MF0004- Unit 1An Overview of Internal Control

Unit 1 An Overview of Internal Control

Introduction Most of you have joined this Course with an objective-to find a job, to find a better job or to learn something new. Think of risks, interruptions and disturbances that occur during your learning like a desire to watch your favourite TV show in between your study! These are undesirable events that attempt to stop you from achieving your objective. But you have set for yourself a discipline, a method of study or dos and donts, so that you do not fail to meet your objective. Most of the time, you never get carried away by these unlawful events because you have that will power or built -in control i.e. internal control which does not allow any undesirable event happening or warns you that you are going to commit a mistake or at least tries to make you feel sorry whenever you were tempted to do unlawful thing so that next time you will not do the same mistake. This built in control is a set of values, rules, methods and procedures that you have set for achieving your objectives and at the same time preventing any undesired thing happening to you. Now imagine a similar scenario in a business. A business organization has many goals to achieve. It has hundreds of risks to face. There can be disturbances, delays, errors, frauds that make it difficult for any business to achieve its goals. The solution is to have a system of built- in controls which try to prevent, detect unlawful events or at least take corrective action when an unlawful event occurs. Let us study more about these controls which help us in achieving our business goals. Objectives After studying this unit, you will be able to:

Explain the meaning of internal controls as used in a business. Explain the scope and limitation of operation of internal controls. Know the principles to be bourne in mind in designing an internal controls. Explain the features and classification of internal controls

Meaning of Internal Control What is control ?

We have found out that nature of control is such that it attempts to prevent or detect or at least correct the things which are unlawful or undesirable.

Fig 1.1 Graphical Representation of Nature of Control Imagine unlawful event is a thief trying to enter the house inside the oval area in Fig. 1.1. Now the control is the fence represented by the oval that tries to prevent the thief from entering the house. Assume the fence has automatic warning system to detect and warn if at all thief crosses the fence to enter the house. Assume the owner of the house can take corrective action like informing the police even if the thief has entered the house by chance. Thus control attempts to prevent, detect unlawful events that occur and takes corrective action when such event happens. What is internal control? Imagine two scenarios in the above case:

Fence is maintained by an outsider. House-owner himself takes care of the fence.

Which scenario is more effective and reliable? Answer should be the second scenario because the house-owner has more knowledge of his house and surroundings than an outsider. Hence the control exercised by an insider is of more importance than that of an outsider. Internal control is then the control exercised by the business itself. A business is managed more by Management than by the owners of that business in case of company. And most of the large scale businesses are in the corporate sector i.e. in the form of a public limited company. In such types of organizations, ownership is separated from management. Professionally qualified persons manage these companies on behalf of owners (shareholders). These may consist of Board of Directors, CEOs or any other Executives of the company. Hence internal control is to be exercised by the Management which may comprise Board of Directors, Managing Director (CEO) and Executives. Many rules, procedures, policies etc. are required to see that all these persons work towards achieving the objectives of the business. Internal control is then, all those policies, procedures, rules, systems laid down by the Management to achieve the goals of the business.

Definitions of Internal Control Committee of Sponsoring Organizations of the Treadway Commission (COSO) defined Internal Control as follows: Internal controls is a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives like effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations. The term process is used in the above definition in a broad sense; it goes beyond procedures to include elements such as corporate culture and policies, as well as systems and tasks.

The Institute of Chartered Accountants of India defines internal control as follows: Internal control is the plan of the organization, all the methods and procedures adopted by the management of an entity, to assist in achieving managements objective of ensuring, as far as practicable, the orderly and efficient conduct of its business. Turnbull Guidance issued by The Institute of Chartered Accountants of England and Wales defines internal control as a system, which encompasses the policies, processes, tasks, behaviors and other aspects of a company that are taken together: It facilitates its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the companys objectives. It helps to ensure the quality of internal and external reporting. It also helps to ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business. Control Board Guidance on Control (CoCo) defines internal control as comprising those elements of an organization (including its resources, systems, processes, culture and tasks) that, taken together, support people in the achievement of the organizations objectives. Control Objectives for Information and Related Technology (COBIT) by ISACA defines internal control as the set of policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives are achieved and that undesirable events are prevented, detected and corrected. Based on the above definitions we can conclude that internal control

Is a process including methods, procedures, policies and organization structures, culture, behaviour and hence a dynamic activity. Is effected by an entitys Management and even by other persons (like employees). Ensures that entitys objectives are achieved. Ensures undesirable events (and risks) are prevented, detected and corrected. Can be applied to different areas of a business.

Scope of Internal Control We have studied in the previous section that internal control can be applied to different areas of business. These areas define the scope of internal control. The major areas where internal controls can be applied, according to aforesaid definitions of internal control are: A. Effectiveness and efficiency of operations B. Reliability of financial reporting C. Compliance with applicable laws and regulations. A. Internal controls for effectiveness and efficiency of operations: Imagine a business organization which manufactures a unique product which has very good market. This organization may receive orders worth crores of rupees. But if it does not have a production plan or purchase plan, it may not execute all these orders in a proper manner. Even if it executes all these orders, it may lose profits due to its inefficiency. It may lose further orders due to its inefficient way of dealing. Thus efficient use of resources of a business is essential for success in the long run. Any business has the object of achieving profit maximization and wealth maximization. Both of these can be achieved only by efficient or optimum use of resources like men, materials, money and management. However if there are no policies, procedures , rules as to use of resources, optimum use of resources may not occur as the risks , undesirable things go on occurring in a business environment. Management has to guard against such risks, errors, omissions or frauds. Management has to formulate rules to safeguard the assets of the company. Wastage of any of resource is to be minimized. More efficient use of any resource is to be found out and implemented. Decisions are to be taken at the right time in right manner. Then only the goals of the business like more profits or more wealth can be materialised. Thus it becomes essential that there are policies, procedures, rules, methods, records, documents etc. to see that a business achieves its objectives efficiently and effectively. We have found that all these policies, procedures etc. are part of internal controls of the firm. Hence internal controls are required in the area of regular business operations to minimize the risk, to use the resources efficiently and effectively and thereby achieve the goals of the business. B. Internal controls for reliability of financial reporting: Financial reporting is publication of performance of a company, basically through publishing the Balance Sheet and Profit and Loss Account which are usually called financial statements. These statements are dependant upon the accounting records of the company. Accounting records of the company are again dependant upon the internal controls set for effective and efficient business

operations. Thus, ultimately, the quality of financial reporting is dependant upon internal controls. There is a second important reason for establishing internal controls in the area of financial reporting. These are the days of corporate action. Business organizations are usually companies where owners are shareholders who do not manage the business. It is managed by the Board of directors through Managing Director. Thus there is division of ownership from management .Those who manage may not have much stake in the business. But there may be many a stakeholder connected with the business. A pictorial presentation of the stakeholders of a business is provided below:

Fig 1.2 Graphical Representation of Stakeholders of Business Now, these stakeholders who do not take part in the business of a company on a day-to-day basis have to rely on the financial statements for their decision-making. Any lapse in financial reporting directly affects these stakeholders. Hence more internal controls might be required in the area of financial reporting. But the Management may not be interested in pursuing the objective of achieving goals. Instead, it might be more interested in maximizing the profit. The managers or directors may be acting in such a fashion by which the long term goal of the company is neglected by them. Managers may try to cash on immediate opportunities by neglecting long term health of the Company. It means the goal of the Management may be Profit Maximization but that of Owners (Shareholders) may be Wealth Maximization. There might be a different personal goal of the Management which is contradictory to the one that of organization. Thus there would be Goal conflict in the case of such companies. Possibility of manipulation of records and financial statements are more in such cases. Hence there is every need to establish internal controls in the areas of financial reporting. C. Compliance with applicable laws and regulations:

Business today is conducted amidst hundreds of laws related to it. One of the risks faced today by a business is non-compliance of laws and regulations and consequent losses, penalties etc. These risks ultimately result in inefficient and ineffective use of resources. Thus compliance with law through building internal control helps in achieving business objectives. Based on these three major areas of operation, we can summarize the scope of internal control. It consists of steps taken for: 1) Adherence to management policies 2) The safeguarding of assets 3) Prevention and detection of fraud and error 4) The accuracy and completeness of the accounting records 5) The timely preparation of reliable financial information 6) Implementation of various inspections, internal audit, external audit

7) Compliance of various laws, rules and regulations. Components and Principles of Internal Control Components of internal control By now, we are familiar with what internal control is, why it is important and where it can be implemented. But we should also know how it can be implemented. COSO defines the five components to evolve internal controls which are also called Internal control framework, as follows: a) Control Environment The control environment means the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance in the entity. Control environment sets the tone for the organization, providing the foundation for all other components of internal control. It includes integrity, ethical values and the competence of the people. Thus if the people at the Top Management level are not interested in implementing the internal controls ,even if the control is implemented later, the control may not achieve the objective.

For example, if you do not have intention of studying methodically, whatever rules you set up for yourself is useless for your study. Your attitude towards your goals is also important in achieving your objectives. Thus if you have values that force you to study methodically and prepare for exams then those values are the control environment in which you set up controls required for you to study. Hence control environment is the base on which internal controls can be built. The effectiveness of the specific control procedures is dependant upon it. For example, a strong control environment, in your case is a will power in you to study this Course and then appear for exams. This would definitely force you to plan your study. However, a strong control environment does not, by itself, ensure the effectiveness of the internal control system. For example, even if you have will power, the method of study that you have planned should be realistic. Generally control environment includes:

Organizational structure Methods of assigning authority and responsibility to various persons. The function of the Board of Directors and its Committees in the case of a company. Managements philosophy and operating style. Managements control system including the internal audit function, personnel policies and procedures.

b) Risk Assessment This step is the identification and analysis of relevant risks, internal and external, to the achievement of the objectives, forming a basis for determining how the risks should be managed. Risks are all those unlawful events that are to be prevented or detected. Identifying these unlawful events is risk analysis. For example, in your case Risk Assessment may consist of identifying what all things may prevent you from studying for this Course and finding out a way to avoid or reduce their occurrence. c) Control Activities The next step of control activities is to ensure that the necessary actions are taken to reduce risks relating to the achievement of the entitys objectives. Control activ ities occur throughout the organization, at all levels and in all functions. Some times they are called control procedures.

ICAI defines control procedure as follows: Control procedures refer to those policies and procedures in addition to the control environment which management has established to achieve the entitys specific objectives. For example, to see that you study properly, you may decide to set a daily timing for your study, say morning 4 AM to 6 AM so that you cover the entire Course Material within the prescribed time. d) Information and Communication Internal and external information must be identified, captured and communicated in a form and time-frame that enables people to carry out their responsibilities. Effective communication also must occur in a broader sense, flowing down, across and up the organization. Even if a control procedure is established in an organization, unless it is communicated properly to the concerned, it is not effective. For example, even if you set up timings for your study, if you do not communicate to your parents or room-mate, it becomes difficult for you later when they try to interfere with your study. Instead, if you have already informed them about your study timings they would not bother you during your study time. e) Monitoring Internal control systems need to be monitored, a process that assesses the quality of the systems performance over time. This is accomplished through:

On-going monitoring activities Separate evaluations like audit of the system A combination of the above two methods.

Whatever controls you have set up may not be effective over a period of time. The internal controls may become redundant sometimes. Monitoring is a daily activity which provides valuable insights into the internal controls you have built. For example, even after you have set up a time for your study, you still have to verify frequently whether you are studying during your study time without fail.

These components have been graphically represented as follows:

Fig 1.3 Graphical Representation COSO Framework of Internal Control Note that the process of setting up internal control starts with the base of pyramid as shown in Fig 1.3 i.e. Control Environment and ends up with on going process of Monitoring. Principles of Internal Control If internal controls are built without bothering about the business processes involved, they result in hindrance to business processes rather than aiding it in preventing, detecting or correcting unlawful events. Information System Audit and Control Association (ISACA) of USA has evolved a set of principles to be followed in designing internal controls, particularly when the controls are through use of Information Technology. None the less, these principles are equally applicable in manual process of internal controls. These principles are: a) EFFECTIVENESS

Controls should help in providing information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner. For example, report of cheques of customers deposited by us but dishonoured and returned by customers should be reported to the Finance Manager as well as to the Marketing Manager immediately so that fast action of recovery as well as stoppage of further sales occurs. If these kinds of information are received after a long delay, no effective steps can be taken to avoid the losses. E.g. While studying for this Course if you do not get the required text books, study materials in time or without proper contents, even if you have a goal to complete the Course, you may not be able to do so. b) EFFICIENCY

Controls should achieve the optimal (most productive and economical) use of resources. E.g. Think of a rule where three executives have to sign a payment cheque in a company. It consumes a lot of extra executive- time and administration- time and results in avoidable losses. It does not make much difference, instead, if two executives are designated to sign cheques. E.g. When you are studying for this Course, you read the study- material loudly and learn by heart even if it does not make sense to you. Though it looks as if you were studying hard to an outsider, your method of studying is an inefficient way of study. Instead, you can read the material and note down the important points and then ruminate on them to understand the subject. c) CONFIDENTIALITY Internal controls should result in the protection of sensitive information from unauthorized disclosure. As one of the objectives of internal controls is to safeguard the assets, it is important that persons not authorized to receive any information or exercise an authority should not be permitted to do so. E.g. If the controls set up by you do not prohibit outsiders from entering your companys premises without your permission, there is all the possibility that the unwanted outsiders later may create problems for you. E.g. If in your company, the printouts of various sales reports are later sold as scrap papers instead of shredding them, your competitors might get valuable information out of them. d) INTEGRITY

Internal controls should achieve the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. E.g. The Reports generated by your system should provide you all the information to make decisions. A Sales report might not disclose you the person who is in charge of a particular territory or product. You will not be able to make decisions immediately based on the report. You might require information about the Executive who heads that particular territory or product. E.g. In your case, if you studied only a few units of the Course and appear for exams, you might not pass as the information possessed by you is incomplete. Same thing happens if you do not have accurate information about various important aspects of your Course. e) AVAILABILITY

Internal controls should process the information which should be made available when required by the business process now and in the future. Thus the safeguarding of necessary resources and associated capabilities becomes important. E.g. You may have to save data in CDs or floppies for future use. Back-ups may have to be taken. E.g. In your case, if you have studied hardly for the exams, just before the exams you should be able to recall important points in the Subject. It means you should have made a check-list of important points. If you have not done so and if you are not able to recall also, then it becomes very difficult for you to answer the questions in the exams. f) COMPLIANCE We have already studied that internal controls should achieve compliance with those laws, regulations and contractual arrangements which the business process is subject to. Compliance also should be achieved with reference to various policies of the management. E.g. If remuneration is being paid by your company , the internal controls set up by the company should also include rules as to various deductions to be made from salary like Provident Fund, Income Tax . If no attention is paid by your company in this regard, there would be non-compliance of the rules of Acts pertaining to Provident Fund or Income Tax. And such non-compliance would ultimately result in penalties, additional time and resources wasted by your company leading to losses. E.g. In your case, even if you studied methodically and understood everything, if you have not complied the rules of the University as to appearing for exams like applying within the due date, paying the prescribed fees in the prescribed mode etc , you might not be able to appear for exams. g) RELIABILITY Internal Controls should aim at the provision of appropriate information for Management to operate the entity and to exercise its financial and compliance reporting responsibilities. For example, the data provided as to sales should contain information as to correct rate of Excise duty or VAT. If the controls set up by you do not detect wrong rate of Excise duty or VAT being applied, later your company will have to face problems. E.g. When you are studying for exams, the text books you study should be those that are prescribed by the University. If you rely on notes or guides prepared by others, later you may repent that none of the questions from these appeared in the exam! Thus any set of rules, procedures or policies have to be evolved by an organization keeping all the above principles in mind so that they do not become redundant later.

Classification and Features of Internal Controls We have studied that internal controls are to be set up by top Management. These controls can be classified as follows: 1. General, Basic or Management or Administrative controls These are those set of procedures, policies, records, documents that are exercised at the top management level and are always required irrespective the nature of the organization. 2. Application or Operative or Accounting controls. These are controls that are provided on specific area. These need not exist in every organization. Some business organizations may by-pass some of these controls. General Controls General controls again can be categorized as follows: 1. Management reviews/reports/budgets etc. These help in top managements control over various activities of a business. If top management is not reviewing the business through various reports, it is a serious weakness of internal control. Thus the entire Management Information System (MIS) is a sort of General Control exercised by the Management though the scope of MIS includes different areas of management. For example, a Management may ask for daily Sales Report. This Report itself is a control measure because the Sales Department will be under observation on daily basis by the Management. 2. Organization structure The organization structure itself provides the control for the organization. For example, if you clearly defined the roles for each managers of your organization there is no confusion, inefficiency etc. Consider the case of handling of cash in your organization. If your company has cashier- post naturally he would be responsible for handling cash. If you do not have a post of cashier, there is utter confusion as to who has to receive cash and who has to make payment. The same logic can be applied to all the functions of an organization like purchases, sales, personnel etc.

3. Personnel and recruitment policies etc. Ultimately, it is the people who are to be managed in any business. Internal controls exist as long as good people are recruited to the organization. Controls are lost if bad managers/employees take over the affairs of the business. If people collude together, then you might not be able to detect any fraud even if you have many rules and regulations. We see lots of scams, frauds occurring throughout globe in spite of so many rules and regulations being implemented by business firms. It is mainly due to people not being honest. Thus recruitment or appointment of honest managers, employees itself achieves most of the required control. Application controls Application controls are, as stated earlier, towards specific areas of operations. Hence sometimes they are called as operational controls. Most of these controls are also related to finance and accounting matters and hence are called accounting controls. These control features need not exist in every organization. Generally they are further classified as follows: 1. Authority levels or Access controls Fixing authority levels to various persons, deciding levels of access to information etc. are a strong feature of internal control. For example, you can set up limits on the payments that can be made by a particular cashier, the amount that can be withdrawn from the bank by an Executive of the company etc. Similarly, in a computerized environment who can view what information can also be decided. In fact, the management function of Delegation is a control activity. Because delegation involves three elements: authority, responsibility and accountability as graphically mentioned in the Triangle of Effective Delegation below:

Fig. 1.4: Triangle of Effective Delegation Thus, if managers were to delegate effectively, the internal controls also would be strong than when they do not delegate or delegate ineffectively. 2. Physical or custodial controls Safeguarding of the assets is one of the important objects of a business so that losses are avoided. Hence physical controls are important part of internal control. For example, you can appoint a watchman in your organization so that the risk of burglary is avoided or at least minimized. Physical control applies also to data bases. Hence taking a back up also is a type of safeguarding of assets. Physical control also includes preserving the assets from wear and tear, taking insurance and such other related measures. 3. Arithmetical or accounting or accuracy controls We have seen that ultimately stakeholders rely on financial reports. Hence good accounting controls through use of proper accounting standards and policies helps in effective internal controls. A firm not maintaining financial or accounting records, even if it has strong operational controls might not achieve success as managers may not be able take decisions due to unreliable data. Most of the todays organizations have perfect system of accounting for each and every monetary transaction and event of the business. However, as has already been explained, these are days of corporate action. In spite of maintaining books of account under the double entry system of accounting, the companies may fail to disclose important information to stakeholders. Therefore benchmarks like accounting standards or GAAPs may have to be adhered to by the companies while maintaining books of account.(More details regarding these benchmarks are explained in later units). Accounting controls should achieve compliance of these benchmarks so that the financial reports prepared are transparent and adequate for decision- making by different stakeholders of the business. Consider for example, an accounting standard on Segment Reporting stipulates that financial statements should provide information as to performance of a company under different business segments like product-wise or territory-wise. If the accounting system of the company does not provide such information, there would be non-compliance of this Accounting Standard. 4. Supervisory controls

People are prone to make mistakes. People might take advantage of the situations. Hence supervision is required at every level. If one persons work is verified by another person, there is a chance of finding error or detecting frauds. Supervision also results in efficiency as employees are guided by the supervisors to work in a correct method. E.g. Imagine you are given coaching classes before exams on how- to- appear for exams. Definitely, this would help you to get more marks. However, some management experts argue that supervision is not required and is redundant when the employees are experts or trained. But the point to be noted here is supervision as frauddetection tool is unavoidable. Hence strong supervision is a feature of good internal control. 5. Segregation and rotation of duties Empowering is giving people full responsibility for a particular job. Empowering people may be good at times. But it may lead to frauds also. No one person should be entrusted with full responsibility of one job. Jobs are to be segregated so that two or more people are involved in a job. This is also called as segregation of duties. E.g. If cash is being handled by a cashier in a firm, he should not be given the authority and responsibility of entering the cash received directly in the main books of account. If he is given such authority, there is a possibility that he might show less amount in the books of account and pocket the difference. E.g. In a computer system, those who write programs should not be allowed to make data entries. If they are allowed to do so, it is possible that using their expert knowledge they may transfer funds from one account to another account, for example, in a bank. Similarly, one person should not remain in same position in the organization for a long time. He is to be put into different jobs so that if any fraud is being committed by him such fraud would come to surface on such change of job. Rotation of job also helps in employee learning all aspects of the business. For example, in software development firms, employees are asked to compulsorily go on leave so that their work is taken up other programmers. Any fraud or mischief done while writing such programs might be later detected by the new programmer on the job. The classification or categorization of controls provides us the various features of internal controls. These are not an exhaustive list of all the features of internal controls. Based on a situation, a firm adopts innovative methods of setting up internal controls. But if these important features discussed here are missing in any firm, it might be an indication that controls are weak. We shall be studying in later units how existence of internal controls in a firm can be evaluated.

Limitations of Internal Controls Internal control systems can provide only reasonable, but not absolute, assurance that the objectives stated above are achieved. This is because the internal control systems are subject to some inherent limitations, such as: 1. Managements consideration that the cost of an internal control exceeds the expected benefits to be derived from having controls.

Often the top management does not implement a control measure assuming that it is costly. For example, a company might not appoint a watchman for its stores assuming that it involves unnecessary expenses. It might assume proper locking can provide enough security.

2. Most internal controls do not tend to be directed at transactions of unusual nature.

Usually companies design policies regarding routine operations like purchases, sales, cash etc. But they neglect to frame rules as to exceptional cases. For example, a company might have tight procedures for purchase of raw materials. The same company might accept a high-value transaction undertaken by one of its directors who is a majority shareholder which is not according to the procedure. This high- value transaction might have an element of fraud which goes undetected due to laxity in internal control.

3. The potential for human error, such as, due to carelessness, distraction, mistakes of judgment and the misunderstanding of instructions exist in any firm. Hence internal controls might not achieve the desired results. 4. The possibility of circumvention of internal controls through the collusion with other employees or with parties outside the entity.

This is one of the most frequently witnessed limitations of internal control. Two persons inside the organization join together to commit fraud whereby any procedure or rule setup by top management does not prevent or detect the fraud. For example, Purchase Manager and Stores Manager of a company join together along with the supplier, whereby even if less goods are received they are recorded at higher value and the supplier is paid more. Later all three share the extra amount received.

5. The possibility that a person responsible for exercising an internal control could abuse that responsibility, for example, a member of Management overriding an internal control. In fact, most of the Management Frauds (which we shall be discussing in later units) are due to overriding of the rules, policies and procedures by Management itself.

6. The possibility that procedures may become inadequate due to changes in conditions and compliance with procedures may deteriorate.

For example, due to introduction of Information Technology, a lot of old procedures become redundant. A lot of new procedures may be required like taking backups, having anti-virus software etc.

7. Manipulations by Management with respect to transactions or estimates and judgments required in the preparation of financial statements.

Management may hide real facts by window-dressing the financial statements. Accounting standards, conventions may not be followed in spite of such standards. Though the intention of the Management may not be to make personal profits by creative accounting, the stakeholders may suffer due to hiding and misrepresenting facts, estimates or judgments while preparing financial statement. For example, Enron a reputed Multinational did not disclose the extent of contingent liabilities it was exposed to in its Balance Sheet. Later the firm collapsed and thousands of stakeholders suffered. This is clear case of Management itself involving in false financial reporting.(in later units, we shall discuss how audit and other regulations might prevent such frauds being committed.)

Thus, there are several situations where internal controls can not achieve the objectives required to be achieved by them. In spite of such limitations, the value of internal controls to a business cannot be underestimated. For an honest management, internal controls are valuable tools for success in business.

Summary

Control attempts to prevent, detect unlawful events that occur and takes corrective action whenever such event happens. Internal control refers to all those policies, procedures, rules, systems laid down by a Management to achieve the goals of the business. The scope of internal control includes effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations, adherence to management policies, the safeguarding of assets , prevention and detection of fraud and error, the accuracy and completeness of the accounting records, the timely preparation of reliable financial information, implementation of various inspections, internal audit and external audit. Framework or components of internal control include identifying the control environment, assessing the risk, designing control activities, communicating and setting up information network to implement internal controls and monitoring the internal controls so implemented. Principles to be followed while setting up internal controls include effectiveness, efficiency, confidentiality, integrity, availability and reliability.

Internal controls can be classified as general controls and application controls. General controls are required in every organization and include management reviews, organization structure and recruitment policies. Application controls are need-based and include physical controls, authority and asses controls, accounting and arithmetical controls, segregation and rotation of duties and supervision. Limitations of internal control may due to high costs involved in setting up controls, no controls being set up for unusual transactions, collusion by employees, overriding of controls by management and manipulation of financial statements.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004-Unit 2Understanding Internal Controls

Unit 2 Understanding Internal Controls

Introduction Whether the internal controls existing in an organization are adequate or not is to be found out by any person who is assessing the business- like an auditor. Even management is interested in such evaluation. In fact, COSO framework identifies Monitoring as a component of internal control. What are the techniques that are used in such evaluation is also to be studied. We have studied an overview of internal controls. How these controls are set up for individual functions of an organization like purchases or sales is essential for any student who is interested in management of a business. A good working knowledge of these controls for all areas of the management will help in setting up, modifying the internal controls in a prompt and effective manner. In this unit, details about various internal control measures for purchases, sales, cash, stores and inventory, payroll and such other functions are discussed. This unit also provides the different techniques which are used in evaluating internal controls. It is desirable that the students should brush up their accounting knowledge before they proceed to study this unit.

Objectives After studying this unit, you would be able to:

Explain different techniques of evaluation of internal controls. Explore the internal controls that exist for various areas of management. Explain the different features of internal control in a computerized environment. Find out the scope of internal controls in a computerized environment.

Evaluation of Internal Controls The need for evaluation of internal controls The Management is responsible in any organization for setting up and monitoring internal control. Even if a Management has not consciously developed internal controls some sort of control are in operation in every organization like uniformity in operations, outlining of broad line of activity or specifying each ones task. However, the Management has to evaluate from time to time these controls to ascertain:

Whether prescribed management policies are being properly interpreted by the employees and faithfully implemented. Whether the prescribed procedures need a revision because of changed circumstances or because they have become redundant. Whether effective corrective measures are taken promptly when the system appears to breakdown.

For this purpose, usually Management would install a separate Internal Audit System. Internal Auditor, being an independent person, checks among other things the actual operation of the internal control and reports about the deviations, non-compliance if any. He may also suggest the ways to improve the internal control. Even if internal auditor is not appointed, the Statutory Auditors who audit the Financial Statements every year and report to stakeholders, ensure that internal controls are in operation, effective and according to Standards. Thus the evaluation or review of internal controls is indispensable in any organization. The Techniques of Evaluation of Internal Control The review of internal control by an auditor or by any other person on behalf of management requires thorough knowledge of accounting and financial controls as most of the operations of a business involve accounting and financial records and these are the areas most prone to frauds and errors. A review of internal control can involve a process of study, examination and verification of the procedures, policies, methods, rules laid down by the Management. These may be in written form in Company Manuals, flow charts, checklists. Most of the time, these vital information are

in unwritten form and hence the evaluator has to make enquiries with the employees of the organization, observe the actual procedures followed in a particular case. Thus evaluation of internal controls can be done by means of various techniques as follows:
1. 2. 3. 4. Narrative Record Checklists Internal Control Questionnaires Flow Charts

We shall study each of these techniques: 1.Narrative Record In this case the evaluator or internal auditor records the entire procedure of operation of internal control in written form after

obtaining the information from employees and executives; actually observing whether the particular procedure is in operation.

For example, in a company wages to the workers may be being paid on a particular day every week in cash. Assume a supervisor of the Production Department has to identify the worker before the cash is paid. Assume signature of the worker on the voucher may have to be identified by two supervisors according the procedure. Most of these procedures may not be in written form. The internal auditor has to make enquiries to find out the details of these procedures. But this is not adequate. He has to observe whether these procedures are actually being followed while making payment of wages. It is possible that one of the procedures like identification by two supervisors may not be being followed. This lapse is to be viewed as weakness in internal control as to payment of wages. Due to this lapse, there is a possibility that supervisor and a dummy worker collude together and wages are paid to a dummy worker. Thus a narrative record is a complete and exhaustive description of the system as found in operation. Actual testing or observation is necessary before such a record is developed. Merits of this technique:

It is useful in firms where no written, formal system of internal controls like Manuals or Flow Charts exist. Most of the time, it can be applied to small business organizations.

Demerits of the technique:

It is difficult to understand the procedures in operation for all areas of a business. Sometimes business transactions involve complex procedures which an internal auditor may not be to comprehend completely.

Even if one were to understand the system completely, the pros or cons of the procedures may not be decided. For example, if purchase function involves a lengthy procedure in a company like obtaining quotations, placing orders, follow up of orders etc. the evaluator may not find out where the weakness exists unless he has come across cases of frauds or errors occurred elsewhere in similar circumstances. Narrative records become useless if the persons in charge of operations change the procedure. This happens due to re-shuffling of employees involved in a particular job. For example, the Sales Manager of a particular area who had adopted a particular procedure for obtaining orders from the customer may get transferred to a different region. The new comer to his post might adopt a different procedure which might involve an internal control which is either superior or inferior to the one adopted by earlier Sales Manager. Hence every time there is a change in Personnel, the Narrative Record may have to be updated which is cumbersome task.

2.Checklists An internal auditor may prepare a list of areas to be checked with reference to a particular function of a business. Such list of items to be checked is called as a checklist. For example, a checklist for purchases may be as follows:

Table 2.1: A Model Checklist Based on the above checklist the internal auditor verifies each of the areas in the checklist and records his observations and comments below each item of the checklist. For example, in the above checklist, the internal auditor might remark below item 1, for example, as follows: No procedure exists for obtaining the quotation from suppliers. Comparative quotations from various suppliers are not obtained. Orders are placed arbitrarily by the Purchase Manager. Such a remark would indicate that there is weakness in this area of Purchases. Merits of the Check-list:

Ready-made check-lists for each area of business are usually available. Complete evaluation of an area is possible as checklist covers entire area.

It is easy to pinpoint the weak area of internal control. Time is saved as no narration is required.

Demerits of the checklist:

It might not be possible to have check-lists for each function of a business like that of production. It does not replace the importance of observation. It might become a routine affair and observation might not be a fact, particularly when assistants of internal auditor handle these lists.

3. Internal Control Questionnaires (ICQ) ICQ is most widely used method/technique of evaluation of internal control. Basic features of ICQs are as follows:

Questions are framed according to the sequence of procedure in a business. For example, in case of Purchase Procedure, the questions start with Purchase Quotations and end with Payment to Suppliers. Questions are asked to the employees of the organization who handle the particular procedure. Yes or NO should be the answer to the questions (sometimes Not Applicable may be the answer) so that there is no ambiguity in answers. Yes should indicate existence of control. No should indicate weakness in control. More No will indicate that the internal control in a particular area is weak. Answers can be amplified if necessary by explanation.

Merits of ICQs
1. 2. 3. 4. ICQ can be applied to any field/activity/procedure in an organization. Omission of any area is less likely to occur here as questions are sequential. Entire area of operation is studied by one bunch of questions. Interim review of an area is possible if substantial questions of an ICQ have been replied.

Demerits:
1. It is difficult to frame ICQs. 2. Answers provided need not be genuine and hence observation becomes important. 3. Entire ICQs are to be changed when organization undergoes a substantial change.

A model ICQ has been provided below for better understanding of evaluation through ICQs. Students are advised to design such ICQs for each function of business to get a practical knowledge of how ICQs can be made use of in evaluating and re-designing internal controls. Area: Bank Transactions

Q.No 1 2 3 4 5

Questions Are bank statements received by a person other than the person signing the cheques, recording cash? Are bank accounts reconciled at regular intervals? Is Bank Reconciliation Statement prepared by person other than person in charge of cash or bank transactions? Whether the person verifying bank reconciliation statement verifies each deposits and withdrawals from bank, both as regards date and amount? Is there periodic reviews of Old outstanding deposits? Old outstanding payments? Out standing stop payment advices?

Yes

No

NA

6 7 8 9 10 11 12

Are the items under reconciliation reviewed by a responsible official promptly or upon completion? Is confirmation of balances obtained periodically in respect of all bank balances and compared with the bank statements? Is there specific review of balances held as security, for letters of credit, Guarantees etc to ensure the need for their continuance? Are Fixed Deposit receipts held in safe custody? Is there a Fixed Deposit Register showing maturity dates, rates of interest and dates for payment of interest? Is there a follow up system to ensure that interest on Fixed Deposits is received on due dates? Is a certificate obtained from the bank for Deposit Receipts lodged as security? Table 2.2 A Model Internal Control Questionnaire for Bank Transactions

Note: If the answers to most of the questions in this ICQ are No, it can be concluded that there is weakness in internal control as to bank transactions. For example, for Q.9 if the answer is no it can be concluded that the Assets like Bank Deposits are not safeguarded by the Management and hence chances of loss of certificate etc are more. Similarly the ICQ also provides a clue to what should be feature of internal control for a particular area. For example Questions No 1,3 and 6 are aimed at finding out whether

Segregation of duties , an important feature of internal control is effectively used in bank transactions. The students can find out the underlying features of internal control in each of the questions in the above ICQ and also in any other ICQs , in a similar manner. 4.Flow Charts Flow chart is a graphic presentation of each area of a companys internal control system. Use of flow chart symbols which are Standardized is made here. Some symbols are provided here below (More symbols are available in MS Word (WinWord) under the Menu Auto-shapes)

Fig 2.2 Flow Chart Symbols

Flow Charts can be of different types as follows:

Control Flow charts Data flow diagrams Process flow charts Linear Responsibility Charts

Merits of flow charts

Easy to recollect. Summarizes the internal controls at one place and provides a birds eye view. Communication is easier through the use of flow charts.

Demerits of flow charts:

No final description is possible as internal controls change due to changes in the environment. Preparing a flow chart is a complex job. Preparing a flow chart is a time- consuming job. Flow chart provides only historic or static description of controls.

Practical Application of Internal Controls in Business The principles as well as features of internal controls and their evaluation can be better understood by studying their application in various functional areas of any business organization. Some areas where internal controls are exercised in a business entity is provided here by using various methods like checklists and ICQs. Internal Control for Purchases (Procurement) Main areas where internal control is required in procurement function are:

Order processing Receipt of goods Payment to suppliers/ creditors

These three processes if are segregated possibility of fraud is less. Therefore usually these three processes are handled by separate departments i.e. Purchase Department places the order, Stores receives the goods and Finance Department makes the payment to the supplier. Documents involved in procurement function are:

Purchase Requisition, Indents issued from production and other departments to purchase department which is the basis of making a purchase. Quotations, tenders received from suppliers Purchase Orders Prepared by the purchase department Invoices, Stock transfers Notes received from suppliers or other departments Dispatch notes, Bank intimations, Insurance Details- received from suppliers Lorry receipts, Railway receipts and such transporters documents when the goods are sent through transporters Inspection Memos from Quality control department when the goods are received Goods Received Note (GRN) an important document prepared by the stores indicating that goods have been received Debit notes-to suppliers for return of goods which may be defective or not as per specification etc.

Statement of accounts of suppliers which is received by the Accounts department and reconciled with the books of account to see if there is any discrepancy in payment , returns or claims etc.

Some control measures as to Purchase function:

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Approved list of vendors can be maintained to avoid bad suppliers. Quotations from various parties to be obtained for price and quality comparison. Purchase Requisitions from departments Authority to make such requisition should be fixed. Purchase Order should be in prescribed format, having all details like terms of payment, mode of delivery apart from name , quality and quantity of goods. Variation of terms, discounts etc. as to purchases authority, approval of higher authority is must in case of such variations. Pending purchase orders Reason should be explained by Purchase Managers. Capital goods Purchases authority/approval from higher authorities (for example Board of Directors) is a must as value involved is usually huge. Stores should prepare GRN only on the basis of actual receipt of goods. Person preparing the GRN should not be involved in ordering or accounting process. Quality inspection should not be done by Store-keeper or person receiving the goods. Shortage, damage etc. reports should be obtained from authorized, higher level employee from stores, How damaged goods are to be disposed should be decided by higher authorities. Debit and credit notes authority to issue and accept such notes from creditors should be decided. Accounting segregation of duties of ledger maintenance and reconciliation of suppliers accounts is must Creditors/Suppliers

-monitoring of payments to suppliers through age-wise reports etc. is to done -a person other than accountant (book-keeper) must make payment to suppliers. Instead of having such checklist one can use an ICQ on purchases and get a better understanding of internal control for purchases. Similarly other techniques of evaluation of internal control can be made use of in finding out the internal control for purchase or any other functions of a company.

Internal Control for Sales Internal control for sales function has been provided here by means of an ICQ. By analyzing the ICQ you will observe that if the answers are Yes to all these questions, you have very good internal control over sales.
1. Are the standard price lists maintained? 2. If the prices are not based on standard price lists, whether approval is obtained by senior marketing officer/ executive?

3. Are written orders from customers received invariably? 4. If oral or telephonic orders are received whether they are recorded immediately in standard order forms and sent for customers confirmation? 5. Is there numerical control over orders received (whether pre-numbered order forms are used?) 6. Whether credit limits are fixed for customers individually? 7. Are these limits approved by a higher authority? 8. Are these limits reviewed periodically? 9. Are these limits checked before accepting the orders? 10. Whether such approval is by higher authority? 11. Whether sales are made to employees at concessional rates?

i-Whether limit is fixed for such sales? ii-Whether such limits are strictly followed? iiWhether the amounts are recovered within due dates?
12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. Whether the dispatches of goods authorized by prescribed forms? Whether such Dispatch notes are in pre-numbered forms? Whether the dispatch note is prepared by a person not handling orders? Whether the dispatch notes are matched with Sales Invoices, Transporters documents, Excise duty records? Whether unmatched dispatch notes reviewed periodically? Whether acknowledgments are obtained from customers for receipt of goods? Whether marking of orders for goods delivered is being made? Whether shortages in delivery are investigated regularly? Are such shortages or claims by customers matched with claims against carriers or insurers? Are sales invoices pre-numbered? Are all invoices accounted? Are invoices checked for price, taxes and terms of payment? Are invoices directly mailed to customers? Is credit to customers for remittances posted only from cash book? Whether dishonour of cheques by customers immediately taken note of by Sales Department, Accounts Department and Finance Department?

Internal Control for Cash and Bank Transactions Internal control for cash and bank transactions has been provided here by categorizing them according to important features of internal controls discussed in Unit 1 (Section 1.5). This is also one useful way to set up internal controls and also to evaluate them. Students are advised to frame internal control measures in this way as to various functions of a business. Internal Control for Cash Transactions A) Controls over cash receipts: 1. Managements controls over Cash:

Policies can be formed in the following areas:

-Daily banking of cash collected. -Limits and authorities to be fixed as to cash collection by different levels of employees. -Expenses should not be paid out of cash collected but separate cheques are to be drawn for payment of expenses. -IOUs (taking of money from the cash box for emergencies by employees) should not to be allowed. 2.Organization of cash function

Cash management policies should be decided by the management. Cash collection centers can be set up at various places, cities, towns. Cash counters, safe lockers are to be provided in the cash collection centers. Remittance methods of cash from such centers to banks or between two centers are to be formally decided.

3.Recruitment policies

Honest and loyal persons should be recruited to handle cash.

4.Reports & Reviews Areas where such reports, reviews can be made use are:

Reporting of daily cash balances of branches. Report of discrepancies in cash is to be verified.

5.

Supervisory controls

These can be exercised in areas like:

Surprise checking of cash balances by supervisory authorities. Use of Closed Circuit Television as to cashiers operation.

6.

Segregation, rotation duties

Cashiers should have no other responsibility, particularly not of recording transactions in the books of account. No/Limited access to cash counter should be provided for other persons/employees. Rotation of cashier job is a must. In fact you might have observed in banks cashiers post in frequently rotated among the employees of the branch.

7.

Accounting controls

Cash scroll is to be maintained by cashier to record his transactions. Counting of cash by denominations and recording should be systematic. Writing of cash book by a different person than cashier is must.

8.

Physical Controls

Cash counters, safe lockers are to be provided. Soiled and cut notes to be sorted out. Counting machines are to be provided. Detection of fake notes should be made possible.

B) Controls over Cash Payments: Objectives:

All cash payments are rightly made. All payments are correctly recorded.

Some internal control measures as to payments are as follows: 1. Limits, authority levels for payment to be fixed.

2. Mode of payment is to be decided at policy level. 3. Signing powers for approving payments to be decided by the top management. 4. Organizing of Cash payment function like place where the payment is made, cash counter, safe lockers etc are to be decided. 5. Some Accounting controls:

Cash vouchers are to be designed properly. Checking of totals, quantities and approvals before payment is must by cashier. No payments are to be made out of cash received; the latter should be banked daily. Maintenance of petty cash book under IMPREST system is most useful. Paid stamp to be fixed on expense vouchers which have been paid so that double payment is avoided for same voucher or bill.

Internal Control for Fixed Assets Some measures of internal control in this regard are:

1. Budgets for capital expenditure (purchase of fixed assets) are to be approved by top management like Board of Directors. 2. Such approvals should be communicated to Purchase, Finance and Production Departments. 3. Capital expenditure should be incurred within the limits fixed for an Executive. 4. Revision, escalation of such expenses should be approved by Senior Executives. 5. Maintenance of such assets should be formally authorized. Annual maintenance contracts, for example should be approved. 6. Physical verification of Fixed Assets at least once in every year is a must. 7. Scrapping of damaged fixed assets should be approved by higher authorities. 8. Sale of any fixed asset should be approved by top management. 9. Reports of fixed assets acquired, damaged, sold, etc. should be reviewed. 10. Depreciation and capitalization of expenses related to these fixed assets should be according to Accounting Standards.

Internal Control for Inventory Internal controls measures here are provided by means of checklist:
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Stocks to be stored in assigned areas. Stocks are to be insured against fire, theft, flood, riot etc. Record of such insurance policies to be reviewed. Value of stocks for insurance purpose should be decided by top authority. Perpetual stock records are to be kept. Stock records are to be compared with accounting records periodically. Periodical verification of inventory and reporting is a must. Stock levels are to be maintained. ABC analysis of inventory is to be made. Inventory verification should be in a prescribe mode and time. Verification should be done by independent person. Variations should be properly explained. Stocks at other places like, with customers, consignees, contractors, warehouses or third parties to be confirmed by such parties. 14. Records to be maintained for scrap, by-products or returnable containers. 15. Requisition notes from production departments must be formal and duly authorized. 16. Valuation methods should be authorized and based on accounting standards.

Internal Control for Payroll Process involved here are: -Maintenance of Employee records -Maintenance of Time records

-Pay calculation -Compliance of laws as to deductions from pay -Implementing modifications like promotions, increments etc.

Controls can be built as to all these areas using all the features of internal control.

Students are advised to design such internal controls for various functions on similar lines.

Internal Controls in a Computerized Environment Features of Internal Controls in a Computerized Environment These days most of the businesses are conducted through use of Information Technology. Most of the processes or functions of management are conducted through use of computers. We have studied various functions of the management for which measures of internal controls that can be implemented but these are suitable mostly when the operations are manual. The extent and nature of internal controls for each of these functions substantially change due to adoption of Information Technology. Since the internal control system in a computerized environment is substantially different than in a manual system, the Management or the evaluator of such internal control like internal auditor has to study and understand the features of such internal controls. Some of the problem areas associated with a computerized information system are: 1. Consistency in operations: The computer programs are known to be accurate and consistent in their performance. This feature of computers is regarded by most of us as a useful feature. But this feature has a negative side also. If a program has been written wrongly the computer will go on executing that program even though it is wrong. Imagine a program written in your company that calculates workers salary wrongly. If nobody notices the mistake the computer will go on repeating the mistake month after month when the salaries are calculated. 2. Lack of transaction trails:

Some computer information systems are so designed that a complete transaction trail (how a transaction has been processed) might exist for only a short period of time or only in computer readable form. Where a complex application system performs a large number of processing steps, there may not be a complete trail of how the particular transaction has been processed. Accordingly, errors embedded in an applications program logic may be difficult to detect on a timely basis by manual (user) procedures.

For example, in a bank the details of individual customers transactions might be destroyed after a period of say, one year, thus denying the Management the evidence of such transaction.

3. Lack of segregation of functions: We have studied that segregation of duties is an important feature of internal control. This feature enables the organization in preventing or detecting frauds or errors. But in a computerized environment it becomes difficult to segregate duties at times. Thus employees become empowered and misuse their powers.

For example, in a computerized system the Bank Teller may enter the payment details in the customer-ledger in the computer and make the payment to customer on latters presentation of a cheque. Thus his power is more in such environment than in a manual system, which can be misused by him.

5. Potential for errors and irregularities: The potential for human error in the development, maintenance and execution of computer information systems may be greater than in manual systems. This is because individuals have more knowledge and access to computerized information. Sitting in remote corner of the world you can access the information and get unauthorized access to any other persons say bank accounts or credit cards. You may even alter or destroy the data. For example, a bank clerk might guess his supervisors password and transfer huge amounts to different accounts within seconds which he could not have done in a manual system. In addition, decreased human involvement in handling transactions processed by computers can reduce the potential for observing errors and irregularities.

For example, in a bank the officials usually do not re-check or become skeptic about the interest amount calculated by a computer. Hence when the interest rate is wrongly fed into the computers it goes undetected for months together. Similarly errors or irregularities occurring during the design or modification of application programs or systems software can remain undetected for long periods of time.

6. System generated transactions: Computer information systems may include the capability to initiate or cause the execution of certain types of transactions, automatically. The authorization of these transactions or procedures

may not be documented in the same way as that in a manual system, and managements authorisation of these transactions may be implicit in its acceptance of the software. For example in a bank, the credit of interest to individual account of customers may be systemgenerated so that at the end of the month the computer automatically calculates the interest and credits it to individual accounts. 7. Potential for increased management supervision: Computer information systems can offer management a variety of analytical tools that may be used to review and supervise the operations of the entity. The availability of these analytical tools, if used, may serve to enhance the entire internal control structure. For example, the inter-branch transactions of a company get reconciled within days these days due to reports being generated by the computers and fast management action on such reports. In the manual system such reconciliation used to take months together

8. Vulnerabilities Computerized systems are prone to different types of vulnerabilities (threats) which can create havoc if not controlled properly. For examples, vulnerabilities like virus, hacking, create lot of harm to information systems and business might lose substantially. Those who are using computers for business should know about the possibility of such attacks and take preventive steps. Thus we can see that though these features of internal control in a computerized environment provide advantages to any business, sometimes they also give scope to many risks. Scope of internal controls in a computerized environment Due to aforesaid features of computerized environment, internal controls require additional features such as the following in such environment. Access Controls
As we have discussed earlier, in a computerized system the authorization or segregation cannot be done by orally or in writing unlike in a manual case. It should be done through the machine. Thus the persons accessing the computers in a company are provided access as to the computers so that they can open the computer and get the information. However the extent of information that they can access and use is to be decided by the System Administrator i.e. the person who controls the computers and the information system. Therefore the following internal control measures are used invariably in computers.

Identification of the users of the computers by the computers through User Ids which are to be assigned by the System. Authentication of the users to allow them Access to the computers through various techniques like Passwords, PIN (Personal Identification Number), Smart Cards, Biometric devices like finger prints, retina scan etc. The extent of access to information should decided by the Administrator by having Access Control Policies. For example, information can be classified as Top Secret, Secret, Classified or Unclassified.

Physical and logical assets control: The access to physical assets assumes different proportion in a computerized environment. Imagine a company having huge database of its customers information at a particular data center. If a hacker attacks such data center the possibility of loss is huge due to loss of information. Entire business may come to a stand still. Thus the control over physical assets in a computerized environment includes safeguarding information and logical assets like software, programmes etc. Some control features in this regard are:

Use of firewalls and Intrusion detection systems.

-Firewalls do not permit access to outsiders who are not authorized to do so. Similarly it does not allow insiders to send information to outsiders. Both these features save a company from attempt to attack the computer through virus, hacking etc. or misuse of valuable information by insiders. Intrusion detection Systems warn the Controllers of the computers that another person or system is trying to attack the System so that the controllers can take preventive action.

Use of anti- virus programs and applications

-Viruses, worms, Trojans, spy-wares, logic bombs etc. are threats to information system. These try to delete, modify or misuse information as well as system which results in huge loss to a business firm. For example, due to virus attack the computers may not work for a specified duration in company. This results in loss of business, reputation and waste of human resources (employees sitting idle). The solution to this problem is installing Anti virus software and updating it frequently. Such programs detect virus, worms, Trojans etc. and prevent them from attacking the system.

Physical access controls as to persons entering the premises where computers are kept has to be established. Use of smart cards, biometric devices, guards at the entrance etc can be made. For example in some software companies fingerprints are to be identified by the system before the employee or any other person has to enter the data center. This feature prevents unauthorized persons entering the data center and destroying or altering the information. Computers are prone to threats like variations in electric supply, influence of magnetic fields etc. For example if you take a powerful magnet near a computer the data inside the Hard disk may be destroyed or altered. Hence it is important that adequate control is taken to see that such events do not happen. Energy variation should be prevented through installing Uninterrupted

Power Supply (UPS) units. The maintenance of UPS also becomes important because if UPS fails the system fails. Data or information are usually communicated through various communication channels like telecommunication, satellites etc. Possibility of theft of information, modification to data during such transmission exists. Steps are to be taken to prevent or at least detect such attempt to attack.

System development controls: As we have seen earlier, in a computerized system if any mistake is committed while writing the programme, the computer goes on repeating the mistake. Thus there is every need to control the operations of system development i.e. when the programmes are being written. Many control measures are taken by Software developers to see that errors and frauds do not exist in the software or programs they design.

Data controls It may consist of:

Data management controls

-Internal controls should see that information should be managed in an effective and efficient way. Designing the data also becomes important as later you may not be able to get the data you require unlike in a manual system.

Data processing controls

-These controls aim at taking preventive, detective and corrective steps while processing the data. For example, there should be control to see that unreasonable data like a date such as 30th February should be rejected by the computer as invalid date.

Data storage controls

-These are aimed at saving the data, deciding when to retire old data or when to accept new data. It also includes concepts like data mining. It also includes library controls .The latter is very important in that many programs go on changing. New versions of the programs are created and used. Version control becomes very important. Instead of new version of a program if old version of the program were to implemented lot of damage can be created -Back ups, Disaster Recovery Planning, Business Continuity Planning are some of the control measures in safeguarding of the data. Back up copies of the data are to be kept in different place than where data processing is done. This prevents backups being lost when the data center is damaged due to fire, flood, terrorist attack etc.

-Disaster Recovery Plan helps a firm to recover all the lost assets in case of attack .For example when the terrorists attacked World Trade Center at New York, the Disaster Recovery Plan in operation in many businesses firms situated in the Center saved them from huge losses. The firms would be able to prevent too much damage being done in case of disasters. The firms would be having a parallel data center which can start functioning if the original data center is lost. In business continuity plan, the companies try to start functioning as fast as they can in case of a disaster. This is important so that customers do not suffer. For example if railway information system is attacked, the trains should start functioning at the earliest. Business Continuity Planning helps in achieving this. Thus through use of all these controls measures in addition to basic features discussed in Unit 1, the internal control in computerized environment would be effective and efficient. Summary

The evaluation or review of internal controls is indispensable in any organization. The techniques of evaluation of internal control include narrative record, checklist, ICQ and Flow chart. Each of these have merits as well as demerits. Internal controls for purchases, sales, cash, bank, inventory and payroll functions have been provided here for better understanding of internal controls. Internal controls in computerized environment are substantially different than those in a manual system. The scope of internal controls in a computerized environment includes Access controls, Physical and logical assets control, System Development Controls and Data controls.

Copyright 2009 SMU Powered by Sikkim Manipal University

.

MF0004- Unit 3 Frauds and Errors

Unit 3 Frauds and Errors

Introduction We have studied in Unit 1 that detection of frauds and errors is an important function or objective of internal control. Frauds and errors create losses to organization and also to stakeholders of a business. Further we know that internal control is to be exercised in the area of Financial Reporting. If there is fraud or error while reporting the financial results of a business, it has far reaching consequences. Many people who rely on wrong Financial Statements may lose their money. Hence it is important that fraud and error is to be avoided in operation or in

financial reporting. Hence a study of meaning of fraud and error, their causes, their classification is to be done. It is more important for the management as well as the internal auditors to know whether there are any symptoms of existence of fraud. Hence it is important to learn the symptoms of fraud. An auditing standard provides a list of such fraud risk factors which is very useful to any person trying to prevent or detect fraud. This list has been provided here so that a better understanding of internal controls taken to prevent or detect such frauds is possible. This unit also discusses the different types of frauds committed by managements of the companies throughout the globe. Some notorious cases of such management frauds are also discussed here. Objectives After studying this unit, you will be able to:

Explain the meaning and types of errors. Explain the meaning and components of frauds. Mention the types of frauds and their causes. List out the symptoms of frauds. Give examples of some management frauds.

Meaning and Types of Errors Meaning of errors Errors are mistakes, lapses or wrong way of doing things. Basic feature of error is that it is unintentional. Errors occur in every field of human activity due to many reasons. As human beings are involved in business, errors do occur in very business transaction. For example, errors may occur in production of things, in buying or selling items or while dealing with different persons in any business. Definitely all these errors may lead to losses in a business. However in this unit, we are not studying all these important errors as they are of particular interest to persons who are in such particular fields like production, marketing or procurement. We are more interested in those which are of financial nature. Basically these are errors:

Accounting errors which are ultimately reflected in financial statements like Balance Sheet. Procedural errors which though not affect Balance Sheet do create loss to the organization.

The financial statements are affected due to accounting errors in the following ways

A mistake in gathering or processing data from which financial statements are prepared. For example mistake may occur while preparing the profit and loss statement whereby transactions of particular unit of business may not be included in arriving at total sales.

An incorrect accounting estimate arising from oversight or misinterpretation of facts. For example, while valuing the inventory the price of the items in stock might be wrong leading to high or low valuation of stock. A mistake in the application of accounting principles relating to measurement, recognition, classification, presentation, or disclosure. For example while valuing the stock the correct method of valuing the stock like FIFO or Weighted Average Cost method might not be followed, which might again lead to higher or lower profits and inventory value.

Thus it becomes important for us to study different types of accounting errors. Types of Errors Accounting Errors Accounting Errors can be classified as follows:

Errors of omission

These are errors where a business transaction is not at all recorded in the books of account. For example, if a sale of Rs 1,00,000 is not at all recorded, the Profit and Loss Account would show reduced sales value. No outsider would come to know that this amount has been omitted. Even insiders in the company might not find the mistake if the amount is not too material compared to the total sales of that company. But the fact is there is a mistake in the financial statement. If the internal controls are not able to detect such mistakes the basic object of internal control is lost.

Errors of commission

These arise due to recording transactions wrongly. For example, most businesses follow double entry system of accounting whereby both the aspects of a transactiondebit and credit are to be recorded in the books of account. If such recording of value of one of the sides is not done or if the amounts involved are different for both the sides, there would be a mistake. Take the case of an amount of Rs 10,000 paid as salary. If this transaction is recorded as follows there would be an error: Salary Account To Cash Dr. Rs. 1000

Rs.10000

But most of the times such error surface while preparing a Trial Balance and the accountants can trace the mistake. And in a computerized environment these errors do not occur as double entry system is built into financial accounting software which does not allow the entry to be accepted by the computer if one sided entries or entry with different amounts in two sides are entered in a as an accounting entry. Errors of commission can also occur when wrong amounts are entered in the books of account. For example though Salary paid is for Rs. 10000 it may be entered in the books as Rs. 1000. Unless there is a process of verification of the payment vouchers with books of account, these kinds of errors cannot be traced even in computerized environment. These errors can be due to transposition of amounts like writing Rs. 329 as Rs. 923. In such cases they are called as Errors of transposition. At times the entries are made twice or more times for same transactions. In such cases these errors are called Errors of Duplication.

Compensating errors

This is a case of two opposite errors canceling each other and not revealing their existence in the final statements. For example, Salary amount is wrongly recorded as Rs.1,00,000 instead of Rs. 50,000 and there is an increase in expenses. At the same time there may be wrong recording of Sales at Rs, 2,00,000 instead of Rs. 1,50,000 , thus increasing the sales by Rs. 50,000. As both income and expenses increase by Rs. 50,000 each the final cash balance would tally. These sorts of errors are very difficult to trace even in a computerized environment.

Errors of principles

These errors are due to misapplication of accounting principles. Majority of errors affecting the financial statements are of this kind. A simple example for such error would be showing the interest paid on loans taken for purchase of a machine as expenditure even before the machine is put to use. Assume interest paid is Rs 10 lakh. If this is shown as expense, the profit figure would be reduced to that extent. But the accounting principles stipulate that this amount is not revenue expenditure but a capital expenditure as the machine is not yet put to use. Till the asset (machine) is put to use the interest on loan should be added to the cost of machine and shown in Balance Sheet. Hence any company not following this accounting principle or standard would be showing a lower profit. Thus the mistakes that occur due to misapplication of accounting policies affect the financial statements and mislead the readers of these financial statements. Errors can also be classified as:
o

Self revealing in the sense their existence is found out due to difference in Trail balance or not balancing of any other subsidiary books with Control accounts maintained in the general ledger. Errors of commission are usually self- revealing.

Concealed errors or not self-revealing

errors are those which may not surface while drawing Trial Balance or final accounts.

For example, errors of omission, compensating errors or errors of principles are generally not self revealing. Procedural errors

Errors can also be due to lapse in observing a procedure or internal control measures. Such error can lead to frauds or huge losses later. For example, in case of fixed assets the date of expiry of insurance cover is to be noted in the records. If by mistake this procedure is not followed as the officer in charge is not aware of the expiry of insurance cover and before a new insurance policy is taken the asset is destroyed in a fire the company would lose huge amount as there is no insurance cover. Hence procedural errors, though not involving financial aspects do lead to financial losses.

Meaning and Types of Frauds Meaning and components of fraud Meaning of fraud: Oxford Advanced Learners Dictionary defines fraud as an act of deceiving illegally in order to make money or obtain goods. Outright criminal activities typically involving violence or other physical means such as break-in thefts, industrial espionage, sabotage, attacks and robberies, and so forth are usually excluded from the scope of fraud. The practice of deception or artifice with the intention of cheating or injuring another is fraud as defined in Kohlers Dictionary of Accountants. A particular difficulty is distinguishing fraud from losses due to incompetence, procedural lapses, accidents, mismanagement, wrong decisions, or business risks. All these may not be treated as fraud as the persons committing these acts usually manage to escape by proving that they had no intention to defraud. For example due to mismanagement by a Board of Directors of a company, the company goes into bankruptcy. The shareholders lose their money. But it is very difficult for the shareholders to prove that the Board cheated them, they can only prove that the Board was negligent. But in reality the Board of Directors might have intentionally mismanaged the company for serving their ulterior motive. Fraud is an economic offence. General economic offenses also include criminal acts other than fraud like money laundering, financing of criminal or anti-national activities, corruption, bribery, kickbacks, and so on. We are not discussing these types of offences when we are talking of fraud in this unit.

Luckily, fraud falls into typical similar types that share common characteristics, means, and methods. Just as a house theft can occur anywhere, a fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance but usually arent identical. A fraud need not meet all of these characteristics. Thus the term fraud refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Although fraud is a broad legal concept, we are more concerned with fraudulent acts that cause a material misstatement in the financial statements. However misstatement of the financial statements may not be the objective of some frauds. To understand what actually happens when a fraud occurs, we have to study the components of a fraud. Components of fraud: FRAUD occurs when all of the following elements exist:
o

An individual or an organization intentionally makes an untrue representation about an important fact or event. For example an employee claims a traveling expense of Rs.10,000 which in reality he has not spent. The untrue representation is believed by the victim (the person or organization to whom the representation has been made). For example, in the above case the company (finance manager) believes the claim by the employee. The victim relies upon and acts upon the untrue representation. For example, in the above case the finance manager sanctions the traveling expense bill of the employee. The victim suffers loss of money and/or property as a result of relying upon and acting upon the untrue representation. For example, ultimately company suffers a loss due to bogus expenditure.

Types of Frauds
o

Frauds can be classified as follows: 1. Employee frauds

Fraud involving employees of the entity is referred to as employee frauds. 2. Management frauds Fraud involving one or more members of management or those charged with governance is referred to as management fraud. In either case, outsiders or third parties may try to join in cheating an organization. 3. Cyber frauds Frauds using computers. These are also called as computer frauds. A) Types of employee frauds Employees may perpetuate frauds in several ways as follows:
o

Defalcation of cash The employees in an organization can swindle the cash out the organization basically

by inflating the payments some of example of which are:

- making payments against bogus vouchers - making payments against inflated(by alteration) vouchers - including dummy workers in payroll and drawing the wages amount in that name - fictitious discounts allowed in the name of a customer (but drawing that amount for own use) - Personal expenses charged as business expense - Double payments to same suppliers against same goods - fake credit notes raised for additions, escalations from suppliers which is not made in reality - Purchase Returns to suppliers not accounted, original invoice amount being paid to supplier(later the excess paid is shared by the fraudster employee with supplier)
o

suppressing the revenues:

- Suppression, under-invoicing or not accounting of receipts credit notes raised on customers for return of goods not made in reality writing off customer dues as bad debts or giving concessions in the books, but not doing so in reality. Kickbacks, commission for purchases received but not accounted or reported to management - discounts for purchases or expenses received but not accounted - not accounting scrap sales -selling perfect goods as damaged goods and pocketing the commission received from customer
o o

Cash may be stolen straight away from cash counters, while remitting to bank or other branches. Teeming & lading type of fraud: - Here the employee receives money from a customer say A, against his due to the company, but not accounts for it. He uses the money for his personal use. Later when another customer B makes a payment the employee accounts it as receipt of dues from A, the earlier customer. To account of B s money he waits till one more customer C makes the payment. This chain goes on. The effect is that at least one customers dues would be always with the employee throughout the year. Thus the company does not receive its cash when it should have received it.

Thus for the purpose of defalcation of cash the fraudster employees might alter, falsify the records, books of account of the company.
o

Misappropriation of assets and services

The employees can cheat the company by taking away the goods, assets or resources of the company for their personal use.
o o o o

A worker might steal goods from the godown in small quantities on daily basis. An executive might use the companys car for his personal sight seeing tour. An executive might use the subordinates for doing his personal work during the business hours. Production records might be manipulated to show that quantity produced is less which in reality is more (the excess quantity is shared by employees or supervisors etc). Scrap or by-product generated in production is not accounted and misappropriated.

Thus even in case of misappropriation of assets or services falsification of records might have to be done by fraudulent employee. B) Types of Management frauds Management frauds usually involve fraudulent financial reporting.

Fraudulent financial reporting involves intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users.

Fraudulent financial reporting may involve:

o

Deception such as manipulation, falsification, or alteration of accounting records or supporting documents from which the financial statements are prepared. - For example, management might show more sales before it goes for a public issue. Similarly it may show less sales if it wants to avoid tax.

Misrepresentation in the financial statements of events, transactions or other significant information. - For example, management might not fully reveal the liabilities a company is supposed to reveal thus misleading the investors.

Intentional omission from the financial statements of events, transactions or other significant information. - For example, Company might not reveal the fact it has not received valid title deeds of a land document. Or it might not reveal that it has been imposed huge tax demand.

Intentional misapplication of accounting principles relating to measurement, recognition, classification, presentation, or disclosure. - For example, Management might show revenue expenditure as capital expenditure and thus show higher profit to save its skin.

3. Cyber frauds One of the major areas where prevention and detection is required in information security is as to frauds occurring using technology. These frauds are popularly called as cyber frauds or computer frauds. There are various crimes committed by using computers

which is not subject matter of our study. We are restricting here to circumstances that lead to economic or financial frauds. There is no such thing as computer fraud. What is usually meant is fraud carried out using a mouse of computer rather than traditional methods of paper and pen. The computer is simply the mechanism for perpetrating the fraud. Some ways in which cyber frauds are done are:
o

Theft of information contained in electronic form. -This includes information stored in computer hard disks, removable storage media etc.

Data diddling -This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

Salami attacks -These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. -E.g. a bank employee inserts a program, into the banks servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.

Web jacking -This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website. Frauds can be committed through web jacking.

Phishing -Sending unsolicited emails to get personal information which is used for further frauds or crimes.

Spoofing -A spoofed email is one that appears to originate from one source but actually has been sent from another source. Email spoofing can also cause monetary damage.

Most of these frauds may be committed through unauthorized access, virus, worms, logic bombs, Trojan horses and such malicious software. Ad ware and spy-ware are also the mediums through which these frauds can be committed. Reasons behind Frauds & Responsibility for Frauds and Errors Reasons behind frauds Causes for defalcation of cash and misappropriation of assets: Fraud involves motivation to commit fraud and a perceived opportunity to do so. Employee or any person might be motivated to defalcate cash or misappropriate assets, due to:
o

Need to maintain a life-style beyond his means. -Employee may be spending money lavishly for which his salary is not adequate. To get more money he commits frauds.

Greed to have more money -Even though employee has a good salary, he has desire for more money. So he commits frauds.

Hatredness and intention to harm the owners or the business. -Employee (or ex-employee) intends to take revenge against a company executive who has insulted him or sacked him. He undertakes fraudulent activities just to bring bad name to the company or others.

Need to indulge in vices -Employee might be having vices like addiction to liquor, gambling, drugaddiction etc. For this he might require more money. He resorts to frauds.

Financial distress and to avoid losses -Employee is in financial crisis. Lenders are pressurizing him for repayment of loans taken by him. To repay their amounts he commits frauds. -He or his relatives might have to undergo costly surgery for which he might require huge amount immediately

Fear of loss of life, reputation (for example, black-mailing)

-Employee might become victim of black mailing, kidnapping etc. To save his or his relatives life or to save his reputation he might require huge money. So he commits frauds.
o

Pathological need to commit fraud like cleptomania. -Some people cannot resist the temptation to steal. Such cleptomaniacs go to restaurants or homes of their friends and come back with spoons, forks or some small thing in their pockets! If they see huge cash in their offices they are bound to pocket at least one or two currency notes as it is in their nature to do so!

To get the thrill of doing frauds -Similarly some people resort to fraud just to get thrill out of frauds. These days youngsters, even high-school going boys, resort to hacking the computers, swindling money out of bank accounts, credit cards or ATMs, not for the sake of money only but more to get a thrill out of doing such things. This then develops into a sort of habit and people go on committing bigger and bigger frauds.

Causes for fraudulent financial reporting: Fraudulent financial reporting may be committed because:
o

Management is under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target. -For example, management may have to show sales beyond a certain figure, hence it would try to jack up sales figure. -Divisional managers might be under pressure to show a particular profit to their higher authority. To save themselves from being sacked, the divisional managers manipulate the divisional records.

To avoid taxes by showing lesser income or revenue -Management does not want to pay taxes. So it hides income, revenue etc.

To declare dividends by showing more income

-More dividends may be declared with incoming IPO in mind. -CEO might have issued a rash press statement that his company would declare a huge dividend. To save his face he would see that the financial statements are manipulated to enable the payment of huge dividend.
o

To withhold declaration of dividends by showing lower income -Less dividend is declared to conserve reserves for future projects of the company or to build secret reserves which management might enjoy later.

To receive higher remuneration, promotion by showing more income -Profit maximization becomes the goal of managers for this purpose in most cases.

o o

To survive in competition the Management might resort to manipulation of financials statements. Due to their psychological attitudes, to satisfy their ego some managers try to show off by inflating the profits, revenues or assets.

Responsibility for frauds and errors 1. Responsibility of the management The primary responsibility for the prevention and detection of fraud and error rests with the management of an entity. The respective responsibilities of management may vary from entity to entity. Certain areas where management is responsible are:
o o o o o

To set the proper tone, create and maintain a culture of honesty and high ethics, To establish appropriate controls to prevent and detect fraud and error within the entity. To see that the integrity of an entitys accounting and financial reporting systems. To see that appropriate controls are in place, including those for monitoring risk, financial control and compliance with the laws and regulations. To establish a control environment and maintain policies and procedures to assist in achieving the objective of ensuring, as far as possible, the orderly and efficient conduct of the entitys business. To implement and ensure the continued operation of accounting and internal control systems, which are designed to prevent and detect fraud and error.

2. Responsibility of auditors

Internal Auditors are also responsible for frauds and errors in that they have to check for their existence and suggest better internal controls. External auditors though not primarily responsible to detect frauds and errors, are still responsible to take care to verify the strength of internal control to prevent and detect frauds, existence of symptoms of fraud. Hence indirectly they are also responsible for controlling frauds. Thus it is important to note here that internal controls are very important in detecting frauds and errors of any kind. Those who are establishing internal controls should have sufficient knowledge of different types of frauds or symptoms frauds that might occur in particular business.

Symptoms of Frauds The fact that fraud is usually concealed can make it very difficult to detect. Nevertheless, the Management may identify events or conditions that provide an opportunity, a motive or a means to commit fraud, or indicate that fraud may already have occurred. Such events or conditions are referred to as fraud risk factors or symptoms of fraud. For example, a document may be missing, a general ledger may be out of balance, or a financial ratio may not make sense. However, these conditions may be the result of circumstances other than fraud. Therefore, fraud risk factors do not necessarily indicate the existence of fraud; however, they often have been present in circumstances where frauds have occurred. Examples of such risk factors are: A. Symptoms Relating to possibility of Fraudulent Financial Reporting by Management They may be grouped in the following three categories: 1. Managements Characteristics and Influence over the Control Environment. 2. Industry Conditions. 3. Operating Characteristics and Financial Stability. For each of these three categories, examples of fraud risk factors are provided here. 1. Fraud Risk Factors Relating to Managements Characteristics and Influence over the Control Environment a) These fraud risk factors pertain to managements abilities, pressures, style, and attitude relating to internal control and the financial reporting process. For example:

A significant portion of managements remuneration is represented by bonuses, stock options or other incentives, the value of which is dependant upon the entity achieving unduly aggressive targets like huge revenue, profits. There is excessive interest by management in maintaining or increasing the entitys share price or earnings trend through the use of unusually aggressive accounting practices. Management commits to equity-analysts, creditors and other third parties to achieving what appear to be unduly aggressive or clearly unrealistic forecasts. Management has an interest in pursuing inappropriate means to minimize reported earnings for tax-motivated reasons.

b) There is a failure by management to display and communicate an appropriate attitude regarding internal control and the financial reporting process. Specific indicators might include the following:

Management does not effectively communicate and support the entitys values or ethics, or management communicates inappropriate values or ethics. Management is dominated by a single person or a small group of persons. Management does not monitor significant internal controls adequately. Management fails to correct known weaknesses in internal control on a timely basis. Management sets unduly aggressive financial targets and expectations for executives. Management displays a significant disregard for regulatory authorities. Management continues to employ ineffective accounting, information technology or internal auditing staff. Non-financial managers participate excessively in, or are preoccupied with, the selection of accounting principles or the determination of significant estimates. There is a high turnover of management, consultants or board- members. There is a strained relationship between management and the current or predecessor auditor. Specific indicators might include the following: -Frequent disputes with the current or a predecessor auditor on accounting, auditing or reporting matters. -Unreasonable demands on the auditor, including unreasonable time constraints regarding the completion of the audit or the issuance of the auditors report. -Formal or informal restrictions on the auditor that inappropriately limit the auditors access to people or information, or limit the auditors ability to communicate effectively with those charged with governance. -Domineering management behavior in dealing with the auditor, especially involving attempts to influence the scope of the auditors work.

There is a history of securities law violations, or claims against the entity or its management alleging fraud or violations of securities laws. The corporate governance structure is weak or ineffective, which may be evidenced by, for example:

-A lack of members who are independent of management. -Little attention being paid to financial reporting matters and to the accounting and internal control systems by those charged with governance. 2. Fraud Risk Factors Relating to Industry Conditions These fraud risk factors involve the economic and regulatory environment in which the entity operates.

New accounting, statutory or regulatory requirements that could impair the financial stability or profitability of the entity. A high degree of competition or market saturation, accompanied by declining margins. A declining industry with increasing business failures and significant declines in customer demand. Rapid changes in the industry, such as high vulnerability to rapidly changing technology or rapid product obsolescence.

3. Fraud Risk Factors Relating to Operating Characteristics and Financial Stability These fraud risk factors pertain to the nature and complexity of the entity and its transactions, the entitys financial condition, and its profitability.

Inability to generate cash flows from operations while reporting earnings and earnings growth. Significant pressure to obtain additional capital necessary to stay competitive, considering the financial position of the entity (including a need for funds to finance major research and development or capital expenditures). Assets, liabilities, revenues or expenses based on significant estimates that involve unusually subjective judgments or uncertainties, or that are subject to potential significant change in the near term in a manner that may have a financially disruptive effect on the entity (for example, the ultimate recoverability of account-receivables). Significant related- party transactions which are not in the ordinary course of business. For example huge advances to a sister-concern without any reason. Significant, unusual or highly complex transactions (especially those close to year-end) that pose difficult questions concerning substance over form. Significant bank accounts or subsidiary or branch operations in Tax-haven jurisdictions for which there appears to be no clear business justification. An overly complex organizational structure involving numerous or unusual legal entities, managerial lines of authority or contractual arrangements without apparent business purpose. Difficulty in determining the organization or person (or persons) controlling the entity. Unusually rapid growth or profitability, especially compared with that of other companies in the same industry. Especially high vulnerability to changes in interest rates.

Unusually high dependence on debt, a marginal ability to meet debt repayment requirements, or debt covenants that are difficult to maintain. Unrealistically aggressive sales or profitability incentive programs. A threat of imminent bankruptcy, foreclosure or hostile takeover. Adverse consequences on significant pending transactions (such as a business combination or contract award) if poor financial results are reported. A poor or deteriorating financial position when management has personally guaranteed significant debts of the entity.

B. Symptoms Relating to Misappropriation of Assets/Defalcation of Cash and such other Employee Frauds Fraud risk factors that relate to misappropriation of assets may be grouped in the following categories: 1. Relating to Susceptibility of Assets to Misappropriation. 2. Relating to Controls. 3. Relating to size, complexity, and ownership characteristics 1. Fraud Risk Factors Relating to Susceptibility of Assets to Misappropriation These fraud risk factors pertain to the nature of an entitys assets and the degree to which they are subject to theft. For example:

Large amounts of cash on hand at any time during the year. Inventory characteristics, such as small size combined with high value and high demand. -For example mobile phones, gold and ornaments, watches.

Easily convertible assets, such as bearer bonds, gold, diamonds or computer chips. Fixed asset characteristics, such as small size combined with marketability and lack of ownership identification. -E.g. Lap tops in offices, costly hand-tools in factories.

2. Fraud Risk Factors Relating to Controls These fraud risk factors involve the lack of controls designed to prevent or detect misappropriation of assets.

Lack of appropriate management supervision (for example, inadequate supervision or inadequate monitoring of remote locations). Lack of procedures to screen job applicants for positions where employees have access to assets susceptible to misappropriation. Inadequate record keeping for assets susceptible to misappropriation. Lack of an appropriate segregation of duties or independent checks.

Lack of an appropriate system of authorization and approval of transactions (for example, in purchasing). Poor physical safeguards over cash, investments, inventory or fixed assets. Lack of timely and appropriate documentation for transactions (for example, credits for merchandise returns). Lack of mandatory vacations for employees performing key control functions.

3. Relating to t he size, complexity, and ownership characteristics of the entity Examples of such circumstances that, individually or in combination, may make the one suspect of a fraud are:

Unrealistic time deadlines for audit completion imposed by management. Reluctance by management to engage in frank communication with appropriate third parties, such as regulators and bankers. Limitation in audit scope imposed by management. Identification of important matters not previously disclosed by management. Significant difficult-to-audit figures in the accounts. Aggressive application of accounting principles. Conflicting or unsatisfactory evidence provided by management or employees. Unusual documentary evidence such as handwritten alterations to documentation, or handwritten documentation which is ordinarily electronically printed. Information provided unwillingly or after unreasonable delay. Seriously incomplete or inadequate accounting records. Unsupported transactions. Unusual transactions, by virtue of their nature, volume or complexity, particularly if such transactions occurred close to the year-end. Transactions not recorded in accordance with managements general or specific authorization. Significant unreconciled differences between control accounts and subsidiary records or between physical count and the related account balance which were not appropriately investigated and corrected on a timely basis. Inadequate control over computer processing (for example, too many processing errors; delays in processing results and reports). Significant differences from expectations disclosed by analytical procedures. Fewer confirmation responses than expected or significant differences revealed by confirmation responses. Evidence of an unduly lavish lifestyle by officers or employees. Unreconciled suspense accounts. Long outstanding account receivable balances.

Management Frauds Some Examples

Majority of management frauds result in Accounting Scams or Scandals. They are also called as Corporate Accounting Scandals. Accounting scandals are political and business scandals which arise with the disclosure of misdeeds by trusted executives of large public corporations. Such misdeeds typically involve complex methods

for misusing or misdirecting funds overstating revenues understating expenses overstating the value of corporate assets or underreporting the existence of liabilities.

They are perpetuated sometimes with the co-operation of officials in other corporations or affiliates. In public companies, this type of creative accounting can amount to management fraud and investigations are typically launched by government supervisory agencies, such as the Securities and Exchange Commission (SEC) in the United States or SEBI in India. In 2002, a wave of separate but often related accounting scandals became known to the public in the U.S. Several leading public accounting and audit firms Arthur Andersen, Deloitte & Touch, Ernst & Young, KPMG, PWC, and othershave admitted to or have been charged with negligence in the execution of their duty as auditors to identify and prevent the publication of falsified financial reports by their corporate clients which had the effect of giving a misleading impression of their client companies financial status. In several cases, the monetary amounts of the fraud involved are in the billions of USD. High-lights of some of these scams are presented here. Enron Accounting Scam Enron Corporation was an American Energy Company based in Houston, Texas, United States. Before its bankruptcy in late 2001, Enron employed around 21,000 people and was one of the worlds leading electricity, natural gas, pulp and paper, and communications companies, with claimed revenues of $111 billion in 2000. Fortune named Enron Americas Most Innovative Company for six consecutive years. It achieved infamy at the end of 2001, when it was revealed that its reported financial condition was sustained mostly by institutionalized, systematic, and creatively planned accounting fraud. Enron used derivatives and Special Purpose Vehicles to manipulate its financial statements in three ways.

First, it hid speculation losses it suffered on technology stocks. Second, it hid huge debts incurred to finance unprofitable new businesses, including retail energy services for new customers.

Third, it inflated the value of assets of other troubled businesses, including its new ventures in fiber-optic bandwidth.

The lawsuit against Enrons directors, following the scandal, was notable in that the directors settled the suit by paying very significant amounts of money personally. In addition, the scandal caused the dissolution of the Arthur Andersen, then worlds top accounting and audit firm, which had effects on the wider business world. World.com scandal World.com was a top tele-communication company of US. To get more finance for its troubled business, it used a very simple procedure of showing revenue expenditure of maintenance of telephone lines as capital expenditure on telecommunication equipments. World.com thus showed more profits every year and also more assets . The financial institutions that lent money to World.com later found out that the assets were overstated in the books and the profits were not real. The company went bankrupt and loss was in billions of US dollars to lenders, investors and other stakeholders. Adelphias Management Fraud The Rigas family, which controlled Adelphia by having only 20% of share capital, treated Adelphia like a piggy bank: It used it, among other things, to pay for a private jet, personal share purchases, a movie produced by a Rigas daughter, and a golf course and a Manhattan apartment. In all, the family helped itself to secret loans from Adelphia. Parmalats corporate scandal Parmalat was Italys largest food company. The company admitted that it had discovered a $5 billion shortfall on its books. This was due to a massive scheme whereby top management overstated Parmalats reported profits and assets for more than a decade which allowed them to divert approximately $1 billion to themselves and/or to companies controlled by them via professional fees and clandestine asset transfers and enabled Parmalat to raise more than $5 billion from unsuspecting investors from the sale of newly issued securities. Summary

Errors are unintentional mistakes .Errors may affect financial statements. Errors are categorized as accounting errors and procedural errors. Accounting errors are errors of omission, commission , compensating errors and errors of principle. Frauds are intentional acts that cause injury or loss to others. Fraud can be employee frauds or management frauds. Employee frauds may involve defalcation of cash, misappropriation of goods and services. Management frauds involve fraudulent financial reporting.

Cyber frauds are frauds committed by using computers and information technology. Causes of frauds may be greed, hatredness, ambition and such qualities of human beings. In case of management frauds the reasons for frauds may be pressure on management, impending IPO , acute competition etc. Management is responsible for frauds. Sometimes auditors are also responsible for frauds. Symptom of frauds, also called as fraud risk factors, may be categorized as those involving symptoms of fraudulent reporting and those showing symptoms of misappropriation of goods. Symptoms of Fraudulent Reporting may be related to Managements characteristics, industry conditions and financial stability. Symptoms of Misappropriation may be related to nature of assets, nature of internal controls or size, complexity and ownership of the entity. Accounting scams like that of Enron have shown control over financial reporting through internal control , internal audit and audit is important.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 4 Accounting Conventions

Unit 4 Accounting Conventions, Concepts and Standards Introduction We have learnt that scope of internal control involves control over financial reporting as well. Detection of frauds or errors in financial reporting becomes an important part such control. We have also learnt that financial statements can be misstated due to frauds or errors. We have also noted that not following accounting principles may lead to errors and frauds. In fact, we have studied in the example of World.com scam that basic accounting principle of distinguishing between revenue and capital expenditure was not followed leading to fraudulent financial reporting and huge losses to many stakeholders. Thus financial statement needs to be based on certain standards so that the persons who rely on such statements are provided adequate assurance that no error or fraud exists.

These standards are required in the preparation of the financial statements as well as in the audit of those financial statements later by an auditor. In this unit, we shall study the rules used in the preparation of these financial statements which are popularly called as Generally Accepted Accounting Principles (GAAPs). We shall also study the mandatory accounting standards stipulated by Regulating Authorities with particular reference to India. To provide an effective internal control over financial reporting, a thorough knowledge of these standards is necessary. Objectives After studying this unit, you will be able to:

Explain the Meaning and nature of financial statements. Explain Generally Accepted Accounting practices (GAAPs) Explain the meaning and importance of Accounting conventions, concepts and standards. State the important Accounting Standards issued by ICAI and other international accounting bodies.

Meaning and Features of GAAPs Meaning and Nature of financial statements: Financial Statements are Balance Sheet and Profit and Loss Account (some times called as Income Statement). These are prepared from the books of account maintained by a business. Books of account are written based on accounting conventions, concepts and policies of the organization. Hence without understanding these conventions, concepts or policies if these financial statements are read, it is possible that the interpretation made is erroneous. Further, the accounting policies adapted can be different for two different set of financial statements. Hence any comparison between the two statements may not be possible unless the accounting policies are the same. For example, study the following results of two companies: A B 100 100 10 20

Profit before depreciation

Depreciation (on assets with book value Rs. 100)

Net Profit

90

80

Here though the Net Profit is more in the case of Company A, it is only because Company A has written off its assets @10% instead of @20% as in the case of Company B. Thus the depreciation policy was not uniform in case of these two companies. Any comparison and interpretation of Net Profit in this case will be erroneous unless the assumptions as to depreciation (an accounting policy) are considered while such interpretation is made. Hence to avoid such non-comparability, uniform accounting policies or standards are required in preparation of financial statements. Such policies usually consist of rules by way of Accounting Conventions, concepts or principles popularly called as Generally Accepted Accounting Principles (GAAPs) which include Accounting Standards set up a Regulating Authority. Some of these Accounting Conventions, concepts or assumptions are universally accepted norms followed by all businesses. GAAPs may be unique to particular nation and may have emerged as a practice or custom by accountants of a particular nation or region. Accounting Standards are usually evolved out of these GAAPs to bring about uniformity and clarity in accounting of a particular type of transaction or event. For example, in India the Accounting Standards are provided by ICAI. It also issues various Guidance Notes, Statements on particular aspects of accounting. There are various accounting practices in India regarding which ICAI may not have issued any Statement, Guidance Note or Standard. These practices followed in India and Statements, Guidance Notes and Accounting Standards issued by ICAI together are called Indian GAAP. Similarly there are US GAAPs and GAAPs of many other countries. It becomes necessary then, to study these Accounting Conventions, Standards so that no error or fraud exists in the financial statements. Accounting Conventions These are assumptions that are universally followed by all accountants. Hence no separate declaration is made as to their compliance in any financial statement. Such conventions are: 1. 2. 3. 4. Accrual Going concern Consistency Accrual

Under Accrual concept the transactions and other events are recognized on due basis. Thus financial statements prepared on accrual basis inform the users not only of past events involving payment and receipt of cash but also of obligations and benefits as they become due even though cash in neither paid or received during a particular period.

For example, if a company has taken loan from a bank amounting to Rs 1 crore and the interest is due amounting to Rs. 10 lakh at the end of a financial year, the company has to show Rs.10 lakh as interest expense and also show Rs. 1.10 cr. as liability due to the bank even though the company has not paid the interest amount. Though the convention is simple and can be easily understood many companies fail to follow this concept strictly. Expenses or income might not be accounted on accrual basis for reasons we have already studied in Unit 03 relating to management frauds. Accrual is a convention which is followed in every country. In India though business firms follow this convention, there are still instances of this convention not being followed in case of small enterprises. Companies Act 1956 has made it compulsory that every company in India has to record transactions on accrual basis. As against accrual basis of accounting we have cash basis of accounting where business transactions are recorded only on actual receipt or payment basis. For example, in the above case if the company shows interest as expense only on actual payment in any future year it is following cash basis of accounting. 1. Going concern Under this convention Accountants assume, unless there is evidence to the contrary, that a company is not going insolvent. They assume that a company will remain for a long time in future. Naturally the assets and liabilities even though do not fetch the value mentioned in the Balance Sheet as on a particular day are shown at their cost and not at realizable value because they are not going to be sold anyway. Going concern convention also means that assets and liabilities are to be shown at their net realizable value if the business is to be discontinued at the end of a particular period. Thus this assumption has important implications for the valuation of assets and liabilities. For example, if a company has Land which was purchased at Rs. 1.00 crore and which has a market value of Rs. 50 lakh on 31st March 2007, the company will show only Rs. 1 crore in its Balance Sheet as at 31-3-2007 as the assumption is that the company will exist even after 31-32007. But if the same company has decided to discontinue its business from 31-3-2007, it has to show the value of land at Rs. 50 lakh as per Going concern convention. 1. Consistency According to this convention business transactions and valuation methods are to be followed in the same way from year to year, or period to period. This would help users of financial statement to make more meaningful comparisons of financial performance from year to year.

For example, if a company were to follow accrual basis of accounting in one year and change to cash basis next year the results of both years cannot be compared. Similarly if the depreciation rate for a Fixed Asset was 10% in one year and 20% in subsequent year, the financial statements would show in- consistent information. This convention also means where such accounting policies are changed, companies are required to disclose this fact and explain the impact of such changes on profits or asset or liabilities. Accounting conventions are followed by most of the businesses and hence the financial statements do not mention the compliance of these conventions. However any non-compliance of these conventions in financial statements should be disclosed to the persons who read these statements so that proper interpretation or understanding is possible.

Accounting Concepts This concept are fundamental to accounting. Some of the Accounting Standards are derived from these concepts. Without these concepts it is not possible to bring reality in financial statements. Major accounting concepts recognized are: 1. Business entity concept This concept seeks to ensure that private transactions and matters relating to the owners of a business are segregated from transactions that relate to the business. Money invested or money withdrawn by owners of the business, personal expenses of the owners of a business are treated separately in the books of the business. For example, Life Insurance Premium of proprietor is not an expense of business and hence shown as Drawings by the proprietor in the books of that proprietary business. 1. Money measurement concept Accountants do not account for items unless they can be quantified in monetary terms. Items that are not accounted for (unless someone is prepared to pay something for them) include things like workforce skill, morale, market leadership, brand recognition, quality of management etc. 1. Periodicity concept This concept is also called concept of definite accounting period. Financial statements should be prepared at definite intervals say, every year so that comparison is possible. For example, we prepare Balance Sheet at the end of every financial year. Hence this concept can also be called Comparability concept. This concept makes accrual convention more meaningful. 1. Historical Cost concept or Cost concept

The most commonly encountered concept is the historical cost concept. This requires transactions to be recorded at the price ruling at the time of transaction, and assets are recorded at values which are their original cost. Thus one records sales at the price mentioned in the invoice and not at the price at the time of payment by the customer. An asset like Building is shown at its construction cost less depreciation provided according to various rules or laws. It is not shown at its present market value. Only when the Going Concern convention is not followed cost concept also is not followed. At such times, the value is shown at net realizable value. Under the historical cost concept, therefore, no account is taken of changing prices in the economy. 1. Realization concept With this convention, accountants recognize transactions (and any profits arising from them) at the point of sale or transfer of legal ownership. Thus when the asset is recorded at historic cost once, its value is never changed and accounted even though market value increases every year. Such increase value is accounted only when such asset is realized i.e. sold, except when Going concern assumption is not met. This concept also means that unless you are sure of realization of an amount do not disclose it at that value in the books of account. For example, if you sold goods on sale on approval or return basis, unless the customer has approved you cannot show the sales, even though the goods are with the customer. Till he approves, the goods are stock lying with customers.

6. Dual aspect concept This concept is the basis of double entry book-keeping. Every transaction has two aspects. Both are to be recorded in the books of accounts, under this concept. The two aspects are debit and credit . We have seen how non-compliance of this concept can lead to errors of commission. 7. Conservatism concept This concept states that accountant should not anticipate income but should provide for all losses. When alternate values are available to an accountant he should chose only the lesser value. The basis of this concept is to safeguard the assets of the business and to be transparent to all stakeholders. For example, if there is case against the company by a supplier, the company has to show the claim as contingent liability in its financial statements. The moment the Court makes a

judgment against the company, the company has to show the amount as liability in the books. Such a rule would help the readers of financial statement know about future liabilities and actual liabilities in time to take suitable decisions. Similarly, a company should not show any income in its profit and loss account unless it is sure of receiving it. For example, a company might have received a sanction of subsidy by a Government. Unless the sanction conditions are not fulfilled, the company cannot claim the subsidy. The company in this case cannot show the subsidy amount as an income. 8. Matching concept Income should be properly matched with the expenses of a given accounting period. This concept is based on the accrual convention and periodicity concept. For example, a firm sells 1000 items and receives the full sale proceeds of Rs100000. Assume the cost of these materials are Rs. 50,000.These costs are yet to be recorded in the books as they have not been paid. The firm cannot prepare a Profit and Loss Account without recording such costs. The firm would have to record them on accrual basis showing the liability to supplier. Then only it can provide a correct Profit and Loss Account. In the absence of such concept the firm would show Rs.1,00,000 as income in first year and Rs. 50,000 as expense next year when it pays for cost of materials, which results in confusing financial statements. 9. Materiality The preparation of accounts involves a high degree of judgment. Where decisions are required about the appropriateness of a particular accounting judgment, the materiality convention suggests that this should only be an issue if the judgment is significant or material to a user of the accounts. The concept of materiality is an important issue for auditors of financial accounts. For example, if taxes are collected by a firm, it has to show the amount of taxes collected as well as taxes paid or payable also even though the amount involved is meager. This is because the Law requires such information to be provided in the financial statements.

Prudence This concept stipulates that profits are not recognized until a sale has been completed. In addition, a cautious view is taken for future problems and costs of the business. This concept is almost similar to conservatism concept. Concepts or principles followed in preparation of financial statements

In addition to aforesaid concepts which are used in recording the transactions in the books, the following principles are also followed while preparing the financial statements: Understandability: This implies the expression, with clarity, of accounting information in such a way that it will be understandable to users who are generally assumed to have a reasonable knowledge of business and economic activities. Thus while preparing the financial statements complex and highly technical language should not be used whereby the user is confused. Relevance: This implies that, to be useful, accounting information must assist a user to form, confirm or maybe revise a view usually in the context of making a decision (e.g. Should I invest? Should I lend money to this business? Should I work for this business?) Reliability: This implies that the accounting information that is presented is truthful, accurate, complete (nothing significant missed out) and capable of being verified (e.g. by a potential investor). Objectivity: This implies that accounting information is prepared and reported in a neutral way. In other words, it is not biased towards a particular user group or vested interest. Substance over form Legal formats need not be given importance as long as they do not support the substance of the transactions. Thus the transactions are to be recorded in accordance with their substance and economic reality. For example, if a firm has received rent from leasing its building. It cannot show such rental income as service charges though some Law or Act might treat such rental income as service charge. The substance of this transaction was leasing and the income was lease rent and not service charge. Full, fair and adequate disclosure Nothing should be omitted from financial statements.

Full disclosure means all transactions should be recorded. Fair disclosure means that disclosure should be in a manner that financial statements are showing true and fair view of the results of the business of the enterprise. Adequate disclosure implies that the information influencing the decisions of the users should be disclosed in detail and should make sense.

Accounting Standards Nature and significance of Accounting Standards

Globalization of business has led to complex business transactions. Accountancy is the language of business. Hence if this language is misunderstood or misinterpreted lot of harm can be done to all stakeholders. Thus it is necessary that the financial reporting process is properly regulated. Hence standardization of accounting principles and policies is necessary while presenting financial statements to a stakeholder who might be in different part of the world than where the business is situated. We know presenting of financial statements to stakeholders is a must due to legal requirements also. This process is also called financial reporting. We have studied that many internal controls are required in financial reporting. Frauds and errors creep into financial statements and mislead the stakeholders. Non-compliance of accounting standards can be due to error or fraud. Thus Accounting Standards are a very important part of financial reporting. Accounting Standards are written policy documents issued by expert accounting bodies or by Government or other regulatory bodies. Accounting Standards are those principles, concepts or conventions which have been codified by the accounting and auditing practice regulation authorities of a nation or by internationally constituted accounting or auditing bodies. International Accounting Standards: International Accounting Standards Committee (IASC) is a premier accounting institution. The IASC has issued a total of 68 exposure drafts, 41 International Accounting Standards (IASs) and Interpretations of IAS between 1973 and 2001. The International Accounting Standards Board (IASB ) replaced the International Accounting Standards Committee (IASC) in April 2001. The International Financial Reporting Standards (IFRSs) are a new set of Accounting Standards issued by the International Accounting Standards Board (IASB). All these Accounting Standards ultimately deal with a specific accounting transaction, issue or event and stipulate how this issue, event, transaction or item is to be dealt or presented in the books of account or financial statements. Most of the Accounting Standards issued by these bodies have become benchmarks or mandatory. For example, if an Indian company or a bank transacts in various countries it is not sufficient that it complies the Accounting Standards or GAAPs of India. It has to comply with international accounting standards and sometimes the accounting standards of a country in which it operates, say US GAAPs.

Thus there is every need to know more about know the global accounting standards and GAAPs of various countries in these days of globalization. Accounting Standards in India There have been major changes in financial reporting in India since the economic reforms and globalization began in the early 1990s. Among others, the following forces are important

Capital, product and labour market pressures Company law and Securities law changes in India International accounting and Securities regulations.

In the last decade, there have been significant changes to Indian laws and regulatory requirements relating to accounting and governance. The major developments are briefly as follows: a) The Institute of Chartered Accountants of India (ICAI)

It is the premier institute of India, set up under an act of parliament and has been empowered to regulate accounting and audit profession in India. Its members, popularly called as Chartered Accountants, are qualified to undertake audit of companies in India as well as to provide many audit services like Tax audits under Income Tax Act 1961. In India ICAI has been issuing Accounting Standards based on International Accounting Standards since the beginning. India started issuing Accounting Standards in 1977. So far it has issued 29 Accounting Standards. Even earlier to that, ICAI had been issuing Guidance Notes and providing Expert Opinions to its members regarding complex accounting matters where no standards exist. The accounting standards issued by ICAI have been adopted by the Government and the Department of Company Affairs has stipulated that these Accounting Standards are required to be complied by Companies in India in the preparation of financial statements. The ICAI also has directed its members to report on the non-compliance of these standards in the companies that are being audited by them.

b) National Advisory Committee on Accounting Standards: In 1999, the Companies Act, 1956 was amended to provide for setting up a National Advisory Committee on Accounting Standards (NACAS) to advise the Government on the formulation of Accounting Standards. Accounting Standards of ICAIAn Overview: ICAI has been issuing Accounting Standards since 1977. These Standards though not an exact copy of International Accounting Standards, are similar to IAS in many cases. Though these

standards were only 15 till year 2001, between 2001 and 2005 14 new standards have been issued in the post-Enron era. Applicability of Accounting Standards and GAAPs General Applicability All these Accounting Standards are to be complied by all the Companies in India. Companies Act stipulates that Accounting Standards of ICAI have to be adhered to while maintaining books of account and also in preparation of financial statements. If there is any deviation in this regard the statutory auditor of the Company shall report this fact of non-compliance and its effect on profits, losses, assets or liabilities. Hence it becomes necessary that the managements of the companies be aware of this fact and try to comply all these Standards. An overview of these standards is provided here. The abbreviation AS stands for Accounting Standard here. (AS 1) Disclosure of Accounting Policies: This Standard requires that proper disclosure of Accounting Policies followed in the preparation of financial statements should be made in the financial statement itself. This would facilitate more meaningful comparison of financial statements by users. While discussing the principle of Full, Fair and Adequate disclosure earlier, we have noted that the user should be provided the accounting information in complete form which is fair and adequate for his decision making. This Standard makes this concept or principle to be compulsorily followed by Companies. This standard lays down that:

Choice of an accounting concept, principle or policy by a company should be is based on prudence, materiality and the principle of substance over form. All significant accounting policies adopted in preparation of financial statements are to be disclosed. Significance is to be decided from users point of view and not from the point of Management. What is important to a reader of financial statement might not be important to Management. Usually the accounting policies adopted are disclosed by way of Notes to Accounts at the end of Financial Statements. Changes in accounting policies are to be disclosed with its effect on financial statements. For example, if a company changes the method of charging depreciation on its assets from Straight Line Basis to Written Down Value method, the effect of such change on Profits or Assets should be disclosed in the Notes to financial statements. Accounting assumptions, if not followed, disclosure is required. We have studied that accounting conventions are universally followed. However if they are not followed by a firm, it should mention the fact by way a Note to financial statements.

(AS 2) Valuation of Inventories: Inventory is stock of goods for sale or consumption in a business. Inventory can be classified as follows:

Raw materials Finished goods Work in progress Stores, consumables etc.

Internal control as to inventory is very important as frauds and errors frequently occur in this area. Misappropriation of goods is common if no control over inventory exist. Similarly stock records are subject to manipulation also. Items in stocks at the end of the year can be valued at more value to show more profit or at less value to show less profits. Thus fraudulent financial reporting can be resorted to with reference to inventory valuation. Hence a Standard is necessary with regard to inventory valuation. Purpose of this Standard is to:

determine what is inventory in case of a business. provide standard as to measurement and classification of inventory .

Such an analysis of inventory would ensure true and fairness of Profit and Loss Account and Balance Sheet as far as inventory is concerned. Main stipulations laid down by this standard are:

Revenue and capital expenditure distinction is to be made while deciding what is inventory. Goods meant for sale during the regular business are inventory. For example, a car is inventory for a car dealer but a fixed asset for a doctor as the latter is not buying and selling the car regularly. Valuation-method as to inventory can be FIFO (First in First out) or Weighted average and not any other method. - FIFO method of valuation assumes that goods that have been bought first are sold first. Thus the closing stock consists of goods that are bought later. Valuation of closing stock would be at latest prices. - In Weighted average method , the stocks are issued or valued at the weighted average cost of purchase till that point.

Thus internal control over purchases, stores etc. should be designed according to these Standards.

(AS 3) Cash Flow Statements: Cash flow statements provide the summary of inflow and outflow of cash in a business. Cash flow statements are now a part of financial statements, in case of a listed (listed with stock exchanges) company in India. Purpose of this standard is to provide more meaningful disclosure and comparison between two sets of cash flow statements. This standard stipulates that Cash Flow Statement has to disclose the following information

Cash flow from operating activities Operating activities are regular business activities of a company. Cash flow from financing activities

-Financing activities involve inflow like raising capital, borrowing loans and similarly outflow like repayment of loan, redemption of preference shares etc.

Cash flow from investing activities - Investing activities involve outflow like purchase of fixed assets or investments and inflow like sale of fixed assets or investments.

(AS 4) Contingencies and Events Occurring after the Balance Sheet Date: Contingent losses are those which may happen only when another event on which contingent event is dependant occurs or not occurs. For example, in case of a bank guarantee issued by a bank, only in the event of the person on whose behalf the Bank Guarantee has been issued defaults , the bank is liable for payment . Similarly, some of the events that occur after the Balance Sheet date, though are not reflected in the financial statements, nevertheless effect the decision-making of any investor, creditor or any stakeholder. For example, a major fire occurring after the Balance Sheet date, which destroys entire factory of a company, is an event that will effect the decision of a potential investor of or lender to that company. Hence this fact is to be disclosed in financial statements.

This Standard lays down that as a conservative measure contingent losses and events occurring after Balance Sheet date are to be disclosed by way of a Note in the Statements. This would help in proper evaluation of financial statements. The statement also stipulates that contingent gains should not to be accounted as a conservative measure. (AS 5) Net Profit or Loss for the period, Prior Period and Extraordinary Items and Changes in Accounting Policies: This Standard lays down that distinction should be made between Ordinary and Extraordinary items and Prior period item in the financial statements. For example, if a huge tax payment of earlier year is made this fact is to be separately mentioned in the financial statements as it is a prior period item. A bank might have spent huge money on Voluntary Retirement Scheme of its employees. This is not an expense of one year. The bank even though shows such expense as revenue expenditure, should show it separately as an Extra ordinary expense. Similarly, a company if it makes huge profit by selling its land and building cannot club it with its regular business income. Such extraordinary profit should be separately mentioned in Profit and Loss Account. Similarly changes in accounting estimates and accounting policies and their effect on financial statements are to be distinguished and disclosed in the financial statements. In this regard we have already studied in AS1

(AS 6) Depreciation Accounting: Depreciation is an estimated amount written from the value of assets and shown as expense. Manipulation of profit and asset is possible by manipulating such estimate. We have seen earlier how providing more or less depreciation can reduce or inflate the profits. True and fairness as to assets can be decided by correct measure of Depreciation. Similarly profit or loss can be decided fairly if correct depreciation is provided. This Standard stipulates that:

Depreciation should be provided on fixed assets. Depreciation amount should be based on the life of the asset. Depreciation method followed should be consistent from year to year. Effect of changes in method of depreciation should be disclosed in the financial statements.

(AS 7) Accounting for Construction contracts: Construction contracts are of special types of business as the profit or loss can be decided only on final completion of the contract. However construction companies might have to show estimated profits or losses every year in their financial statements. Purpose of this Standard is to decide when and how the revenue and costs of a construction contract are to be recognized as the contract may take more than a year to complete. The Standard stipulates that companies have to follow percentage completion method and show profit or loss every year during which construction is undertaken as per the rules laid down in the Standard. (AS Accounting for Research and Development:

This standard was dealing with R& D Expenditure. However the Standard has withdrawn as new Standard on intangibles has been introduced. (AS 9) Revenue Recognition: Purpose of this Standard is to lay down principles to correctly recognize what is the revenue of an enterprise and to match revenue to cost. Some problem areas addressed by this Standard are:

Grounds for classifying a revenue into sale or service or other income, for example, contract for supply and erection of plant whether service or sale might have to be decided based on the factors laid down in this standard. Time when the revenue is to be recognized, for example, whether a particular transaction is complete on delivery or on sending invoice or on getting an order is to be decided based on the rules laid down in this Standard. Treatment of revenue in case of uncertainty of its collection.

(AS 10) Accounting for Fixed Assets: The Financial Statement i.e. Balance Sheet has to represent true and fair value of fixed assets. For this, distinguishing between revenue and capital expenditure is required. Factors which pose problem in this regard are:

Capitalization of borrowing costs interest paid on loans for acquiring assets which are not put to use. Payment for technical know-how whether these are revenue expenditure or capital expenditure are to be decided.

Project delays might result in assets not being put to use. What should be the treatment of expenses related to asset is to be decided. Non-monetary consideration paid to acquire an asset for example parts of assets might have been manufactured in the factory itself. What should be the cost of asset might have to be decided. Nature of repairs to assets a company might incur heavy repairs to an asset due to which more benefit might occur out of that asset. Is the repair a revenue or capital expenditure- is to be decided. Foreign Exchange loss or profit while acquiring an asset whether to be adjusted to the cost of the asset or shown separately in Profit and Loss Account is to be decided.

This standard provides guidance for all these problematic issues pertaining to different accounting matters relating to fixed assets. Similarly how Revaluation of fixed assets-is to be treated in the books is also dealt in this Standard. The Standard also provides how Assets are to be presented in Balance Sheet. (AS 11) Accounting for the Effects of Changes in Foreign Exchange Rates The problem with regard to foreign exchange transactions done when business is within the country as well as outside the country in foreign branches of a company are that -the exact value at which these are to be represented in Indian currency (Rupees) cannot be easily arrived at, due to exchange rate fluctuations. For example, you may have imported machinery at $10000 when the rate was Rs45/US$ whereas while making payment of this $10000, you have to pay by dollars say, at Rs. 48 per Us$. How the loss of Rs. 30,000 (Rs. 310000) is to be treated in the books is dealt in this Standard. This standard lays down the rules for treatment of foreign exchange profit or losses in various types of transactions of an entity. It also stipulates the manner of presenting in the assets and liabilities held at foreign branches of an entity. (AS 12) Accounting for Government Grants: The nature of grants from Governments is unique. Sometimes they may be given to acquire some asset, sometimes as a concession, sometimes as incentive like subsidy. Further these grants may not be received within the stipulated date though sanctioned. Hence this standard lays down the guidelines to properly account/disclose different types of Government Grants.

(AS 13) Accounting for Investments: Investments are usually in assets like shares, debentures, fixed deposits etc held by companies. Some of these may be held for long term and some may be held for short term. The value of investment in shares is fluctuating and hence on a Balance Sheet date the value of such investments may have appreciated or declined. Purpose of this standard then is to properly reflect nature of investments, their cost and valuation in financial statements. The standard stipulates that:

Classifying investments into current and long term is needed. Decrease in value in current investments is to be accounted. Only permanent decline in value of Long Term investments is to be accounted. Distinction is to be made between Quoted and unquoted investments.

(AS 14) Accounting for Amalgamations: Specific accounting issues relating to amalgamation or merger of two companies are dealt here. The standard has been introduced to reflect nature of amalgamation and determination of treatment of goodwill or reserve and such other issues. (AS 15) Accounting for Retirement Benefits in the Financial Statement of Employers: Retirement benefits are provided to employees by employer. They consist of benefits like pension, gratuity, provident fund, leave encashment etc. These are paid to employee only on retirement. However setting aside a sum towards these expenses every year is prudent step by employer. This standard also stipulates that such provision is to be made. Companies are required to properly and systematically account retirement benefits like pension, gratuity in their books. Issues discussed here are:

Manner of funding of retirement schemes-definition of contribution schemes. Actuarial valuation methods that are to be considered in making provision for these expenses in the books of the employer.

Thus while establishing internal controls for Personnel function these aspects are to be taken care of by the Management.

(AS 16) on Borrowing Costs: Borrowing costs are usually interest paid on funds borrowed. Such funds may have been used to acquire an asset which has not yet been put to use. Whether the interest paid in such cases is revenue expenditure or is part of the cost of the asset has been discussed in this standard. Purpose of this standard is to correctly account the borrowing costs when they are incurred for buying assets. Issues dealt here are:

Definition of qualifying assets which take substantial period to get ready for their intended use or sale. Capitalization or charging to revenue is to be decided as to interest on borrowings used to acquire such assets When such capitalization commences or suspends or ceases is discussed here.

(AS 17) Segment Reporting: These days all major institutions have many segments of businesses-product-wise or geographic area-wise. Some segment may be providing profits to the firm while other may be incurring losses. Segmented information will provide the users better understanding of business and performance of an entity. This Standard lays down that such segment-wise profitability is to be provided by Companies. This standard lays down the manner of defining such segments, arriving at the revenue, expenditure, asset and liability of each segment. (AS 18) Related Party Disclosures: Transaction done with any party which is related to Management of a company is often suspected. To have good corporate governance the related-party transactions should not be misused in any organization. This Standard requires that related-party transactions are to be disclosed separately as a part of financial statements. Issues dealt here are

Definition of a related party as- person having control and significant influence. Relative, key management personnel, associates, joint venture are some of the terms defined in this standard. Related party transactions can be of different types. Related party relationships are also of many types according to this Standard.

(AS 19) Leases: Leases are peculiar transactions where the assets are not recorded in the books of the user of such assets as Assets, whereas they are recorded in the books of the owner even through the physical existence of the asset is with the user (lessee). The purpose of this Standard is to correctly depict the right and position of assets in a lease. Issues dealt here are:

Financial leases and Operative leases are to be identified first. In financial lease lessee has to account the assets and claim depreciation. For taxation purpose lessor may still continue to be owner based on the terms of lease.

(AS 20) Earnings per Share (EPS) The Purpose of this Standard is to provide principles of determination of EPS, as most of the decision makers like investors rely on EPS when deciding to buy or sell a share/stock of any company. Issues dealt are:

Determining the value of earnings, number of shares of the entity. Issues relating to calculation of EPS during amalgamation, in case of partly paid shares or bonus shares. The standard stipulates that the companies have to disclose Diluted EPS in cases of future conversion of bonds or warrants into shares.

(AS 21) Consolidated Financial Statements: These days many companies have subsidiaries and associate concerns. The performance as group may totally vary in relation to individual performance of the Company. Hence information on group performance is needed. Purpose of this Standard is to know the financial position of the entire group and not only of the concern which is submitting the financial statements. This would help in correct decision making by the stakeholders like investors or creditors. (AS 22) Accounting for Taxes on Income: Taxes are deferred /postponed due to provisions of Taxation Laws. Firms claim higher depreciation than shown in the books for tax purpose. Similarly due to facility of carry forward of losses, the income of an entity may not be taxed up to certain number of years in future. This leads to wrong information being provided in the financial statements as to taxes. This standard requires that effects of such deferred taxes are to be accounted in the books.

(AS 23) Accounting for investments in associates in consolidated financial statements: Many scams like that of Enron have occurred due to non-disclosure of liabilities of the company as to investments made in associated concerns. Purpose of this standard is to fairly account the position of investments in associate concerns so that any liability in this regard is disclosed. (AS 24) Discontinuing Operations: Purpose of this Standard is to establish principles for reporting information about discontinuing operations thereby enhance the users ability to make projections. (AS 25) Interim financial reporting: Statutory bodies like SEBI stipulate that the companies have to report quarterly performance. However in the absence of correct standard quarterly financial statements are misleading as only a review and not audit of these statements are made by the auditor. Hence the purpose of this standard is to prescribe minimum content of interim financial report and to prescribe principles for recognition and measurement in a complete or condensed financial statement for an interim period. Issues as to calculation of taxes, retirement benefits, damages, seasonal effect, intra-company transactions in interim reports are discussed here. (AS 26) Intangible assets: Purpose of this Standard is to provide the accounting treatment for intangible assets that are not dealt in any other Standard. Issues dealt here are:

Criteria of recognition of intangibles are -identifiably, control, future economic benefits and measurement of cost. Amortization methods of intangibles. Brand valuation, HR valuation.

(AS 27)Financial reporting of interest in joint ventures (JVs): Purpose this standard is to set out principles and procedures for accounting for interest in JVs and reporting of JV assets, liabilities, income, expenses in financial statement of investor or venturer.

(AS 28) Impairment of Assets: Scams like that of World.com occurred due to non-disclosure of erosion in value of assets. Purpose of this standard is to disclose fair value of assets by providing for impairment (reduction in value).

Issues dealt here are:

Factors which decide impairment can be internal or external sources of information. Net selling price based on binding sale, active market, best estimate are the valuation methods of assets. If value in use is more than recoverable value, providing for impairment is necessary. Annual review, reversal of impairment is to be made.

(AS 29) Provisions, Contingent liabilities and assets: This Standard provides standards as to when and how provisions are to be made for liabilities; How to differentiate a liability from contingent liability and how to identify and treat a contingent asset.

Summary

Balance Sheet and Profit & Loss A/c are the major financial statements. Different accounting assumptions, conventions, concepts popularly known as GAAPs effect these on financial statements. To bring uniformity and comparability, there is the need for Accounting Standards. The institutions like ICAI issue Accounting Standards in India. An overview of the important Accounting Standards issued by ICAI provides a good understanding of areas and topics dealt in Accounting Standards in India.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 5-Financial Reporting and Internal Control

Unit 5-Financial Reporting and Internal Control

Introduction We have noted that the scope of internal control includes control over financial reporting. Significance of such controls was discussed in Unit 01. In Unit 03, we discussed how fraudulent financial reporting can affect the judgment of stakeholders and how such frauds have actually led once reputed companies to bankruptcy and notoriety. We have also seen that noncompliance of GAAPs intentionally can be regarded as fraud. In Unit 04, we have studied what these GAAPs are. We have studied in detail about the Accounting Standards issued by ICAI . What are the legal requirements as to financial reporting by companies are to be studied to have a thorough understanding of internal control framework required for financial reporting. For example, the companies should know when they are required to provide financial statements to their shareholders. Provisions of the Companies Act 1956, which governs Indian companies, are discussed here with specific reference to Financial Statements and their presentation to stakeholders. Similarly, we have so many other regulations, particularly for the companies which list their shares in the stock exchanges. Some of these regulations insist a code for Corporate Governance so that the management itself does not override its controls. A brief study of this Corporate Governance Code is made here. Corporate Governance Code in Indian is issued by Security Exchange Board of India (SEBI). This Code also provides guidelines as to internal controls required in the area of financial reporting. A study of relevant aspects of this Code is made here. Internationally also, after the wake of Accounting Scams of 2002 like that of Enron or World.com many regulations have been imposed on Corporate sector so that fraudulent financial reporting is prevented. One such regulation is Surbanes Oxley Act of United States. This Act, popularly called as SOX, provides detailed guidelines for setting up, identifying and implementing internal controls in the area of financial reporting. A brief study of some of the provisions of SOX is made here. Comparison of SOX with latest framework developed by COSO is also made here for a better understanding of nature of internal control which we have already discussed in Unit 1. Objectives After studying this unit, you will be able to:

State the provisions of the Companies Act in India as to financial reporting. Explain the meaning of corporate governance and its effect on financial reporting and internal control. State the provisions of Corporate Governance Code of SEBI on financial reporting and internal control. State the provisions of SOX as to internal control and financial reporting. Explain the emerging trends in financial reporting.

Provisions of Companies Act 1956 as to Financial Reporting Any company in India has to follow the provisions of the Companies Act 1956 as that Act only has given birth to such company. Companies Act contains many provisions relating to books of account, preparation of financial statement , audit of such financial statement, financial reporting to shareholders and to other authorities and also as to duties of Management as to these aspects . Some of these provisions are discussed here. Provisions relating to audit etc shall be discussed in later Units.

Books of Account (Section 209 of Act) -The Act stipulates that books of account are to be maintained in accrual basis and not on cash basis. -Books of account should disclose

Receipts and payments of money Purchases and Sales Assets and Liabilities Quantitative details of inventory -Thus the following books are essential in a company

Cash book Journal General ledger and subsidiary ledgers Stock Register In case of some companies Cost Records are required to be maintained -If these books are not maintained according to Act the Management of the company will be liable for the offence committed. -Books of account can be inspected by Registrar of Companies or any Inspector appointed by him.

Accounting Standards(Section 211(3c) ) -As discussed in previous Units all the Accounting Standards issued by ICAI have to be followed. -If these Standards are not to be followed the company should seek prior permission from the Department of Companies Affairs, giving the reasons for impossibility such non-compliance.

-Any deviation in compliance of any of these Standards and their effect on financial statements are to be disclosed in financial statements.

Preparation of financial statements -For every accounting year Balance Sheet and Profit and Loss Account is to be prepared. -Such Balance Sheet and Profit and Loss Account should be in the format as provided in Schedule VI of the Act containing all the details as required in that Schedule. -These financial statements should be true and fair (meaning of which is provided later Units).

Audit of financial statements -The financial statements are to be audited by a Chartered Accountant appointed generally by Shareholders of the Company. -In case the Company does not appoint the auditors the Central Government has power to appoint the auditors. -An Audit Committee consisting of directors should be set up to see that appointment of auditors or internal auditors, co-ordination with auditors, matters relating to audit, replying to queries of auditors etc. are taken care of. Such committee is required whenever paid up capital of the company is more than Rs.5 crores or if it is listed.

Financial Reporting -Audited Financial statements are to be laid before shareholders in their Annual general meeting (AGM) for their approval. -Directors Report and Auditors Report all should be presented in the AGM. -Directors report should contain the matters stipulated by the Act like directors responsibility statement and answers to queries raised by the auditor in his report. -The directors responsibility statement should state the responsibility of directors as to internal controls, accounting policies and accounting standards adopted in financial statements. (The format of Directors Responsibility Statement is provided at the end of this Section). -Time limit for holding such AGM is
o

Six months from the end of the Accounting Year

Nine months from the end of the Accounting Year in case of new companies having their First AGM

-Prior permission is required if any extension of time is required for holding AGM -Shareholders are to be sent a notice at least 21 clear days before the date of AGM. Along with notice of AGM copies of financial statements together with Directors and Auditors Reports are to be sent. All these provision clearly show that Companies Act provides enough regulations so that Managements of companies do not indulge in fraudulent financial reporting.

Format of Directors Responsibility Statement

Table 5.1: Format of Directors Responsibility Statement

Corporate Governance Code of SEBI of India Meaning of corporate governance:

Corporate Governance is all processes and structure by which business and affairs of a corporate are directed and maintained. Objectives of Corporate Governance:

To build up an environment of trust and confidence amongst those having competing and conflicting interest. To enhance shareholders value and protect the interest of other stakeholders by enhancing the corporate performance and accountability. To ensure compliance with laws. To use of best management practices. To bring transparency in transactions and financial reporting.

Thus you can observe that the objectives of Corporate Governance are similar to those of internal control.

History of corporate Governance:

Cadbury Committee of UK suggested first regarding the need for a corporate governance code on failure of corporates to be transparent in that country. Blue Ribbons Committee of US again recommended such code in US due to Corporate frauds in US. Kumar Mangalam Birla Committee in India suggested Corporate Governance measures to promote and raise the standard of such corporate governance in India. Based on the Birla Committees recommendations SEBI came up with Code on Corporate governance.

Features of SEBI code on Corporate Governance:

SEBI code is mandatory to all listed companies now. Clause 49 of Listing Agreement with Stock Exchanges stipulates that this Code is to be complied if the company intends to list the shares. Corporate Governance Report should be a part of Annual report sent to shareholders. Statutory Auditors of the company have to certify this report. Mandatory requirements in the Report are:

-Mention of Composition of Board

The Board of Directors should consist of majority of independent Directors.

-Details of Compensation to directors

Remuneration to Directors should be decided by a committee of directors who are independent in majority.

-Functions of Audit committee

As already mentioned above audit committee should supervise audit related matters including setting up of internal control.

-Functions of Investors Grievance committee

It should look into investor grievances.

Other features of this code are:

-Providing a Management Discussion & Analysis Report where the contents should include:

Outlook for the Company risks & concerns related to the Companys business internal control systems & its adequacy discussion on financial performance

disclosure on material financial and commercial transactions with the company structure & developments, opportunities & threats

Thus we can see that this Code takes extra care so that the Managements of companies do not resort to fraudulent financial reporting and directors are actively involved in the internal control and risk control activates of the company.

SOX and Internal Control An Overview of Sarbanes-Oxley Act

SOX became law on July 30, 2002(after the Enron Scam) The Act established a Board (PCAOB) to create auditing standards and regulation for all Security Exchange Commission (SEC) registrants. It created specific corporate responsibility for financial reporting, internal controls and audit committee standards. It enacted rules relevant to attorneys, securities analysts, auditors and brokers in relation to financial reporting. It established criminal penalties for non-compliance of its provisions.

Objectives of SOX:

Provides confidence and trust to investors and public in the post-Enron era. Requires management accountability focus on rapid identification & correction of internal control weaknesses along with additional financial disclosure requirements. Holds external auditors to higher attestation standards.

Key Sections of SOX:

Section 302 requires the CEO (Chief Executive Officer) and CFO(Chief Financial Officer) of a Company to sign on a quarterly basis on financial statements of that quarter, attesting fairness and internal control effectiveness. They also must report any significant changes in internal controls since their last evaluation. Section 404 requires a separate management report on internal control effectiveness and audit by the organizations external financial statement auditor.

Section 906 is related to Sections 302 and 404, and requires that CEOs and CFOs ensure all financial reporting (including annual and periodic reports) fairly presents, in all material respects, the financial condition and results of operations of the issuer. It also provides for significant criminal penalties for non-compliance. Section 201 prohibits a registered public accounting firm from performing both audit and non-audit services. Section 301 requires an audit committee to establish whistleblower procedures to allow the confidential and anonymous submission of concerns regarding questionable accounting or auditing matters. Section 409 requires disclosure to the public on rapid and current basis additional information concerning material changes in the financial condition or operations of the issuer.

Effect of SOC on Internal Control:

SOX was far-reaching and contained many new regulations. Of particular interest to us are the new rules regarding the reporting of evaluations related to internal control over financial reporting. These are required by Section 404(a) and (b) of SOX details of which are as follows: Each annual report of a company has to contain an internal control report, which shall:

State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. Contain an assessment, as of the end of the issuers fiscal year, of the effectiveness of the internal control structure and procedures of the company for financial reporting. In addition, the Act via Section 404(b) which covers Internal Control Evaluation and Reporting, requires in respect of the internal control assessment, that the organizations auditor shall attest to, and report on the assessment made by Management

Adequacy of SOX Regulation: Though SOX is regarded as effective measure to reduce fraudulent financial reporting and enabler of strengthening of internal controls in companies few regard that it is not adequate. Some comments on SOX are as follows:

SOX focuses on one specific aspect of internal control, that related to internal control over financial reporting whereas, as has been previously noted in Unit 01 the key internal control frameworks such as COSO, Turnbull and CoCo take a wider business led approach and cover all controls.

Assessments of internal control using the SOX definition are less likely to focus on the business benefits that can result from a review of the wider aspects of internal control and the related processes for risk management.

New integrated approaches to internal control: New benchmarks with regard to internal controls are being suggested by many reputed organizations like COSO which prescribe a principle based than rule based view of internal controls. For example, COSO has developed an Enterprise Risk Management Process which is defined as: Enterprise risk management (ERM) is a process, effected by an entitys board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The key point here is that those charged with governance should adopt a risk-based approach to internal control and any internal assessment of its effectiveness. COSOs ERM believes that this approach should be incorporated into the strategic, governance and management processes of the company and should encompass the wider aspects of internal control, not just those directly related to financial reporting as in the case of SOX. Summary

Companies Act has several provisions relating to financial reporting like maintenance of books, preparation of financial statement, adherence to accounting standards, audit of financial statements and presenting the statements to shareholders in AGM. Corporate Governance aims at transparence in business operations, financial reporting, best management practices and compliance with laws. SEBI code on Corporate Governance has many provisions aimed at good internal control for business as well as for financial reporting like audit committees, independent directors, management discussion and analysis report. SOX was enacted mainly to prevent fraudulent financial reporting and accounting scams. It also has many provisions as to internal controls but basically aimed at financial reporting. Organizations like COSO have come up with an integrated approach like ERM as to internal control whereby both business risks are addressed and financial reporting needs are met.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 6-Basics of Auditing

Unit 6 Basics of Auditing Introduction We have seen how internal control is most important for any business. Internal control is required to prevent frauds and errors, to safeguard assets and to achieve efficiency and effectiveness in business operations. We have also studied that internal control should operate in the area of financial reporting and in compliance with the laws. In the latter two areas the possibility of fraud or error might create problems to all stakeholders of a business. Fraudulent financial reporting and non-compliance of laws might be due to management itself indulging such practices. Thus there is a necessity for an assurance from an independent person or group persons to stakeholders that everything is okay with regard to affairs of a business. Audit is the tool that provides such assurance to stakeholders including the Management that business is being conducted in a manner it should be conducted. This Unit provides meaning and basic features of audit in general. The importance of audit to a business is also explained here. Audit can be of different types based on its scope. Some of the types of audit and their scope also have been explained in this Unit. Objectives After studying this Unit, you will be able to:

Know the meaning of Audit. Explore how audit is useful in business transactions. Explain the objectives of audit. Find out the scope of audit. Find out some popular types of audit.

Meaning and Nature of Auditing Audit is a word we often associate with financial statements which have already discussed in the previous section. Audited financial statements usually mean that such statements have been verified by a person called auditor and which are assumed to be free from any kind or errors or frauds. Is it so? What is the meaning of the word Audit? Let us explore.

How did the word audit originate? The word audit is derived from Latin word Audire which means to hear. In olden days, auditors appointed by Kings used to verify the financial affairs of the Kingdom to find out whether any arithmetical discrepancy or error or fraud in the book-keeping existed. They used to present a report on their findings before the King, which the latter used to hear. Thus King was being assured by auditor that the financial affairs of his Kingdom were error-free and fraud- free. The essential features in an audit: Verifiable information As in the olden days, now also the financial statements prepared by the management are verified by auditors with reference to books of account and other records of a firm. Thus there can be no audit if there are no financial statements or books of account or any such verifiable information. Verifiable information is any information that can be verified by means of evidences or proofs as to its existence, genuineness and many other qualities or assertions. E.g. Financial statement of an organization is a verifiable information because it is supported by books of account which again are evidenced by vouchers, bills etc. as a proof of the transactions undertaken by any organization. E.g. Internal control is a verifiable information because, as we have studied in Unit 2, it can be evaluated through techniques like ICQs, Flow charts or by a simple observation. E.g. A Project Report need not be verifiable information because it need not be supported by any books of account, vouchers, bills etc. It is mostly an estimate, guess or prediction based on so many assumptions. Thus you cannot expect an auditor to audit information for which there is no evidence since he cannot provide assurance without such evidence. Opinion of auditor The auditor appointed by a company or any organization assures the stake- holders of that company or organization that the financial statements are true and fair, thus assuring stakeholders that everything is okay. Hence in an audit opinion of auditor is most important. Hence in any audit there should be a report by the auditor through which auditor provides his opinion about the financial statements.

Independence of auditor The assurance or opinion is more valued when provided by a person who is not pressurized by, influenced by or dependant upon the organization the books of accounts of which are being audited. This also means that if any verification is done by any person who is not independent from the organization then such verification will not amount to audit. Therefore the auditor should be an independent person. It is possible that sometimes the auditor like internal auditor is appointed by management only. Even in such cases the quality of independence should exist in auditor in the sense that he should not have undertaken any executive operation of the matters he is auditing. Standards and benchmarks We have studied that financial statement should be based on Accounting Standards and many other legal requirements. If the statements are not based on such Standards there cannot be an assurance about these statements. Naturally audit cannot be undertaken in real sense in such cases. Similarly there can be two opinions given by two independent auditors on same financial statement. This happens mainly due to different bases of evaluating and forming an opinion. But, two opinions for single financial statement do not provide assurance to the stakeholders. Thus to achieve the objective of assurance the Standards are required in audit. There are Auditing Assurance Standards to be followed by auditors of the financial statements which try to bring in uniformity and quality in audit. Thus we can see that there are four basic characteristics in an audit. 1. Independent person who does the audit. 2. Information which is being audited should be verifiable. 3. Standards /benchmarks are necessary as to verifiable information as well to the process of audit. 4. Opinion should be provided by the Auditor. With these four bases, it is possible to conduct audit in any field, even for verifiable information in a non-financial field like content audit of a text book. However, most of the times, the term audit refers to financial audit. Definitions of financial audit:

Financial audit is the most significant and popular form of audit. Some of the definitions of this audit are as follows: Auditing is an independent and systematic examination of data, statements records, operations and performances (financial or otherwise) of an enterprise for a stated purpose. In any auditing situation, the auditor perceives and recognizes the proposition before him for examination, collects evidence, evaluates the same and on this basis formulates his judgment which is communicated through his audit report. (Definition provided by Institute of Chartered Accountants of India (ICAI) Auditing is simply examining information and operations for mathematical accuracy, legality, and propriety. It is a process of determining whether all transactions are properly recorded in the accounts, and appropriately reflected in statements and reports. Items and areas of examination generally include:

Documents Records Reports Systems of internal control Accounting procedures and Actual operations.

Auditing is examination of the records and reports of an enterprise by accounting specialists other than those responsible for their preparation. Public auditing by independent accountants is common in large firms. The auditor performs tests to determine whether the firms statements were prepared in accordance with acceptable accounting principles and that they fairly present its financial position and operating results. Personal tax audits are carried out to determine whether people have accurately reported their financial circumstances when filing their taxes. Failing such an audit may result in a fine, or, in cases of extensive and deliberate deception, criminal prosecution. (Definition from Britannica) Thus these definitions bring out the features of financial audit as follows: 1. 2. 3. 4. 5. 6. Independence of auditor. A stated object or scope. Existence of financial statements or other records or reports that are to be audited. Use of standards like accounting or auditing standards or principles in audit. Opinion or report by auditor usually providing an assurance. Collection of evidence for formulating opinion.

Importance of Financial Audit Legal necessity of financial audit

In many countries, auditors are now established as a separate profession, requiring government licensing. In the United States, private audits are usually performed by Certified Public Accountants; auditing of the Federal Governments accounts is conducted by Congress Government Accountability Office (GAO). The Internal Revenue Service periodically audits individual and corporate tax returns. The Public Company Accounting Oversight Board (established 2002) registers and regulates accountants and accounting firms that act as auditors. In India the Companies Act requires that every company get its financial statements audited and approved by its shareholders every year. Only members of ICAI i.e. Chartered Accountants are qualified to undertake such company audits. Income tax Act 1961 stipulates that tax audit is to be undertaken by Chartered Accountants under certain circumstances by every kind of businesses whether corporate or non-corporate. Thus financial audit has become mandatory for many institutions. Importance of financial audit to companies: Financial Audit is required and important in many ways: a) To meet the needs of diverse stakeholders Financial statements are ordinarily prepared and presented annually and are directed toward the common information needs of a wide range of users. Some such users are: 1. 2. 3. 4. 5. Shareholders Investors/Stock Exchanges Financial institutions Government General Public

Many of these users rely on the financial statements as their major source of information because they do not have the power to obtain additional information to meet their specific information needs. The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared in accordance with an identified financial reporting framework (like Accounting Standards).

Thus auditors opinion enhances the credibility of financial statements by providing a high, but not absolute, level of assurance. b) Goal conflict in companies We have already studied in earlier Units how goal conflict might result in weakness in internal controls. Managers may try to cash on immediate opportunities by neglecting long term health of the Company. In these situations audit is a guard or control that tries to prevent such tendency of the directors/managers of the business to neglect the long term goals of the Company. c) Prevention of frauds and errors The audit is generally aimed at preventing frauds or errors. An organization were audit is regularly conducted is less-prone to fraud. Though audit does not guarantee fraud-free or error-free financial statements, it at least minimizes the chance of future frauds. Because, if the accounts are audited every year, the person who intends to commit fraud may become apprehensive of committing such fraud lest he might be caught by auditors. Further, as we shall see later in internal audit the job of auditor is mainly to prevent or detect frauds or errors. Thus audit helps in strengthening internal controls and thereby reduces frauds and errors. d) Helps in effective decision-making Because audit is based on Standards, there will be uniformity and quality in the financial statements over the long run. Thus comparison between two sets of audited financial statements is more meaningful than between two non- audited financial statements. This ultimately helps in effective decision-making by managers of these businesses as well as by any other stakeholders.

Objectives of Financial Audit The objectives of financial audit include:

Checking the arithmetical accuracy Detection of frauds and errors Providing an opinion based on audit.

Checking of Arithmetical accuracy:

Checking arithmetic accuracy has been one of the oldest and simplest purposes of audit. Audited statements usually assure that the financial statements are according to the books of account maintained by the organization. In other words , amounts mentioned in Audited Profit and Loss Account or Audited Balance Sheet of a Company pertaining to different heads of accounts under the groups Expenses, Revenue , Assets or Liabilities do not differ from the respective amounts mentioned in the Cash Book or General ledger of that Company. Now a days, checking the arithmetical accuracy might not be main objective of an audit as now a days the books of account are kept in a computerized system and arithmetical accuracy is ensured. Detection of fraud or error Often people assume that audited financial statements mean that they are free from fraud or error. Once upon a time the objective of audit was to detect fraud or error. Auditor was liable to all those who suffer or lose due to any fraud or error that was detected in an audited financial statement later. But in todays complex business environment it is not possible even for the best of auditors to completely verify each and every aspect of business transaction within the stipulated time and cost. Hence these days auditors neither check hundred percent of the transactions of the firm they are auditing nor they assure the stakeholders that the financial statements audited by them are true and correct. Instead they indicate whether these statements are true or fair. Hence these days, the objective of detection of error or fraud is only secondary in an audit. However the auditor is required exercise sufficient care during audit and do the audit according to the Standards required to be adhered to by him. On the whole, we can assume that detection of fraud or error is not a primary objective of an audit but only a secondary objective. But negligence in audit leading to failure of auditor to detect such fraud or error would make the auditor liable for such fraud or error. But it is also to be understood that wherever the auditor is required to detect fraud or error as a part of his audit like in an internal audit he is bound to detect such frauds or errors. Failure of auditor in such cases would make him liable. Providing an opinion on the financial statements:

In todays context the primary objective of an auditor is to express an opinion on the financial statements. Such opinion is usually restricted to opining that: 1. The profit or loss shown in the Profit and Loss Account are true and fair 2. The affairs of the organization as shown in the Balance Sheet are true and fair. Thus the words true and fair are of great importance in audit, the meaning of which shall be explained later. Other than the aforesaid opinions an auditor may be required to provide his opinions on various financial aspects based on the nature of his assignment as to audit under different statutes. Thus in todays scenario, auditors are conducting audit of financial statements prepared by Management , on test basis due to huge volume of transactions and due to time constraints and furnish their opinion as to whether these statements true and fair

Scope of audit Scope of an audit can be decided either by the level of service auditor provides or by the objectives as per his appointment (engagement) letter Auditor also may provide various other non-audit services to his client. Levels of services in audit Though traditionally audit has been undertaken for all the aforesaid objectives, due to complex business environment of present day, the auditors provide services to their clients at three different levels. Assurance given a by these three different levels significantly vary and effect the decision making by the users of these financial statements. Further, stakeholders often get confused and assume that all these three levels mean and indicate complete audit which is not so. Hence an explanation of these three levels is necessary. Auditing service In a financial audit, the assertions about which the auditor seeks objective evidence relate to the reliability and integrity of financial and, occasionally, operating information. The examination of the objective evidence underlying the financial data as reported is called an audit. Analytics, inquiries with management and the verification of information through evidential matter (support) external to the company are required here.

The objective of an audit is to provide a reasonable basis for expressing an opinion regarding the financial statements taken as a whole. Review service Although a review is less extensive than an audit, review procedures do provide a basis for expressing limited assurance that the auditor did not become aware of any material changes that should be made to the financial statements. Thus if an auditor has reviewed any financial statement and indicates so in his report, it means that he has not completely audited that financial statement. A review may bring to the auditors attention significant matters affecting the financial statements, but it does not provide assurance that the auditor will become aware of all significant matters that could be disclosed in an audit. Hence the stakeholders are provided assurance to a lesser level if a review is conducted by an auditor instead of an audit. Compilation Service
The scope of a compilation does not give the auditor a basis to express any assurance, since neither audit nor review procedures are performed.

Here the auditor helps the management by preparing financial statements using data provided by the company and he expresses no assurance as to these financial statements. Only assurance that is provided here is that the presentation of these financial statements is according the reporting standards of generally accepted accounting principles. Special assignments: It is also possible that an auditor may have to undertake any special kind of service for the persons who appoint him. In such case, the scope of his work is decided by the requirements of such special assignments. Such special assignments may have originated due to various Laws, Statutes, nature of entity being audited etc. More regarding these special assignments are provided in the section Types of Audit Non-audit services: Some popular forms of such services provided by auditor are given below:

Management Consultancy Tax Consultancy Tax Representation Accounting Service

Valuation Service

Types of Audits We have noted that the scope of audit can be extended or restricted based on the nature and objectives of a particular audit assignment. Popular forms of such audit assignments are provided here. Different types of audit can be undertaken: 1. Based on the objective of audit 2. Based on the nature of the organization (entities being audited) 3. Based on the timing nature of audit procedure in audit 1. Types of audit based on the objective of audit

Statutory Audit: It denotes the mandatory company audit done by Chartered Accountants under the Companies Act 1956 which we have studied in the previous unit. It is also called External Audit generally. The auditor here assures the stakeholders i.e. mainly shareholders through his audit report that financial statements audited by him are true and fair. Internal Audit: It is undertaken mainly on behalf of Management. The auditor is appointed by the management .The objective may be prevention and detection of fraud or error, compliance of laws, safeguarding of assets or even achieving effectiveness or efficiency in managing the organization through better internal control .More regarding this type of audit we shall study in the next Unit. Cost Audit: It is done basically by Cost Accountants (ICWAs). The verifiable information here is cost records which are mandatory for certain types of companies. This audit is mandatory under the provisions of the Company Law or Central Excise Law to certain industries. Propriety Audit: It is term associated with audit of Government Departments. Appropriateness of Expenditure is to be verified by the auditor in such audits. Appropriateness is decided with reference to Governments polices, schemes and the objectives of the State or as per Directive Principles of Constitution of India.

Secretarial Audit: This is required under the Companies Act in case of Companies having more than Rs. 200 lakh paid up capital. It is done by a Company Secretary. The verifiable information is Company Records like minutes, Annual Returns and related documents. Level of compliance of Company law, SEBI and Stock Exchange regulations are verified in a secretarial audit. Quality Audit: Here audit is done for obtaining ISO or similar Certification. System audit: Information systems are required to be audited as information is a major asset to any organization. Safety and integrity of this asset is totally dependant on the system consisting hardware and software. Whether controls are in place as to these components of information system is verified by an Information System Auditor in System Audit. Tax audit This is done under Income Tax Act. Persons having turnover more than the limit prescribed under the Act (At present Rs40 lakh and above per annum) are required to get their financial statements audited by a Chartered Accountant and the report of auditor in the prescribed format is required to be filed with the Income Tax Department along with the Income tax Returns and financial statements. 2. Types Classification by Entities Being Audited of Audit-

Sometimes audit is classified based on the entities that are being audited: Company Audit/Corporate Audits: When the financial statement of a Company is audited the audit may be termed as Company audit. It is done under Companies Act.

Audit of Partnership Concerns This is done when the financial statement of partnership are to be audited. It is not mandatory unless it is a case of tax audit. Audit of Proprietary Concerns

This is a case of the financial statement of proprietary concern being audited. Such audit may be due to tax audit requirements or due to insistence from lenders like banks. Audit of Banks Audited entity here is a bank. Audit is required as per RBI regulations & Banking Regulation Act. Some of the banks are registered companies and hence from the angle of Companies Act also the banks have to get their financial statements audited. Further the banks might have many types of internal audit like Revenue Audit, Concurrent audit, Stock audit for specific purposes. Audit of Co-operative Banks, Societies: Audited entity here is a co-operative bank or society. Registrars of Co-operative Societies require such audits. In some States in India auditors other than Chartered Accountants audit these entities. 3. Types of Classification Based on Timing and nature of audit Procedure Adopted in Audit: Annual /Final Audit Here audit is done once a year. Usually Statutory Audit comes under this head. Continuous Audit/Concurrent Audit Continuous Audit happens when the auditor is auditing throughout the year. Concurrent Audit is a type continuous audit which is undertaken in the case of banks. Internal audit is a continuous audit. Audit-

Interim Audit Here audit is done partially. Report also is interim and not final. Such interim audit and interim audit report are necessary in case of immediate requirement of audit opinion due to emergencies, frauds or compliance of any law. Pre-Audit Audit is done in this case before the transaction is finalized. Usually Government Departments follow this procedure before major payments of expenditure bills. Post Audit

Audit is done after the transaction is finalized. Most of the audits are post audits. Voucher Audit Audit restricted to vouchers of transactions. Audit here may be partial as other aspects of the business are not audited. Summary

The term audit consists four of its important components-verifiable information, opinion of auditor, standards and independence of auditor. Audit is legally necessary for companies due to provisions of the Companies Act. Audit becomes important to a business due to needs of diverse stakeholders, to prevent frauds and errors, to stop goal conflict and to aid effective decision- making. The primary objective of audit is to express an opinion on the financial statements prepared by the Management. Detecting fraud or error and checking arithmetic accuracy is also its other objectives. Different levels of audit services provided by auditor are Audit, Review and Compilation services. Non- audit service also may be provided by an auditor. Different types of audit can be based on the entities audited, audit-objectives or timing and procedures of audit.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 7-Basics of Internal Audit

Unit 7-Basics of Internal Audit

Introduction We have studied in the previous unit that internal audit is a type of audit that has wider scope than a statutory audit. Internal auditor appointed by the management has more responsibility. Internal audit makes internal control more effective .Hence a detailed study of nature and scope of internal audit is required. Internal audit cannot replace statutory audit. Hence a comparison to find out the difference between internal audit and the aforesaid professions are to be studied. Similarly the value added services like operational audit and management audits are provided these days along with internal audit. These include audit of non-financial information also and might be of interest to those who intend to specialize in these areas. Hence a brief description of these audits is also provided here.

Terms like internal check often are wrongly applied to internal audit. Hence meaning of internal check has also been provided in this unit. Legal requirements for internal audit in India and elsewhere have been provided here so that importance of internal audit is clearly understood.

Objectives After studying this unit, you will be able to:

Explain the meaning and nature of internal audit. State the objectives, functions and requirements of internal audit. Distinguish internal audit from statutory audit, management consultancy and investigation. Know the legal requirements regarding internal audit.

Meaning and Nature of Internal Audit Internal audit is a review of the operations and records, most of the times continuously undertaken, within a business by specially assigned staff. Thus internal auditor is appointed by management of the organization unlike by shareholders in case of statutory auditors. Routine procedures in an internal audit are carried on similar lines as in statutory audit. But the scope of internal audit is wider because the internal auditor has to report to Management on various matters required by the Management. Hence nature and the extent of checking in internal audit also must be in detail. Definition of internal audit Internal audit is an independent management function, which involves continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entitys risk management and internal control system. ICAI definition on internal audit. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.- Definition by Institute of Internal Auditors of USA. Thus these definitions provide us important features of internal audit as follows:

1. It is independent function like in the case of statutory audit. 2. It is continuous activity. 3. Internal auditor provides suggestions for improvement on various matters relating to operations, risk management, internal control system, financial reporting etc. 4. It is a combination of a consulting and assurance activity. 5. Internal audit should add value to the organization i.e. to achieve maximum organizational effectiveness. 6. Its scope is changing from purely financial function to include non-financial activities. 7. Though it is an independent function it is part of management function. Internal control, internal check and internal audit: Sometimes people get confused and interchange the terms-internal control, internal check and internal audit. Hence it is necessary to know the differences between these terms. Internal control is all the procedures and policies set up by management to achieve organizational goals. Internal check is check on day to day transactions which operate continuously as a part of the routine system whereby the work of a person is proved independently or is complementary to the work of another, the object being the prevention or early detection of errors or frauds The essential elements in an internal check are:

Existence of checks on day- to- day transactions. Continuous operation of checking. Work of one person is checked by another person.

Thus basically internal check uses the feature of segregation of duties of internal control. Thus internal check is only a part of internal control. Internal audit, as we have seen encompasses review and appraisal of internal control itself and hence is much broader concept

Scope of Internal Audit Objectives of internal audit The objectives of internal audit vary widely and are dependent upon the size and structure of the entity and the requirements of its management. Normally, however, internal audit operates in one or more of the following areas: 1. Review of accounting system and related internal controls:

The establishment of an adequate accounting system and the related controls is the responsibility of management which demands proper attention on a continuous basis. The internal audit function is often assigned specific responsibility by management for reviewing the accounting system and related internal controls, monitoring their operation and recommending improvements thereto. (b) Examination for management of financial and operating information: This may include review of the means used to identify, measure, classify and report such information and specific inquiry into individual items including detailed testing of transactions, balances and procedures. (c) Examination of the economy, efficiency and effectiveness of operations including nonfinancial controls of an organization: Generally, the external auditor is interested in the results of such audit work only when it has an important bearing on the reliability of the financial records. (d) Physical examination and verification: This would generally include examination and verification of physical existence and condition of the tangible assets of the entity. Functions of Internal Audit Based on the above objectives the functions of internal audit can be as follows: Protective functions a)Scrutiny of the accounting and other records of an undertaking to assess the reliability of the information contained therein like: i.Accuracy and authenticity. ii.Adherence to Standards. iii.Authority, validity to transactions. iv.Compliance of laws, regulations and managements policies. b)Examination of the documentary evidence from which the records are written-up. c)Safe guarding the assets. d)Detection and prevention of errors and frauds.

e)Make special investigations on behalf of the management. f)A general examination of the financial statements prepared from the records to ascertain whether a true and fair view has been given about the financial position at a specific date or of the transactions for a specified period. Constructive functions i. Appraisal and review of internal controls. ii.Appraisal and review of policies and procedures. iii.Helping to achieve optimum utilization of resources. iv.Prioviding new ideas to the attention of management. v.Providing training and education to lower and middle level management. Requirement for an Effective Internal Audit To be effective, an internal audit function should have the following attributes:

The Internal Audit Department should have an independent status. The Department should be free from executive functions. If it is involved in such functions, it may destroy the objectivity by creation of vested interest. It should be appreciated that if internal auditors take part in arriving at executive decision, there might be some reluctance in criticizing these decisions even if subsequent events show that they were wrong. It should have freedom to investigate, from a financial view-point any phase of the activities of an organization under any circumstances and at any time. The department should have clear understanding of the objectives behind any special assignment. Due care in selection of internal audit personnel which is vital for the success of work of the internal audit department.

Comparison of Internal Audit with other Audits & Services Internal audit and statutory audit Internal audit is different from statutory audit in the following areas:

No legal necessity. -There is no legal necessity for internal audit in company except in certain cases (which we shall study later). Whereas Statutory audit is mandatory for every company.

Internal Auditor is appointed by Management whereas statutory auditor is appointed by shareholders usually. Fraud and error is to be detected by internal auditor as it is continuous activity and he is appointed by management with this specific objective. In statutory audit detection of fraud or error is secondary. Internal audit has a wider coverage than statutory audit. Internal audit is a continuous activity. Statutory audit is done once in a year. Internal auditor provides consultancy services . Suggestions need not be given by statutory auditor as to improvement is any area of operation. Value addition exists in internal audit but not in statutory audit which is more of a compliance activity. Internal audit is result-oriented. Statutory audit is rule-oriented. Code of ethics yet to emerge as to internal audit in some countries. No separate professional status exists for internal audit in many countries.

1. Internal Audit and Operational Audit Meaning and Nature of Operational Audit 1. Operational Audit is a scientific tool and technique adopted by the auditor in progressive business concerns with the following main objectives : a)To assure the management that management control system is functioning efficiently and effectively. b)Operations, activities are in line with the objective of the organization. c)To assure the management that the management information system has been functioning properly to attain organizational objectives. 2. The operational audit is more of a technical analysis for appraisal and review rather than a financial-cum-accounting analysis under internal audit. In operational audit, the audit functioning and objective reach out beyond the financial control aspect into the operating areas of the business. It aims at improving future business operations by concerning the auditor with all aspects of the management. This is a new phase of Internal Audit technique. Operational auditing has been defined by the Institute of Internal Auditor as follows : An operational audit is a future-oriented, independent, and systematic evaluation performed by the internal auditor for management of the organizational activities and controlled by top, middle and lower-level management for the purposes of improving

organizational objectives, achievement of programme purposes, social objectives and employee development. 3. Areas in which efficiency and effectiveness may be improved are identified and recommendations designed to enable realization of the improvements are made. The measure of effectiveness includes both an evaluation of compliance with prescribed entity, operational policies and of the adequacy thereof. Financial data may be a source of evidence, but the primary source is the operational polices as related to the organizational objectives. Included are an evaluation of the management control system in terms of existence, compliance, and adequacy and the management decision making process in the terms of existence, compliance, and relevance to the attainment of organizational objectives. 4. Operational auditing is auditing the performance for management and this would embrace the following : a)Audit the operational activities to achieve better efficiency and economy. b)Auditing the organizational objective to achieve improved profitability. c)Auditing the management information and control system for achieving better effectiveness. 5. The major portion of operational audit would be of a technical nature for which, unlike financial audit, documentation may not be available. Hence, in operational audit the following aspects are very important : a)Discussion with the operating people to understand the proper sequences of operations all of which may not be found recorded in documents and work-flow statements. b)In operational audit it may be necessary to draw minute details through charts and diagrams, of the flow of product process for indication of the check points in audit. c)Discussion with the engineering personnel to get an insight into the engineering aspect of operations. d)Visit to the operating areas to get familiar with the physical operating details. Difference between Internal (Financial) Audit and Operational Audit: A clear-cut distinction between operational audit and financial audit cannot be drawn in many cases. The financial audit and operational audit are not mutually exclusive. These are interconnected/inter-linked. The object of financial audit is to look into the correctness of financial accounting data and compliance of Internal control system. The operational audit, on the other hand, through appraisal review and evaluation of the operating control records and management information systems aims at better performance to achieve better profit.

Internal Audit and Management Audit Meaning and Nature of Management Audit Even though the term management accounting has been in use since 1950, the concept of management audit is comparatively new. Its generally agreed definition is yet to be evolved. Management Audit is a comprehensive and constructive examination of an organizational structure or its components, such as a division or a department, its plans and policies, its financial controls, its methods of operation and its use of human and physical faculties. Essentially it is a form of appraisal, and assessment of managerial performance by means of an independent and dispassionate examination as to how far the plans drawn up have been complied with, the standards set up have been attained, and the policies enunciated have been pursued. This is similar to the wider concept of Internal Audit by Stewart who states Just as the scientist turns to the microscope in his search for truth, so top management requires an instrument to focus on various aspects of the business, reporting objectively and dispassionately on what it sees. In management audit, it has such a tool, and in performing such a function the accountant is rendering a vital service to progressive industry. Definitions of management audit: i)Management audit is a systematic, comprehensive, critical appraisal of the organization, structure, management practices and methods conducted normally by external independent persons. Its primary objective is to motivate management to take action which will lead to increased efficiency and profitability of the organization. ii)The management audit would, therefore, concern itself with the whole filed of activities of the concern, from top to bottom, starting, as always where management control is concerned from the top, because we are primarily concerned with whether the general Management is functioning smoothly and satisfactorily. If it is not, it may be due to the functional management being faulty, and therefore, we pass to examine that in its turn, in order to find the missing or faulty link which is causing the trouble. iii)It is an activity designed to assist management to better the performance of the organization. The term management audit has been used to convey a number of distinct ideas on different occasions. These are :It has been used to describe any audit function established by management for its own purposes, so as to differentiate the same from statutory audit which has been introduced by law for the benefit of the shareholders and public. It has also been used to describe as an audit of board level activity so as to distinguish it from the below board level activity which is termed as operational audit. Board

level audit of course implies an independent line of reporting, perhaps to an audit committee so as to ensure impartiality. It has also been used to describe as an audit appraisal of management efficiency in the formation of policies and in policy decision making. iv)We can also define Management Audit as a comprehensive critical review of all aspects processes of management. What can be regarded as most important aspects or processes of management? They are generally accepted to be Fixing of objectives of the business. Formulation of policy plans. Forecasting and planning activity on a long-term and short-term basis. Organizing, i.e. establishing a framework in which responsibilities are defined and powers are laid down. Control of the working of the organization-systematic appraisal of results to ensure that actual operations correspond to those planned and taking remedial action, where necessary, in case they do not so correspond. Control would also include co-ordination and communication which are sometime separately listed. Thus internal audit is an appraisal activity of various operations and internal controls, accounting and financial matters. But management audit is control function itself. It covers all the areas of internal audit and goes beyond it. It appraises the efficiency of management functions itself. Thus it is superior to internal audit. Internal Audit and Management Consultancy A management consultant also verifies the financial statements in a limited manner and draws conclusions from them. Management consultant usually provides suggestions to the Management. A statutory auditor need not provide such suggestions to the Management unless he is acting in the capacity of a management consultant also. It should be noted here that if auditor acts as a management consultant also to the firm he audits, his independent status is affected and the assurance level is reduced. The accounting scam in the case of Enron has amply proved this fact. In Enron, the auditors of Enron i.e. Arthur Anderson were also acting as its consultants. Influence of Consulting Division

of Arthur Anderson over its Auditing Division ultimately led the latter in providing untrue opinion by way of its audit report to stakeholders of Enron and later led to its bankruptcy. Thus the two services of audit and management consultancy are far apart. However the statutory auditor can provide such service in the course of his audit to a limited extent. In case of internal auditor as he is appointed by the Management and he has to provide value added service .He usually provides consultancy services .But management consultancy as a profession is different from internal audit . How internal audit is related to work of management consultancy is mentioned here below: 1. Management consultants are often engaged to review the organizational functions when certain matters have gone seriously wrong and there is immediate necessity for remedial action. They are also employed when the necessity of drawing up some new procedure is felt. Usually a management consultant leaves the organization after conclusion of his work. Thereafter, the Internal Auditor reviews the position periodically in order to ensure that the system designed by the management consultant has been functioning according to plan. The functions of the Internal Auditor, therefore, may be compared with those of the doctor whose business is to examine the patient at regular intervals so that the health may be maintained well and, to suggest preventive measures when some weakness is noticed whereas the management consultant can be equated to a surgeon who operates.

It would thus be seen that in many respects the work of the Internal Auditor crosses the boundaries of what is generally considered to be Pure Auditing. The real worth of the Internal Auditor lies in the thorough investigation that he conducts based on detailed knowledge of the policies and practices of the organization. A substantial portion of his activity consists of appraisal. i.e., observing everything that he comes in contact with during the course of his normal duties. This is a job usually done by management consultants. The internal auditor should be able to appraise a particular transaction from a purely verification aspect and also from the operational point of view. An Internal Audit Department is a very vital department employed by the management to check the reliability of the information on which it acts. It is, therefore, essential that some well trained staff is appointed to work in the Internal Audit Department for making objective examinations of the methods and procedures for evaluation of the effectiveness of their applications just like management consultants.

Internal Audit and Investigation An investigator also has the power to examine the books of account. An investigator is appointed whenever any irregularity occurs.

But auditing is done periodically even if the business is done in an irregular manner. Its main purpose is only to provide assurance to stakeholders as to financial statements prepared by the management. Detection of fraud or error is only secondary objective of audit i.e. statutory audit. An auditor may not trace who is behind the frauds but may just state that the effects of fraud on financial statements whereas the investigator is interested in catching the person who has cheated. As a special assignment, an auditor or internal auditor may take up investigation of frauds. Duty of internal auditor as investigator is provided here: 1. The Internal auditor must at all times be ready to make special investigations. Such situation may arise due to pointing out of some irregularities by some Departmental Heads or irregularities coming to the notice of the Internal Audit Department itself. 2. Whenever irregularities of grave nature are discovered, it is essential that they are reported immediately to the Internal Audit Department for investigation. The same situation may arise when in the course of verification such irregularities come to the notice of the Internal Audit Department. It is in such a situation that one can easily appreciate the important role of the Internal Auditor in an independent position. 3. The planning and execution of such investigations should be done with care. The report, when ready, should be sent to the management in a confidential cover suggesting suitable remedial measures whenever the scope therefore might arise. 4. It is often difficult to draw to a conclusion an investigation into irregularities especially when they have been occurring over a long period. In such circumstances it should be noticed that it is not so important that the exact amount of the loss be ascertained. The following aspects should be considered more important than the exact amount involved in the irregularities under investigation: a)The circumstances that allowed the irregularities to be perpetrated should be ascertained. b)Sufficient information and data should be collected to give a scope to the management to allocate responsibility for the irregularity. c)Recommendations should be made which, if implemented, prevent future recurrences. 5. If not specifically instructed, it is not considered the duty of the Internal Audit Department to express an opinion as to who is the defaulter. Facts should be presented in an impersonal manner leaving the management to apportion blame therefore, after due consideration of the Internal Auditors Report. It should also be remembered that it is not the duty of the Internal Auditor to suggest in his report the penalties to be prescribed against the defaulters. 6. It is desirable that the police should be called in at an early stage, if it is felt that prosecution would be an outcome of the investigation. However, it should be noted that

such a decision should be taken by the management itself. An Internal Auditor may carefully interrogate members of the staff. He should not, however, take a statement. During the course of investigation, he should also not express his personal opinion on the question of blame. The Internal Audit Department is primarily concerned with the failures that have occurred in the internal control system. It is the duty of the police to find out the offenders. 7. A report on defalcation should clearly state how the irregularities were brought to light. The Chief Internal Auditor would be satisfied with the work of his department if the operation of the systems on internal check brings out the irregularities. The Internal Auditors check only a selected portion of the transactions but an Internal check system should be effective for all transactions. 8. Sometimes an investigation may reveal that the irregularities that have now been discovered would not have occurred if recommendations previously made by the Internal Audit Department had been adopted. In such cases the Internal Auditor should clearly write so in his report.

Regulations and Legal Status of Internal Audit Though internal audit is important for any organization it has not become mandatory as we have observed earlier. The legal requirements as to internal audit, at present in India are:

Legal necessity for internal audit According to the Companies Act provisions, the statutory auditor of a company is required to state, in relation to a company having a paid-up capital exceeding Rs. 50 lakh or having an average annual turnover exceeding Rs. 5 cr. for a period of three consecutive financial years immediately preceding the financial year as to which audit is being done, whether the internal audit system is commensurate with the size and nature of its business.

General evaluation of internal auditor by external auditor

The external auditors general evaluation of the internal audit function will assist him in determining the extent to which he can place reliance upon the work of the internal auditor. The external auditor should document his evaluation and conclusions in this respect. The important aspects to be considered in this context are: (a)Organizational Status Whether internal audit is undertaken by an outside agency or by an internal audit department within the entity itself, the internal auditor reports to the management. In an ideal situation he reports to the highest level of management and is free of any other operating responsibility. Any constraints or restrictions placed upon his work by management should be carefully

evaluated. In particular, the internal auditor should be free to communicate fully with the external auditor. (b)Scope of Function The external auditor should ascertain the nature and depth of coverage of the assignment which the internal auditor discharges for management. He should also ascertain to what extent the management considers, and where appropriate, acts upon internal audit recommendations. (c)Technical Competence The external auditor should ascertain that internal audit work is performed by persons having adequate technical training and proficiency. This may be accomplished by reviewing the experience and professional qualifications of the persons undertaking the internal audit work.

(d)Due Professional Care. The external auditor should ascertain whether internal audit work appears to be properly planned, supervised, reviewed and documented. An example of the exercise of due professional care by the internal auditor is the existence of adequate audit manuals, audit programmes, and working papers.

Evaluating Specific Internal Audit Work Where the external auditor intends to rely upon specific internal audit work as a basis for modifying the nature, timing and extent of his procedures, he should review the internal auditors work, taking into account the following factors : -The scope of work and related audit programmes are adequate for the external auditors purpose. -The work was properly planned and the work of assistants was properly supervised, reviewed, and documented. -Sufficient appropriate evidence was obtained to afford a reasonable basis for the conclusions reached. -Co-nclusions reached are appropriate in the circumstances and any reports prepared are consistent with the results of the work performance -Any exceptions or unusual matters disclosed by the internal auditors procedures have been properly resolved.

-The external auditor should document his conclusions in respect of the specific work which he has reviewed. Thus the internal audit is being conducted more out of necessity than out of legal requirement or to comply with the laws.

Appendix A Major Performance Areas of Internal Audit According to Institute of Internal Auditors The following table provides the Major activities and objectives to be achieved in an internal audit assignment. Area of performance Managing the Internal Audit Activity Activity to be performed by the Internal Auditor The chief audit executive should effectively manage the internal audit activity to ensure it adds value to the organization. The chief audit executive should establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organizations goals. Planning The internal audit activitys plan of engagements should be based on a risk assessment, undertaken at least annually. The input of senior management and the board should be considered in this process. The chief audit executive should communicate the internal audit activitys plans and resource requirements, including significant interim changes, to senior management and to the board for review and approval. The chief audit executive should also communicate the impact of resource limitations. Resource Management Policies and Procedures The chief audit executive should ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. The chief audit executive should establish policies and procedures to guide the internal audit activity. The chief audit executive should share information and coordinate activities with other internal and external providers of relevant assurance and consulting services to ensure proper coverage and minimize duplication of efforts.

Communication and Approval

Coordination

Reporting to the Board and Senior Management

The chief audit executive should report periodically to the board and senior management on the internal audit activitys purpose, authority, responsibility, and performance relative to its plan. Reporting should also include significant risk exposures and control issues, corporate governance issues, and other matters needed or requested by the board and senior management. The internal audit activity evaluates and contributes to the improvement of risk management, control and governance systems. The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. The internal audit activity should monitor and evaluate the effectiveness of the organizations risk management system.

Nature of Work

Risk Management

The internal audit activity should evaluate risk exposures relating to:

Reliability and integrity of financial and information. o Effectiveness and efficiency of operations. Safeguarding of assets.

operational

Compliance with laws, regulations, and contracts, the organizations governance, operations, and information systems.

The internal audit activity should assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organizations governance, operations, and information systems. This should include:

Reliability and integrity of financial and information. Effectiveness and efficiency of operations. Safeguarding of assets. Compliance with laws, regulations, and contracts.

operational

Control

Internal auditors should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization. Internal auditors should review operations and programs to ascertain the extent to which results are consistent with established goals and objectives to determine whether operations and programs are being implemented or performed as intended. Adequate criteria are needed to evaluate controls. Internal auditors should ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors should use such criteria in their evaluation. If inadequate, internal auditors should work with management to develop appropriate evaluation criteria. The internal audit activity should contribute to the organizations governance process by evaluating and improving the process through which (1) values and goals are established and communicated, (2) the accomplishment of goals is monitored, (3) accountability is ensured, and (4) values are preserved. Internal auditors should review operations and programs to ensure consistency with organizational values.

Governance

Table 7.1: Performance Objectives of Internal Audit According to IIA

Summary

Internal audit has wider scope than external audit and involves both consultative and assurance objectives and has a goal of achieving maximum organizational effectiveness. Internal audit is different from internal check but encompasses the review of internal control of which internal check is a component. Internal audit covers more areas than statutory audit and is distinct from it in several respects. Internal audit is distinct from operational audit which involves technical non- financial matters also. Management audit is a much broader concept than internal audit and most superior. Management consultancy is an external job but still can be undertaken by internal auditor. Investigation though undertaken on specific occasions only is usually part of an internal auditors job.

Legal requirements as to internal audit are few in India, but external auditor has to rely and comment upon internal audit function in his audit report. Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 8-Auditing Standards

Unit 8-Auditing Standards

Introduction We have studied about different accounting concepts, conventions, standards and other norms that are used in the preparation of financial statements. We have also studied in earlier units that the objective of audit is to provide assurance to readers of these financial statements as to true and fair ness of the contents of these financial statements. We have also studied in the previous unit that an internal auditor also has to provide assurance to management that internal control is functioning properly, that there exists no fraud or error, that business is being conducted in an efficient and effective manner.

However, it is possible that the person who audits these financial statements may or may not provide such assurance due to absence of various qualities in himself or due to lack of standards in the process of his audit of those financial statements. In fact, we have studied that one of the important bases for audit is independence of auditor. Absence of such independence itself can affect the opinion provided by the auditor. There are many such qualities to be possessed, requirements to be fulfilled, standards that are to be adhered to, by an auditor during an audit so that his opinion provides the Assurance. Hence in this unit we shall study more about these qualities of auditor, Auditing Assurance Standards issued by ICAI and by various auditing/accounting bodies, including those regulating internal audits. Objectives After studying this unit, you will be able to:

Explain the meaning and nature of auditing standards. State the qualities and qualification of auditors. State the auditing standards issued by ICAI. Explore different Auditing Standards issued by various international audit- regulating bodies.

Meaning and Nature of Auditing Standards Meaning of Auditing Standards: Auditors throughout the world have developed their own set of qualities, practices like in any other profession, which are treated as essential requirements in conducting an audit. These qualities and practices followed by many a auditors have been codified by the regulating auditing institutions like ICAI as auditing standards so that all the members of these institutions uniformly follow these practices while conducting audit. Establishing such standards is necessary not only to have uniformity of opinion provided by two auditors on same set of financial statements, but also to see that the auditing profession itself does not lose reputation due to lack of integrity , care and dedication in audits. Hence all over the world, particularly after the Enron scam, there has been renewed awareness of importance of establishing, implementing and monitoring auditing standards.

Nature of the auditing standards The auditing standards consist of pronouncements by Institutions who regulate audit. These pronouncements can be by way Standards, Statements, Guidance Notes or Expert Opinions, Code of conduct, Code of ethics or in any other manner. Most of these standards are binding on any member of such institution who is practicing as an external or internal auditor Auditors have to comply with all these standards in all the audits they conduct. If they are not able to adhere to these standards during any audit for any reason they have to reveal such fact in their audit report so that the quality of the audit as well of the financial statements are revealed to the readers of those audited financial statements. Qualities and Qualification of Auditors Qualities of an auditor: Qualities of an auditor are essential to the auditor. Without such qualities an auditor may not be able to provide the assurance to auditees (persons who require the audit to be done). These qualities are essential in every case of audit and in every type of auditor-whether internal or external.

INDEPENDENCE

Independence is an important quality of an auditor which provides the Assurance to stakeholders who read the audited financial statements. Independence is a state of mind. But auditor should be independent in appearance also. For example, if the spouse of CEO of a Company is its auditor, the stakeholders might not fully rely on the audited statements even though the spouse may have acted independently during audit. In fact, there are several provisions in Company Law of various nations as well as in the Code of Ethics and Code of Conduct provided by premier accounting/auditing bodies to see that this quality of independence is not lost in auditors.

INTEGRITY

Integrity is acting honestly. It may also mean acting in a trustworthy manner. Stakeholders rely on auditors opinion. Acting dishonestly and providing wrong opinion might lead to wrong decision making by stakeholders of a business.

For example, based on Arthur Andersons audited statements of World.com many investors and lenders acted and lost huge sums of money. Arthur Anderson did not have integrity while conducting the audit and hence provided incorrect opinion in its audit report of World.com

COMPETENCE AND SKILL

Auditor should be capable of handling an audit. He should have the required qualification, experience. He should also have knowledge of the business conducted by the auditee (the firm which he audits). This is more essential in case of internal audits.

OBJECTIVITY

Auditor should be impartial and unbiased during his audit. This quality is dependant on the qualities of independence and integrity.

DUE DELIGENCE AND CARE

Auditor should not be negligent in his duties. Due professional care is required at every stage during the audit. Documentation of audit will prove that auditor exercised this care during an audit.

CONFIDENTIALITY

Just like in medical profession where confidentiality is maintained, confidentiality of the information of the auditee is to be maintained. Auditor cannot reveal the vital information about the business of his client to any person, unless he is legally bound.

In addition to these basic qualities an auditor should also have qualities like good communication skills, tactfulness, logical ability etc. Qualifications and Disqualifications of Auditors: To see that qualities like independence, integrity and competence and skill exist in auditors various statutes throughout world, while prescribing qualifications for appointment of auditors have exercised care and have imposed restrictions. An example of restrictions imposed by Company Law in India has been provided here. Companies Act 1956 in India has following provisions as to qualification of a statutory auditor:

Auditor should be a Chartered Accountant or firm of Chartered Accountants within the meaning of the Chartered Accountants Act, 1949. The following persons are not qualified for appointment as auditors of a company;

-a body corporate(Company) -an officer or employee of the company; -A partner or employee of an officer or employee of the company; -a person who is indebted to the company for more than Rs.1,000 or who has given any guarantee or provided any security in connection with the indebtedness of any third person to the company for more than Rs.1,000. -A person who holds any security (share or stock) in the company he audits

A person is not eligible for appointment as auditor of any company, if he is disqualified from acting as auditor of that companys subsidiary or holding company or of any other subsidiary of the same holding company. If an auditor, after his appointment, becomes subject to any of the disqualification specified above he shall be deemed to have automatically vacated his office. Further the Act lays down the ceiling on number of audits that can be undertaken in a year audits by an auditor. In case of Government Companies the auditor is appointed by Comptroller and Auditor General of India.

Qualifications for undertaking internal audit: In India at present the internal auditors need not have a formal qualification or professional status. At the same time the external auditors while evaluating the internal audit function of a company have to ascertain the technical Competency of the internal auditor. In other words the persons to be appointed as internal auditors should have adequate technical training and proficiency. As we have seen in the previous Unit the work of internal audit is wider than that of external audit, but having a similar nature that of an external audit, it is desired that only Chartered Accountants or persons having equal qualifications be appointed as internal auditors. In fact, most of the companies in India appoint Chartered Accountant firms for the job of internal auditing. Hence all the qualifications that are applicable to Statutory Auditors usually apply to internal auditors in India. However, in United States professional bodies like Institute of Internal Auditors regulate the profession of internal audit. Hence the qualifications or disqualifications promulgated by that Institute determines who should undertake internal audit in that country.

Auditing Standards of ICAI Meaning and Scope of Auditing Standards of ICAI

The Institute of Chartered Accountants of India is one of the founder members of the International Federation of Accountants.(IFAC). The Institute of Chartered Accountants of India constituted the Auditing Practices Committee (APC) on 17th September 1982, to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices so that these may be issued under the authority of the Council of the Institute. Now this Committee is called as Auditing and Assurance Standards Board.(AASB). The standards issued by AASB were being called as Standard Auditing Practices (SAPs). Now they are being called as Auditing and Assurance Standards (AAS) Objectives and Functions of the AASB The following are the objectives of the Auditing and Assurance Standards Board:

To review the existing auditing practices in the country and identify and recommend areas in which Auditing and Assurance Standards or statements on Auditing need to be developed. To formulate Auditing and Assurance Standards and Statements on Auditing so that these may be issued under the authority of the Council of The Institute. To review the existing International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board of the International Federation of Accountants to examine their relevance and adaptability while formulating the Auditing and Assurance Standards and to adapt the same. To review the existing Auditing and Assurance Standards and Statements on Auditing periodically to assess their relevance in the changed conditions and to undertake their revision, if necessary. To develop Guidance Notes on issues arising out of any Auditing and Assurance Standard, auditing issues pertaining to any specific industry or on generic issues, so that those may be issued under the authority of the Council of the Institute. To review the existing Guidance Notes periodically to assess their relevance in the changed circumstances and to undertake their revision, if necessary. To formulate General Clarifications on issues arising from Auditing and Assurance Standards.

Types of Standards issued by ICAI Auditing and Assurance Standards issued by the ICAI include the following Standards:

Auditing and Assurance Standards(AAS) Statements on Auditing General Clarifications on AAS Guidance Notes

Technical Guides

Each of them has different scope and authority attached to them. Authority Attached to Standards Authority attached to AAS, Statements on Auditing and General Clarifications on AAS Auditing and Assurance Standards, Statements on Auditing and General Clarifications on AAS are mandatory in nature. AAS codify the existing best practices in the area of auditing. AASs are critical for the proper discharge of functions as auditor. Statements on Audit are issued for compliance by Members. General Clarifications to AAS are also issued in matters where doubts exist. Accordingly, while discharging their attest function, it will be the duty of the members of the ICAI to ensure that these are followed in the audit of financial information covered by their audit reports. The nature of these Standards requires members to exercise professional judgment in applying them, for example, a member may judge it necessary to depart from an essential procedure laid down in these Standards to achieve more effectively the objective of the engagement. If, for any reason, a member has not been able to perform an audit in accordance with such Standards, his report should draw attention to the material departures there from. Authority Attached to Guidance Notes

Guidance Notes are designed primarily to provide guidance to members on matters which may arise in the course of their professional work and on which they may desire assistance in resolving issues which may pose difficulty. Guidance Notes are recommendatory in nature. A member should ordinarily follow recommendations in a Guidance Note except where he is satisfied that in the circumstances of the case, it may not be necessary to do so. If the recommendations in a Guidance Note have not been followed, the member should consider whether keeping in view the circumstances of the case, a disclosure in his report is necessary.

Technical Guides, Studies and Other Papers Published by ASB AASB may also publish Technical Guides, Studies and Other papers. Technical Guides are ordinarily aimed at imparting broad knowledge about a particular aspect or an industry to the members.

Studies and other papers are aimed at promoting discussion or debate or creating awareness on issues relating to quality control, auditing, assurance and related service, affecting the profession. They do not establish any basic principles or essential procedures to be followed in audit, assurance or related services engagements.

An overview of important AAS issued by ICAI (AAS 1) Basic Principles Governing an Audit: According to this Standard the basic principles in audit are: 1. 2. 3. 4. 5. 6. 7. 8. Integrity, objectivity and independence of auditors. Confidentiality in audit work. Possession of skills and competence to undertake audit. Responsibility of auditor even when the audit work is performed by other. Proper documentation and planning of audit work. Obtaining of sufficient and appropriate evidence during audit. Evaluation of accounting system and internal control during audit. Providing an opinion after audit conclusion.

(AAS 2) Objective and Scope of the Audit of Financial Statements: According to this Standard the scope of an audit is determined by: 1. Auditors Appointment or Engagement Letter. 2. Internal control system of the organization. 3. Other tests and audit procedures to obtain evidence. The standard stipulates that auditor is not expected to perform duties which fall outside his scope, like giving suggestions to Management. (AAS 3) Documentation. This standard provides how an audit is to be documented and why it is important to preserve audit working papers. More details in this regard has been provided in Unit 11. (AAS 4 Revised) The Auditors Responsibility to Consider Fraud and Error in an organization affecting the financial statements. The Standard stipulates that statutory auditor has no primary liability if he fails to detect frauds and errors in financial statements, provided he has done audit according to other standards of audit.

Fraud Risk factors , as studied in Unit 3 are to be considered by auditor while doing audit. (AAS 5) Audit Evidence Auditor has to collect sufficient and appropriate evidence in an audit, according to this Standard. Various Techniques of collecting evidence has also been provided here. Details ragarding audit evidence has been provided in Unit 9. (AAS 6 Revised) Risk Assessment and Internal Control: According to this standard the auditor has to evaluate the internal control system and asses the audit risk of giving a wrong opinion and based on this he has to collect sufficient and appropriate evidence. He should also comment upon any weakness in internal control system. More details in this regard has been provided in Unit 9. (AAS 7) Relying Upon the Work of an Internal Auditor: We have studied this aspect in the previous Unit.

(AAS

Audit Planning:

Audit is to be planned properly to be effective. Details of audit planning and audit program are provided here. More details regarding this aspect has been provided in Unit 11. (AAS 9) Using the Work of an Expert (AAS 10) Using the Work of Another Auditor (AAS 11) Representations by Management (AAS 12) Responsibility of Joint Auditors: All the aforesaid Standards from AAS9 to AAS12 discuss situations where auditor has to rely on other persons or management and has not collected evidence directly. What should be the extent of such reliance, what are his responsibilities in such situation is provided in these standards. (AAS 13) Audit Materiality : It is an important Standard which stipulates that materiality (significance) of any matter or item in financial statements that are subject to audit and regarding which auditor has to report is to be decided from the angle of user , legal provisions etc. More details of this concept has been provided in Unit 9. (AAS 14) Analytical Procedures:

Analytical procedure is an evidence collection technique. The standard provides more details on how and when to use this technique in an audit. These details are mentioned in Unit 9. (AAS 15) Audit Sampling : Sampling is resorted in audit to save time and money. How and where to use sampling is provided by this Standard. More details of about of this standard has been provided in Unit 10. (AAS 16) Going Concern : Going concern is an important accounting convention. When this assumption is not to be considered by auditor is provided in this Standard (AAS 17) Quality Control for Audit Work: How quality in audit work is to be achieved is stipulated here (AAS 18) Audit of Accounting Estimates: What auditor has to do when he has to audit items in financial statements which are only accounting estimates. Accounting estimate means an approximation of the amount of an item in the absence of a precise means of measurement, like Provision for taxation (AAS 19 ) Subsequent Events: We have studied about an Accounting Standard on this subject [ (AS) 4, "Contingencies and Events Occurring After the Balance Sheet Date"].This standard lays down the manner of audit and reporting of such subsequent events. (AAS 20) Knowledge of the business This standard stipulates that auditor should have adequate knowledge of the business, the financial statements of which he is auditing. (AAS 21) Consideration of Laws and Regulations in an Audit of Financial Statements. What auditor has to do with items in financial statements which are subject to various Laws and Regulations like Sales Tax, Provident Fund etc has been discussed in this Standard (AAS 22) Initial Engagements Opening Balances When auditor is appointed initially, what he has to do with reference to the opening balances carried forward from previous years books of account and appearing financial statements has been discussed here.

(AAS 23) Related Parties The purpose of this Standard is to establish standards on the auditors responsibilities and audit procedures regarding related parties and transactions with such parties. Accounting standard 18 also mentions regarding Related Party Disclosure. (AAS 24) Audit Consideration relating to Entities Using Service Organizations. The purpose of this Standard is to establish standards for an auditor whose client uses a service organization. This AAS also describes the reports of the auditors of the service organization which may be obtained by the auditor of the client (AAS 25) Comparatives The purpose of this AAS is to establish standards on the auditors responsibilities regarding comparatives. Comparatives are corresponding figures for previous years or periods appearing in financial statements. (AAS 26) Terms of Audit Engagements The purpose of this AAS is to establish standards on:

Auditor agreeing the terms of the engagement with the client; and The auditors response to a request by a client to change the terms of an engagement to one that provides a lower level of assurance.

(AAS 27)Communications of Audit Matters with those Charged with Governance. According to this Standard the auditor should communicate audit matters of governance interest arising from the audit of financial statement with those charged with governance of an entity. (AAS 28) The Auditors Report on Financial Statements The purpose of this Standard is to establish standards on the form and content of the auditors report issued as a result of an audit performed by an auditor of the financial statements of an entity. The auditors report should contain a clear written expression of opinion on the financial statements taken as a whole, according to this Standard. More details regarding audit reports can be found in Unit 11. (AAS 29) Auditing in a Computer Information Systems Environment The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on procedures to be followed when an audit is conducted in a computer information systems (CIS) environment.

According to this Standard the auditor should have sufficient knowledge of the computer information systems to plan, direct, supervise, control and review the work performed. (AAS 30) External Confirmation The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on the auditors use of external confirmations as a means of obtaining audit evidence.External confirmation is a mode of collection of evidence. More details as to this has provided in Unit 9. (AAS 31) Engagements to Compile Financial Information We have seen in case of Compilation service provided by auditor no assurance is given The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on the professional responsibilities of the auditor when an engagement to compile financial statements or other financial information is undertaken and the form and content of the report issued in connection with such a compilation so that the association of the name of the auditor with the financial statements is not misconstrued by a user of those statements or information as having been audited by him. (AAS 32) Engagements Financial Information to Perform Agreed Upon Procedures regarding

The purpose of this Auditing and Assurance Standard (AAS) is to establish standards and provide guidance on the auditors professional responsibilities when an engagement to perform agreed-upon procedures regarding financial information is undertaken and on the form and content of the report that the auditor issues in connection with such an engagement. (AAS 33) Engagements to Review Financial Statements The purpose of this Auditing and Assurance Standard (AAS) is to establish standards and provide guidance on the auditors professional responsibilities when an engagement to review financial statements is undertaken and on the form and content of the report that the auditor issues in connection with such a review. (AAS 34) Audit Evidence Additional Considerations for Specific Items This Standard lays down the requirements as to evidence collection in the following cases: 1. 2. 3. 4. Attendance at Physical Inventory Counting Inquiry Regarding Litigation and Claims Valuation and Disclosure of Long-term Investments Segment Information.

Auditing Standards of various International Bodies International Federation of Accountants (IFAC) is premier institution engaged in regulation accounting and auditing profession globally. The mission of International Federation of Accountants is the worldwide development and enhancement of an accountancy profession with harmonized standards, able to provide services of consistently high quality in the public interest. In pursuing this mission, the IFAC Board has established the International Auditing and Assurance Standards Board (IAASB) to develop and issue, in the public interest and under its own authority, high quality auditing and assurance standards for use around the world. Many auditing bodies of each nation like ICAI, AICPA have developed their own Auditing Standards mostly based on the Standards issued by IFAC. Many have established a Code of Ethics for their members. Auditing Standards of the Institute of Internal Auditors (IIA) of US In June 1999, a new Professional Practices Framework was approved by The IIAs Board of Directors. As a part of the new framework, the Definition of Internal Auditing, the Code of Ethics, and the Standards for the Professional Practice of Internal Auditing were revised. All IIA members and Certified Internal Auditors follow The Institutes Code of Ethics, which requires compliance with the Standards, and all internal auditors, whether or not they are members of the Institute, are strongly encouraged to adopt the Code of Ethics and the new Standards Code of ethics of IIA-some examples Some code of ethics developed by The Institute of Internal Auditors (IIA) of USA which regulates internal audit are as follows: Introduction The purpose of The Institutes Code of Ethics is to promote an ethical culture in the profession of internal auditing. A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. The Institutes Code of Ethics extends beyond the definition of internal auditing to include two essential components: 1. Principles that are relevant to the profession and practice of internal auditing;

2. Rules of Conduct that describe behavior norms expected of internal auditors: These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors. The Code of Ethics together with The Institutes Professional Practices Framework and other relevant Institute pronouncements provide guidance to internal auditors serving others. Internal auditors refers to Institute members, recipients of or candidates for IIA professional certifications, and those who provide internal auditing services within the definition of internal auditing. Applicability and Enforcement This Code of Ethics applies to both individuals and entities that provide internal auditing services. For Institute members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The Institutes Bylaws and Administrative Guidelines. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action. Rules of conduct as applicable to Principles Internal auditors are expected to apply and uphold the following principles by complying the relevant rules of conduct. PRINICIPLES RULES OF CONDUCT AS TO PRINCIPLES Internal auditors: -Shall perform their work with honesty, diligence, and responsibility. -Shall observe the law and make disclosures expected by the law and the profession.

Integrity

The integrity of internal auditors establishes trust and thus provides the basis for reliance on their -Shall not knowingly be a party to any judgment. illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization. - Shall respect and contribute to the legitimate and ethical objectives of the organization.

Internal auditors: -Shall not participate in any activity or relationship that may impair or be Objectivity presumed to impair their unbiased assessment. This participation includes Internal auditors exhibit the highest level of those activities or relationships that professional objectivity in gathering, evaluating, may be in conflict with the interests of and communicating information about the activity the organization. or process being examined. Internal auditors make a balanced assessment of all the relevant -Shall not accept anything that may circumstances and are not unduly influenced by impair or be presumed to impair their their own interests or by others in forming professional judgment. judgments. -Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. Internal auditors: Confidentiality -Shall be prudent in the use and protection of information acquired in the course of their duties.

Internal auditors respect the value and ownership of information they receive and do not disclose - Shall not use information for any information without appropriate authority unless personal gain or in any manner that there is a legal or professional obligation to do so. would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization. Internal auditors: -Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

Competency

- Shall perform internal auditing Internal auditors apply the knowledge, skills, and services in accordance with the experience needed in the performance of internal Standards for the Professional Practice auditing services of Internal Auditing. -Shall continually improve their proficiency and the effectiveness and quality of their services.

Standards on internal audit by IIA The Standards for the professional practice of Internal Auditing are issued by the Institute of Internal Auditors for compliance by its members. IIA also provides Practice Advisories (formerly called as Guidelines) .The Standards, Code of Ethics and Practice Advisories together are called a part of the Professional Practices Framework. Some examples for such Standards are as follows: Attribute Standard 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board Independence and Objectivity Attribute Standard 1100 The internal audit activity should be independent, and internal auditors should be objective in performing their work. Organizational Independence Attribute Standard 1110 The chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. Individual Objectivity Internal auditors should have an impartial, unbiased attitude and avoid conflicts of interest Impairments to Independence or Objectivity Attribute Standard 1130 If independence or objectivity is impaired in fact or appearance, the details of the impairment should be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment. Proficiency and Due Professional Care Attribute Standard 1200 Engagements should be performed with proficiency and due professional care. Proficiency Internal auditors should possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities.

Attribute Standard 1120

Attribute Standard 1210

Due Professional Care Attribute Standard 1220 Internal auditors should apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. Continuing Professional Development Attribute Standard 1230 Internal auditors should enhance their knowledge, skills, and other competencies through continuing professional development Quality Assurance and Improvement Program The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. The program should be designed to help the internal auditing activity add value and improve the organizations operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics Quality Program Assessments Attribute Standard 1310 The internal audit activity should adopt a process to monitor and assess the overall effectiveness of the quality program. The process should include both internal and external assessments Internal Assessments Internal assessments should include: Attribute Standard 1311 Ongoing reviews of the performance of the internal audit activity; and Periodic reviews performed through self-assessment or by other persons within the organization, with knowledge of internal auditing practices and the Standards. External Assessments Attribute Standard 1312 External assessments, such as quality assurance reviews, should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization. Reporting the Quality Program Attribute Standard 1320 The chief audit executive should communicate the results of external assessments to the board

Attribute Standard 1300

Disclosure of Noncompliance Attribute Standard 1340 Although the internal audit activity should achieve full compliance with the Standards and internal auditors with the Code of Ethics, there may be instances in which full compliance is not achieved. When noncompliance impacts the overall scope or operation of the internal audit activity, disclosure should be made to senior management and the board.

Similarly IIA has issued Performance Standards and Implementation Standards as to various areas of internal audit On studying these standards you can observe that these Standards are almost similar to those issued by ICAI. Thus Standards on Auditing are equally applicable to Internal auditing also as objective of both audits is providing assurance.

Summary

Quality is very important in audit to provide the assurance. This quality in audit is achieved through existence of certain qualities in persons who do audit, and standards, benchmarks in an auditing process. Qualities essential for an auditor include independence, integrity, objectivity, confidentiality, professional skill and care, due diligence apart from general communication skills, tact etc. Disqualifications are imposed by statutes like Companies Act for any person to become auditor which might make him lose any of the qualities. Auditing Standards are essential for an audit so that the object of assurance is achieved in audit. Nature of auditing standards varies from codified standards to code of ethics for the members of professional auditing bodies. Auditing standards of ICAI comprise AAS, Statements on Auditing, General Clarifications on AAS and Guidance Notes, ICAI also publishes technical guides. Overview of different AAS show that it covers all areas of auditing. Different types of standards of ICAI have different scope and authority attached to them. Internationally auditing Standards are issued by IFAC. Standards on internal audit are issued by IIA of US which comprise code of ethics, standards and practice advisories.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 9-Concepts Related to Audit

Unit 9-Concepts Related to Audit

Introduction We know that a statutory auditors duty is to assure the stakeholders that financial statements are true and fair. Similarly an internal auditor also has to assure management not only regarding financial statements but also as to effectiveness and efficiency of internal controls, absence of fraud and error etc. Auditors do this job based on a number of accounting and auditing standards and also based on evidence collected while doing the audit. Thus major part of auditors work is to seek evidence as to existence and e ffectiveness of internal controls , absence of frauds or errors or to find the genuineness or true and fairness of the transactions, assets and liabilities the values of which have been provided in the financial statements. Hence the concept of evidence is important in audit, regarding which this unit provides important details based on the AAS 5 issued by ICAI. It also provides additional details about one of the techniques of collecting evidence called Analytical procedure. We have studied while discussing accounting concepts that Materiality is a concept whereby importance of items in financial statements is to be judged from the angle of user of the financial statement. Hence in an audit Materiality is an important concept which if neglected would lead to wrong or inadequate opinion being provided by auditor. The concept of materiality has been discussed here based on AAS 13 issued by ICAI. Closely connected with the concepts of internal control and materiality is the concept of audit risk. Audit risk involves providing wrong opinion to users by auditor. These types of audit risks and the ways to minimize them has been discussed here. Objectives After studying this unit, you will be able to:

State the nature assertions made in the financial statements. Explain the meaning, nature and importance of audit evidence. Explain different types of evidence used in audit. Describe various techniques used to obtaining evidence in audit. Explain the meaning of analytical procedures used in auditing.

Assertions in Financial Statements

Accounting has the objective of communicating through accounting information a summary of business transactions and events during a particular period. This summary is financial statements. This communication is made through assertions truthful statements that are implied in the financial statements. Thus Assertions are statements which are supposed to be true according to the person who makes such assertions. For example, when a profit of Rs. 100000 is shown in a Profit and Loss account by a company, the management is stating that the company has made a profit of Rs100000 in a particular year. Thus company believes and declares that the amount mentioned is true and correct. Thus assertions are either made or implied to be made by the Management, who prepare these financial statements. The assertions are statements about various attributes of a financial item presented in a financial statement. For example the assertion about in the above case is correctness of value of profit. Take another example: If land is an item in the Balance Sheet of a company, the assertions made by the Management are that:

Land is existing as on the date of Balance Sheet. Land is held in the name of the company. Land is free of any encumbrances i.e. the company is free to use the land. Land has not been pledged as security to any other institution. The value of land shown in the Balance Sheet is correct and so on.

Thus for each and every item in the financial statements assertions like this do exist.

Some popular assertions applicable to most of the items in financial statements are as follows. In the case of internal control, the assertions implied and to be tested by auditors are as in Table 9.1 given here below: Name Assertion Existence Effectiveness Continuity of Meaning of Assertion That the internal control exists. That the internal control is operating effectively. That the internal control has so operated throughout the period of intended reliance.

Table 9.1: Assertions by Management as to Internal Controls

Some practical examples to above Assertions as to internal controls: 1. A Company in its Manual of procedures shows that cheque are to be signed by CEO and CFO. The assertions to be verified here are:

This procedure is actually being followed by the company. This procedure is effective (for example, this procedure might be ineffective if CEO signs blank cheques before goes abroad). This procedure was being followed through the year (for example, auditor may come across situations where he found cheques with one signature were passed by the bankers of the company). In an organization purchase is to be made against written orders signed by purchase manager. o The assertions to be verified here are: i.This procedure is actually being followed by the company (no oral orders are made). ii.This procedure is effective (for example it might so happen that this system is only on paper, actually oral orders are placed). iii.This procedure was being followed through the year ( for example auditor might find that no written order existed in case of some purchases).

Similarly in the case of items contained in a financial statement the assertions can be as in Table 9.2 given below: Name of Assertion Meaning of Assertion That an asset or a liability exists at a given date as shown in the Balance Sheet. Existence E.g. : Building exists, Loan exists. Rights and Obligations That an asset is a right of the Company and a liability is an obligation of the Company as on Balance Sheet date. E.g.: A Firm owns the Machinery or say a Company has to repay a loan. That a transaction or event took place which pertains to the Company during the relevant period. Occurrence E.g. : Sale transactions of the given value occurred in the name of the Company or

Advertisement Expenses of the given amount were incurred by the Company. That there are no unrecorded assets, liabilities or transactions. Completeness E.g. There are no other fixed assets or loans other than those stated in the financial statements. That an asset or liability is recorded at an appropriate carrying value. Valuation E.g. .The value of Building or Machinery shown, depreciation calculated and deducted there- from is correct. That a transaction is recorded in the proper amount and revenue or expense is allocated to the proper period. Measurement E.g.: Amount of depreciation charged, commission calculated and paid are correct. E.g. Provision made for Taxation is correct An item is disclosed, classified, and described in accordance with recognized accounting policies and practices and relevant statutory requirements, if any. E.g.: The manner of disclosure of fixed asset by way of Gross Block, Net Block etc is correct and is as per Companies Act provisions. Table 9.2: Table Showing the Assertions by Management as to Items in Financial Statements Some more examples for such assertions are as follows: 1. A company has shown cash in hand of Rs. 50000 in its Balance Sheet. The assertions by management are:

Presentation and Disclosure

The amount of cash in hand existed as on Balance Sheet date. The Company had the right to use that cash. (No other person had the right to use it). The cash was identified and measured by sorting it out to different denominations(say 50 numbers of Rs. 1000 currency notes ) No other cash existed with the Company (completeness assertion).

2. A company shows VAT payment of Rs. 25000 in its Profit & Loss Account. The assertions are:

The company has made the transaction of payment of VAT (occurrence). The amount paid is correct (valuation). The calculation (measurement) of VAT is correct. The company had an obligation to make such payment.

The payment of VAT has been correctly shown as expense in the Profit & Loss Account (presentation).

(The students are advised to study in similar manner regarding such assertions as to various items of assets, liabilities, income and expenditure that are normally included in a financial statement.) Thus if the assertions made by management are proved correct, the job of auditor is over. Hence auditors will have to find evidence to prove or disprove these assertions while doing his audit. The auditor gathers evidence to find out whether the Assertions made are true or fair.

Audit Evidence Meaning and Nature of Audit Evidence Popularly evidence means proof of something done or not done, something existing or not existing. This evidence may be a physical thing, oral statement or written statement by a human being or observation or other modes of visual information by any person. Evidence, again, can be different in scope and depth. For example, a judge may require conclusive evidence to punish an accused. If there is a little benefit of doubt he might acquit the accused. There can be circumstantial or corroborative evidence that lead to certain opinion. Existence of something may be proved due to existence and non-existence of something else-like existence of smoke proving existence of fire. Whether in auditing an auditor has to go for conclusive evidence or can get assured himself with circumstantial or corroborative evidence is to be studied. Evidence in auditing is such that auditor may not be able to get conclusive evidence like a judge. This is mainly because an auditor might not be able to check each and every transaction of a business. He may not be able to meet each and every employee of the concern. After all, auditor just provides an opinion about financial statements. Hence the degree of evidence may be lesser compared to that obtained by Courts of Law. The nature of evidence used by auditor is called persuasive evidence. Even though it is not conclusive evidence, auditor can form an opinion based on it because it persuades the auditor to form an opinion.

This persuasive evidence may be direct evidence, circumstantial evidence or corroborative evidence. The audit evidences can be in the form of documents, records, written or oral statements, books and other matters which persuade auditor to form an opinion about various matters contained in a financial statement. When is this evidence called persuasive evidence? Let us find out. Nature of audit evidence Auditing and Assurance Standards -1 of ICAI as to Basic Principles Governing an Audit states The auditor should obtain sufficient, appropriate audit evidence through the performance of compliance and substantive procedures to enable him to draw reasonable conclusions there from on which to base his opinion on the financial information. We shall study about the Compliance and Substantive Procedures in the later Unit .For now our object of study is audit evidence. What is sufficient and what is appropriate is to be found out. Sufficient evidence Sufficiency and appropriateness are interrelated and apply to evidence obtained during an audit Sufficiency refers to the quantum of audit evidence obtained. For example when the Balance Sheet of a Company contains under the head Fixed Asset an asset Land, the auditor has to find the existence (recall , that it is an Assertion made by Management) of the land in the name of the Company(Right over Asset-another assertion by Management) Now to verify the right over the land , if auditor were to verify only the title deeds executed years ago , such evidence is not sufficient evidence. He has to gather enough documents and records like latest property tax paid receipts, No-encumbrance certificates etc, to assure himself that the land is in the name of the Company and it has a right over such land. Thus sufficient evidence is adequate evidence and is decided by the quantum of evidences collected by auditor which persuade him to a conclusion. Some examples for sufficiency or insufficiency of evidence: 1. Wages paid to a daily worker

If only signature on a voucher is produced for verification it is insufficient evidence as you do not no whether worker is real worker or a dummy name. If both the voucher and supervisors report(where workers name is mentioned) as to work done is produced it is sufficient evidence of payment of wages.

2.

Travelling Expense paid to sales representative

If only Bus ticket is produced it is not adequate evidence since there is possibility that representative has not traveled at all but managed to get a duplicate ticket. If along with bus-ticket the proof of sales order obtained is produced then it is sufficient evidence that sales-representative undertook that journey.

Students are advised to analyze in case of each business transaction what could by sufficient evidence in similar fashion Appropriate evidence Appropriateness relates to its relevance and reliability i.e. quality of evidence. Relevance of evidence The relevance of evidence refers to its relevance to the audit objective and in particular, to the assertion made in the financial statements. For example , in the case of Land in the name of a Company, the evidence obtained by physical verification of land by auditor , might not be relevant evidence as it does not prove whether land is owned and enjoyed (assertion of right over the asset) by the Company though it may prove that land exists(assertion of existence). But the objective of the audit here is not to prove existence of land; it is to prove that the land is in the name of the Company. Thus physical verification of land in this case fails as evidence as it is irrelevant to the audit objective. There are no degrees of relevance. Evidence either is or is not relevant to an assertion and it is important that auditors are able to make this distinction. For example, in the above case an auditor cannot claim that physical verification of land has some relevance as far as proving right over the land is concerned. Even if he undertakes physical verification for days together he cannot prove or disprove that land belongs to the Company which fact can be proved or disproved only through inspection of land documents- a relevant evidence. Auditors only gather evidence that is relevant. But if the asset concerned was inventory instead of land , then physical verification of inventory may be relevant evidence at least to the extent of verification of the quantity is concerned. Reliability of evidence If the evidence is to be appropriate it should be relevant as well as reliable. Reliability means the genuineness, truthfulness, dependability.

If there is more possibility that an item in financial statement or in accounting records is false, the more reliable evidence needs to be gathered. For example, if you have a doubt that the salary amount shown in a P&L Account has not been actually paid, even if there is an evidence of payment through account-payee cheque to the particular employee, you still feel it is unreliable evidence. You might take that employee into confidence and ask him whether he was actually paid this amount or was he made to return a part of the amount to the Management, as it happens these days in many organizations. Factors affecting the reliability of the evidence include:

Who gathers and / or evaluates the evidence.

Thus, evidence gathered or evaluated by an experienced and competent auditor may be more reliable than evidence gathered or evaluated by a less experienced or less competent auditor or his staff. For example, if assistant of an auditor is verifying a transaction, it is possible that the evidence collected by him is less reliable as he is less competent or less experienced.

When the evidence is gathered.

This is referred to as the timing of an audit procedure and very much depends on the objective of the procedure used to gather the evidence. In some cases, evidence gathered subsequent to Balance date is more reliable than evidence gathered either at or prior to balance date. -E.g. where the objective is to gather evidence as to the net realizable value of Inventory or book debts it can be easily proved from later accounting records that the items in stock were sold or book debts were collected after the Balance Sheet date. In other cases, evidence gathered at balance date is more reliable than evidence gathered either subsequent to or prior to balance date. -E.g. when the objective is to gather evidence in relation to the existence of physical assets like cash. Auditor has to verify the cash as on the Balance Sheet date to confirm himself that it exists. Finally, evidence gathered prior to balance date may be more reliable than evidence gathered at or subsequent to balance date -E.g. when the objective is to gather evidence of the continuity of operation of control procedures say, existence of attendance system for workers in a company. The auditor can prove this even when he makes a surprise visit to the company before the Balance Sheet date.

Auditors require good judgment to plan when audit evidence is to be gathered. For this reason, the timing of an audit procedure is determined by a suitably experienced and competent auditor.

Source of the evidence. Auditors consider evidence obtained directly from independent third parties (such as a customer or supplier) to be more reliable than evidence than evidence obtained from the client. (company they audit)

Additionally, where the evidence is obtained from the client, externally sourced evidence (such as an invoice from a supplier) is considered more reliable than internally sourced evidence (such as an internally generated purchase order).

Effectiveness of related internal control procedures

If internal controls relating to a particular item are not effective or not known to be effective, then auditors do not consider audit evidence gathered relating to that item using, for example, analytical procedures, to be reliable evidence. Thus evidence collection becomes difficult in case of weak internal control system which again shows the importance of internal controls.

Type of audit procedure used to gather the evidence

This is an aspect of the nature of audit procedures used in relation to the nature, timing and extent of audit procedures. Auditors consider evidence gathered using analytical procedures is generally considered less reliable than evidence gathered using tests of detail. Regarding these procedures we shall discuss later

Method/technique of gathering the evidence

Within each type of audit procedure there are a number of methods of gathering evidence. Some methods gather evidence of greater reliability than others. -For example, auditors consider evidence gathered through one type of test of detail, physical examination, to be more reliable than Vouching . Factors which effect sufficiency and appropriateness of evidence The auditors judgment as to what is sufficient, appropriate audit evidence is influenced by such factors as: (a) The degree of risk of misstatement which may be affected by factors such as: (i) The nature of the item dealt by the Company

-For example, if the item dealt is perishable, fragile, costly etc evidence collection is given more attention. (ii) The adequacy of internal control -For example, if internal control is weak, the auditor has to gather more evidence that is more reliable. (iii) The nature or size of the business carried on by the entity; -If the company is large, more evidence is required, more reliability is required. (iv) Situations which may exert an unusual influence on management; -If management is under pressure more and reliable evidences are required. (v) The financial position of the entity. -If the Company is incurring losses more evidence and reliable evidence is required. (b) The materiality of the item. -For important and significant items evidence required should be adequate and more reliable. (c) The experience gained during previous audits. -Inexperienced auditor would go for additional evidences, experienced auditor would ask for less evidence. (d) The results of auditing procedures, including fraud or error which may have been found. -If fraud or error has occurred or likely to occur more evidence is required, degree of reliability also should be higher. (e) The type of information available. -If the information is more specific less evidence may be required whereas if it is general more evidence is required. Types of Audit Evidence Evidences can be classified as follows:

Based on source of evidence

Based on nature of evidence

Classification based on source of evidence

Internal evidence

They consist of all the internal records of a company, statement of employees of the company and such internal sources of evidence. Generally such types of evidences are less reliable than external evidences in an audit. However, some internal evidence may circulate outside the business and because of this the reliability is increased as its accepted by outsiders. -For example, a cheque issued by a company is being processed by a bank (outsider) hence payment through cheque is more reliable than payment through cash.

External evidence

It consists of external documents, confirmations, statements, records etc. It is more reliable than internal evidence in majority of cases. -For example, a confirmation from a customer as to his balances or bank statement as to balance with a bank is more reliable. Classification based on nature of evidence

Oral evidences

As the name suggests there are no physical records available to prove in case of oral evidences. It may be less reliable due to this. -A customer may orally inform the amount due to him However, if it is an oral statement taken on oath it may be most powerful evidence. -For example, an employee might under oath state that he or some other employee has misappropriated goods.

Visual Evidence

Evidence here may be observation of procedure or video recording or any other visual record. -For example, the wages payment system may be observed by the auditor.

-Photos of the residential buildings as to which housing loans have been given by a bank might be attached with loan documents of that bank. At times this type of evidence is most suited like in testing the internal controls.

Documentary/written evidence

This is the most popular and the most used type of evidence in audit. Most of the time, the evidence is documentary. Documentary evidence is again classified as: Internal documentary evidence For example, the salary given to workers is entered in the muster roll and employee signs across his name. External documentary evidence. For example, a supplier sends his statement of account as to his dues from the company.

Techniques of Obtaining Audit Evidence We have seen that sufficient and appropriate evidence is to be obtained by auditor to form an opinion. Evidence should be to prove or disprove assertions made in the financial statement. For obtaining different types of audit evidence the auditor might use different techniques. Some such techniques are as follows. 1) 11) Inspection Inspection consists of examining records, documents, or tangible assets. Inspection of records and documents provides evidence of varying degrees of reliability depending on their nature and source and the effectiveness of internal controls over their processing. Thus inspection consists, basically, of documentary evidence. Sometimes inspection might involve physical verification also like physical verification of cash, inventory etc. Four major categories of documentary evidence, which provide different degrees of reliability to the auditor, are:

A.Documentary evidence originating from and held by third parties; Confirmations received directly by the auditor from third parties. These have a very high degree of reliability. B.Documentary evidence originating from third parties and held by the company. Documents produced for the auditor by the client and prepared by outsiders, although not as strong as 1 above, are still regarded as valuable audit evidence. For example, in the above case if the Confirmation is received by the company and then handed over to the customer it fits into this category of evidence. C.Documentary evidence originating from the entity and held by third parties; an example may be cheque of the company being held by outsider. It has still less reliability. D.Documentary evidence originating from and held by the entity. Documents produced for the auditor by the client and prepared by personnel within the client company are likely to be least reliable. Physical inspection is also done in the case of tangible assets like Machinery, Building Inventory etc. to obtain reliable evidence with respect to their existence but not necessarily as to their ownership or value. 2) Observation Observation consists of witnessing a process or procedure being performed by others.

For example, the auditor may observe the counting of inventories by Companys personnel or any performance of internal control procedures that leave no audit trail. This is a good technique to evaluate internal control procedures.

3) Computation Computation consists of checking the arithmetical accuracy of source documents and accounting records or performing independent calculations.

For example, an auditor might re-calculate the depreciation amount shown in a Balance Sheet to confirm himself the correctness of depreciation amount.

4) Confirmation Confirmation consists of the response to an inquiry to corroborate information contained in the accounting records.

For example, the auditor requests confirmation of receivables by direct communication with debtors As we have seen earlier documentary confirmation from third parties directly by an auditor are highly reliable. More detail regarding external confirmation is provided later in this unit.

5) Inquiry Inquiry consists of seeking appropriate information from knowledgeable persons inside or outside the entity. Inquiries may range from formal written inquiries addressed to third parties to informal oral inquiries addressed to persons inside the entity. Responses to inquiries may provide the auditor with information which he did not previously possess or may provide him with corroborative evidence.

6) Analytical procedures Analytical review consists of studying significant ratios and trends and investigating unusual fluctuations of items. They also consist of Reasonableness Tests. More regarding this procedure we shall study later. Reliability of different types of evidences Though reliability depends upon the nature of assertion, business, timing etc auditors have found through experience the reliability of different techniques vary as follows generally: Technique of gathering evidence Relative reliability Observation High Inspection Moderate Inquiry Low to very low Physical examination High computation High Confirmation High Reasonableness tests Moderate Other analytical procedures Moderate to zero

External confirmation External confirmation is most used technique of collection of evidence in audit and is peculiar to audits. Hence more about this we have to study.

External confirmation is the process of obtaining and evaluating audit evidence through a direct communication from a third party in response to a request for information about a particular item affecting assertions made by management in the financial statements. Importance of External confirmation

AAS-5 indicates that, in general, audit evidence from external sources is more reliable than audit evidence generated internally, and that written (documentary) audit evidence is more reliable than audit evidence in oral form. Accordingly, audit evidence in the form of written responses to confirmation requests received directly by the auditor from third parties who are not related to the entity being audited, when considered individually or cumulatively with audit evidence from other procedures, may assist in reducing audit risk for the related financial statement assertions to an acceptably low level.

The auditor should determine whether the use of external confirmations is necessary to obtain sufficient appropriate audit evidence to support certain financial statement assertions. The auditor should employ external confirmation procedures in consultation with the management. The process of external confirmations, ordinarily, consists of the following: - Selecting the items for which confirmations are needed. - Designing the form of the confirmation request. - Communicating the confirmation request to the appropriate third party. - Obtaining response from the third party. - Evaluating the information or absence thereof.

Scope of external confirmation External confirmations are frequently used in relation to sundry debtors and creditors, but need not be restricted to these items. For example, the auditor may request external confirmation of the terms of agreements or transactions an entity has with third parties. Bank balances and other information from bankers. Stocks held by third parties.

Property title deeds held by third parties. Investments purchased but delivery not taken.

- Loans from lenders. - Long outstanding share application money.

Reliability of external confirmation Factors affecting the reliability of confirmations include: The control which the auditor exercises over confirmation requests and responses,
o o

The characteristics of the respondents, and Any restrictions included in the response or imposed by management.

Mere confirmation of balances by a debtor does not by itself ensure ultimate recovery. Moreover, the utility of external confirmation depends to a large extent on receiving adequate responses to confirmation requests. If there is no possibility of receiving confirmations auditor need not use this technique The debtors may be requested to confirm the balance either (a) as at the date of the balance sheet, or (b) as at any other selected date which is reasonably close to the date of the balance sheet. The date should be settled by the auditor in consultation with the entity. The form of requesting confirmation from the debtors may be either - the positive form of request, wherein the debtor is requested to respond whether or not he is in agreement with the balance shown, - The negative form of request wherein the debtor is requested to respond only if he disagrees with the balance shown.

The use of the positive form is preferable: When individual balances are relatively large, or Where the internal controls are weak, or Where the auditor has reason to believe that there may be a substantial number of accounts in dispute or with inaccuracies or irregularities.

The negative form is useful -When internal controls are considered to be effective, or -When a large number of small balances are involved, or -When the auditor has no reason to believe that the debtors are unlikely to respond.

If the negative rather than the positive form of confirmation is used, the number of requests sent and the extent of the other auditing procedures to be performed should normally be greater so as to enable the auditor to obtain the same degree of assurance with respect to the debtor balances.

Analytical Procedures We have seen that Analytical procedures are one of the techniques of collecting evidence. It is also regarded as an audit procedure as we shall see in the later unit. More details on the meaning and uses of analytical procedures are discussed here. Definitions AAS 5 on Audit Evidence defines analytical review as those tests of details which consist of studying significant ratios and trends and investigating unusual fluctuation and items. Thus, analytical reviews are substantive audit procedure with the help of which auditor can perform tests of details in more efficient and effective manner. According to AAS-14, analytical procedures include the consideration of comparisons of the entitys financial information with, for example, comparable information for prior periods or anticipated results of the entity, such as budgets or forecasts. Consideration of relationships among elements of financial information that would be expected to conform to a predictable pattern based on the entitys experience, such as gross margin percentages, between financial information and relevant non-financial information, such as payroll costs to number of employees also constitute analytical review procedures. International Auditing Practices Committee, describes the term analytical review procedures as the analysis of significant ratios and trends including the resulting investigation of unusual fluctuations and items. What Analytical Procedure includes: (1) Inter firm comparison Comparing the similar figures and ratios of two firms. E.g. Gross profit ratio of two companies. (2) Intra firm comparison

Comparing similar ratios, amounts for two periods of same firm for example, Gross profit ratio of two years. (3) Comparison of actual with budgets For example, comparison of actual Gross Profit ratio with the budgeted ratio (4) Quantitative reconciliation and reconciliation (a) Input output ratio/yield ratio -For example, what should have been the output for a given quantity of input (b) Stock reconciliation -For example, finding out what should have been the closing stock quantity based on the quantities of opening stock, purchases and sales. Thus the technique involved in analytical procedure may be:

Ratio analysis o The computation and comparison of the actual value of a ratio with the expected value. The expected value may be based, for example, on: -Prior period values. -Values in other divisions of the entity. -Industry averages. -Forecast values. -Non-financial information, such as general economic conditions, technological changes in the clients industry, and new products from competitors.

Examples for use of analytical procedures:

Auditor might expect that based on the previous years Gross Profit ratio this years Gross Profit should have been a particular amount. If actual Gross Profit shown in the Profit and Loss Account is less than the expected amount by auditor the auditor might get a doubt that: -Closing Stock is under valued or

-Purchases are inflated or -Sales are under valued -Based on such doubt he examines sales and purchases , including internal control procedures as to these, using all other audit techniques so that he get sufficient and appropriate evidence. In another company the auditor might find that Salary paid amount is unusually high compared to industry norms. He might get doubt that the salary amount involves fake salaries or inflated salaries are being paid. He probes into areas of Personnel Department and Payroll function to find out the truth. Fund flow statements o Finding out how funds have come and gone out of the firm. o Such analysis shows how the company is managing its funds. o If too much reliance on debt is placed by the company it might indicated that company is being managed badly and internal controls are weak. For example, the fund flow analysis might reveal that the company is availing loans to repay earlier loans which is surely a bad sign. Regression Analysis o In regression analysis the expected, or predicted, value is determined using the statistical technique of simple (or multiple) regression. Reasonable checks or tests. In a reasonableness test, the expected value is determined by reference to data partly or wholly independent of the accounting information system, and for that reason, evidence obtained through the application of such a test may be more reliable than evidence gathered using other analytical procedures.
o o

E.g. the reasonableness of the recorded value of the total annual revenue of a freight company may be estimated by comparing the recorded value with the expected value, where the expected value is equal to the product of the total tonnes carried during the year and the average freight rate per tonne. Take another example, auditor of an educational institution might find out the number of students enrolled to various course from student records. He might find out the fees charged per course. The multiplication of number of students with fees charged per course would provide him the figure of expected revenue of that educational institution. If the actual amount of revenue shown in the Income & Expenditure Account of that institution is too much on the lower side, the auditor would get a doubt that: -All fees paid have not been accounted or -Some fees are in arrears or -Students are allowed concessions or

-The number students are actually less than shown in students records so on The performing of a reasonableness test is sometimes referred to as predictive testing. Thus while using analytical procedures an auditor attempts to gather evidence about the true and fairness of any item based on comparisons, ratio analysis and such other reasonableness checks. Examples where analytical procedures are usually applied: As to Inventories: (i) Reconciliation of quantities of opening stocks, purchases, production, sales and closing stocks; (ii) Comparison of closing stock quantities and amounts with those of the previous year; (iii) Comparison of the relationship of current year stock quantities and amounts with the current year sales and purchases and with the corresponding figures for the previous year; (iv) Comparison of the composition of the closing stock (for example raw materials as a percentage of total stocks, work-in-process as a percentage of total stocks) with the corresponding figures for the previous year; (v) Comparison of current year gross profit ratio for the previous year; (vi) Comparison of actual stock, purchase and sales figures with the corresponding budgeted figures, if available; (vii) Comparison of yield with the corresponding figure for the previous year; (viii) Comparison of significant ratios relating to inventories with the similar ratios for other firms in the same industry, if available; (ix) Comparison of significant ratios relating to inventories with the industry norms if available.

As to Debtors, Loans and Advances The following analytical review procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to debtors, loans and advances:

(a) Comparison of closing balances of debtors, loans and advances with the corresponding figures for the previous year; (b) Comparison of the relationship between current year debtor balances and the current year sales with the corresponding figures for the previous year; (c) Comparison of actual closing balances of debtors, loans and advances with the corresponding budgeted figures, if available (d) Comparison of current years aging schedule with the corresponding figures for the previous year; (e) Comparison of significant ratios relating to debtors, loans and advances with the similar ratios for other firms in the same industry, if available; (f) Comparison of significant ratios relating to debtors, loans and advances with the industry norms, if available. Audit Materiality

Meaning of materiality We often use the phrase it does not matter thereby meaning that the matter is not important or sometimes the phrase may indicate we do not care. In audit also the term material means important or significant. But the question is important or significant from whose angle? In any audit, the auditor has to go about collecting evidences for all the items contained in the financial statements and even beyond that to form an opinion. It is possible that the auditor may consider certain matter as unimportant and may not consider it while providing opinion. However for the reader of the financial statement, the auditors opinion about this particular information might be essential. Due to not providing the information about this matter by the auditor, the reader of the financial statements might take wrong decision. Thus auditors action in such cases leads to misstatement and leads to audit risk. Hence auditor will have to decide what is important from the angle of readers of the financial statements. AAS-13 on Audit Materiality issued by ICAI defines materiality as follows: Information is material if its misstatement (i.e., omission or erroneous statement) could influence the economic decisions of users taken on the basis of the financial information. Materiality depends on the size and nature of the item, judged in the particular circumstances of its misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative characteristic which the information must have if it is to be useful.

The concept of materiality recognizes that some matters, either individually or in the aggregate, are relatively important for true and fair presentation of financial information in conformity with recognized accounting policies and practices. At what stage in audit materiality is to be considered? The auditor considers materiality at both

The overall financial information level -For example, whether a particular item is to be separately shown in Balance Sheet or not.

In relation to individual account balances and classes of transactions. -For example, whether a particular transaction in a particular account is important or not. Thus importance of financial information in the financial statements as well as the importance of it at the book-keeping level also is to be considered.

Materiality should be considered by the auditor when (a) Determining the nature, timing and extent of audit procedures (b) Evaluating the effect of misstatements Factors that decide materiality of information in audit Materiality may occur in different levels depending on the matter being audited due to various factors deciding materiality

Legal and regulatory requirements, non-compliance with which may have a significant bearing on the financial information are material. -Thus lapses in accounting for certain taxes, even though may not affect the true and fairness of profits due to their small amounts are still material as there is noncompliance of a legal necessity.

Considerations relating to individual account balances and relationships. -When two financial information are inter-related and only one of the information is accounted, there is material mis-statement.

-For example, taxes collected and taxes paid are inter-related. If tax collected is accounted and tax paid is not accounted even though the amounts involved are small there is material misstatement.

The auditor needs to consider the possibility of misstatements of relatively small amounts that, cumulatively, could have a material effect on the financial information. -For example, an error in a month-end (or other periodic) procedure could be an indication of a potential material misstatement if that error is repeated each month or each period, as the case may be.

Some examples for use of materiality in company audits

Remuneration to directors like sitting fees of directors are to be separately shown as an expenditure item in Profit and Loss Account though the amount involved is small compared to other items of expenditure. Similarly auditors remuneration is to be shown under a separate head and further classification of this amount into fees paid as audit fees, for other services and out of pocket expenses are to be shown in financial statements. Schedule VI of the Companies Act stipulates that item of raw materials are to be classified and shown in separate categories as to quantitative details of opening stock, purchases, sales and closing stock. For this purpose if any item of raw material if constitutes at least 10% of the total value of raw materials then it should be separately disclosed as above. Similar provisions apply to segment-wise information to be provided according to Accounting Standard in that regard.

Audit Risk Meaning of audit risk Audit risk means the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. . { AAS 6 (Revised )on Risk Assessments And Internal Control} Thus the opinion of auditor turns out to be wrong, false due to audit risk. The people who rely on the financial statements audited by such auditors might incur losses due to wrong opinion given by auditor. Hence auditor has a risk of being sued also for giving wrong opinion. The basic feature of assurance is lost due audit risk. Hence auditor has to reduce audit risk. To reduce the audit risk, auditor should understand the nature of audit risk. Nature of audit risk Audit risk has three components: inherent risk, control risk and detection risk.

Inherent Risk

Inherent risk is the susceptibility of an account balance or class of transactions to misstatement that could be material, either individually or when aggregated with misstatements in other balances or classes, assuming that there were no related internal controls. Or in simple words it is risk associated in the nature of business and the style management due to which financial statements are misstated and auditor might give wrong opinion. This risk cannot be reduced by auditor. Only thing he can do in such cases is to verify the transactions in depth and also verify the assets or liabilities also in depth. Some examples of such risks, which effect financial statements may be due to:

The questionable integrity of the management. Managements experience and knowledge and changes in management during the period, for example, the inexperience of management may affect the preparation of the financial statements of the entity. Unusual pressures on management, for example, circumstances that might predispose management to misstate the financial statements, such as the industry experiencing a large number of business failures or an entity that lacks sufficient capital to continue operations. The nature of the entitys business, for example, the potential for technological obsolescence of its products and services, the complexity of its capital structure, the significance of related parties and the number of locations and geographical spread of its production facilities. Factors affecting the industry in which the entity operates, for example, economic and competitive conditions as indicated by financial trends and ratios, and changes in technology, consumer demand and accounting practices common to the industry.

Inherent risk that effect individual accounts may also be due to:

Quality of the accounting system. Accounts which required adjustment in the prior period or which involve a high degree of estimation. The complexity of underlying transactions and other events which might require using the work of an expert due to which misstatement occur The degree of judgment involved in determining account balances. Susceptibility of assets to loss or misappropriation, for example, assets which are highly desirable and movable such as cash. The completion of unusual and complex transactions, particularly, at or near period end. Transactions not subjected to ordinary processing.

Thus the inherent risk which cannot be avoided are to be assessed before the commencement of audit so that the audit procedures can be designed accordingly.

Control risk

Control risk is the risk that a misstatement could occur in an account balance or class of transactions and that could be material, either individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems. Or in simple words, it is the audit risk of giving erroneous opinion due to weak internal controls affecting the financial statements. This is a risk that can be reduced provided the internal controls are modified. But auditor cannot change the internal controls. It is the duty of the management to strengthen internal controls. Hence control risk also cannot be reduced. However auditor can make an assessment of control risk in the audit plan stage itself so that he designs his audit procedures accordingly.

Detection risk

Detection risk is the risk that an auditors substantive procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, either individually or when aggregated with misstatements in other balances or classes. Thus detection risk means the possibility of auditor giving wrong opinion due to not examining the transactions and assets and liabilities in substantive manner or not collecting sufficient and appropriate evidence. Thus detection risk can be controlled by auditor. Hence he has to reduce the detection risk to a maximum extent. The auditors control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk, and therefore audit risk, to an acceptably low level. Some detection risk would always be present even if an auditor were to examine 100 percent of the account balances or class of transactions because most audit evidences are persuasive rather than conclusive. Why analysis of audit risk is required? In the audit of financial statements, the auditor is concerned only with those policies and procedures within the accounting and internal control systems that are relevant to the assertions made in the financial statements. The understanding of relevant aspects of the accounting and internal control systems, together with the inherent and control risk assessments and other considerations, will enable the auditor to: a. assess the adequacy of the accounting system as a basis for preparing the financial statements;

b. identify the types of potential material misstatements that could occur in the financial statements; c. consider factors that affect the risk of material misstatements; and d. develop an appropriate audit plan and determine the nature, timing and extent of his audit procedures. The Relationship between Materiality and Audit Risk There is an inverse relationship between materiality and the degree of audit risk, that is,

The higher the materiality level, the lower the audit risk.

-For example, the risk that a particular account balance or class of transactions could be misstated by an extremely large amount might be very low. -E.g. Postage expenses of a company may not be misstated even if there some mistakes in vouchers because possibility of huge amount of such mistakes is extremely remote.

The lower the materiality level, the higher the audit risk.

-For example, the risk that an account balance could be misstated by an extremely small amount might be very high. -E.g. In case of taxes or provident fund dues of a company even a small amount of mistake may lead to major material misstatement. The auditor takes the inverse relationship between materiality and audit risk into account when determining the nature, timing and extent of audit procedures. For example, if, after planning for specific audit procedures, the auditor determines that the acceptable materiality level is lower, audit risk is increased. The auditor would compensate for this by either: (a) Reducing the assessed degree of control risk, where this is possible, and supporting the reduced degree by carrying out extended or additional tests of control or (b) Reducing detection risk by modifying the nature, timing and extent of planned substantive procedures. Summary

Financial statement asserts so many things. Assertions are made by Management are to be verified by condition through evidence collection. In audit evidence is usually persuasive than conclusive.

Evidence should be sufficient and appropriate. Sufficiency of evidence is related to quantum of evidence. Appropriateness of evidence is decided by Relevance and Reliability. Relevance is dependent on audit objective. Reliability is decided by various factors. Types of evidence are based on source or nature. Based on source evidence can be internal or external. Based on nature, evidence can be oral, written, visual or documentary Evidence collection can be through techniques like inspection, observation, calculation, confirmation and analytical procedures. Analytical procedures involve use of ratios, reasonable tests etc. for collection of evidence. Audit materiality is important concept in audit. Materiality is decided from the point of user, law, inter-relationship among items of financial statements. Audit risk is auditor giving a wrong opinion. Audit risk is closely associated with audit materiality and comprises inherent risk, control risk and detection risk. Though auditor has no control over inherent risk and control risk, through and it procedures he can cover detection risk and overall audit risk.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004-Unit-10- Audit Procedures and Techniques

Unit 10-Audit Procedures and Techniques

Introduction An auditor can reduce audit risk by methodically organizing and conducting audit by applying various audit procedures. This unit deals with how exactly he conducts the audit and what the audit procedure is. Some of the audit techniques used by the auditors in audit procedures are also mentioned here. Auditor can save his time and money by using sampling techniques also in auditing. How auditor uses this technique of sampling in audit is also dealt with.

Objectives After studying this unit, you will able to:

Explain the meaning and types of audit procedures. Explain the meaning and types of audit techniques. Explain the concept of sampling in audits.

Audit Procedures We know that auditor has to collect evidence to come to a conclusion. We have studied about the nature, type and techniques of collection of evidence. This evidence is to be collected at two levels. 1. Evidence about the strength of the internal control system. 2. Evidence about the items in financial statements. Both are very important in framing an opinion in an audit. Further the process of collection of evidence can be affected by: 1. Strength or weakness of internal control system. 2. Existence of discrepancies in financial statements. For example, if the auditor finds that internal control is weak as to sales function in a company, he goes for collection of more evidence and more reliable evidence as to sales value shown in Profit and Loss Account. Thus he is performing his work at two levels- one is finding the effectiveness of internal controls as to sales and the other is finding the correctness of value of sales. The collection of evidence in both the cases is by different procedures as the objects of collection of evidence are different. We know that audit is a systematic process. Auditor cannot go about collecting evidence in an unsystematic manner. What he should do first and what he should do next is decided by the audit procedures. In any audit, there exist different procedures for collection of evidence.

They are broadly divided into:

Compliance procedures Substantive procedures

Compliance Procedures As mentioned earlier, the auditor has to test the internal control also to decide about the quality of evidence. In case of internal auditor it is a part of his job to review the internal control and suggest remedial measures. Thus testing and evaluating the internal control becomes an important process in audit .This process is called Compliance Procedure or Tests of Control. The auditors objective here is to verify assertions made by the Management as to internal control, regarding which we have already studied in earlier units like:

The existence of internal control. The effectiveness of internal control. The continuity of internal control.

By undertaking compliance procedure auditor can come to the conclusion that internal control is either weak or strong with reference to a particular area of business. (Recall how techniques like ICQ or Flow charting provide auditor valuable information about internal control) If he is satisfied with the existence, effectiveness and continuity of internal controls, he can reduce the application of substantive procedure. For example, if an auditor finds that there is very good control as to payment of wages to workers, he might not verify each and every payment of wages made during the year. This saves his time and resources. The above example also shows us that Compliance Procedure has to be done initially during the audit. Because the next procedure, i.e. substantive procedure, is dependant upon it. Tests of control include tests of elements of the control environment where strengths in the control environment are used by auditors to reduce control risk. Tests of control may include:

Inspection of documents supporting transactions and other events to gain audit evidence that internal controls have operated properly, -For example, verifying that a transaction has been authorized.

Inquiries about, and observation of, internal controls which leave no audit trail -For example, determining who actually performs each function and not merely who is supposed to perform it.

Re-performance of internal controls, for example, reconciliation of bank accounts, to ensure they were correctly performed by the entity. Testing of internal control operating on specific computerized applications or over the overall information technology function

-For example, access or program change controls. Control risk and Tests of control: We have studied about audit risks. Inherent risk exists in the nature of business and hence auditor cannot do anything about it whereas control risk exists due to possibility of weak internal controls leading to misleading information being provided in the financial statements. Though control risk cannot be reduced by auditor, he can minimize its effect by conducting more substantive procedures. But to assess the control risk, the auditor has to conduct compliance procedures or tests of control.

Substantive Procedures As discussed earlier, once the auditor has verified the effectiveness of internal control about one particular area, he can verify the fairness of that item appearing in financial statements. It is also possible that auditor verifies internal control in total (for all areas) and then starts verifying the items in financial statements. For example, he might start with Asset side of Balance Sheet and collect evidences regarding the fixed assets like land, building machinery. Or he might start with liability side also. Another auditor might start with items of P&L Account. Some one else might do the audit in the chronological order of transactions i.e. by way of analyzing the cash book or day book Whatever is the order of verifying, the collection of evidence about individual items in financial statements is called substantive procedure. This procedure is broadly divided into: 1. Tests of details 2. Analytical procedures 1. Tests of details As discussed earlier, the items in financial statements are verified in substantive procedures. These items might pertain to:

Items of transactions occurring during a period i.e. revenues and expenses in Profit and Loss Account. Items appearing in Balance Sheet i.e. Assets and Liabilities.

Auditor has to collect evidence as to assertions made as to transactions shown in Profit and Loss Account as well as to assertions made with regard to assets and liabilities shown in Balance Sheet. Thus the Tests of details contain the process of collection of evidence as to the individual items appearing in financial statements. This is a lengthy process and hence auditor may go for sampling also. It is important that auditor should collect sufficient and appropriate evidence while verifying individual items in the books of accounts whatever is the method or technique he uses in collecting evidence. Detection risk is to be minimized so that mis-statement does not occur. Hence auditor has to balance between his objective of verifying on test basis to save time and money and avoiding or minimizing the audit risk. The extent of substantive procedures depend on: (1) Results of the procedures conducted to evaluate the control. 1. 2. 3. 4. Responses to enquiries The length of the remaining period by which he has to complete audit. The nature and amount of transactions or balances involved. The auditors evaluation of supervisory controls. (6) The auditors decision to test transaction and verify assets irrespective of controls. We know that assertions made with reference to transactions are usually different than those made in case of Assets and Liabilities. For example, auditor has to prove that a sale or purchase occurred while the proof required as to assets might be such as existence, right over the asset. Thus the techniques adopted for collection of evidence might substantially be different for these two classes of items. Hence Tests of details are again divided as follows: 1. Verification of transactions or Vouching 2. Verification of assets and liabilities We shall study more about these procedures. a) Vouching or Verification of transactions In vouching, the auditor collects evidence for transactions done during a period. For example, if the auditor were to vouch the sales of particular year, it means that auditor is collecting evidence for each item of sales appearing in the books of account. For this he would have to get the evidence by way of duplicate sales invoices and compare them with Sales Register. Of course, he would require sufficient evidence, hence might also require transporters document as proof for dispatch of goods, customer order copy etc.

But essentially this procedure is aimed at collecting the evidence of occurrence of valid, authorized transactions. Meaning and contents of a Voucher Vouching basically involves checking of individual transactions in the books of accounts mainly using documentary evidence called Voucher. Each transaction is usually supported by documentary evidence like bills and invoices. In addition, a voucher is usually prepared containing all the details of transactions. For example, a voucher for traveling expenses may contain details like the person who undertook journey, the purpose of journey, the place visited, the supporting documents like Air-Ticket, Boarding Pass, Train Ticket, Bus ticket etc. Auditor while vouching considers the existence following factors in voucher and supporting documents.

Authority to transact Accuracy of the amount Classification of the transaction under a particular account head Date of transaction Signature of the authority approving the transaction Date of transaction and of voucher Voucher number Details of transaction Supporting documents

In a firm there can be pre-printed vouchers separately for debit and credit transactions models of which are given below:

Thus vouching involves mainly inspecting and comparing the contents of voucher with the entries in the books of account to find out the genuineness of the transactions. c) Verification of assets and liabilities Vouching may not be enough while collecting evidence as to Assets and Liabilities presented in a Balance Sheet. The management is asserting many statements while these are presented in a Balance Sheet.

For example, some such assertions as to assets are: a. b. c. d. They exist They belong to the company. They are in possession of the company or any authorized person. They are not subject to any undisclosed encumbrances or lien.

e. They are stated in the Balance sheet at proper amount in accordance with sound accounting principles, and f. All the assets are recorded in the books of account. Similarly, in case of liabilities the assertions by Management are:

a. b. c. d.

The liabilities in Balance Sheet are really liabilities. Liabilities not recorded are brought into books. They are properly valued, and They are properly classified and disclosed.

The collection of evidence by auditor, thus is towards proving or disproving the aforesaid assertions by Management about assets and liabilities For example, if auditor has to audit inventories shown in the Balance Sheet he has to:

Satisfy himself that physical verification of inventory has been done and inventory exists. The inventory is not hypothecated or pledged to any person. The inventory is in good condition with marketability. The valuation method adopted is according to Accounting Standard. No other inventory exists in the name of the company.

Thus for verification of this asset called Inventory the auditor might apply different techniques of collection of evidence-physical verification, inspection of stock records, observation during physical verification, re-calculation of valuation of inventory done. Thus he would get sufficient and appropriate evidence to prove the fairness and trueness of value of inventory shown in Balance Sheet. Hence Verification of Assets and Liabilities is substantive procedure involving a bundle of evidence collection techniques which ultimately verify the assertions made about these Assets and Liabilities. Other important points to be considered by auditor with respect to Assets are:

Whether distinction between capital expenditure and revenue expenditure is correctly made? Whether depreciation provided is correct? Whether any revaluation of assets has been made?

2. Analytical procedures We have studied how this procedure is used as technique in collecting evidence. It is also treated as audit procedure itself because of its peculiar nature i.e. the analytical feature which collects evidence not available through other two procedures. Important to note here is this procedure is not a substitute for Tests of details and need not be relied upon by auditor at times. Some Uses of Analytical Procedures:

Analytical review procedures are used for the following purposes: (a) To assist the auditor in planning the nature, timing and extent of other audit procedures; (b) As substantive procedures when their use can be more effective or efficient than tests of details in reducing detection risk for specific financial statement assertions; (c) As an overall review of the financial statements in the final review stage of the audit. The extent of reliance that the auditor places on the results of analytical review procedures depends on materiality of the items involved, assessment of inherent and control risks of businesses. When to apply analytical procedures? (1) At the planning stage To identify areas of potential risk and accordingly plan the nature, timing and extent of his auditing procedures. 1. During the course of audit To get evidence about items in financial statements normally in conjunction with other tests. (3) For an overall review of the financial information at or near the completion of the audit-to form an overall opinion about the consistency of the financial information as a whole with his knowledge of the entitys business and relevant economic conditions. To what extent can the auditor rely on analytical procedures? The extent of reliance that the auditor places on the results of analytical procedure depends on the following factors: 1. Materiality of the items involved

For example, when inventory balances are material, the auditor does not rely only on analytical procedures in forming conclusions. However, the auditor may rely solely on analytical procedures for certain income and expense items when they are not individually material;

(b) Other audit procedures directed towards the same audit objectives

For example, other procedures performed by the auditor in reviewing the recoverability of accounts receivable, such as the review of subsequent cash receipts, might confirm or

dispel questions raised from the application of analytical procedures to an aging schedule of customers accounts; (c) Accuracy with which the expected results of analytical procedures can be predicted

For example, the auditor will ordinarily expect greater consistency in comparing gross profit margins from one period to another than in comparing discretionary expenses, such as research or advertising.

(d) Assessments of inherent and control risks

For example, if internal control over sales order processing is weak and, therefore, control risk is high, more reliance on tests of details of transactions and balances than on analytical procedures in drawing conclusions on receivables may be required.

Audit Techniques While applying both the types of audit procedures, auditor uses different techniques some of which are part of the audit process. These techniques are called audit techniques. It is important to note that audit techniques are used during the audit procedures. For example, Vouching is a procedure where evidence collection techniques like inspection are used. Similarly audit techniques like totaling, cross-checking the totals, checking the posting of total to another ledger etc. might be applied by auditor to collect the evidence. Hence audit technique is a part of audit procedure.

Some of the popular audit techniques are as follows: 1. Posting Posting means:

Comparing of transaction in Ledger with Cash book or Journal.

Balances or subsidiary ledgers to general ledger. These days this technique is of no relevance as books of account are computerized and software automatically transfers accurate figures to ledger etc.

1. Bank reconciliation statement

It is prepared to find out whether any discrepancy exists in the bank statements obtained from the bank and the bank account as shown in the books of account. Frauds and errors like the following can be traced through Bank reconciliation statement: -Cash remitted to bank might not have been deposited. -Amount might have been transferred from your companys account to another account by fraudulent employee of the Bank. -Amount might have been deposited in another customers account. -Money withdrawn might not have been received by your company. -Cheque might have been altered to withdraw huge amount. -Bank would have charged more interest or service charges.

1. Tracing the transactions

It involves techniques like income to be received or expenses to be paid to be shown in financial statements to subsequent year to find out whether in the subsequent year these have been received or paid respectively .

1. Casting

It is checking of totals of various books of account, if books are kept manually to check arithmetical accuracy. Now a days, due to the use of computers, this has lost much of relevance. Still one can use the technique of totalling in case of manually prepared bills, vouchers, invoices etc.

5.

Cut off Tests

These are tests to find out whether all the transactions of the period are recorded (assertion of completeness) and whether only valid transactions have been recorded. For example, auditor might obtain the sales invoice file and trace each of them to books of account. If he finds any invoice not recorded in the books, the assertion of completeness is not proved. If he finds any future period transaction recorded, the validity of the transaction is questioned.

6.

Surprise Checks If physical verification or examination is done without prior information to the Management, it is called as Surprise Check. An element of surprise is experienced by management or the employee in such cases. Surprise check is used in physical verification of cash, security items, inventory etc. Surprise check can unearth frauds. Surprise check is also useful in finding effectiveness and continuity of internal controls.

7.

Examination in depth It means verifying a particular process from beginning to end. For example, the auditor might start with the quotation stage in case of sales process and trace the flow of transactions till the customer pays the dues. This type of examination in depth is very useful to find out the weaknesses in internal control and usually is used as technique in Compliance procedure.

Sampling in Audit Sampling is a term we are very familiar with while buying groceries or any items in bulk quantities. Basic necessity to resort to sampling is due to difficulty of verifying the entire bulk. In our daily life, we use sampling as technique in many fields like surveys, experiments to name a few. In every field sampling is used as short cut, to avoid time- consuming, costly, routine processes. In audit too, similar situations arise. Imagine an auditor has to verify a lakh of sales invoices. It would be laborious, routine, tedious and costly job for him to do so just to find out whether the sales value mentioned in the financial statement is correct. Like in the case of grocery purchase based on a small sample, the auditor too can check the effectiveness of the internal controls over sales transactions and examine a sample of sales transactions to decide that no material discrepancy exists as to sales. This would save his time and cost. This is why the concept of audit sampling has been introduced in auditing. Definition and process of audit sampling AAS-15 defines Audit sampling as follows: Audit sampling means the application of audit procedures to less than 100% of the items within an account balance or class of transactions to enable the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion concerning the population.

In order to be a sample, the items selected must have true representative characteristics of the population. It is important to recognize that certain testing procedures do not come within the definition of sampling.

Tests performed on 100% of the items within a population do not involve sampling. Likewise, applying audit procedures to all items within a population which have a particular characteristic (for example, all items over a certain amount) does not qualify as audit sampling, since the items were not selected from the total population on a basis that was expected to be representative.

Methods of Sampling in audit: 1. Test checking or judgmental sampling 2. Statistical sampling 1. Test checking Test checking is based on auditors judgment. Auditor might check only large items or items of a particular month. As we can see from the above definition of audit sampling it is not all a sampling method. Even if auditor randomly picks up vouchers it does not become a true method of sampling. Precautions are to be taken by auditor if he applies test checking instead of statistical sampling methods. Since auditors judgment is used here it is called as judgmental sampling. Some precautions to be taken while undertaking test checking: 1. Classification of transactions into appropriate heads must be made. 2. Internal controls should be studied in depth. 3. Properly thought-out test checking plan should be prepared based on the objectives to be achieved through such test checking. 4. No bias should be made while selecting the transaction. 5. Number of transactions to be selected should be pre-determined. 6. Degree of reliance also should be pre-determined. 7. What is error also should be pre-determined. 2. Statistical methods of sampling Statistical method of sampling involves a scientific and methodic approach to sampling and involves the following factors: Process of audit sampling It involves:

Designing audit sample Selection of audit sample Evaluation of sample results.

Designing of the Sample When designing an audit sample, the auditor should consider:

The specific audit objectives. The population from which the auditor wishes to sample. The sample size.

Audit Objectives

The auditor has to decide what his audit objectives are, in using sample. He has to decide which audit procedure is best to achieve the objective. He has to find out what is the population from which he takes the sample. He has to decide what constitutes error in sampling.

For example, if the objective is to find out whether purchase procedure is correct, he has to perform tests of control (an audit procedure) hence objective of the sampling may be checking whether an invoice was clerically checked and properly approved. Instead, if his object is to find out the correctness of purchase amount the audit procedure is substantive procedure and the sampling objective may be the amounts in invoices. Population The population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor will need to determine that the population from which the sample is drawn is appropriate for the specific audit objective. For example, if the sampling objective is to check the customers balances, population is not entire sales but only credit sales. Sampling units The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways. For example, if the auditors objective were to test the validity of accounts receivables, the sampling unit could be defined as customer balances or individual customer invoices. The auditor defines the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit objectives.

Stratification Stratification is the process of dividing a population into sub-populations, each of which is a group of sampling units, which have similar characteristics (often monetary value). Stratification enables the auditor to direct audit efforts towards the items which, for example, contain the greatest potential monetary error. For example, the auditor may direct attention to larger value items for accounts receivable to detect overstated material misstatements. In addition, stratification may result in a smaller sample size. Sample Size When determining the sample size, the auditor should consider :

Sampling risk The tolerable error, and The expected error.

Sampling risks Sampling risk arises from the possibility that the auditors conclusion, based on a sample, may be different from the conclusion that would be reached if the entire population were subject to the same audit procedure. In the case of sampling applied in Tests of Control sampling risk may be: (i) Risk of Under Reliance: The risk that, although the sample result does not support the auditors assessment of control risk, the actual compliance rate would support such an assessment. It means though auditor decides, based on the sample, that there is no internal control, actually there exists strong internal control. ii) Risk of Over-reliance: The risk that, although the sample result supports the auditors assessment of control risk, the actual compliance rate would not support such an assessment. It means that though the auditor, based on the sample, decides that there is internal control, there is, in reality no internal control. In case of sampling applied to substantive procedures the sampling risk are:

(i) Risk of Incorrect Rejection: The risk that, although the sample result supports the conclusion that a recorded account balance or class of transactions is materially mis-stated, in fact it is not materially mis-stated. It means though auditor decides, based on the sample, that there is discrepancy in an item of financial statements , actually there is no such material discrepancy (One cannot claim there is no discrepancy , in such cases, as there is some discrepancy as found in the sample which may not be material !) (ii) Risk of Incorrect Acceptance: The risk that, although the sample result supports the conclusion that a recorded account balance or class of transactions is not materially misstated, in fact, it is materially misstated. It means though auditor decides, based on the sample, that there is no discrepancy in an account balance, actually there is material discrepancy. Effect of sampling risks on audit The risk of under-reliance and the risk of incorrect rejection affect audit efficiency as auditor has to undertake additional work which later will lead to the conclusion that there is no discrepancy. Here auditor at the most puts extra effort and loses his time and money. The risk of over-reliance and the risk of incorrect acceptance affect audit effectiveness and are more likely to lead to an erroneous opinion on the financial statements. Hence such risks are dangerous as here auditor gives wrong opinion. Sampling risk and sample size Sample size is affected by the level of sampling risk the auditor is willing to accept from the results of the sample. The lower the risk the auditor is willing to accept, the greater the sample size will need to be. Tolerable Error Tolerable error is the maximum error in the population that the auditor would be willing to accept and still conclude that the result from the sample has achieved the audit objective. The smaller the tolerable error, the greater the sample size will need to be. For example, if you require error percentage to be 1% you require larger sample size than when you are satisfied with an error rate of 5%. Expected Error

It is the error auditor expects to be present in the population based on previous audits, changes in the entitys procedures, and evidence available from other procedures. Smaller sample sizes are justified when the population is expected to be error free. Selection of the Sample The auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items in the population have an opportunity of being selected. Methods used in selection There are a number of sample selection methods: Three methods commonly used are:

Random selection,

It ensures that all items in the population have an equal chance of selection, for example, by use of random number tables.

Systematic selection,

It involves selecting items using a constant interval between selections, the first interval having a random start. But care should be taken to see that no bias occurs due to similar items appearing in regular intervals.

Haphazard selection

It may be an acceptable alternative to random selection, provided the auditor attempts to draw a representative sample from the entire population with no intention to either include or exclude specific item. Evaluation of Sample Results Having carried out, on each sample item, those audit procedures that are appropriate to the particular audit objective, the auditor should: (a) Analyze any errors detected in the sample; (b) Project the errors found in the sample to the population; and (c) Reassess the sampling risk.

Summary

Audit procedures are required for systematic collection of evidence to form an opinion in audit. Audit procedures are Compliance procedures and Substantive procedures. Substantive procedure is again classified into test of details and analytical procedure. Compliance procedure is involved in testing internal controls for effectiveness. Substantive procedure is involved in verifying the items in financial statements.

Copyright 2009 SMU Powered by Sikkim Manipal University .

MF0004- Unit 11-Audit Practice Management andAudit Reports

Unit 11 -Audit Practice Management and Audit Reports Introduction We have studied that an auditor may have to provide different levels of audit service like audit, review or compilation. Thus he should first ensure himself what is the scope of his work based on his engagement terms. Similarly he has to plan his work so that he can conduct it smoothly and efficiently. For this he should have knowledge of his clients business also. He should plan properly and should have a concrete program for audit. Further there are many risks associated with auditing as there are chances of mis-statement due to audit risks. To prove that he has done his job perfectly, he has to maintain records of the audit conducted by him. Hence audit documentation becomes very important. Auditors themselves might be dishonest or be incompetent or negligent in their duties. How audit regulation bodies try to bring quality in audit in their members are also discussed here. We have studied earlier that the objective of audit is to assure. Such assurance is provided through Audit Reports. Standards have been stipulated as to method of reporting. Auditors assurance is usually in terms of True and Fair criterion of the financial statements. So what is true and fair is to be found out. In this unit, we shall study about preliminaries before audit, audit planning, audit documentation, audit quality and audit reports.

Objectives After studying this unit, you will be able to:

Explain how an audit assignment can be organized. Explain how and why an audit is to be documented. Explain how quality in audits is being maintained. State how an auditor reports his findings in an audit.

Audit Practice Management Audit planning Terms of Audit Engagement Though the objective and scope of an audit and the auditors obligations are, normally, laid down in the applicable statute or regulations and the pronouncements of the ICAI and such other professional bodies the audit engagement letters would be informative for the clients. Auditing and Assurance Standard (AAS) 26 of ICAI on Terms of Audit Engagement lays down certain standards in this regard The auditor and the client should agree on the terms of the engagement. The agreed terms would need to be recorded in an audit engagement letter or other suitable form of contract. In case of statutory or external audits this becomes essential. However in case of internal audits, since the auditor might be an employee there may not be need of an Engagement letter. But the scope of his job is to be clearly defined. In the interest of both client and auditor, the auditor should send an engagement letter, preferably before the commencement of the engagement, to help avoid any misunderstandings with respect to the engagement. The engagement letter documents and confirms:

The auditors acceptance of the appointment, The objective and scope of the audit, and The extent of the auditors responsibilities to the client.

Contents engagement letter Generally it may contain:

The objective of the audit of financial statements. Managements responsibility for the financial statements. Managements responsibility for selection and consistent application of appropriate accounting policies.

Managements responsibility for preparation of the financial statements on a going concern basis. Managements responsibility for making judgments and estimates that are reasonable and prudent so as to give a true and fair view of the state of affairs of the entity at the end of the financial year and of the profit or loss of the entity for that period. Managements responsibility for the maintenance of adequate accounting records and internal controls for safeguarding the assets of the company and for preventing and detecting fraud or other irregularities. The scope of the audit, including reference to the applicable legislation, regulations, and the pronouncements of ICAI. The fact that having regard to the test nature of an audit, persuasive rather than conclusive nature of audit evidence together with inherent limitations of any accounting and internal control system, there is an unavoidable risk that even some material misstatements, resulting from fraud, and to a lesser extent error, if either exists, may remain undetected. Unrestricted access to whatever records, documentation and other information requested in connection with the audit.

The auditor may also include the following matters in the engagement letter:

Arrangements regarding the planning of the audit. Expectation of receiving from management written confirmation concerning representations made in connection with the audit. Request for the client to confirm the terms of the engagement by acknowledging receipt of the engagement letter. Description of any other letters or reports the auditor expects to issue to the client. Basis on which fees are computed and any billing arrangements.

Knowledge of the Business In performing an audit of financial statements, the auditor should have or obtain knowledge of the business sufficient to enable the auditor to identify and understand the events, transactions and practices that, in the auditors judgment, may have a significant effect on the financial statements or on the examination or audit report. Such knowledge is used by the auditor in assessing inherent and control risks and in determining the nature, timing and extent of audit procedures. The auditors level of knowledge for an engagement would include:

A general knowledge of the economy and the industry within which the entity operates, and A more particular knowledge of how the entity operates.

The level of knowledge required by the statutory auditor would, however, ordinarily be less than that possessed by management. But in case of internal auditor, the knowledge level should be equal to that of management as the auditor has to provide suggestions for improvement also. Knowledge of the Business Matters to Consider A. B. C. 1. General economic factors Pertaining to The industry to which client belongs Pertaining to The entity being audited such as Management and ownership important characteristics 1. The entitys business -products, markets, suppliers, expenses, operations. 2. Financial performance -factors concerning the entitys financial condition and profitability. 3. Reporting environment-external influences which affect management in the preparation of the financial statements. 4. Legislation-laws that affect the entity being audited. Obtaining the Knowledge Prior to accepting an engagement, the auditor would obtain a preliminary knowledge of the industry and of the nature of ownership, management and operations of the entity to be audited. Following acceptance of the engagement, further and more detailed information should be obtained. To the extent practicable, the auditor should obtain the required knowledge at the start of the engagement. For continuing engagements, the auditor should update and re-evaluate information gathered previously, including information in the prior years working papers. Why is knowledge of business needed? Knowledge of the business is a frame of reference within which the auditor exercises professional judgment. Understanding the business and using this information appropriately assists the auditor in:

Assessing risks and identifying problems. Planning and performing the audit effectively and efficiently. Evaluating audit evidence. Providing better service to the client.

Sources of knowledge of clients business:

The clients annual reports to shareholders. Minutes of meetings of shareholders, board of directors and important committees. Internal financial management reports for current and previous periods, including budgets, if any. The previous years audit working papers and other relevant files. Firm personnel responsible for non-audit services to the client who may be able to provide information on matters that may affect the audit. Discussions with client. The clients policy and procedures manual. Relevant publications of ICAI and other professional bodies, industry publications, trade journals, magazines, newspapers or text books. Visits to the clients premises and plant facilities.

The auditor should ensure that the audit staff assigned to an audit engagement obtains sufficient knowledge of the business to enable them to carry out the audit work delegated to them. To make effective use of knowledge about the business, the auditor should consider how it affects the financial statements taken as a whole and whether the assertions in the financial statements are consistent with the auditors knowledge of the business. Audit plans and programs AAS-1 Basic Principles Governing an Audit, states: The auditor should plan his work to enable him to conduct an effective audit in an efficient and timely manner. Plans should be based on a knowledge of the clients business. Audit plan should be prepared before commencing an audit. Contents of plan Plans should be made to cover, among other things: a) Acquiring knowledge of the clients accounting systems, policies and internal control procedures; b) Establishing the expected degree of reliance to be placed on internal control; c) Determining and programming the nature, timing, and extent of the audit procedures to be performed; and d) Co-ordinating the work to be performed. Plans should be further developed and revised as necessary during the course of the audit. Use of audit planning

Adequate audit planning helps to:

Ensure that appropriate attention is devoted to important areas of the audit; Ensure that potential problems are promptly identified; Ensure that the work is completed expeditiously; Delegate the work to the assistants properly; and Co-ordinate the work done by other auditors and experts.

Factors affecting audit plan

Complexity of the audit, The environment in which the entity operates, His previous experience with the client and Knowledge of the clients business.

Discussion with the client Discussion with the client helps in obtaining the knowledge of clients business and also in planning the audit. The auditor may wish to discuss elements of his overall plan and certain audit procedures with the client to improve the efficiency of the audit and to coordinate audit procedures with work of the clients personnel. The overall audit plan and the audit programme, however, remain the auditors responsibility. Discussions with the client might include such subjects as:

Changes in management, or in structure, and activities of the client. Current Government legislation, rules, regulations and directives affecting the client. Current business developments affecting the client. Current or impending financial difficulties or accounting problems. Existence of parties in whom directors or persons who are substantial owners of the entity are interested and with whom transactions are likely. New or closed premises and plant facilities. Recent or impending changes in technology, type of products or services and production or distribution methods. Significant matters arising from previous years financial statements, audit report and management letters, if any. Changes in the accounting practices and procedures and in the system of internal control. Scope and timing of the examination. Assistance of client personnel in data preparation. Relevance of any work to be carried out by the clients internal auditors.

Stage of audit planning Planning should be continuous throughout the engagement and involves

Developing an overall plan for the expected scope and conduct of the audit; Developing an audit programme showing the nature, timing and extent of audit procedures.

Development of an Overall Plan The auditor should consider the following matters in developing his overall plan for the expected scope and conduct of the audit:

The terms of his engagement and any statutory responsibilities. The nature and timing of reports or other communication. The applicable legal or statutory requirements. The accounting policies adopted by the client and changes in those policies. The effect of new accounting or auditing pronouncements on the audit. The identification of significant audit areas. The setting of materiality levels for audit purposes. Conditions requiring special attention, such as the possibility of material error or fraud or the involvement of parties in whom directors or persons who are substantial owners of the entity are interested and with whom transactions are likely. The degree of reliance he expects to be able to place on accounting system and internal control. Possible rotation of emphasis on specific audit areas. The nature and extent of audit evidence to be obtained. The work of internal auditors and the extent of their involvement, if any, in the audit. The involvement of other auditors in the audit of subsidiaries or branches of the client. The involvement of experts. The allocation of work to be undertaken between joint auditors and the procedures for its control and review. Establishing and coordinating staffing requirements.

The auditor should document his overall plan. The form and extent of the documentation will vary depending on the size and complexity of the audit. A time budget, in which hours are budgeted for the various audit areas or procedures, can be an effective planning tool. Developing the Audit Programme The auditor should prepare a written audit programme setting forth the procedures that are needed to implement the audit plan. The programme may also contain the audit objectives for each area and should have sufficient details to serve as a set of instructions to the assistants involved in the audit and as a means to control the proper execution of the work. In preparing the audit programme, the auditor, having an understanding of the accounting system and related internal controls, may wish to rely on certain internal controls in determining the

nature, timing and extent of required auditing procedures. The auditor may conclude that relying on certain internal controls is an effective and efficient way to conduct his audit. However, the auditor may decide not to rely on internal controls when there are other more efficient ways of obtaining sufficient appropriate audit evidence. The auditor should also consider the following while drafting an audit program:

The timing of the procedures, The coordination of any assistance expected from the client, The availability of assistants, and The involvement of other auditors or experts.

The auditor normally has flexibility in deciding when to perform audit procedures. However, in some cases, the auditor may have no discretion as to timing, for example,

When observing the taking of inventories by client personnel or Verifying the securities and cash balances at the year-end.

Audit Documentation AAS 1 Basic Principles Governing an Audit states: The auditor should document matters which are important in providing evidence that the audit was carried out in accordance with the basic principles. Documentation refers to the working papers prepared or obtained by the auditor and retained by him, in connection with the performance of his audit. Importance of working papers Working papers:

Aid in the planning and performance of the audit; Aid in the supervision and review of the audit work; and Provide evidence of the audit work performed to support the auditors opinion.

Form and Content of working papers Working papers should record the audit plan, the nature, timing and extent of auditing procedures performed, and the conclusions drawn from the evidence obtained. The form and content of working papers are affected by matters such as:

The nature of the engagement.

The form of the auditors report. The nature and complexity of the clients business. The nature and condition of the clients records and degree of reliance on internal controls. The needs in particular circumstances for direction, supervision and review of work performed by assistants.

Working papers should be designed and properly maintained to meet the circumstances of each audit and the auditors needs in respect thereof. The maintenance of working papers (for example checklists, specimen letters, standard working papers) improves the efficiency with which they are prepared and reviewed. It also facilitates the delegation of work while providing a means to control its quality. Working papers should be sufficiently complete and detailed for an auditor to obtain an overall understanding of the audit. The extent of documentation is a matter of professional judgment since it is neither necessary nor practical that every observation, consideration or conclusion is documented by the auditor in his working papers All significant matters which require the exercise of judgment, together with the auditors conclusion thereon, should be included in the working papers. To improve audit efficiency, the auditor normally obtains and schedules, analyses and other working papers prepared by the client. In such circumstances, the auditor should satisfy himself that these working papers have been properly prepared. Examples of such working papers are detailed analyses of important revenue accounts, receivables, etc. In the case of recurring audits, some working paper files may be classified as

Permanent audit files which are updated currently with information of continuing importance to succeeding audits, Current audit files which contain information relating primarily to the audit of a single period.

Contents of permanent audit file A permanent audit file normally includes:

Information concerning the legal and structure of the entity. In the case of a company, this includes the Memorandum and Articles of Association. In the case of a statutory corporation, this includes the Act and Regulations under which the corporation functions. Extracts or copies of important legal documents, agreements and minutes relevant to the audit. A record of the study and evaluation of the internal controls related to the accounting system. This might be in the form of narrative descriptions, questionnaires or flow charts, or some combination thereof.

Copies of audited financial statements for previous years. Analysis of significant ratios and trends. Copies of management letters issued by the auditor, if any. Record of communication with the retiring auditor, if any, before acceptance of the appointment as auditor. Notes regarding significant accounting policies. Significant audit observations of earlier years.

Contents of current audit file The current file normally includes:

Correspondence relating to acceptance of annual reappointment. Extracts of important matters in the minutes of Board Meetings and General Meetings, as are relevant to audit. Evidence of the planning process of the audit and audit programme. Analysis of transactions and balances. A record of the nature, timing and extent of auditing procedures performed, and the results of such procedures. Evidence that the work performed by assistants was supervised and reviewed. Copies of communications with other auditors, experts and other third parties. Copies of letters or notes concerning audit matters communicated to or discussed with the client, including the terms of the engagement and material weaknesses in relevant internal controls. Letters of representation or confirmation received from the client. Conclusions reached by the auditor concerning significant aspects of the audit, including the manner in which exceptions and unusual matters, if any, disclosed by the auditors procedures were resolved or treated. Copies of the financial information being reported on and the related audit reports

Ownership and Custody of Working Papers Working papers are the property of the auditor. The auditor may, at his discretion, make portions of or extracts from his working papers available to his client. The auditor should adopt reasonable procedures for custody and confidentiality of his working papers and should retain them for a period of time sufficient to meet the needs of his practice and satisfy any pertinent legal or professional requirements of record retention. Quality in Audit We know that auditor has an important job to do. His report is relied by many-in case of external audit by external stakeholders, in case of internal audit by Management. Hence if quality in his work is lost due to absence of qualities in auditor himself, the whole objective of audit is lost. Hence it becomes important that qualities are maintained and augmented in audits.

Quality in audit can be brought about by:

By auditors themselves By the audit regulating bodies

How does auditor himself bring in quality in audit? AAS-17 stipulates that Quality control policies and procedures should be implemented at both the level of the audit firm and on individual audits. Some provisions of this standard are produced here below: At the level of audit firm

The audit firm should implement quality control policies and procedures designed to ensure that all audits are conducted in accordance with Statements on Standards. The objectives of the quality control policies are as follows =Professional Requirements: -Personnel in the audit firm are to adhere to the principles of Independence, Integrity, Objectivity, Confidentiality and Professional Behavior. =Skills and Competence -The firm is to be staffed by personnel who have attained and maintain the Technical Standards and Professional Competence required to enable them to fulfill their responsibilities with Due Care. =Assignment: -Audit work is to be assigned to personnel who have the degree of technical training and proficiency required in the circumstances. =Delegation: -There is to be sufficient direction, supervision and review of work at all levels to provide reasonable assurance that the work performed meets appropriate standards of quality. =Consultation: -Whenever necessary, consultation within or outside the firm is to occur with those who have appropriate expertise. =Acceptance and Retention of Clients:

-An evaluation of prospective clients and a review, on an ongoing basis, of existing clients is to be conducted. In making a decision to accept or retain a client, the firms independence and ability to serve the client properly are to be considered. =Monitoring: -The continued adequacy and operational effectiveness of quality control policies and procedures is to be monitored. -The firms general quality control policies and procedures should be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood and implemented. At the level of Individual Audits =The auditor should implement those quality control procedures which are, in the context of the policies and procedures of the firm, appropriate to the individual audit. How is quality in audit brought by regulating bodies? The regulating bodies like ICAI or IIA have established various measures whereby the integrity, competence and quality of auditing profession is continuously safeguarded. Some steps taken by ICAI are as follows:

Code of conduct for the members -ICAI has a code of conduct which if not followed would be considered as professional misconduct whereby the offending member would be subject to disciplinary action by the Institute.

Disciplinary Actions -For professional misconduct on receipt of any compliant disciplinary action after due hearing of the case can be initiated by the Institute. The action can be to the level of canceling the license to practice.

Peer review -ICAI has recently introduced for its practicing members a Peer Review exercise. Under it, one qualified Chartered Accountant (Peer Reviewer) would review the auditing process and reporting pattern of an audit firm or practicing Chartered Accountant. The rating of firm or CA would be done based on the review done by Peer Reviewer. This would help the members of ICAI to go for better rating by improving the quality of their work.

Quality review -In case of Quality review, a Committee constituted by the Institute and Government (DCA) would review a particular audit assignment done by an auditor. If any malpractice, misconduct or deficiency is observed the disciplinary action against the member is started. -Similar provision exist in SOX

Continuing Programmes of Education(CPE) -Members of ICAI have to undergo minimum 20 hours of Continuing Programs of Education every year where they will learn about new knowledge areas related to their field. This would enhance their skill and competence which would lead to better quality of audit.

Similarly all over the world the regulating bodies are bringing in quality in audit and assurance service, which is essential for financial health of the economy. Audit reports AAS-1 on Basic Principles Governing an Audit lays down that one of the Basic Principles in audit is Conclusions and Reporting and provides the following explanation. The auditor should review and assess the conclusions drawn from the audit evidence obtained and from his knowledge of business of the entity as the basis for the expression of his opinion on the financial information. This review and assessment involves forming an overall conclusion as to whether: (a) The financial information has been prepared using acceptable accounting policies, which have been consistently applied; (b) The financial information complies with relevant regulations and statutory requirements; If there is adequate disclosure of all material matters relevant to the proper presentation of the financial information, subject to statutory requirements. The auditors report should contain a clear written expression of opinion on the financial statements taken as a whole. Contents of Auditors Report The statutory auditors report includes the following basic elements, ordinarily, in the following layout:

1. a.Title; 2. b.Addressee; 3. c.Opening or introductory paragraph 1. i.identification of the financial statements audited; 2. ii.a statement of the responsibility of the entitys management and the responsibility of the auditor; 4. d.Scope paragraph (describing the nature of an audit) 1. i.a reference to the auditing standards generally accepted in India; 2. ii.a description of the work performed by the auditor; 5. e.Opinion paragraph containing 1. i.a reference to the financial reporting framework used to prepare the financial statements; and 2. ii.an expression of opinion on the financial statements; 6. f.Date of the report; 7. g.Place of signature; and 8. h.Auditors signature. A measure of uniformity in the form and content of the auditors report is desirable because it helps to promote the readers understanding of the auditors report and to identify unusual circumstances when they occur. A statute governing the entity or a regulator may require the auditor to include certain matters in the audit report or prescribe the form in which the auditor should issue his report. In such a case, the auditor should incorporate in his audit report, the matters specified by the statute or regulator and/or report in the form prescribed by them in addition to the requirements of this AAS. Title The auditors report should have an appropriate title. It may be appropriate to use the term Auditors Report. Addressee The auditors report should be appropriately addressed as required by the circumstances of the engagement and applicable laws and regulations. Ordinarily, the auditors report is addressed to the authority appointing the auditor. Opening or Introductory Paragraph The auditors report should identify the financial statements of the entity that have been audited, including the date of and period covered by the financial statements. The report should include a statement that the financial statements are the responsibility of the entitys management and a statement that the responsibility of the auditor is to express an opinion on the financial statements based on the audit.

Scope Paragraph The auditors report should describe the scope of the audit by stating that th e audit was conducted in accordance with auditing standards generally accepted in India. The reader needs this as an assurance that the audit has been carried out in accordance with established standards. The report should include a statement that the audit was planned and performed to obtain reasonable assurance whether the financial statements are free of material misstatement. The auditors report should describe the audit as including:

Examining, on a test basis, evidence to support the amounts and disclosures in financial statements; Assessing the accounting principles used in the preparation of the financial statements; Assessing the significant estimates made by management in the preparation of the financial statements; and Evaluating the overall financial statement presentation.

The report should include a statement by the auditor that the audit provides a reasonable basis for his opinion. Opinion Paragraph The opinion paragraph of the auditors report should clearly indicate the financial rep orting framework used to prepare the financial statements and state the auditors opinion as to whether the financial statements give a true and fair view in accordance with that financial reporting framework and, where appropriate, whether the financial statements comply with the statutory requirements. In addition to an opinion on the true and fair view, the auditors report may need to include an opinion as to whether the financial statements comply with other requirements specified by relevant statutes or law. Date of Report The date of an auditors report on the financial statements is the date on which the auditor signs the report expressing an opinion on the financial statements. The date of report informs the reader that the auditor has considered the effect on the financial statements and on the report of the events and transactions of which the auditor became aware and that occurred up to that date. What is True and Fair? What is true and fair is not defined in any Act. Hence auditors might have to use their judgment to find out what is true and fair. But the Courts and Law have defined that true and fair includes the following:

No under-valuation or over-valuation of items in financial statements. No omission of income, expense, asset or liability. Disclosure of charges on assets, contingent liabilities etc. Disclosures required by any Law are complied. Accounting Standards, Accounting Conventions and Policies are followed by the Company. All unusual, exceptional, non-recurring items are disclosed separately. Accrual basis of accounting is followed.

Types of Auditors Report and opinions in Audit Report Types of auditors report are based on types of opinion given by the auditor. The auditors opinion can be of the following types: An unqualified opinion should be expressed when the auditor concludes that the financial statements give a true and fair view in accordance with the financial reporting framework used for the preparation and presentation of the financial statements. An unqualified opinion indicates, implicitly, that any changes in the accounting principles or in the method of their application, and the effects thereof, have been properly determined and disclosed in the financial statements. An unqualified opinion also indicates that:

The financial statements have been prepared using the generally accepted accounting principles, which have been consistently applied; The financial statements comply with relevant statutory requirements and regulations; and There is adequate disclosure of all material matters relevant to the proper presentation of the financial information, subject to statutory requirements, where applicable.

A qualified opinion should be expressed when the auditor concludes that an unqualified opinion cannot be expressed but that the effect of any disagreement with management is not so material and pervasive as to require an adverse opinion, or limitation on scope is not so material and pervasive as to require a disclaimer of opinion. A qualified opinion should be expressed as being subject to or except for the effects of the matter to which the qualification relates. A disclaimer of opinion should be expressed when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and is, accordingly, unable to express an opinion on the financial statements. An adverse opinion should be expressed when the effect of a disagreement is so material and pervasive to the financial statements that the auditor concludes that a qualification of the report is not adequate to disclose the misleading or incomplete nature of the financial statements.

Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all the substantive reasons should be included in the report and, unless impracticable, a quantification of the possible effect(s), individually and in aggregate, on the financial statements should be mentioned in the auditors report. A model Audit Report is provided in Appendix A. CARO & Special Audit Reports CARO is Companies Auditors Report Order issued by Central Government and applicable to the audit reports issued after 1-7-03.

Earlier version of CARO was MAOCARO 1988 CARO is not applicable to: =>Banking companies or insurance companies =>Private limited companies generally except in all the following cases: -Paid up capital plus reserves are more than Rs.50 lakh -The company has Accepted public deposits -Loans are outstanding of more than Rs.10 lakh in the books of the company -The turnover is more than 5 cr. =>Auditor makes his observation on each of the matters mentioned in this Order if they are applicable to the company he audits. =>CARO is important to a company and its internal auditor because it mentions specifically regarding effectiveness of internal control and internal audit.

Areas covered in CARO are provided in Appendix 2 Special audit reports Special audit reports are required in the following cases: 1. Central Government orders such special audit under section 233 A. 2. As a part of investigation or special assignment any audit report is required like: a. Statutory Report in the after flotation of a company b. For a report in the prospectus.

c. A report of an Inspector under the section 235 or 237 of the Companies Act. 3. For Non-statutory matters like: a) Investigation for valuation of shares in private companies. b) Investigation on behalf of a bank proposing to advance loan to a company. c) Investigation of frauds. d) Investigation on behalf of company as to take over or merger. e) Investigation in connection with review of profit/financial forecast. f) Investigation for receipt of royalty. g) Investigation for an importer or exporter for obtaining a license. Similarly for Review and Compilation assignment, for internal audit and other types of audit different types of reports are to be provide based on the objectives of those audit assignments.

Appendix A A Model Audit Report A model statutory audit report has been provided for better understanding of the contents of an audit report. REPORT OF THE AUDITORS TO THE MEMBERS OF M/s xxxxxxxxxx PRIVATE LIMITED, xxxxx We have audited the attached Balance Sheet of M/s xxxxxxxxxx PRIVATE LIMITED, xxxxx as at 31st March, 2006 and Profit and Loss Account for the year ended on that date annexed thereto. These financial statements are the responsibility of the management. Our responsibility is to express an opinion on these financial statements based on our audit. 1. We conducted our audit in accordance with auditing standards generally accepted in India. Those Standards require that we plan and perform the audit to obtain reasonable

assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion. 2. As required by the Companies (Auditors Report) Order, 2003 issued by the Central Government of India in terms of Section 227(4A) of the Companies Act, 1956, we enclose in the Annexure a statement on the matters specified in paragraphs 4 and 5 of the said Order. 3. Further to our comments in the Annexure referred to in paragraph 1 above:a) We have obtained all the information and explanations which to the best of our knowledge and belief were necessary for the purpose of the audit: b) In our opinion, proper books of account as required by law have been kept by the Company so far as appears from our examination of the books; c) The Balance Sheet and Profit and Loss Account dealt with by this Report are in agreement with the books of account: d) In our opinion and to the best of our information the Balance Sheet and the Profit & Loss Account comply with the Accounting Standards referred to in Section 211(3c) of the Companies Act 1956. e) On the basis of the written representation received from the directors as on March 31, 2006 and taken on record by the Board of Directors, we report that none of the director is disqualified as on March 31, 2006 from being appointed as a Director in terms of clause (g) of sub-section (1) of Section 274 of the Companies Act, 1956 as on 31st March 2006, due to his directorship in other public limited companies. The said accounts give the information; i) In the case of the Balance Sheet, of the state of affairs of the Company as at 31st March 2006. and ii) In the case of the Profit and Loss Account, of the profit/Loss for the year ended on that date.

For xxxxxxx ASSOCIATES CHARTERED ACCOUNTANTS

PLACE : xxxxxx DATE : xxxxx-2006 xxxxxxxxxxxxxxxxxxxx PARTNER Appendix B CARO 2003 AREAS COVERED BY CARO 2003 Note: Statutory auditor reports on all these matters:

Whether the company is maintaining proper records showing full particulars, including quantitative details and situation of fixed assets? Whether these fixed assets have been physically verified by the management at reasonable intervals? Whether any material discrepancies were noticed on such verification? If so, whether the same have been properly dealt with in the books of account? If substantial part of fixed assets has been disposed off during the year, whether it has affected the going concern? Whether physical verification of inventory has been conducted at reasonable intervals by the management? Are the procedures of physical verification of inventory followed by the management reasonable and adequate in relation to the size of the company and the nature of its business? If not, the inadequacies in such procedures should be reported. Whether the company is maintaining proper records of inventory and whether any material discrepancies were noticed on physical verification and if so, whether the same have been properly dealt with in the books of account? Has the company either granted or taken any loans, secured or unsecured to/from companies, firms or other parties in the register maintained under section 301 of the Act? If so, give the number of parties and amount involved in the transactions. Whether the rate of interest and other terms and during conditions of loans given or taken by the company, secured or unsecured, are prima facie prejudicial to the interest of the company? Whether the payment of principal amount and interest are also regular? If overdue amount is more than one lakh, whether reasonable steps have been taken the company for recovery/ payment of the principal and interest? Is there and adequate internal control procedure commensurate with the size of the company and the nature of its business, for the purpose of inventory and fixed assets and for the sale of goods? Whether there is a continuing failure to correct major weaknesses in internal control? Whether transactions that need to be entered into a register in pursuance of section 301 of the Act have been so entered?

Whether each of these transactions has been made at prices which are reasonable having regard to the prevailing market prices at the relevant time? In case the company has accepted deposits from the public, whether the directives issued by the Reserve Bank of India and the provision of the sections 58A and 58AA of the Act and the rules framed thereunder, where applicable, have been complied with? If not, the nature of contraventions should be stated; if an order has been passed by Company Law Board whether the same has been complied with or not? In the case of listed companies and/or other companies having a paid up capital and reserves exceeding Rs.50 lakh as at the commencement of the financial year concerned, or having an average annual turnover exceeding five crore rupees for a period of three consecutive financial years immediately preceding the financial year concerned, whether the company has an internal audit system commensurate with its size and nature of its business? Where maintenance of cost records has been prescribed by the Central Government under Section 209 (1) (d) of the Companies Act, 1956 (1 of 1956), whether such accounts and records have been maintained? Is the company regular in depositing undisputed statutory dues including provident fund, investor education and protection fund, employees state insurance, income-tax, sales-tax, wealth-tax, custom duty, excise duty, cess and any other statutory dues with the appropriate authorities? If not, the extent of the arrears of outstanding statutory dues as at the last day of the financial year concerned for a period of more than six months from the date they became payable, shall be indicated by the auditor. In case of sales tax/income tax/custom tax (duty/ wealth tax/ excise duty/ cess have been deposited on account of any dispute, then the amounts involved and the forum where dispute is pending may please be mentioned.(Mere representation to the Department shall not constitute dispute.) Whether in case of company which has been registered for a period not less than five years, its accumulated losses at the end of the financial year are not less than fifty per cent of its worth and whether it has incurred cash losses in such financial year and in the financial year immediately preceding such financial year also. Whether the company has defaulted in repayment of dues to a financial institution or bank or debenture holders? If yes, the period and amount of default to be reported. Whether adequate documents and records are maintained in cases where the company has granted loans and advances on the basis of security by way of pledge of shares, debentures and other securities? if not, the deficiencies to be pointed out. Whether the provisions of any special statute applicable to chit fund have been duly complied with? If the company is dealing or trading in shares, securities, debentures and other investments, whether proper records have been maintained of the transactions and contracts and whether timely entries have been made therein; also whether the shares, securities, debentures and other securities have been held by the company, in its own name except to the extent of the exemption, if any, granted under section 49 of the Act. Whether the company has given any guarantee for loans taken by others from bank or financial institutions, the terms and conditions whereof are prejudicial to the interest of the company? Whether the term loans were applied for the purpose for which the loans were obtained?

Whether the funds raised on short-term basis have been used for long term investment and vice versa. If yes, the nature and amount is to be indicated. Whether the company has made any preferential allotment of shares to parties and companies covered in the Register maintained under Section 301 of the Act? If so, whether the price at which shares have been issued is prejudicial to the interest of the company. Whether securities have been created in respect of debentures issued? Whether the management has disclosed the end use of money raised by public issues and the same has been verified? Whether any fraud on or by the company has been noticed or reported during the year? If yes, the nature and the amount involved is to be indicated.

Summary

Audit engagement letter and knowledge of business is essential before starting an audit. Audit plan includes overall plan and audit program. Audit documentation is very important for auditor to prove that he has done his job. Audit quality can be reached by auditors themselves or through regulation by Auditing bodies. Many a quality control measures have been provided by ICAI. Audit reports provide the assurance and conclusion to an audit. True and Fair is determined in relation to various factors. Audit opinion can be unqualified, qualified, adverse or disclaimer. Audit reports for special purpose include details, specific to the audit objective. Model audit report and contents of CARO prove that audit is indeed a vast subject covering many areas and not just checking or ticking of books of account.

References: 1. Contemporary Auditing 5TH ED. -KAMAL GUPTA Publisher : Tata-McGraw Hill Publishing Company Ltd. 2. Dr Kamal Gupta - Advanced Auditing and Contemparary Auditing Tata McGraw-Hill 3. Fundamentals of Auditing Kamal Gupta & Ashok Gupta -Tata Mcgraw Hill 4. Advanced and Management Auditing by R. Murali C.Sitaraman & Company, 37/1 Royapettah High Road, Chennai-600014 5. A Hand Book Of Practical Auditing -By Tandon / S.Chand & Company Ltd. 6. The Institute of Chartered Accountants of India- Publications

(Address:Director of Studies, ICAI, C-1, Sector-1, NOIDA-201301, UP, India) 1. Compendium of Statements and Standards Accounting and Auditing 2. Issues on the Companies (Auditors Report) Order,2003 3. Handbook of Auditing Pronouncement Volume I & II (As on Feb,2005) Websites: 1. The Institute of Chartered Accountants of India-www.icai.org 2. The Institute of internal auditors(IIA)-www.theiia.org 3. Information System Control and Audit Association www.isaca.org

Copyright 2009 SMU Powered by Sikkim Manipal University .