEDURES FOLLOWING THE RECEIPT OF
LO 5 10.4.6
REPLIES
LO 6 BANK CONFIRMATION LETTER 10.5.2
MANAGEMENT’ S REFUSAL TO ALLOW THE AUDITOR TO
LO 7 10.4.2
SEND A CONFIRMATION REQUEST

Bank:
 Q. # 32C
 Q. # 45
 Q. # 51
 Q. # 60
 Q. # 72
2
LO 1: DEFINITION AND USE OF EXTERNAL CONFIRMATION:
External Confirmation:
External confirmation is a process of obtaining evidence by auditor directly
from a third party in written (on paper, electronic or other medium).
Whether or not to use Confirmation as Audit Evidence:

External confirmation is frequently used audit procedures because it provides most reliable
evidence (being written, external and direct evidence). However, external confirmation is not a
required procedure and auditor may omit it in following situations:
i. When there is no or low risk of material misstatement.
ii. When balance is not material.
iii. When confirming party does not have ability, objectivity or willingness to respond.
iv. When evidence can be obtained from other substantive procedures.
v. When management requests auditor not to send confirmation request and there is a
reasonable justification for this.
Situations where external confirmation procedures may provide relevant audit evidence:
Usually, confirmation procedure is used to confirm information from:
 Debtors/Creditors
 Banks
 Lawyers
 Inventories/Investments/Property title deeds held by third parties.
LO 2: ASSERTIONS ADDRESSED BY CONFIRMATION:

For different assertions, confirmation provides evidence of different strength i.e.
Assertion Nature of Evidence

Existence Confirmations provide strong evidence for this assertion.
Completeness Confirmations may provide strong evidence for this assertion if major parties
with low/zero/negative balances are also selected. This may identify
unrecorded transactions.
Valuation and Confirmations provide weak evidence for this assertion in case of debtors
Allocation (because debtor may go bankrupt and will still acknowledge the amount).
Rights and Confirmations provide weak evidence for this assertion in case of debtors
Obligations (because debtors may have been discounted).
LO 3: PLANNING THE CONFIRMATION EXERCISE :

Auditor shall maintain control over confirmation process i.e. he shall
1. Select the appropriate confirming parties.
2. Decide the information to be confirmed
3. Design the confirmation request
4. Send the confirmation himself.
Auditor shall decide:

1. About timing of confirmation
2. Number of customers to be confirmed
3. Confirmation method to be used

Timing of Confirmation:
Confirmations can be sent:
 at year-end (to confirm year-end balance)
 before year-end
If confirmations are sent prior to year end, following further procedures are performed at year end
to ensure that intervening transactions are not materially misstated:
1. Obtain break-up of balances (i.e. party wise detail) at year end.

2. Compare it with interim date balance and investigate unusual variations.
3. Obtain summary of transactions for interim period.
4. Select a sample of transactions and verify them.
5. Consider the necessity of additional confirmations at year-end (e.g. if balances have
significantly increased).
Confirmation Method to be used:

Broadly, there are two types of confirmation requests which are used by auditors i.e.
1. Positive Confirmation Request and
2. Negative Confirmation Request
Positive Confirmation Request Negative Confirmation Request

A request to confirming party to A request to confirming party to respond only
respond whether he agrees or when the confirming party disagrees with the
disagrees with the information information provided in the request.
Definition
provided in the request.
(i.e. The positive confirmation (i.e. The negative confirmation requests a reply
requests a reply in all cases). only in case of disagreement).
Confirming party may reply without
Evidence is less reliable as compared to
due verification. positive confirmation because the absence of
response may also be because:
(a)Requests may be lost in transit.
Risks
(b)Parties may disregard request to avoid
efforts.
(c)Parties usually do not reply if disagreement
is in their favor (e.g. if deposits are overstated).
By sending Blank confirmation (a Usually Negative confirmation is used in
blank confirmation does not contain combination with positive confirmation.
the balance; confirming parties are However, negative confirmation can be used as
asked to fill it in themselves). sole substantive procedure to address risk at
assertion level when and only when all of
following are present:
How to reduce
1.Population consists of large number of small
Risks
values.
2.Risk is low, and evidence has been obtained
about operating effectiveness of controls
3.A very low exception rate is expected, and
4.Auditor expects that confirming party will
not ignore such request.

LO 4: SAMPLE SELECTION AND PERFORMING THE CONFIRMATION EXERCISE :

Audit Procedures include following:
1. Obtain list of balances and check accuracy and completeness of list.
2. If population is not homogeneous, stratification of population should be made.
3. A suitable sample selection method should be used. In selecting the sample, following types
of accounts should be considered for inclusion:
a. Material balances
b. Nil balances or Negative balances.
c. Overdue accounts.
d. Accounts with unusual activities e.g. with large variations in balances or with
‘round’ payments.
4. Confirmation letters should be prepared for selected parties.
5. Management’s authority should be obtained.
6. Letter should be sent with returning mail address of auditor.
LO 5: AUDIT PROCEDURES FOLLOWING THE RECEIPT OF REPLIES :

When evaluating the results of external confirmation requests, the auditor may categorize such
results as follows:
a) A response indicating agreement
b) A response indicating Exception
c) A non-response
A response indicating agreement:

If response indicates agreement, it forms sufficient appropriate audit evidence. No further work
needed.
A response indicating Exception:

Exception means a response that indicates a difference between information requested to be
confirmed and information confirmed by the confirming party. Auditor shall investigate exceptions
to determine whether they are misstatements or not.
Exception may be because of:

− timing difference (i.e. cash or goods are in transit)
− measurement difference (i.e. customer who are also supplier may net off balances owed and
owing)
− clerical errors in confirmation process
− misstatements in accounts
A non-response:
In cases of non-response, auditor shall perform alternative audit procedures to obtain evidence e.g.
Situation Alternative Audit Procedures

–examine cash receipts subsequent to period end (Highly reliable evidence).
If confirmation from accounts
–examine sales orders, invoices, and Despatch Notes near the period end.
receivable is not received
–examine correspondence files for past due and disputed accounts.
If confirmation from accounts –examine cash payments subsequent to period end (Highly reliable evidence).
payable is not received –examine purchase orders, invoices, and GRNs near the period end.

LO 6: BANK CONFIRMATION LETTER:

Following information is normally requested by the auditor in a bank confirmation request:
Category Information Requested

(1) Full titles of all accounts together with the account numbers and balances therein,
including NIL balances (nature and extent of restriction, if any, should also be stated).
Bank Accounts (2)For all accounts closed during the period, full titles and dates of closure.
(3)The separate amounts of interest credited/charged during the period
(4) If there is any restriction, information regarding nature and extent of restriction.
(1)Details of funded and unfunded facilities.
Facilities (2)Terms of Interest/Markup.
(3)Repayment Schedule.
Details of any security in favour of the bank, including type of charge, (e.g. pledge,
Securities
hypothecation, mortgage etc.)
Additional Banking A list of other banks, or branches of your bank, where you are aware that a relationship
Relationships has been established during the period.
LO 7: MANAGEMENT’S REFUSAL TO ALLOW THE AUDITOR TO SEND A CONFIRMATION

REQUEST :
If management refuses to allow the auditor to send a confirmation request, the auditor shall:
 inquire reason for refusal and
 seek corroborative evidence for validity and reasonableness of request (e.g. a valid reason
may be a legal dispute or ongoing negotiation)
If refusal is reasonable:
Auditor shall perform alternative audit procedures (discussed above) to obtain evidence.
If refusal is not reasonable:

Auditor shall evaluate the implication on:
 risk of material misstatement, including risk of fraud.
 nature, timing and extent of other audit procedures.

Auditing – Study Notes Chapter 14 Audit Sampling
CHAPTER FOURTEEN
AUDIT SAMPLING
ICAP'S STUDY TEXT
LO 1 SELECTING ITEMS FOR TESTING 4.3.1

RELATIONSHIP BETWEEN SAMPLING AND AUDIT RISK 4.3.2
LO 2
MODEL 4.3.3
LO 3 STEPS IN SAMPLING 4.3.4
4.3.3
LO 4 SAMPLE DESIGN
4.3.4
LO 5 SAMPLE SELECTION 4.3.4
LO 6 PERFORMING AUDIT PROCEDURES ON SAMPLE 4.3.5

PROJECTING MISSTATEMENTS AND EVALUATING
LO 7 4.3.6
RESULTS OF SAMPLING

Bank:
 Q. # 47
 Q. # 55
 Q. # 59
 Q. # 62a & 62b
 Q. # 64c

LO 1: SELECTING ITEMS FOR TESTING:

Following are different means of selecting items for testing:
1) 100% Selection (i.e. selecting all items for examination)
2) Audit sampling
100% Selection:
100% examination of population is not done in Tests of Controls but may be done in Substantive
Procedures when:
o Population consists of small number of large values or
o There is a significant risk which cannot be reduced by other means or
o 100% examination becomes cost effective (e.g. when a repetitive calculation is performed
automatically by computer).
Audit Sampling:
Audit sampling:
Audit Sampling is the application of audit procedures to less than 100% of
items within a population in such a way that all sampling units have a chance
of selection, to draw conclusions about the entire population.
Audit Sampling is used in Tests of Controls and Tests of Details.
LO 2: RELATIONSHIP BETWEEN SAMPLING AND AUDIT RISK MODEL:

Detection risk arises because of two components/reasons:
 Sampling risk (due to sampling)
 Non-Sampling risk
Sampling Risk:
Definition:
“Sampling risk is the risk that auditor’s conclusion based on sampling might be different from the
conclusion if entire population would have been tested.”
Two Types of Incorrect conclusions in Sampling Risk:

1. In Tests of Controls, auditor erroneously concludes that controls are operating effectively
(but actually they are not). In Tests of Details, auditor erroneously concludes that
population is free from material misstatement (but actually it is not).
2. In Tests of Controls, auditor erroneously concludes that controls are not operating
effectively (but actually they are). In Tests of Details, auditor erroneously concludes that
population is not free from material misstatement (but actually it is).
First type of risk is more important because it may lead to incorrect audit opinion.
How to reduce Sampling Risks:

Sampling risk can be reduced through:
 Increase in Sample Size
 Stratification (It is the process of dividing a population into subpopulations, each of which is
a group of sampling units which have similar characteristics, often monetary value.)

Non-Sampling Risk:
Definition:
Non-sampling risk is the risk that auditor’s conclusion may be wrong for any reasons/errors other
than sampling risk.
Examples:
This risk arises due to errors by the auditors or incompetency of the audit team e.g.
 Inappropriate selection of audit procedure
 Inappropriate application of audit procedures
 Inappropriate interpretation of results of audit procedures (i.e. failure to recognize a
misstatement/deviation)
How to reduce Non-Sampling Risk:

Non-sampling risk can be reduced through:
 Adequate planning
 Adequate application of professional skepticism
 Assigning more experienced and specialized staff e.g. use of experts if necessary.
 Adequate supervision and review of the audit work performed
LO 3: STEPS IN SAMPLING:
1) Sample Design
2) Sample Selection
3) Performing Audit Procedures on Sample & Projecting Misstatements
4) Evaluating results of Sampling
LO 4: SAMPLE DESIGN:
Designing of audit sample includes making following decisions:
i. Determine Purpose of sample and Population from which sample will be drawn.
ii. Determine what constitutes a Misstatement or Deviation.
iii. Determine Tolerable Rate of Deviation and Expected Rate of Deviation (For Tests of
Controls)
iv. Determine Tolerable Misstatement and Expected Misstatement (For Tests of Details)
v. Determine Sampling Approach (i.e. whether Statistical or Non-Statistical)
vi. Determine Method of Selection (i.e. whether Systematic, Random or Haphazard)
Tolerable Rate of Deviation:

It is the rate of deviation (in internal control), set by auditor for which auditor obtains assurance
that actual rate of deviation in population does not exceed from this set-rate.
Tolerable Misstatement:
It is the amount of misstatement (in financial statements) set by auditor for which auditor obtains
assurance that actual amount of misstatements in population does not exceed from this set-amount.
(it is the application of performance materiality in sampling).
Expected Rate of Deviation/Expected Misstatements:

Determination of Expected Rate of Deviation/Expected Misstatement is based on following factors:
 Rate of deviations/misstatements in prior periods
 Risk Assessment Procedures

 Understanding of business
 Understanding of Internal Control/Results of Tests of Controls
Determining Sampling Approach:

Auditor shall determine whether to use Statistical Sampling or Non-Statistical Sampling.
Statistical Sampling:
An approach of sampling is called Statistical Sampling, if it has following
characteristics:
i. Use of Random selection to select items.
ii. Use of Probability theory to evaluate results.
e.g. Random Selection, Systematic Selection
Non-Statistical Sampling: (or Judgmental Sampling)

A sampling approach that does not have characteristics of Statistical Sampling.
Instead of probability theory, it is based on judgmental opinion of auditor e.g.
Haphazard Selection.
Advantages of Statistical Sampling Disadvantages of Statistical Sampling

 It provides objective, mathematically  Training and technical expertise are required.
precise basis for sampling process.  Investment in training of audit staff required.
 Required sample size can be calculated  Sample size is usually larger than judgmental
precisely (using statistical techniques) sampling, hence increases the time and cost of audit.
 It is the only mean of efficient auditing  Some auditors prefer to rely on their skills,
in case of very large population. experience and judgments instead of statistical
models.
Determining Methods of Sample Selection:
Random Selection:
Use of a computerized random number generator or random number tables to
select items.
Systematic Selection:
In this method, a random starting point is chosen and then every nth item is
selected e.g. selecting every 50th item.
Haphazard Selection:
Auditor selects sample without a structured technique, however whole
population is considered by auditor in sample selection.

LO 5: SAMPLE SELECTION:
Following factors influence determination of sample size:
Factors Effect on Sample Size
(Increase in) for Tests of Details
Tolerable rate of deviation/misstatement Decrease
Expected Rate of Deviation/Misstatement Increase
Desired Level of Assurance Increase
Risk of Material Misstatement Increase
Stratification of Population Decrease
Other Substantive Procedures (e.g. analytical procedures) Decrease
Population Size Negligible
Factors Effect on Sample Size

(Increase in) for Tests of Control
Tolerable rate of deviation/misstatement Decrease
Expected Rate of Deviation/Misstatement Increase
Desired Level of Assurance Increase
Extent to which auditor considers controls in Risk Assessment Increase
Population Size Negligible
LO 6: PERFORMING AUDIT PROCEDURES ON SAMPLE & PROJECTION:

Performing Procedures:
Auditor shall perform audit procedures on EACH item selected.
If audit procedures are not applicable to a Auditor shall perform procedures on a replacement
selected item (e.g. cancelled cheque) item (e.g. by selecting very next cheque)
If auditor is unable to apply audit procedures Auditor shall treat that item as a deviation (in case
on a selected item (e.g. when a cheque is of tests of controls) or a misstatement (in case of
missing or positive confirmation is not received) tests of details).
If auditor identifies a deviation/misstatement, auditor shall investigate whether any of them is

Anomalous. (Anomaly is a deviation or misstatement that is demonstrably not representative of
misstatements or deviations in a population. Anomaly is NOT considered for Projection)
LO 7: EVALUATING RESULTS OF SAMPLING:

Projection:
Projecting Deviation Rate (for T.O.C.):
No explicit projection is made for deviations in tests of controls because Sample Deviation Rate is
always the Projected Deviation Rate for population.
Projecting Misstatements (for T.O.D.):

Projected misstatement means “Auditor’s best estimate of misstatements in population that are
projected on the basis of sample”.

Evaluating results of Tests of Controls:

Result Evaluation
Deviation Rate is unexpectedly high. Auditor may:
If Projected Deviation Rate is above
–increase his assessment of control risk.
Tolerable Rate of Deviation
–auditor places no reliance on internal control.
If Projected Deviation Rate is below Controls are operating effectively. Auditor can rely on
Tolerable Rate of Deviation internal control.
Evaluating results of Tests of Details:
Result Conclusion and Auditor's Procedures

If Projected Misstatement is below –Population is not materially misstated.
Tolerable Misstatement –No further work necessary.
Sample has not provided a reasonable basis for
If Projected Misstatement is above
conclusion about population that has been tested.
Tolerable Misstatement
Auditor shall perform other substantive procedures.

Auditing – Study Notes Chapter 15 Analytical Procedures
CHAPTER FIFTEEN
ANALYTICAL PROCEDURES
ICAP'S STUDY TEXT
DEFINITION AND EXAMPLES OF ANALYTICAL

LO 1 8.2.2
PROCEDURES
LO 2 USES (PURPOSES) OF ANALYTICAL PROCEDURES 8.2.1
USE OF ANALYTICAL PROCEDURE AS SUBSTANT IV E 8.2.3
LO 3
PROCEDURES
INV ESTIGATION OF FLUCTUATIONS AND
LO 4 8.2.4
RELATIONSHIPS

Bank:
 Q. # 32a
 Q. # 81a

LO 1: DEFINITION AND EXAMPLES OF ANALYTICAL PROCEDURES :

Definition of Analytical Procedures:
Analytical Procedures means evaluation of financial information through comparisons and
relationships with other financial and non-financial information. Analytical procedures also include
investigation if actual values are significantly different from expected values.
Nature and Examples of Analytical Procedures:

Analytical procedures include calculation of key relationships between financial and non-financial
figures (called Ratio Analysis and Reasonableness Testing) and then making Comparisons. These
comparisons can be made with:
1. Prior accounting periods (by analyzing trend)
2. Expected Results (e.g. with budgets, forecasts or expectations developed by auditor)
3. Industry Average Results or with Competitors
4. Comparable parts of the same entity (e.g. results of one branch or division may be
compared with other branches or divisions)
Limitations of Analytical Procedures:

1. Its usefulness depends on quality of underlying financial information.
2. To make comparison, information must be calculated on consistent basis.
3. Two figures used to calculate ratio, must be logically related.
4. To understand significance of ratios and reasons of differences, auditor must have strong
understanding of entity’s business.
LO 2: USES (PURPOSES) OF ANALYTICAL PROCEDURES :
Phase of the
Purpose of Use
audit
Start of the Analytical Procedures are used as Risk Assessment Procedures to identify areas
Audit with potential risk of material misstatement.
During the Analytical Procedures are used as Substantive Procedures to identify
Audit misstatements in classes of transactions/account balance.
Analytical Procedures are used in forming overall conclusion:
 To corroborate conclusions formed during the audit of individual
At the end of components
the Audit  To form overall conclusion whether financial statements as a whole are
consistent with auditor’s understanding of entity.
 To identify previously unrecognized risk (if any).
LO 3: USE OF ANALYTICAL PROCEDURE AS SUBSTANTIV E PROCEDURES :

When auditor decides to use analytical procedure as substantive procedures, auditor shall perform
following steps:
1. Determine the suitability of analytical procedures for given assertion:

Analytical procedures are useful when relationships are predictable and plausible e.g. relationship
between sales revenue and selling commission.

2. Evaluate the reliability of data from which auditor’s expectation is developed:

Reliability of data for analytical procedures is influenced by following factors:
− Source of data (e.g. independent source is more reliable)
− Nature and Relevance of data
− Controls over preparation of data (to ensure its accuracy and completeness)
− Comparability of data (e.g. broad industry data may need to be supplemented to be
comparable for company selling single product)
3. Develop an expectation of recorded amount which is sufficiently precise to identify

misstatement:
Precise expectation depends on:
 Availability of the information, both financial and non-financial
 Extent to which information can be disaggregated
 Accuracy with which expected results can be predicted
4. Determine the amount of difference which is acceptable without further investigation

Acceptable difference is influenced by:
− Materiality
− Risk Assessment
− Desired Level of Assurance
LO 4: INVESTIGATION OF FLUCTUATIONS AND RELATIONSHIPS :

If relationships are inconsistent with other information or difference between expected value and
actual value is significant, auditor shall investigate the difference by:
1. Inquiring of management,
2. Corroborating management’s explanation on the basis of:
 auditor’s understanding of entity and its environment and
 other audit evidence obtained during audit
If adequate explanation is given, sufficient appropriate audit evidence has been obtained.
If explanation is not given or explanation is not adequate, audit evidence has not been obtained.
Auditor shall perform other procedures as necessary e.g. Tests of Details.

Auditing – Study Notes Chapter 16 Related Parties
CHAPTER SIXTEEN
RELATED PARTIES
ICAP'S STUDY TEXT
DEFINITION OF RELATED PARTY AND RELATED PARTY

LO 1 12.1.1
TRANSACTIONS
RESPONSIBILITIES OF MANAGEMENT AND AUDITOR 12.1.1, 1 2.1.2
LO 2
REGARDING RELATED PARTY
PROCEDURES TO IDENTIFY RELATED PARTY
LO 3 12.1.3
RELATIONSHIPS AND TRANSACTIONS
LO 4 RISKS IDENTIFIED AND AUDITOR’S COURSE OF ACTION 12.1.3
MATERIALITY, WRITTEN REPRESENTATION,
LO 5 12.1.3
COMMUNICATION WITH TCWG AND DOCUMENTATION

Bank:
 Q. # 50,
 Q. # 53
 Q. # 57

LO 1: DEFINITION OF RELATED PARTY AND RELATED PARTY TRANSACTIONS :

Related Parties:
Related parties are individuals or organisations that might have, or might be expected to have, an
undue influence on the company that is being audited.
Examples of related parties include:

 the directors and key management of a company
 their families
 other companies controlled by directors, key managers and members of their close family
 other companies in the same group.
Related Party Transactions:

Related party transactions are transactions between the client company and a related party of the
company.
LO 2: RESPONSIBILITIES OF MANAGEMENT AND AUDITOR REGARDING RELATED PARTY:

Responsibilities of Management:
IFRS requires management to identify, account for and disclose related party relationships and
transactions.
Responsibilities of Auditor:
1. To evaluate whether related party relationships/transactions have been appropriately
identified, accounted for and disclosed in accordance with IFRS.
2. To evaluate whether:
 Fraud risk factors exist
 Financial statements present true and fair view
LO 3: PROCEDURES TO IDENTIFY RELATED PARTY RELATIONSHIPS AND TRANSACTIONS :

1. The auditor shall inquire of management regarding:
 Identification of related parties, including changes from the prior period
 Relationships with related parties; and
 Transactions with related parties
2. Obtain understanding of client’s procedures and internal controls over identification,
accounting for and disclosure of related party relationship and transactions, including:
 Authorization and approval of related party transactions.
 Review reports by internal audit department.
3. Review working papers for previous years for known related parties.
4. Evaluate relationship of directors with other entities.
5. Communicate with component auditor or predecessor auditor (if applicable) for knowledge
of related parties
6. Inspection of records or documents, including:
 Bank and legal confirmations obtained as part of the auditor’s procedures;
 Minutes of meetings of shareholders and of those charged with governance; and
 Such other records or documents as the auditor considers necessary in the
circumstances e.g. Register of shareholders, Register of directors/officers, Entity’s

reporting to regulators (e.g. SECP, FBR, SBP), Records of the entity’s investments,
Significant contracts re-negotiated by the entity during the period, Published reports by
company (e.g. financial statements of prior period, prospectuses).
LO 4: RISKS IDENTIFIED AND AUDITOR’S COURSE OF ACTION:

Risk Identified Auditor’s course of action/procedures to address risk
Auditor shall perform following procedures when he identifies a previously
unidentified related party relationship/transaction:
 Communicate to other members of engagement.
Auditor identifies
 Reconsider risk of completeness of related parties (as other unidentified
related party
related parties may also exist).
relationships or
 Reconsider risk of fraud, if non-disclosure appears intentional.
transactions not
 Inquire as to why entity’s process and controls failed to identify it.
identified by
 Request management to identify all transactions of newly identified related
management:
party.
 Perform substantive audit procedures on newly identified related
party/transaction
Significant transactions outside the normal course of business indicate a related
party transaction. If auditor identifies such a transaction, auditor shall inquire of
management about whether related parties could be involved.
If auditor identifies
If a related party is involved in a significant transaction outside the normal course
significant transactions
of business, it will be a significant risk. Auditor shall evaluate whether:
outside the normal
i. Transactions have been appropriately authorized (e.g. by TCWG).
course of business.
ii. Transactions have been appropriately accounted for and disclosed in
accordance with the AFRF.
iii. The terms of the transactions are consistent with management’s explanations.
iv. Transaction indicates fraud.
Existence of a related If there is a related party with dominant influence, auditor shall inspect significant
party with dominant contracts with such related party.
influence***
***Indicators of dominant influence exerted by a related party include:

 Party has played significant role in founding the entity and continues to play that role in
managing the entity.
 Significant transactions are referred to Party for final approval
 Party has vetoed significant business decisions
 There is little or no debate/review on transactions involving Party

LO 5: MATERIALITY, WRITTEN REPRESENTATION, COMMUNICATION WITH TCWG AND

DOCUMENTATION:
Materiality:
Transactions with related parties are usually considered material irrespective of size of transaction.
Written Representation:
Auditor shall obtain written representations from management that:
1. All Related party relationships and transactions have been appropriately identified,
accounted for and disclosed in financial statements in accordance with the requirements of
AFRF.
2. Management has disclosed to auditor all related party relationships and transactions of
which they are aware.
Communication with TCWG:

Auditor shall communicate TCWG significant matters regarding Related Parties.
Documentation:
The auditor shall include in the audit documentation:
 Name of related parties
 Nature of relationships with related parties

Auditing – Study Notes Chapter 17 Reliance on Others
CHAPTER SEVENTEEN
RELIANCE ON OTHERS
LO # LEARNING OBJCTIVE REFERENCE
PART A – AUDIT OF GROUP FINANCIAL STATEMENTS

Section 1
LO 1 WHAT IS A GROUP AUDITOR
(Chapter 13)
Section 1
LO 2 WHAT IS A COMPONENT
(Chapter 13)
Section 1
LO 3 TYPE OF WORK TO BE PERFORMED ON COMPONENT
(Chapter 13)
Section 1
LO 4 RESPONSIBILITIES IF WORK OF COMPONENT AUDITOR IS USED
(Chapter 13)
Section 1
LO 5 IMPACT OF USE OF WORK ON AUDITOR’S RESPONSIBILITIES
(Chapter 13)
PART B – USING THE WORK OF INTERNAL AUDITORS
Section 2
LO 6 DEFINITION AND OBJECTIVES OF INTENRAL AUDIT FUNCTION
(Chapter 13)
COMPARISON OF INTERNAL AUDITOR WITH EXTERNAL Section 2
LO 7
AUDITOR (Chapter 13)
AUDITOR’S RESPONSIBILITIES IF AUDITOR USES WORK OF AN Section 2
LO 8
INTERNAL AUDIT (Chapter 13)
Section 2
(Chapter 13)
PART C – USING THE WORK OF AN AUDITOR’ S EXPERT
Section 3
LO 10 AREAS WHERE WORK OF EXPERT CAN BE USED
(Chapter 13)
Section 3
LO 11 DETERMINE WHETHER TO USE WORK OF AUDITOR’S EXPERT
(Chapter 13)
AUDITOR’S RESPONSIBILITIES IF AUDITOR USES WORK OF AN Section 3
LO 12
EXPERT (Chapter 13)
EVALUATE THE COMPET ENCE, CAPA BILITIES AND OBJ ECTIVITY Section 3
LO 13
OF EXPERT (Chapter 13)
EVALUATE APPROPRIATENESS/AD EQUACY OF WORK OF Section 3
LO 14
EXPERT AS AUDIT EVIDENCE (Chapter 13)
Section 3
LO 15 CONCLUSION ON ADEQUACY OF WORK OF EXPERT
(Chapter 13)
Section 3
(Chapter 13)
1
PART A – AUDIT OF GROUP FINANCIAL STATEMENTS
LO 1: WHAT IS A GROUP AUDITOR:
Group Auditor:
Group auditor is the audit firm responsible for the audit of the group financial
statements. Group auditor will also be the auditor of the parent company.
Problems in a Group Auditor:

 Large number of components.
 Components may be with a different accounting year end.
 Components may be with a different currency.
 Specific adjustments relating to consolidation.
Responsibilities of Group Auditor:

 Perform Acceptance and Continuance Procedures (i.e. whether he will be able to obtain
sufficient appropriate audit evidence on all components).
 Obtain understanding of components (i.e. which is significant and which is not) and
consolidation process
 Establishing overall group audit strategy, including
o Determining materiality levels for components
o Deciding type of work to be performed on component.
 Responsibilities if work of component auditor is used.
o Evaluate the competence, objectivity etc. of component auditor
o Communicate with component auditor.
LO 2: WHAT IS A COMPONENT:
Component:
A component is an entity or business activity, for which group or component
management prepares financial information, that should be included in the
group financial statements (e.g. in case of subsidiaries, branches or
combination of both).
Significant component:
Significant Component is a component identified by the group engagement
team, that is:
1. of individual financial significance to the group, or
2. likely to include significant risk of material misstatement in the group
financial statements (due to its specific nature or circumstances).
LO 3: TYPE OF WORK TO BE PERFORMED ON COMPONENT:
Nature of component Work to be performed

Significant Audit of whole component using component materiality
(on financial basis)
2
1. audit of whole component using component materiality or

Significant 2. audit of one or more account balances or classes of transactions or
(on risk basis) 3. audit procedures specific to assertions having significant risk.
(Procedure to be performed will depend on effect of risk.)
Analytical procedures at group level.
If evidence cannot be obtained from analytical procedures, additional
Non-significant
procedures (similar to significant components) may be performed on
some of selected components (this selection will change every year).
If a component is subject to an audit by law or regulation or other reason, auditor shall evaluate
whether materiality level is appropriate. If materiality level was low, additional procedures will be
necessary.
LO 4: RESPONSIBILITIES IF WORK OF COMPONENT AUDITOR IS USED:

A component auditor is an auditor who, at the request of the group auditor, performs work on the
financial information of a component.
Obtaining understanding of component auditor:

Group Engagement Team shall obtain understanding of following if it plans to use a component
auditor:
1. Whether component auditor understands and will comply with Independence requirements
(and other ethical requirements)
2. Whether component auditor has Professional Competence (e.g. industry specific
knowledge)
3. Whether component auditor operates in a regulatory environment that actively oversees
auditor
4. Whether group engagement team will be able to be involved in the work of component
auditor to the extent necessary to obtain sufficient appropriate audit evidence
If group engagement team has serious concerns/issues about component auditor from above
evaluation, it will not engage such component auditor. However, if concerns are less than serious,
group engagement team may engage component auditor but it will have to perform additional audit
procedures by getting involved more extensively in the work of component auditor.
Involvement in work of component auditor:

In case of a significant component, group engagement team shall be involved in component’s risk
assessment to identify significant risk. This involvement shall include, at minimum, following:
o Discussing those business activities of component which are significant to the group.
o Discussing susceptibility of component to misstatement due to fraud or error.
o Reviewing component auditor’s documentation of identified significant risks for group
For other components, extent of involvement will depend on understanding of component auditor.
3
Communication between Group Auditor and Component Auditor:
Letter of Instructions Memorandum/Report of work performed

(From group auditor to component auditor) (From component auditor to group auditor)
–nature, timing and extent of work to be –List of uncorrected misstatements
performed by component auditor. –Material weakness in internal controls
–Identified risk of material misstatement
relevant to component auditor.
LO 5: IMPACT OF USE OF WORK ON AUDITOR’S RESPONSIBILITIES:

1. Auditor (i.e. Group Engagement Partner) has sole responsibility to express opinion on
Financial Statements. His responsibility is not reduced if he uses the work of component
auditor.
2. He shall not refer to the work of component auditor in auditor’s report unless it is:
a. Required by Law or Regulation or
b. Necessary to explain nature of modification in auditor’s report
3. If reference of component auditor is made in auditor’s report:
a. Auditor may need the permission of the component auditor before making such a
reference and
b. Auditor shall state that such reference does not reduce auditor’s responsibility for
audit opinion.
PART B – USING THE WORK OF INTERNAL AUDITORS
LO 6: DEFINITION AND OBJECTIVES OF INTENRAL AUDIT FUNCTION:
Internal Audit Function:

Internal Audit Function is a function that performs activities to evaluate and
improve entity’s Governance, Risk Management and Internal Control.
Following are objectives/scope/activities/benefits of internal audit function:
Assisting Board of Directors in overseeing:

Governance
 strategic direction of the entity and
Activities
 obligations related to accountability of the entity.
Risk Management  Identification of Risks.
Activities  Management of Risks .
 Review of economy, efficiency and effectiveness of operating activities
(called Value for Money audit).
 Review of compliance with laws and regulations.
Internal Control
 Review of financial information (by performing tests of details).
Activities
 Monitoring and Evaluation of Internal Control (by performing tests of
controls on design, implementation and operating effectiveness of
internal control).
Special  Investigations when there is suspected fraud within the entity.
Investigations
4
Disadvantages of internal audit department include:

 Internal auditors are not independent of entity.
 Higher cost is involved in establishing internal audit department.
 There may be lack of qualification and experience in internal audit department.
LO 7: COMPARISON OF INTERNAL AUDITOR WITH EXTERNAL AUDITOR:
Internal Auditor External Auditor

Relationship/Independence Employee of entity Independent of entity
Appointment By BOD/Audit Committee By Members
Qualification Determined by BOD/Audit Committee Determined by Law
Objective is to evaluate and improve Objective is to express an opinion on
Scope / Objectives /
entity’s Governance, Risk Management and financial statements and on
Activities
Internal Control. additional matters required by law.
Scope/Objectives/ BOD/Audit Committee Determined by Laws and Regulations
Activities determined by
Reports To BOD/Audit Committee and his Reports to Members and his report is
Reporting
reports are restricted to them. publically available.
Format of Report Any (depending on circumstances) Determined by Law
Methods to ensure Independence of Internal Auditor:

Internal auditors are not independent of company; however they should be independent of
management. To ensure this:
 they should be reportable to audit committee and not to CFO.
 Scope of work of internal auditor should be decided by audit committee or internal auditor;
and not by management or finance director etc.
 To avoid familiarity threat, Internal auditors should be rotated periodically e.g. after every 3
to 5 years.
 Internal auditor should be appointed by BOD or audit committee; and not by management.
 Internal auditor should not be responsible for design or implementation of control; they
should be responsible for monitoring and evaluation of control.
Areas where work of internal audit function can be used by external auditor:
 Testing of the operating effectiveness of controls;
 Substantive procedures involving limited judgment;
 Observations of inventory counts;
 Tracing transactions through the information system relevant to financial reporting;
 Testing of compliance with regulatory requirements;
 audits or reviews of the financial information of subsidiaries that are not significant
components to the group.
5
LO 8: AUDITOR’S RESPONSIBILITIES IF AUDITOR US ES WORK OF AN INTERNAL

AUDIT:
If entity has an internal audit function whose activities are relevant to audit, external auditor shall
perform following procedures before using/relying on the work of internal audit function:
1. determine whether the work of the internal audit function can be used by evaluating
competence, objectivity and approach of internal auditor.
2. (if work can be used) evaluate appropriateness/adequacy of internal auditor’s work as
audit evidence.
Evaluating the Internal Audit Function:

Evaluation Factors to consider while evaluating
– Level of education and professional qualification.
– Training and experience of internal auditors.
Competence
–Specific knowledge and skills relating to entity’s financial statements.
–Whether internal audit function is adequately resourced.
–Compliance with internal auditing standards relating to objectivity
–Hiring/Firing authority of internal auditors should be with TCWG.
Objectivity
–Organizational status (e.g. whether it reports directly to TCWG).
–Free from conflicting responsibilities (e.g. no managerial work).
–Whether internal auditors apply a systematic and disciplined approach.
–Quality of internal auditor’s working papers (covering risk assessments, work
Approach programs, documentation and reporting).
–Consistency of Conclusions with work performed.
–Quality Control Program for internal auditor.
Evaluating the adequacy of work of Internal Audit Function:

Before using specific work of internal auditor, auditor shall determine adequacy of work by
evaluating whether:
 The work of the function has been properly planned, performed, reviewed and documented.
 Sufficient appropriate evidence has been obtained to draw reasonable conclusions, and
 Conclusions reached are appropriate in the circumstances and reports prepared are
consistent with the conclusions.
For this evaluating, auditor’s procedures may include:

 Reperformance of some of the work
 Review of internal audit function’s work programs and working papers.
 Observation of procedures performed by the internal audit function.
 Inquiries of individuals within the internal audit function.
Exact nature, timing and extent of testing of specific work depend on:
 Scope and assessment of of internal audit function’s work
 Risk of material misstatement.
 Significance of Judgments involved in work.
If auditor determines that the work of internal auditor is not adequate for auditor’s purposes,
auditor may:
− Perform additional audit procedures appropriate to the circumstances or
− Agree with internal auditor on further work to be performed by internal auditor.
6
LO 9: IMPACT OF USE OF WORK ON AUDITOR’S RESPONSIBILITIES:

1. Auditor (i.e. external auditor) has sole responsibility to express opinion on Financial
Statements. His responsibility is not reduced if he uses the work of internal auditor.
2. He shall not refer to the work of internal auditor in auditor’s report in any circumstances.
Direct Assistance:
Direct assistance is defined as the use of internal auditors to perform audit procedures under the
direction, supervision and review of the external auditor.
ISAs prohibit direct assistance procedures that:

 involve making significant judgements in the audit;
 relate to higher assessed risks of material misstatement;
 relate to work with which the internal auditors have been involved and which has already
been, or will be, reported to management or TCWG by the internal audit function; or
 relate to decisions the external auditor makes regarding the internal audit function and the
use of its work or direct assistance.
Prior to using internal auditors to provide direct assistance, the external auditor shall:
 Obtain written agreement from an authorized representative of the entity that the internal
auditors will be allowed to follow the external auditor’s instructions, and that the entity will
not intervene in the work the internal auditor performs for the external auditor; and
 Obtain written agreement from the internal auditors that they will keep confidential specific
matters as instructed by the external auditor and inform the external auditor of any threat
to their objectivity.
Agreement:
It may be useful for the external auditor to agree the following in advance with internal audit:
 the timing of such work
 the nature of the work performed
 the extent of audit coverage
 materiality and performance materiality
 methods of item selection and sample sizes
 documentation of work performed
 review and reporting procedures.
Documentation:
The external auditor is required to document:
 threats to the objectivity of the internal auditors, and the level of competence of the internal
auditors used to provide direct assistance;
 The basis for the decision regarding the nature and extent of the work performed by the
internal auditors;
 Who reviewed the work performed and the date and extent of that review;
 The written agreements obtained from an authorized representative of the entity and the
internal auditors; and
 The working papers prepared by the internal auditors who provided direct assistance on
the audit engagement.
7
PART C – USING THE WORK OF AUDITOR’S EXPERT
LO 10: AREAS WHERE WORK OF EXPERT CAN BE USED:

Expert may be required by management/auditor when financial statement involve following:
− Estimation of life and valuation of fixed assets.
− Valuation of specialized inventory.
− Analysis of complex or unusual tax compliance issues
− IT Expertise
− Legal Opinions
LO 11: DETERMINE WHETHER TO USE WORK OF AUDITOR’S EXPERT:
Auditor’s expert:
An individual or organization possessing expertise in a field (other than
accounting or auditing), whose work in that field is used by the auditor to
assist the auditor in obtaining sufficient appropriate audit evidence.
Assessing the need for an expert:

Considerations when deciding whether to use an auditor’s expert may include:
1. Risk of material misstatement of the matter.
2. Subjectivity, significance and complexity of the matter.
3. Availability of alternative sources of evidence
LO 12: AUDITOR’S RESPONSIBILITIES IF AUDITOR USES WORK OF AN EXPERT:

Auditor shall perform following procedures if auditor uses work of an expert:
1) Evaluate the competence, capabilities and objectivity of expert.
2) Obtain an understanding of the field of expert.
3) Evaluate the appropriateness/adequacy of expert’s work as audit evidence.
4) Agree terms with expert i.e.
 Nature and scope of work
 The respective roles and responsibilities
 Communication and Reporting
 Confidentiality requirements
LO 13: EVALUA TE THE COMPETENCE, CAPABILITIES AND OBJE CTIVITY OF EXPERT:

The auditor shall evaluate whether the auditor’s expert has the necessary competence, capabilities
and objectivity.
Competence, capability and objectivity of an expert may be assessed in following ways:

 Personal experience of previous work with expert.
 Discussion with expert.
 Discussion with other professionals who have worked with expert.
 Books or papers published by expert.
 Knowledge of expert’s qualification, membership of professional bodies or other external
recognition, license to practice.
8
LO 14: E VALUAT E APPROPRIATENESS/A DEQUACY OF WORK OF EXPERT AS AUDIT

EVIDENCE:
For this purpose, auditor shall evaluate:
1. Relevance, completeness, and accuracy of significant source data (if expert’s work involves
use of significant source data)
2. Relevance and reasonableness of significant assumptions and methods (if expert’s work
involves use of significant assumptions and methods)
3. Reasonableness of expert’s findings and conclusions
4. Consistency of these conclusions with other audit evidnece
LO 15: CONCLUSION ON ADEQUACY OF WORK OF EXPERT:

If auditor determines that the work of expert is not adequate for auditor’s purposes, auditor shall:
− Agree with expert on further work to be performed by expert.
− Perform additional audit procedures appropriate to the circumstances
− Consider the necessity to engage another expert.
LO 16: IMPACT OF USE OF WORK OF EXPERT ON AUDITOR’S RESPONSIBILITIES:

1. Auditor has sole responsibility to express opinion on Financial Statements. His
responsibility is not reduced if he uses the work of expert.
2. He shall not refer to the work of expert in auditor’s report unless it is:
a. Required by Law or Regulation or
b. Necessary to explain nature of modification in auditor’s report
3. If reference of expert is made in auditor’s report:
a. Auditor may need the permission of the expert before making such a reference and
b. Auditor shall state that such reference does not reduce auditor’s responsibility for
audit opinion.
9
Auditing – Study Notes Chapter 23 Final Matters
CHAPTER TWENTY THREE

FINAL MATTERS
ICAP'S
ICAP'S STUDY
LO # LEARNING OBJCTIVE SYLLABUS
TEXT REFERENCE*
REFERENCE
PART A: WRITTEN REPRESENTATION
SECTION 2
LO 1 DEFINITION OF WRITTEN REPRESENTATION
(CHAPTER 15)
WRITTEN REPRESENTATION ABOUT MANAGEMENT’S SECTION 2
LO 2
RESPONSIBILITIES (CHAPTER 15)
SECTION 2
LO 3 WRITTEN REPRESENTATIONS ABOUT SPECIFIC ASSERTIONS
(CHAPTER 15)
SECTION 2
LO 4 WRITTEN REPRESENATION AS AUDIT EV IDENCE
(CHAPTER 15)
PART B: SUBSEQUENT EV ENTS
EVENTS OCCURRING BETWEEN DATE OF FINANCIAL SECTION 1
LO 5
STATEMENTS AND DATE OF AUDITOR’S REPORT (CHAPTER 15)
FACTS DISCOV ERED AFTER AUDITOR’S REPORT (REV ISION IN SECTION 1
LO 6
AUDITOR’S REPORT) (CHAPTER 15)
PART C: ADDITIONAL CONCEPTS
SECTION 4.3
LO 7 MANAGEMENT LETTER AND ITS CONTENTS
(CHAPTER 5)
LO 8 AUDIT CORRESPONDENCE N/A
9
PART A – WRITTEN REPRESENTATION
LO 1: DEFINITION OF WRITTEN REPRESENTATION:
Written representation
A written statement by management provided to the auditor to confirm
certain matters or to support other audit evidence.
Form and Date of written representations:

Written representations shall be:
 in the form of a letter.
 addressed to auditor.
 dated as near as possible, but not after, the date of auditor’s report.
LO 2: WRITTEN REPRESENTATION ABOUT MANAGEMENT’S RESPONSIBILITIES :
About Financial Statements About Information Provided

Management has fulfilled its a) Management has provided the auditor
Representation responsibility for the preparation of with all relevant information and access,
required about financial statements in accordance as agreed in the terms of the audit
management’s with the AFRF, as agreed in the engagement, and
responsibilities terms of the audit engagement. b) All transactions have been recorded in
LO 3: WRITTEN REPRESENTATIONS ABOUT SPECIFIC ASSERTIONS :

Following is a list of other representations which are either:
1. required by different ISAs or
2. requested by auditor to support other audit evidence
About Financial Statements About Information Provided

Significant assumptions and accounting We have disclosed to you the results of our
estimates are reasonable. (ISA 540) assessment of the risk that the financial
statements may be materially misstated as a
Related party relationships and result of fraud. (ISA 240)
transactions have been appropriately
accounted for and disclosed in accordance We have disclosed to you all information in
Representation with the requirements of AFRF. (ISA 550) relation to fraud or suspected fraud that we
required by are aware of and that affects the entity
different ISAs All events subsequent to the date of involving management, employees or others.
financial statements for which AFRF (ISA 240)
requires adjustment or disclosure, have
been adjusted or disclosed. (ISA 560) We have disclosed to you the identity of the
entity’s related parties and all the related-
party relationships and transactions of
which we are aware. (ISA 550)
9
The effects of uncorrected misstatements

are immaterial, both individually and in We have disclosed to you all known
the aggregate, to the financial statements instances of non-compliance or suspected
as a whole. (ISA 450) non-compliance with laws and regulations
affecting financial statements. (ISA 250)
Additional e.g. about Plans or intentions that may e.g. about deficiencies in internal control
Representations affect carrying amount or classification of
requested by assets and liabilities
auditor
LO 4: WRITTEN REPRESENATION AS AUDIT EV IDENCE :

1. Like Inquiry, written representation is an audit evidence.
2. However, written representations, alone, do not provide sufficient appropriate audit
evidence about matters to which they deal.
3. It is only a supporting evidence and does not affect nature, timing and extent of other
evidence to be obtained.
If written representation is not provided:

If management refuses to provide written representation to auditor, the auditor shall inquire
reason for refusal.
Auditor shall:
 Re-evaluate the integrity of management.
 Reconsider the impact on other representations and audit evidence.
 Take appropriate actions, including considering effect on audit report.
If written representation is contradicted by other evidence:

Auditor should consider:
 whether additional audit procedures are needed to resolve contradiction.
 whether there is need to revise risk of material misstatement, including risk of fraud.
 if auditor has concerns about integrity of management, document those concerns and
consider withdrawing from the audit.
PART B – SUBSEQUENT EVENTS
LO 5: EV ENTS OCCURRING BETWEEN DATE OF FINANCIAL STATEMENTS AND DATE OF

AUDITOR’S REPORT :
Auditor’s Responsibility:
Auditor’s responsibility is to perform audit procedures to obtain sufficient appropriate audit
evidence that all events subsequent to the date of the financial statements have been identified by
management and have been adjusted or disclosed, as appropriate.
For this purpose, auditor performs:

 Active Review of subsequent events (i.e. auditor actively searches for significant subsequent
events. This review is performed till date of auditor’s report)
9
 Passive Review of subsequent events (i.e. auditor does not search subsequent events
actively; rather he relies on information from management. This review is performed after
the date of auditor’s report but before financial statements are issued)
Auditor’s Procedures to fulfill responsibility:

Normal audit verification work:
Auditor may find information about subsequent events during his normal audit verification e.g.
 In the audit of receivables, cash receipts from customers after the balance sheet date in the
audit of receivables or bankruptcy of a debtor after balance sheet date.
 In the audit of liabilities, review of subsequent payments to identify unrecorded liabilities.
 In the audit of inventory, sale of inventory below cost after balance sheet date.
Procedures aimed specifically at identifying subsequent events:

To meet his responsibility, auditor shall perform following procedures:
1) Inquiring of management and TCWG as to whether any subsequent events have occurred
which might affect the financial statements (auditor may make specific inquiries relating to
events adjusting or non-adjusting events).
2) Obtaining an understanding of procedures established by management to identify
subsequent events.
3) Reading minutes of subsequent meetings of the entity’s owners, management and TCWG
and inquiring about matters discussed at any such meetings for which minutes are not yet
available.
4) Reading the entity’s subsequent interim financial statements, if any.
5) Requesting management to provide written representation that “all events subsequent to
the date of the financial statements requiring adjustment or disclosure have been adjusted
or disclosed”.
9
LO 6: FACTS DISCOVERED AFTER AUDITOR’S REPORT (REV ISION IN AUDITOR’S REPORT):

If after the date of auditor’s report, auditor becomes aware a misstatement in financial statements
(e.g. an error/fraud in financial statements), auditor shall:
 Discuss with management to determine whether financial statements need amendment.
 If amendment is required, auditor shall inquire whether management agrees to amend
financial statements or not.
If management agrees to amend financial If management does not agree to

statements amend financial statements
Management’s Responsibilities: 1. If auditor’s report has not been
–Management shall amend financial statements before provided to entity, auditor shall
issuance. modify the opinion.
2. If auditor’s report has been
When financial Auditor’s Responsibilities: provided to entity, auditor shall
statements have Auditor shall:
not been issued
notify management and TCWG
–Carry out necessary audit procedures on the not to issue the financial
amendment. statements to third parties
–Provide a new audit report on the amended financial before the necessary
statements. amendments.
Management’s Responsibilities: Auditor shall take appropriate
–Management take necessary steps to ensure that users action to ensure that users are
do not rely on previously issued financial statements. informed not to rely on financial
–Management shall amend financial statements to re- statements.
issue them. These financial statements shall include an
additional note to explain the reason for the
amendment.
Auditor’s Responsibilities:
When financial Auditor shall:
statements have – Review the steps taken by management to ensure that
been issued users do not rely on previously issued financial
statements.
–Carry out necessary audit procedures on the
amendment.
–Provide a new audit report (on amended financial
statements) that shall include an Emphasis of Matter
Paragraph or Other Matter Paragraph, referring to the
 note in financial statements that explains reason
for the amendment in financial statements, or
 earlier report provided by the auditor.
9
PART C – ADDITIONAL CONCEPTS
LO 7: MANAGEMENT LETTER AND ITS CONTENTS:

Management Letter is a document prepared by auditor which states internal control weaknesses
discovered during the audit. To provide value-added service to audit client, auditor also
communicate to management recommendations to overcome weakness.
Management Letter is normally issued at the conclusion of the audit engagement and contains
following elements:
 Internal Control Weakness
 Risk faced by entity because of weakness
 Suggestions by auditor to remove control weaknesses
 Management’s Response
LO 8: AUDIT CORRESPONDENCE:
Type of Letter By To Timing Brief Description

Before To discuss whether there is any professional
Professional Predecessor
Auditor Acceptance of reason because of which engagement should
Clearance Letter Auditor
audit client not be accepted.
At start of the Engagement Letter confirms acceptance and
Engagement Letter Auditor Management
engagement appointment of auditor
External To obtain information about entity from
Confirmation Letter Auditor During Audit
Parties outside parties.
It reminds management about their
Representation Near the end responsibility for preparation of financial
Management Auditor
Letter of the audit statements and for completeness of
information provided to auditor.
Members At the end of The audit report expresses opinion on
Audit Report Auditor
(or TCWG) the audit financial statements.
It includes:
–identified weaknesses in internal control,
Management
After the –risks because of weakness in internal
Letter/ Letter of Auditor Management
Audit Report control, and
weakness
–recommendations to improve internal
control.
9
Auditing – Study Notes Chapter 19 International Standards on Review Engagements
CHAPTER NINTEEN
INTERNATIONAL STANDARDS ON
REVIEW ENGAGEMENTS
PART A – INTRODUCTION TO AUDIT AND RELATED SERV ICES

16.1.1
LO 1 AUDIT AND AUDIT RELATED SERV ICES
16.1.4
LO 2 TYPES OF REV IEW ENGAGEMENT 16.1.2
LO 3 DUE DILIGENCE ENGAGEMENTS 16.1.3
PART B – ENGAGEMENT TO REV IEW FINANCIAL INFORMATION

16.1.4
LO 4 PRINCIPLES TO APPLY TO REV IEW ENGAGEMENTS
16.1.6
16.1.4
LO 5 PROCEDURES FOR A REV IEW ENGAGEMENT
16.1.7
16.1.5
LO 6 REPORT OF A REV IEW ENGAGEMENT
16.1.8
1
PART A – INTRODUCTION TO AUDIT AND RELATED SERVICES
LO 1: AUDIT AND AUDIT RELATED SERV ICES:

Audit:
Audit is a form of assurance engagement. Objective of an audit is to obtain reasonable assurance
whether financial statements have been prepared, in all material respects, in accordance with
applicable financial reporting framework.
Review:
Review is also a form of assurance engagement. Objective of a review is to obtain moderate
assurance whether anything has come to auditor’s attention that causes him to believe that interim
financial information is not prepared, in all material respects, in accordance with applicable
financial reporting framework.
Agreed-upon Procedures:
The objective is to carry out procedures of audit nature to which the auditor and the entity have
agreed and to report on factual findings.
Compilations:
The objective is to carry out procedures of accounting nature to collect, classify and summarize
financial information e.g. preparing a tax computation for client.
LO 2: TYPES OF REVIEW ENGAGEMENT :

There are two types of review engagements:
Attestation Engagement:
In this type of engagement, a practitioner is engaged to attest to something e.g. to attest that certain
procedures within the entity have been performed in prescribed way. Practitioner will not
comment on quality of procedures.)
Direct reporting engagement:

In this type of engagement, a practitioner is engaged to provide a special report on some aspect of
client’s affairs. Practitioner performs examination of financial information and expresses negative
form of conclusion (moderate assurance). A common example is “Due Diligence Engagement”.
LO 3: DUE DILIGENCE ENGAGEMENTS:

Due Diligence Engagement:
This is a type of direct reporting review engagement and is usually performed in the context of
Mergers and Takeovers. Objective is to obtain information about the Target company prior to take
over to find out everything that may be relevant about target company’s financial performance,
financial position and future prospects.
Main objective of a Due Diligence is:

 To decide whether a takeover or merger is actually desirable.
 If so, what should be proposed cost of acquisition.
2
Items to investigate in a Due Diligence Exercise:

1. Financial Performance and Financial Position (e.g. looking at financial statements of
company, budgets etc., performing ratio analysis and evaluating trends)
2. Operational Issues (e.g. major contracts with customers, high rate of labor turnover, high
cost of warranties to customers)
3. Management Representations (evaluating management’s representation regarding takeover
e.g. if management says that there is no tax investigation or significant litigations)
4. Identification of assets (specially intangible assets are identified for inclusion in financial
statements of acquirer e.g. internally generated goodwill, patent rights, customer lists,
brand names)
5. Future Benefits and costs of takeover (it includes analysis of future benefits e.g. synergy
effect from economies of scale)
Benefits of using an audit firm for due diligence:

 An audit firm has expertise.
 Saves time for management.
 Re-assures that acquisition has been properly and professionally evaluated.
PART B – ENGAGEMENT TO REVIEW FINANCIAL INFORMATION
LO 4: PRINCIPLES TO APPLY TO REV IEW ENGAGEMENTS :

A professional engaged in a review engagement shall:
 Comply with ethical requirements.
 Agree terms of engagement
 Plan and perform the work with professional skepticism
 Obtain sufficient and appropriate evidence by performing “Review Procedures”.
 Express his conclusion in negative form in a written report.
LO 5: PROCEDURES FOR A REV IEW ENGAGEMENT :

The auditor should make inquiries, primarily of persons responsible for financial and accounting
matters, and perform analytical and other review procedures to enable the auditor to conclude on
financial statements. A review ordinarily does not require tests of the accounting records through
inspection, observation or confirmation.
Practitioner shall:
1. Obtain understanding of entity and its industry.
2. Make inquiries of management about significant matters e.g. about identification of
subsequent events affecting financial information, about events or conditions affecting
ability of entity to continue as a Going concern.
3. Applying analytical procedures i.e.
a. Comparing financial information with Prior Period, Budgets competitors and
industry
b. Study of Relationships between elements in financial statements that should be
expected to confirm a predictable pattern.
4. Reading the minutes of the meetings of shareholders, and TCWG.
5. Other review procedures including:
a. evaluating uncorrected misstatements (as in audit).
3
b. obtain written representation letter from management.

c. consider matters giving rise to modification in audit/review report in previous
periods.
d. read other information to identify a material inconsistency.
LO 6: REPORT OF A REVIEW ENGAGEMENT :
Examples of Review Reports on Interim Financial Information (Unqualified Conclusion)

AUDITORS’ REPORT TO THE MEMBERS ON REVIEW OF CONDENSED INTERIM FINANCIAL INFORM ATION
Introduction
We have reviewed the accompanying condensed interim statement of financial position of Pakistan Telecommunication
Company Limited as at June 30, 2014, and the related condensed interim statement of comprehensive income, condensed
interim statement of cash flows, condensed interim statement of changes in equity and notes to the financial information
for the six months period then ended (here-in-after referred to as the “interim financial information”). Management is
responsible for the preparation and presentation of this interim financial information in accordance with approved
accounting standards as applicable in Pakistan for interim financial reporting. Our responsibility is to express a conclusion
on this interim financial information based on our review.
Scope of Review
We conducted our review in accordance with International Standard on Review Engagements 2410, “Review of Interim
Financial Information Performed by the Independent Auditor of the Entity”. A review of interim financial information
consists of making inquiries, primarily of persons responsible for financial and accounting matters, and applying analytical
and other review procedures. A review is substantially less in scope than an audit conducted in accordance with
International Standards on Auditing and consequently does not enable us to obtain assurance that we would become
aware of all significant matters that might be identified in an audit. Accordingly, we do not express an audit opinion.
Conclusion
Based on our review, nothing has come to our attention that causes us to believe that the accompanying interim financial
information as of and for the six months period ended June 30, 2014, is not prepared, in all material respects in accordance
with approved accounting standards as applicable in Pakistan for interim financial reporting.
Auditor
Auditor
Date
Address
4
Auditing – Study Notes Chapter 20 IT Concepts and Controls
CHAPTER TWENTY
IT CONCEPTS AND CONTROLS
PART A – IT CONTROLS
LO 1 IT CONTROLS 5.2.7, 5.2.11
LO 2 IT GENERAL CONTROLS 5.2.7, 5.2.11, 6.3.5
LO 3 IT APPLICATION CONTROLS 5.2.7, 5.2.11
LO 4 CONTROLS OV ER DATA TRANSMISSION 6.3.6
PART B – USE OF COMPUTERS IN AUDITING

AUDITING AROUND COMPUTERS VS. AUDITING
LO 5 8.1.5
THROUGH COMPUTERS
LO 6 COMPUTER ASSISTED AUDIT TECHNIQUES (CAATs) 7.1.2
LO 7 TEST DATA AND EMBEDDED AUDIT FACILITIES 8.1.4
LO 8 AUDIT SOFTWARES 8.1.4
PART C – FLOWCHARTS
LO 9 TYPES OF FLOWCHARTS 6.2.3
LO 10 LEVELS OF FLOWCHARTS 6.2.2
LO 11 APPROACH TO DRAWING A SUCCESSFUL FLOWCHART 6.2.4

LO 12 SYMBOLS USED IN FLOWCHARTS AND THEIR MEANINGS 6.2.4
APPENDIX TIPS FOR DRAWING FLOWCHART IN EXAM N/A

PART D – OTHER CONCEPTS
LO 13 MICRO COMPUTER SYSTEM VS ONLINE SYSTEM 5.5.1
OPEN SYSTEM INTERCONNECTION (OSI) MODEL AND 6.3.4
LO 14
COMMUNICATIONS PROTOCOL 6.3.3
1
PART A – IT CONTROLS
LO 1: IT CONTROLS:
Control Activities in an organization could be either Manual or IT/Automated/Programmed.
Manual Control:
A manual control is performed by people (e.g. Authorization, Review, Reconciliations).
IT/Automated/Programmed Control:
A programmed control is performed by computer software (e.g. validation checks).
IT Controls are further classified between two types i.e. IT General Controls (ITGC) and IT
Application controls.
LO 2: IT GENERAL CONTROLS:
IT General Controls (ITGC):
IT General Controls are those controls that operate at entity level and relate to all or many
applications. General Controls help effective functioning of application controls by ensuring
continued proper operation of IT system.
Examples of IT General Controls:

Following are main categories of IT General Controls:
1. Controls over System Acquisition (to ensure Computer based information system and
application are developed consistent with entity’s objectives.)
2. Controls over System Maintenance (to ensure system is appropriately updated and
changed)
3. Controls over Program Changes (To prevent/detect unauthorized program changes)
4. Controls over use of Programs and Data (To prevent use of incorrect program or data files)
5. Access Controls (To prevent unauthorized acess/amendment to program and data files)
6. Controls over Data Center and computer Operations (To ensure continuity of operations.)
Category of
Objective of Control Example of Control
Control
a) Security meansures for protection of equipment against fire,
flood, power-failure, theft or other diasters.
Controls over Data
b) Disaster Recovery Plan/Contingency Plan e.g.
Center and To ensure continuity of
 Offsite storage of backup data.
computer operations.
 Standby arrangements with third parties to provide
Operations
“technical support” in the event of disaster.
 Insurance coverage for IT infrastructure.
Prevention of To avoid unauthorized physical access:
unauthorized  Controlled single entry point with visitors’ logs.
Access Controls
acess/amendment to  Door locks with log-in function (e.g. passwords, access cards,
(over Programs
program and data files biometric).
and Data)
(by employees or by  Identification badges
hackers)  Alarm & CCTV System.
2
To avoid unauthorized logical access:

 Each user has a unique Log-in ID and password (which is
difficult to guess and is changed periodically).
 There are access rights for every user which are peridoically
reviewed (to ensure segregation of duties)
 Inactive accounts are disabled after a pre-defined period of
non-usage (e.g. of terminated employees).
 Audit-Trail and System-Logs are available for all important
activities.
 Use of firewalls to prevent unauthorized acces via internet.
Computer based  Use of System Development Life Cycle for design,
information system development, programming of new computer system.
Controls over
and application are  Full documentation of new systems.
System
developed consistent  Testing of systems before implementation.
Acquisition
with entity’s  Training of staff before “live” operation of new system.
objectives.  New system should be formally approved by system-user.
Controls over Documentation and (same controls as above in system acquisition).
System Testing of (authorized)
Maintenance Program Changes
 Changes to program should be approved by appropriate
level of mangement.
To prevent/detect  There should be segregation of duties between tasks of
Controls over
unauthorized program prgorammer (who writes the program) and operator (who
Program Changes
changes uses the program).
 There should be full documentation of all program changes
and their testing exercises.
 Training of computer operators with “Standard Operating
Procedures” and “Job Scheduling” to specify which version
Controls over use To prevent use of of the program should be used.
of Programs and incorrect program or  Supervisors should monitor activities of staff.
Data data files  Management should carry out periodic reviews to ensure
that correct versions program and correct data files are
being used.
Audit Trail:
Audit Trail is the ability of users to trace a transaction through all of its processing stages. Audit
trail can be provided by system-logs.
System Log:
A log file is a file that records events taking place in the execution of a system. Logs provide
essential information that can assist in analyzing and improving system’s performance.
Examples of system logs include:
 When employees entered and left the building
 Which users logged-in, when and from where
 Failed log-in attempts
 Who accessed and amended data file.
 Changes made to a program – what when and by whom
 Attempted cyber intrusions.
3
LO 3: IT APPLICATION CONTROLS:
IT Application controls:
IT Application Controls typically operate at a business process level and apply to the processing of
transactions in individual applications (e.g. sales or purchases or expenses). Application controls
help to ensure that transactions are properly authorized, accurately processed and timely
distributed.
Examples of IT Application controls:

Following are main categories of IT Application Controls:
1. Controls over Input
2. Controls over Processing
3. Controls over Output
4. Controls over Master File/Standing Data
Examples of IT Application Controls:
Category of
Objective of Control Example of Control
Control
1. Use of Log-in ID and password for operator.
2. Authorization of source documents (used for input).
3. Source Data Automation (e.g. Use of Bar Codes)
4. Data Validation Controls
Following are different types of Data Validation Controls which are

usually used:
a) Limit Test/Check (A check to ensure that a numerical value
does not exceed some predetermined value)
b) Range/Reasonableness Test (A check to ensure that a
numerical value does not fall outside the predetermined
To ensure that data
range of values e.g. wages of employees fall within 10,000 to
to be used as input in
Controls over 25,000)
information system is
Input c) Sequence Test (A check to ensure that all entries in batch of
Authorized, Complete
input data are in proper numerical sequence e.g. there is no
and Accurate.
missing purchase invoice)
d) Existence Test (A check to ensure that a code/number exists
by looking up the code in the valid record e.g. whether a
supplier exists.)
e) Format/Field Test (A check to ensure that format of a data in
a field is either alphabet or numeric or alphanumeric e.g. that
there are no alphabets in a sales invoice number field)
f) Check-digit (A check-digit is a digit that is calculated in a
mathematical way from the original code and then is added to
the end of the code as extra-digit e.g. to detect transposition
errors)
 Control Totals: A Control Total is the sum of all input-
To ensure there is no
transactions. It may be sum of Number of transactions or
Controls over duplication or loss of
Value of transactions on a batch/file. A manually calculated
Processing data during
number/value of records is compared with number/value of
processing
record processed by computer to ensure that they agree.
4
 Limit Test
 Range Test.
 On-Screen Prompts: On-screen prompts are used to ensure
that a transaction is not left partly processed. A prompt
displays on screen and guides users what to do next.
 Marking a file as read only.
 Checkpoint and recovery procedures
 Restriction on printing of confidential reports
 Distribution of report restricted to relevant/authorized
To ensure that personnel only.
computer output is  A distribution-log should be kept (i.e. when a report was
Controls over
not distributed or prepared, list of its intended recipients and acknowledgement
Output
displayed to of recipients)
unauthorized users.  Audit trail
 Exception reports showing data that does not conform to
specified criteria.
Controls over To ensure that data  Record-counts in master file
Master held on master files  Regular update of master files.
File/Standing and standing files is  Review of master file by management.
Data correct.
LO 4: CONTROLS OVER DATA TRANSMISSION:

Controls over data transmission ensure that data is transmitted accurately, completely and with
confidentiality.
Controls over data transmission include:

 Data Encryption
 Using secured Wi-Fi with password protection
 Firewalls to prevent intrusion into the programs that send and receive data.
 Restricting access to source data that is transmitted.
 Using check sums and check digits to ensure that data received is accurate and complete.
 Programmed Control that ensure data is transmitted in the correct format.
Data Encryption:
Encryption is the process of transforming information to make it unreadable to anyone except
those possessing special knowledge (called a key).
There are two methods of encryption:

1. Symmetric (in which same keys are used to encrypt and decrypt data.)
2. Asymmetric (in which different keys are used to encrypt and decrypt data; this is
sometimes knows as public-private key).
There are two types of symmetric encryption i.e.

 Block Ciphers (in which a fixed length block is encrypted)
 Stream Ciphers (in which the data is encrypted one 'data unit', typically 1 byte, at a time in
the same order it was received in.)
5
PART B – USE OF COMPUTERS IN AUDITING
LO 5: AUDITING AROUND COMPUTERS VS. AUDITING THROUGH COMPUTERS :

Auditing Around Computers:
“Auditing Around Computers” means that client’s ‘internal’ software is not audited. Auditor agrees
inputs of the system with output and compares actual output with expected output.
This method of auditing increases audit risk because:

 The actual files and programs of computer system are not tested; the auditor has no direct
evidence that the programs are working as documented.
 Where errors are found in reconciling inputs to outputs, it may be difficult or even
impossible to determine how those errors occurred.
Auditing Through Computers:

“Auditing Through Computers” means that the auditor uses various techniques (e.g. CAATs) to
evaluate client’s computerized information system to determine reliability of its operations
(alongwith its output).
LO 6: COMPUTER ASSISTED AUDIT TECHNIQUES (CAATs):

Computer Assisted Audit Techniques (CAATs):
CAATs are the use of computer techniques by auditor to perform procedures and obtain audit
evidence.
There are two types of CAATs commonly used:
1. Test Data (used as Tests of Control)
2. Audit Softwares (used as Substantive Procedures)
Uses of CAATs by Auditor:

CAATs are usually performed by auditor where adequate audit trail is not available, or auditor
wants to check the accuracy and completeness of processing e.g.
1. In performing tests of controls e.g. to ensure completeness of sales/purchase invoices.
2. To ensure accuracy and completeness of schedules provided by client (e.g. wages,
depreciation)
3. In Analytical Procedures (e.g. in variance analysis, turnover ratios)
4. In Sampling (e.g. stratification, sample selection)
5. In detection of unusual items.
Advantages of CAAT:
1. Enables auditor to test program controls (i.e. “auditing through computers”) and not just
copies or printouts.
2. Enable auditors to test a large volume of data accurately and completely.
3. Reduce level of human errors in performing audit procedures.
4. Reduces efforts on routine work and gives opportunity to concentrate on judgmental areas.
Disadvantages of CAAT:
1. Expensive to set up (High investment needed for infrastructure and training of staff )
2. Require co-operation of the client.
6
3. Major changes in client systems often require major changes in CAATs, which is expensive.
4. Client’s system may not be compatible with audit softwares.
5. Checking client’s original files ‘lively’ may increase risk of files being corrupted.
LO 7: TEST DATA AND EMBEDDED AUDIT FACILITIES :

Test Data:
Definition:
Test data is a set of dummy transactions developed by auditor and processed by client’s IT system
and comparing the actual results with expected results to determine whether controls are
operating effectively.
Problem with Test data:

A problem with test data is that it provides evidence about operation of controls only at the time
when test data is processed. (its solution is use of Embedded Audit Facilities).
Embedded Audit Facilities (or “integrated audit facility” or “resident audit software”:
It is auditor’s computer programs that is built into the client’s IT system to allow the audit to carry
out tests at the time transactions are processed in ‘real time’. In this approach, a dummy
department is built into client’s accounting system (usually during its original design) that operates
every time the ‘live’ process is run. Information about processing and controls of client’s system is
stored in a file called SCARF (System Control And Review File). Only auditor has access to such
dummy department and its data.
These facilities are used when:

1. Database is continually processed and updated in real time by client.
2. Satisfactory Audit Trail is not available after the processing of transactions.
LO 8: AUDIT SOFTWARES:
Audit Softwares are computer programs used by the auditor to interrogate a client’s computer files.
The principle objective is substantive testing.
Following are main types of Audit Softwares:
Interrogation programs
These are used to access the client’s files and records and to extract data for auditing. These could
be:
 Package programs (generalised audit software) – i.e. pre-prepared programs.
 Purpose-written programs – perform specific functions of the auditor’s choosing.
Interactive software:
These are used in interrogation of on-line IT systems.
Embedded Audit Facilities (or “integrated audit facility” or “resident audit software”:
(defined above)
7
PART C – FLOWCHARTS
LO 9: TYPES OF FLOWCHARTS:
Linear Flowchart.
 A Linear Flowchart is a diagram that displays the sequence of activities that make up a
process.
 This tool can help identify rework and redundant or unnecessary steps within a process
Opportunity Flowchart
 An Opportunity Flowchart (a variation of the basic linear type) differentiates process
activities that add value from those that add cost only.
 Value-added steps are essential for producing the required product or service. Cost-added-
only steps are not essential for producing the required product or service. They are added
to a process to avoid something wrong e.g. end-of-process review.
Deployment Flowchart.
 A Deployment Flowchart shows the actual process flow and identifies the people or groups
involved at each step.
 This type of chart shows where the people or groups fit into the process sequence, and how
they relate to one another throughout the process.
LO 10: LEV ELS OF FLOWCHARTS:

Macro level:
 This is a “big picture” of flowchart for top level management.
 Generally, a macro-level Flowchart has six or fewer steps.
Micro/Ground Level:
 This provides detailed presentation of specific portion of the process by documenting every
action and decision.
Mini/Midi Level:
 This is a flowchart between Macro and Micro.
 It focuses only on part of the Macro level flow chart.
LO 11: APPROACH TO DRAWING A SUCCESSFUL FLOWCHART :

1. Observe the process to be documented (specially where to start and where to end)
2. Record steps in the process (in narrative form e.g. step 1, step 2 etc.)
3. Arrange the sequence of steps (sequence may be different for different people but it should
be logical)
4. Draw flowchart suing standardized Symbols.
5. Check accuracy and completeness of flowchart using a “test data”.
8
LO 12: SYMBOLS USED IN FLOWCHARTS AND THEIR MEANINGS :

Shape Symbol Function/When to use
Oval This shows Start Point, and End Point of flowchart.
Rectangular This shows individual activity/process/instruction in the process
Box i.e. what to do.
This shows decision point. Decision is in Yes/No Form (like ‘if’
Diamond
command in excel).
Arrow / Flow-
This shows direction of the flow.
line
Circle is a connector symbol used to show connection between
Circle two parts of a flow charts without drawing a connection line.
A letter/number inside circle clarifies continuation.
Pentagon is a connector symbol like circle to show connection
between two parts of a flow charts without drawing a connection
Pentagon
line. However, it connects different steps on different pages.
A letter/number inside circle clarifies continuation.
APPENDIX: TIPS FOR DRAWING FLOWCHART IN EXAM:

1. Start from the left section of the page (not from middle).
2. Use only four symbols i.e. Oval, Box, Diamond, Flow-line (as described below).
3. Every symbol (except arrow) is to be filled with some words.
4. The flow of sequence is generally from the top of the page to the bottom of the page. This
can vary with loops which need to flow back to an entry point.
5. A flow chart should be presented and completed on one page. It should not have more than
15 symbols (including START and STOP).
Shape Tips
1. Every flowchart will have 2 Oval Shapes; one at starts and other at end..
2. At start only one arrow comes out.
Oval
3. At end, only one arrow comes in (however other arrows may merge with
last arrow).
1. It is always in ‘verb’ form (as it shows an activity).
2. Only one arrow should come in Box.
Rectangular Box
3. Only one arrow comes out from Box which leads to next activity or a
decision table (except when End).
1. Two arrows come out from Diamond one for yes and one for no. (Yes arrow
should go down; No arrow should go right).
Diamond
2. These arrows can lead to a Box or another Diamond.
3. You can use symbols like “>”, “=”, “<” in a diamond.
1. Usual direction is “Top to Down” or “Left to Right”. However, sometimes it
may also be from down to up.
2. Only one arrow enters/comes out of a shape (except diamond from which 2
Arrow / Flow-line arrows will come out).
3. Give arrow a head at each turn.
4. An arrow may join another arrow.
5. An arrow may cross over another arrow (if not to be joined).
9
PART D – OTHER CONTROLS
LO 13: MICRO COMPUTER SYSTEM VS ONLINE SYSTEM :

Micro-computers system:
Benefits of micro-computer system:
 More efficient and cost effective
 System can be operated by user’s operating staff
Audit risks in micro-computer system:

 Difficult to ensure physical security of the IT equipment, data and storage media.
 Unauthorized amendments to program data and files can be made.
 There may be several processing problems.
Online System:
Benefits of Online-system:
 Immediate entry of the transactions into the system.
 Immediate updating of master file.
 Immediate response to Inquiry system
Controls in Online-System:
Application Controls:
 Access Controls (to prevent unauthorized access)
 Programming Controls (to prevent unauthorized changes to programs)
 Audit Trail and System-Logs
 Firewall
General Controls:
 Authorization before processing of transactions.
 Data validation checks
 Balancing/Checking of control totals before and after processing.
LO 14: OPEN SYSTEM INTERCONNECTION (OSI) MODEL AND COMMUNICATIONS PROTOCOL:

Open system interconnection (OSI) model:
OSI (Open Systems Interconnection) is reference model for how applications can communicate over
a network.
There are 7 layers of OSI which are as follows:

1. Physical layer– defines physical specifications for devices – e.g. copper vs. fibre optic cable
2. Data link layer – This layer sets up links across the physical network.
3. Network layer – This layer handles the addressing and routing of the data from a source on
one network to a destination on other network.
4. Transport layer – provides transparent transfer of data between users
5. Session layer – This layer sets up, coordinates and terminates conversation.
6. Presentation layer – This layer is part of an operating system and converts incoming and
outgoing data from one presentation format to another (e.g. encryption and decryption).
7. Application layer – This is the layer at which communication partners are identified.
10

SIR ASIF Audit Complete Book

Uploaded by

Copyright:

Available Formats

You might also like

SIR ASIF Audit Complete Book

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SIR ASIF Audit Complete Book

Uploaded by

Copyright:

Available Formats

Auditing – Study Notes Chapter 1 Introduction to Assurance Services

ICAP'S STUDY TEXT

Coverage from Question Bank:

LO 1: ORIGIN, ADVANTAGES AND DISADVANTAGES OF ASSURANCE SERVICES:

To enhance the credibility/confidence/assurance on these financial statements, an expert person

Benefits of Assurance Services:

2 By Muhammad Asif, ACA

Disadvantages of Assurance Services:

CONCEPT REVIEW QUESTION

LO 2: DEFINITION AND ELEMENTS OF ASSURANCE ENGAGEMENT:

Elements of Assurance Engagement:

Element Explanation (with respect to assurance on financial statements)

CONCEPT REVIEW QUESTION

3 By Muhammad Asif, ACA

LO 3: LEVELS OF ASSURANCE AND WHY ABSOLUTE ASSURANCE CANNOT BE

Reasonable Assurance (also called High Level or Positive Assurance)

Limited Assurance (also called Moderate Level or Negative Assurance)

Why absolute assurance cannot be provided:

Inherent Limitation Explanation

CONCEPT REVIEW QUESTION

4 By Muhammad Asif, ACA

LO 4: TYPES OF ASSURANCE ENGAGEMENTS:

Reasonable Assurance Engagement:

Limited Assurance Engagement:

CONCEPT REVIEW QUESTION

5 By Muhammad Asif, ACA

CONCEPT REVIEW QUESTIONS

Q.1 What are the advantages of an audit to an organization? (05 marks)

Q.5 Describe THREE limitations of external audits. (03 marks)

1 By: Muhammad Asif, ACA

Q.8 Assurance engagement is an independent professional service in which a practitioner

Q.1 (1) Audit enhances credibility of financial statements for shareholders.

Q.2 (1) Audit takes time and cost.

2 By: Muhammad Asif, ACA

Q.4 Distinction between absolute and reasonable assurance:

Type of assurance expected in an audit:

Reasons why absolute assurance cannot be provided:

Q.5 (1)There is often uncertainty / judgment / estimates/ forecasting involved in preparation of

Q.8 Two types of assurance engagement are:

Reasonable Assurance Engagement:

4 By: Muhammad Asif, ACA

Limited Assurance Engagement:

Audit engagement is a type of assurance engagement. Objective of an audit engagement is to

5 By: Muhammad Asif, ACA

LO 5 STAKEHOLDERS’ RESPONSIBILITIES 15.4.2

PART C – SCOPE OF AUDIT

Coverage from Question Bank:

1 By: Muhammad Asif, ACA

PART A – FINANCIAL REPORTING FRAMEWORK

LO 1: FINANCIAL REPORTING FRAMEWORKS AND APPLICALBE FINANCIAL

Fair Presentation Framework:

Applicable Financial Reporting Framework/AFRF:

LO 2: WHAT IS TRUE AND FAIR VIEW:

True and Fair View:

2 By: Muhammad Asif, ACA

PART B – RESPONSIBILITIES OF PARTIES INVOLVED IN AUDIT

LO 3: MANAGEMENT’S (AND TCWG’S) RESPONSIBILITIES:

LO 4: AUDITOR’S OVERALL OBJECTIVE/RESPONSIBILITY: