QUEENS College

School of Post Graduate Studies

Department of ACCOUNTING and Finance

Advanced auditing and EDP

Instructor:
— ABDELLA HUSSEN(Ph.D in Finance Candidate
@AAU)

08/20/2021 1
 Course description
This module focuses on case-analyses .
It focuses on fraudulent cases relating to violations
of accounting principles, Ethics & professional
responsibility of auditors, internal control systems,
and fraud & inherent risk assessment ,
The course covers revenue and expenditres audits
It also deals with auditing through in computerized
databases And EDP
Contents

OVERVIEW OF AUDITING
internal Control over Financial Reporting:
Management’s Importance to the External
Auditors
Professional Auditing Standards and the
Audit Opinion Formulation Process
Auditing the Revenue cycle
Auditing the Expenditure cycle
EDP auditing
Evaluation

Article review … 25
G assignment 25%
Final …………… 50%
Text book :
A U D I T I N G:A RISK-BASED APPROACH TO
CONDUCTING A QUALITY AUDIT 9th edition by
Karla M. Johnstone et al ,2014
 5

Chapter One: Overview

• Four events, in particular, shifted the auditing profession
in one form or another.
• Each has had a considerable influence on internal auditing as it’s
practiced today, and has helped define the role of today’s auditor.
1. Scandalous( intentional ) Financial Reporting Fraud
Financial reporting fraud has most likely been present since the
beginning of financial reporting itself.
But the extent and boldness of the reporting frauds at the start of the
21st century were unprecedented.
While Fortune magazine named Enron “America’s most
innovative company” for six years, little did anyone know that its
greatest innovation may actually have been dreaming up new ways to
deceive auditors and investors.
And Enron was not alone as we consider WorldCom, Tyco,
and others.
 6

Overview Cont’d
The biggest impact on internal auditing as a result of these
scandals was probably the U.S. Sarbanes-Oxley Act of 2002 — 
particularly Section 404, which focuses on internal controls
over financial reporting.
A problem companies and external audit firms faced was that
many employees lacked internal control expertise.
Company personnel had for years been working to squeeze
costs out of routine processes, and external audit firms had
shifted away from detailed testing of processes.
Most companies looked to their internal auditors to help them
understand controls and comply with the new law.
We all learned that while financial reporting was supposedly
mature, internal auditors cannot ignore a risk area just
because we have become comfortable with it.
 7

The Rise and Fall of Enron

The company’s success was based on artificially inflated profits, dubious

accounting practices, and – some say – fraud.
 8

Overview Cont’d
2. Financial Markets Meltdown
What does one do when banks that are “too big to fail” look
like they are going to collapse under the weight of toxic loans and
market illiquidity?
In a conversation with a Fortune 50 in 2008, a chief financial
officer said that a government bailout was needed, as liquidity in
the banking system is like blood in the human body — when it is
missing, nothing works and a transfusion is required.
These events taught us all a lot about risk.
While enterprise risk management (ERM) was birthed before the
financial market meltdown, ERM’s lack of maturity became
painfully evident during this period.  
N.B: ERM is the process of planning, organizing, leading, and
controlling the activities of an organization in order to minimize
the effects of risk on an organization's capital and earnings.
 9

Overview Cont’d
• Financial institutions that were revered for their ERM
expertise were the same ones that apparently didn’t
fully understand risk or see concentrations of risk.
• Many internal auditors who had been trained to audit
internal controls over financial reporting were now
asked to roll up their shirt sleeves to help implement
or improve ERM processes.
• The “best” role for internal audit in ERM has
not been agreed upon, nor probably will it ever be,
given the differences among organizations.
• But it is clear that internal auditing needs to live and
breathe risk.
 10
Overview Cont’d
3. Cybersecurity
A newer issue for virtually every organization is cybersecurity
risk.
What started as seemingly isolated attacks on companies for
specific purposes has grown into a generalized concern over
security of all electronic data.
Today, it would be difficult to find a board of directors that
doesn’t have cybersecurity on its agenda.
Internal auditors were often caught unprepared for this risk.
For decades, many audit functions have struggled to find enough
qualified IT auditors.
With cybersecurity risk, that task is even more difficult.
Such situations require expertise of penetration-testing auditors.
The technology is new, and the way it is implemented relies on
methods that didn’t exist at the beginning of the 21st century.
 11
Overview Cont’d
4. Bribery and Corruption
Bribery and corruption have been part of human history for
about as far back as records exist.
Many countries have passed new laws addressing bribery — some
stronger than others.
Every company of reasonable size faces risk not only of bribery
perpetrated by its employees, but also of violating strict laws that
are strongly enforced.
Perhaps the most glaring example of bribery occurred at German
industrial group Siemens, where it was reported that processes
organized to implement bribery payments were quite mature.
But any observers who think the risk only involves large
organizations would be fooling themselves.
All it takes is one person with access to cash for bribery to
become a risk.
 12

Overview Cont’d
Lessons From the Past
• While it is interesting to look back on the events that
have shaped internal auditing, practitioners must ask
themselves what they should learn from these events
moving forward. A few key messages stand out:
▫ Human behavior is always a risk. Each of the
aforementioned events resulted from people making the
wrong decisions, often for the wrong reasons.
▫ The world of potential risks we might face is enormous.
No matter how good our risk assessments may be, we
will not always be able to anticipate the next big event.
▫ While new risks regularly come into view, the old ones
never seem to go away completely.
 13

Overview Cont’d
• So what should an internal auditor, specifically, take
away from this retrospective look?
• S/he must stay true to what makes her/him
indispensable to their respective organizations.
• Audit departments should assemble the best talent they
possibly can, stay focused on risk, keep watching for
what is happening inside and outside the organization,
and challenge themselves to ever increasing levels of
performance.
Any less would be a disservice(harmful practice) to our
organizations. 
 COMPANY CASES , fraud , ethics , IC

Case 1 Enron
Case 2 Waste Management
Case 3 WorldCom
Case 4 Sunbeam
Case 5 Qwest
Case 6 The Fund of Funds
 15

1.Basic concepts of auditing

Essence
The word 'audit' comes from the Latin
‘audire’ meaning to hear
Auditing: A systematic process of
objectively accumulating and
evaluating evidence about quantifiable
information, processes, and activities for
the purpose of reporting on the degree
of correspondence between the actual
information and established criteria .
2. Features of Auditing
08/20/2021

1. Systematic Approach: Auditing is purposeful and logical and it

is based on the disciplines of a structured approach to decision
making. It is not haphazard, unplanned or unstructured. Based on
prescribed methods
2. Obtaining and evaluating evidence: auditing involves a
process of obtaining and evaluating evidence that ultimately
guides the auditor’s decision. Evidence is any information used
by the auditor’s to determine whether the information being
audited is stated in accordance with the established criteria.
3. Assertions about Economic actions and events: In any audit
engagement, an auditor is given financial statements and other
disclosures by management. Through these reports the auditor
obtains managements’ explicit assertions about economic events.
2. Features of Auditing 08/20/2021

4. Ascertain the degree of correspondence between the

assertions and established criteria: The purpose of
obtaining and evaluating evidence is to ascertain the
degree of correspondence between the assertions and
established criteria.
5. Established criteria: In auditing the auditor checks if
financial statements are prepared in accordance with some
established and accepted criteria or standard. The criteria
usually used are called Generally Accepted Accounting
principles(GAAP)or ISA
6. Communicating the results: Auditors will ultimately
communicate their findings to interested users through
their final audit report.
2. Features of Auditing
7. Auditors’ independence: independence is the
keystone upon which the respect and dignity of a
profession is based. Independence implies that the
judgment of a person is not subordinate to the
wishes and directions of another person who might
have engaged him or to his own self interest
8. True and fair: the phrase ‘true and fair’ in the
auditors’ report signifies that the auditor is
required to express as to whether the state of
affairs and the results of the entity as ascertained
by him in the course of audit are truly and fairly
represented in the accounts under audit
2. Features of Auditing
9. Audit evidence: It is the information used by
the auditor in arriving at the conclusions on
which the auditor’s opinion is based. Audit
evidence includes both information contained in
the accounting records underlying the financial
statements and other information. Audit evidence
should be sufficient and appropriate
3. Demand for audit(Why Audit)?
 Legaland Contractual Requirements
 Covenant in debt agreements
 Credibility (Dependable financial information )
 Improving economy and efficiency
 Monitoring Device
 Modern Corporation Setup –
 Absentee Stockholders and professional
Managers
 Principal –Agent Relationships
 Lack on information symmetry(balance)
 Conflicts of Interest
4. The Expectations from Auditors
 Public expectations go further and include questions such
as:
1. Is the company a going concern?
2. Is it free of fraud ?
3. Is it managed properly
4. Is there integrity in its database?
5. Do directors have proper and adequate information to
make decisions? ?
6. Are there adequate controls ?
7. What effect do the company’s products and by-
products have on the environment ?
 5. Theories on the demand for auditing
 There are different theories that explain the
demand for audit Services.
 The four important audit theories that explain
the demand for audit services are as follows:

1. The policeman theory

2. The lending credibility theory
3. The theory of inspired
confidence
4. Agency Theory
 1. The policeman theory
 The policeman theory claims that the
auditor is responsible for searching,
discovering and preventing fraud.
 In the early 20th century this was certainly
the case.
 However, more recently the main focus of
auditors has been to provide reasonable
assurance and verify the truth and
fairness of the financial statements.
1.The policeman theory

The detection of fraud is, however, still a

hot topic in the debate on the auditor's
responsibilities, and typically after events
where financial statement frauds have been
revealed, the pressure increases on increasing
the responsibilities of auditors in detecting
fraud.
 Discussion question

Assume you are an independent auditor of XYZ company. During the past
three audits, you have repeatedly warned the top management of the
company about the serious weakness of internal control over cash
disbursements. However, management has not taken any corrective action.
Shortly after the audit, XYZ company learned that two employees in its
accounting department had been embezzling money for the last two years.
The embezzlement scheme involved authorizing cash disbursement in
various expense accounts and then arranging to have the checks cashed. The
management of XYZ company has brought suit against you for the amount
of its losses in this cash fraud.
Required:
A-Suggest at least three arguments that you as an auditor can defend
your self to lessen or eliminate the liability.
B-What arguments might XYZ company advance to indicate that you were
negligent in failing to discover the embezzlement scheme?
C-Briefly describe the auditors’ responsibility for the detection of errors
and irregularities.
2. The lending credibility theory
 The lending credibility theory suggests that
the primary function of the audit is to add
credibility to the financial statements.
 In this view the service that the auditors
are selling to the clients is credibility.
 Audited financial statements are seen to
have elements that increase the financial
statement users’ confidence in the figures
presented by management.
 3.The theory of inspired confidence or
Theory of rational expectations
 States that the demand for audit services is
the direct consequence of the participation
of third parties or outside stakeholders in
the company.
 S.H demand accountability from the
management, in return for their investments
in the company.
 Accountability is realized through the
issuance of periodic financial reports.
The theory of inspired confidence or
Theory of rational expectations

 Though, information provided by the

management could be biased due to
conflict of interest, and outside parties do
not have direct means of monitoring, an
audit is required to assure the reliability
of this information.
4. Agency theory
 The task of the management is to coordinate
these groups and contracts and try to
optimize them by way of:
 low price for purchased supplies,
 high price for sold goods,
 low interest rates for loans,
 high share prices and
 Agency problem
Managers should make decision
consistent with the corporate objectives
of maximizing value of S.H wealth. But
this rarely occur.

When Managers make decision

inconsistent with the corporate
objectives of maximizing value of S.H
wealth agency problem will occur..
Reasons for agency problem
1. Divergence of owner ship and
control. Those who owns the company
(SH) do not manage it. Appoint agent
(manager) on their behalf.
2. The goal of managers differ from
those owners. Manager may work to
maximize its own wealth(value) rather
than S.H
3. Asymmetry of information may
exist between managers and S.H
Reasons for agency problem
Managers run the firm on day –to –day
bases
They have access to management
accounting data and financial reports
S.H receive only financial report
which may be manipulated by managers.
The above things show that managers
can work for their own interest instead
of organizational interest
Possible management goals
Growth/ maximizing the size of the co.
Increasing managerial powers
Retaining job security
Increasing managerial pay and rewards
Perusing their own social objective/ pet
projects
Dealing with agency problem
Jensen and Meckling (1976) : There
are two ways to optimize the behavior
managers toward goal congruence b/n
share holders and managers.
1. Use of control devices
Audited financial statement
Additional reporting
Use of external analysts
 Dealing with agency problem cont…
2.Incorporate clauses which encourage goal
congruence to managerial contract
Incentives : like
PRP: Performance related Pay, give incentives to
managers based on profit, EPS, Return on asset
employed, etc.
Stock option: Allow managers to buy some stocks
at fixed price over time. If they increase value of
stock, they will get benefit from it.
Punishments
Formalize constraints
 36
6. Evolution of Auditing

The development of auditing is closely linked to the

development of organized system of accounting.

In the early stages of civilization, the number of

transactions was so small that an individual was able
to record the transactions himself/herself.

With the growth of civilization and consequential

growth in volume and complexities of transactions, it
became necessary to delegate the job of recording the
transactions to other persons.
 37

6.Evolution of Auditing cont…

Early civilization

Government accounting records were approved only after a public

reading where the accounts were read aloud.

The purpose of the public reading was to determine whether

persons in official responsibility were acting in an honest manner.

It was limited to verification of cash receipts and payments.

It was merely a cash audit.

 38

6.Evolution of Auditing cont…

The industrial revolution:
As a result of the emergence of large
businesses, owners were forced to use
services of hired managers. (Separation of
owners and managers)
Owners needed auditors to protect
themselves from the danger of unintentional
errors and fraud committed by managers
and employees.
At this stage, audit was primarily
concerned with detection of fraud and
error.
 39

6.Evolution of Auditing cont…

Since the first half of the 20th century
Users of financial statements increased: (banks,
government, shareholder, etc.)
As a result, the purpose of auditing shifted from
detection of errors and fraud to
determination of the fairness of financial
statements.
As large-scale corporate entities developed rapidly
in Great Britain and the United States, auditors
started to use various sampling techniques in the
auditing practice.
 7.Types of Audits and Auditors

08/20/2021

Types of Audits: There are different types of audits

conducted by different types of auditors. Such
difference is based : Nature, objective, criteria,
out come and users.
 Auditors perform different types of audits. Mainly there
are four types of audits:
1. Financial statement audit,
2. Operational/performance audit,
3. compliance audit and
4. forensic audit.
 7.Types of Audits and Auditors

08/20/2021

1. Financial statement audit:

 This type of audit is conducted to
determine whether the overall financial
statements such as income statement,
balance sheet, statements of retained
earnings and cash flow statements are
stated in conformity with generally
accepted accounting principles
 Therefore, the contribution of an
independent auditor is to give credibility to
financial statements.
 7.Types of Audits and Auditors

08/20/2021

2. Operational audit:
An operational audit is a review of any part of an
organization’s operating procedures and methods
for the purpose of evaluating efficiency and
effectiveness.
At the completion of an operational audit,
recommendations to the management for improving
operations are normally expected.
This audit is designed to measure the performance
of an organization, which can be evaluated in
terms of efficiency and effectiveness.
 7. Types of Audits and Auditors
08/20/2021

3. Compliance Audit:
This type of audit helps to determine whether the
auditee is following specific procedures or rules set
out by some higher authority such as management,
government, board of directors etc.
The performance of compliance audit is dependent upon
the existence of verifiable data and of recognized criteria
or standards established by an authoritative body. A
familiar example is the audit of an income tax return by
an auditor of the Inland Revenue Authority (IRA).
 Forensic auditing
• What is Forensic Accounting?
• Ask Enron and WorldCom
• Legally accurate accounting.
▫ accounting that is sustainable in some adversarial legal
proceeding, or within some judicial or administrative review.
• Although relatively new to the accounting profession, the role of a
forensic expert in other professions has been in place for some time
• Forensic – ‘belonging to, used in, or suitable to courts of judicature
or to public discussion or debate’
• In the accounting profession the term ‘forensic’ deals with the
relation and application of financial facts to legal problems
 What is Forensic Accounting/auditing
• The term ‘forensic accounting’ is generally taken to refer to
the comprehensive view of fraud investigation, including
• The audit of accounting records to prove or disprove fraud
• The interview of related parties
• The act of serving as an expert witness
• Focus is:
▫ the evidence of economic transactions and reporting
▫ the legal framework which allows such evidence to be
suitable to the purpose(s) of establishing accountability
and/or valuation
• In other words:
▫ the identification, interpretation, and
communication of the evidence of economic
transaction and reporting events
 What is Forensic auditors
• Department of Labor Statistics Job Description
▫ Some public accountants specialize in forensic
accounting—investigating and interpreting white
collar crimes such as securities fraud and
embezzlement, bankruptcies and contract disputes,
and other complex and possibly criminal financial
transactions, such as money laundering by organized
criminals.
▫ Forensic accountants combine their knowledge of
accounting and finance with law and investigative
techniques in order to determine if illegal activity is
going on.
 47

Types of Auditors
External Auditors(CPA
,ACCA holders )
Internal Auditors
Government Auditors
 48

External auditors
The auditor has no connection to the
organization being audited.
S/he conducts the audit on a fee basis.
S/he is primarily responsible to third
party such as creditors and
shareholders.
The type of audit carried out by an
independent auditor is financial
statement audit.
 49
Internal auditor
Internal auditors are employees of the
companies they audit.
S/he conducts the audit on a salary basis.
S/he is part of and primarily responsible to
the management of the organization.
The type of audit carried out by an internal
auditor is compliance audit and operational
audit.
 50
Government Auditors
They are employed by various local,
state, and federal governmental
agencies.
In our country, the auditors from the
office of Auditor General, the Audit
Service Corporation, and the Ministry
of revenue are government auditors.
The Office of Auditor General is
responsible for conducting financial
statement audit, compliance audit and
operational audit of various Federal
Government Offices.
 51

Government Auditors Cont’d…

The Audit Service Corporation audits the
financial statements of the public enterprises.
The ERCA/Ministry of Revenue and the
regional and state revenue agencies are
responsible for administering the tax laws.
Thus, tax the auditors examine the tax returns of
the taxpayer to ensure that it is prepared in
accordance with the tax laws and regulations.
 Case for class room discussion

 Assume Mrs.. LYSA, a general manager of LYSA research & Consultancy,

applied for a bank loan to Dashen bank and was informed by the loan
officer in the bank that audited financial statements of the business must
be submitted before the bank could consider the loan application. Mrs .
LYSA agreed with DAILLY, CPA, to perform an audit. Mrs. LYSA
informed Daily that audited financial statements were required by the
bank and that the audit must be completed within two weeks and Mrs.
LYSA promised to pay Daily a fixed fee plus a bonus if the audit is
completed within two months and the bank approved the loan. Daily,
CPA agreed and accepted the engagement. The CPA, Daily, hired two
fresh accounting graduates to conduct the audit and spent several
hours telling them exactly what to do and he told them not to spend
time reviewing internal control but instead, to concentrate on proving
the mathematical accuracy of the ledger accounts and summarizing the
data in the accounting records that support the company’s financial
statements. The Income statement & Cash flow audit was completed
within two weeks and Daily issued unqualified audit report.
 Instruction: Identify any auditing principles that were violated By
Daily and support your answer with justification
 Discussion question

Assume you are an independent auditor of XYZ company. During the past
three audits, you have repeatedly warned the top management of the
company about the serious weakness of internal control over cash
disbursements. However, management has not taken any corrective action.
Shortly after the audit, XYZ company learned that two employees in its
accounting department had been embezzling money for the last two years.
The embezzlement scheme involved authorizing cash disbursement in
various expense accounts and then arranging to have the checks cashed.
The management of XYZ company has brought suit against you for the
amount of its losses in this cash fraud.
Required:
A-Suggest at least three arguments that you as an auditor can defend
your self to lessen or eliminate the liability.
B-What arguments might XYZ company advance to indicate that you
were negligent in failing to discover the embezzlement scheme?
C-Briefly describe the auditors’ responsibility for the detection of errors
and irregularities.