AUDITOR'S REPORT PRESCRIBED BY LAW OR REGULATION

AUDITOR’S REPORT PRESCRIBED BY LAW OR REGULATION

If the auditor is required by law or regulation to use a specific layout, or wording of the auditor’s report, the auditor’s report shall refer to Standards on Auditing only if the auditor’s report includes, at a minimum, each of the following elements:

(a) A title.

(b) An addressee, as required by the circumstances of the engagement.

(c) An Opinion section containing an expression of opinion on the financial statements and a reference to the applicable financial reporting framework used to prepare the financial statements.

(d) An identification of the entity’s financial statements that have been audited.

(e) A statement that the auditor is independent of the entity in accordance with the relevant ethical requirements relating to the audit, and has fulfilled the auditor’s other ethical responsibilities in accordance with these requirements. The statement shall refer to the Code of Ethics issued by ICAI.

(f) Where applicable, a section that addresses, and is not inconsistent with, the reporting requirements relating to going concern as per SA 570 (Revised).

(g) Where applicable, a Basis for Qualified (or Adverse) Opinion section that addresses, and is not inconsistent with, the reporting requirements relating to going concern as per SA 570 (Revised).

(h) Where applicable, a section that includes the information required by SA 701, or additional information about the audit that is prescribed by law or regulation and that addresses, and is not inconsistent with, the reporting requirements in that SA.

(i) A description of management’s responsibilities for the preparation of the financial statements and an identification of those responsible for the oversight of the financial reporting process that addresses, and is not inconsistent with, the requirements as contained in this SA 700.

(j)  A reference to Standards on Auditing and the law or regulation, and a description of the auditor’s responsibilities for an audit of the financial statements that addresses, and is not inconsistent with, the requirements as contained in this SA 700.

(k) The auditor’s signature.

(l) The Place of signature.

(m) The date of the auditor’s report.

AUDITOR'S REPORT

AUDITOR'S REPORT

Auditor’s Report for Audits Conducted in Accordance with Standards on Auditing

Basic Elements of an Audit Report are given below:

1 Title: The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor.

For example, “Independent Auditor’s Report,” distinguishes the independent auditor’s report from reports issued by others.

2. Addressee: The auditor’s report shall be addressed, as appropriate, based on the circumstances of the engagement. Law, regulation or the terms of the engagement may specify to whom the auditor’s report is to be addressed.

The auditor’s report is normally addressed to those for whom the report is prepared, often either to the shareholders or to those charged with governance of the entity whose financial statements are being audited.

3. Auditor’s Opinion: The first section of the auditor’s report shall include the auditor’s opinion, and shall have the heading “Opinion.”

The Opinion section of the auditor’s report shall also:

(a) Identify the entity whose financial statements have been audited;

(b) State that the financial statements have been audited;

(c) Identify the title of each statement comprising the financial statements;

(d) Refer to the notes, including the summary of significant accounting policies; and

(e) Specify the date of, or period covered by, each financial statement comprising the financial statements.

When the auditor expresses an unmodified opinion, it is not appropriate to use phrases such as “with the foregoing explanation” or “subject to” in relation to the opinion, as these suggest a conditional opinion or a weakening or modification of opinion.

4. Basis for Opinion:  The auditor’s report shall include a section, directly following the Opinion section, with the heading “Basis for Opinion”, that:

(a) States that the audit was conducted in accordance with Standards on Auditing;

(b) Refers to the section of the auditor’s report that describes the auditor’s responsibilities under the SAs;

(c) Includes a statement that the auditor is independent of the entity in accordance with the relevant ethical requirements relating to the audit and has fulfilled the auditor’s other ethical responsibilities in accordance with these requirements.

(d) States whether the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s opinion.

5. Going Concern: Where applicable, the auditor shall report in accordance with SA 570 (Revised).

6. Key Audit Matters: For audits of complete sets of general purpose financial statements of listed entities, the auditor shall communicate key audit matters in the auditor’s report in accordance with SA 701.

When the auditor is otherwise required by law or regulation or decides to communicate key audit matters in the auditor’s report, the auditor shall do so in accordance with SA 701.

SPECIFIC EVALUATION BY THE AUDITOR

 Specific Evaluations by the Auditor 

In particular, the auditor shall evaluate whether :

(a) The financial statements adequately disclose the significant accounting policies selected and applied;

(b) The accounting policies selected and applied are consistent with the applicable financial reporting framework and are appropriate;

(c) The accounting estimates made by management are reasonable;

(d) The information presented in the financial statements is relevant, reliable, comparable, and understandable;

(e) The financial statements provide adequate disclosures to enable the intended users to understand the effect of material transactions and events on the information conveyed in the financial statements; and

(f) The terminology used in the financial statements, including the title of each financial statement, is appropriate.

QUALITATIVE ASPECTS OF THE ENTITY ACCOUNTING PRACTICES

Qualitative Aspects of the Entity’s Accounting Practices

1. Management makes a number of judgments about the amounts and disclosures in the financial statements.

2. SA 260 (Revised) contains a discussion of the qualitative aspects of accounting practices.

3. In considering the qualitative aspects of the entity’s accounting practices, the auditor may become aware of possible bias in management’s judgments. The auditor may conclude that lack of neutrality together with uncorrected misstatements causes the financial statements to be materially misstated. Indicators of a lack of neutrality include the following:

(i) The selective correction of misstatements brought to management’s attention during the audit.

(ii) Possible management bias in the making of accounting estimates.

4. SA 540 addresses possible management bias in making accounting estimates.

EVALUATION BY THE AUDITOR

 Evaluations by the Auditor

The auditor shall evaluate whether the financial statements are prepared in accordance with the requirements of the applicable financial reporting framework.

This evaluation shall include consideration of the qualitative aspects of the entity’s accounting practices, including indicators of possible bias in management’s judgments.

OBJECTIVE OF THE AUDITOR

FORMING AN OPINION ON THE FINANCIAL STATEMENTS- OBJECTIVE OF THE AUDITOR 

 Objective of the Auditor as per SA 700 

The objectives of the auditor as per SA 700 (Revised), “Forming An Opinion And Reporting On Financial Statements” are: 

(a) To form an opinion on the financial statements based on an evaluation of the conclusions drawn from the audit evidence obtained; and

(b) To express clearly that opinion through a written report.

The auditor shall form an opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework.

AUDIT REPORT (INTRODUCTION)

INTRODUCTION  (AUDIT REPORT)

• Management is responsible for the preparation of the financial statements. Management also accepts responsibility for necessary internal controls to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. 
• The purpose of an audit is to enhance the degree of confidence of intended users of the financial statement.
•  The aforesaid purpose is achieved by the expression of an independent reporting by the auditor as to whether the financial statements exhibit a true and fair view of the affairs of the entity.
• Thus, an Audit report is an opinion drawn on the entity’s financial statements to make sure that the records are true and fair representation of the transactions they claim to represent.
•  This involves considering whether the financial statements have been prepared in accordance with an acceptable financial reporting framework applicable to the entity under audit. It is also necessary to consider whether the financial statements comply with the relevant statutory requirements.
•  The main users of audit report are shareholders, members and all other stakeholders of the company.

POWERS/RIGHTS OF AUDITORS

POWERS/RIGHTS OF AUDITORS

The auditor has the following powers/rights while conducting an audit:

(a) Right of access to books, etc.–Section 143(1) of the Act provides that the auditor of a company, at all times, shall have a right of access to the books of account and vouchers of the company, whether kept at the registered office of the company or at any other place and he is entitled to require from the officers of the company such information and explanation as he may consider necessary for the performance of his duties as auditor.

It may be noted that according to section 2(59) of the Act, the term ‘officer’ includes any director, manager or key managerial personnel or any person in accordance with whose directions or instructions the Board of Directors or any one or more of the directors is or are accustomed to act;

The phrase ‘books, accounts and vouchers’ includes all books which have any bearing, or are likely to have any bearing on the accounts, whether these be the usual financial books or the statutory or statistical books; memoranda books, e.g., inventory books, costing records and the like may also be inspected by the auditor. Similarly the term ‘voucher’ includes all or any of the correspondence which may in any way serve to vouch for the accuracy of the accounts. Thus, the right of access is not restricted to books of account alone and it is for the auditor to determine what record or document is necessary for the purpose of the audit.

The right of access is not limited to those books and records maintained at the registered or head office so that in the case of a company with branches, the right also extends to the branch records, if the auditor considers it necessary to have access thereto as per Section143(8).

(b) Right to obtain information and explanation from officers - This right of the auditor to obtain from the officers of the company such information and explanations as he may think necessary for the performance of his duties as auditor is a wide and important power. In the absence of such power, the auditor would not be able to obtain details of amount collected by the directors, etc. from any other company, firm or person as well as of any benefits in kind derived by the directors from the company, which may not be known from an examination of the books. It is for the auditor to decide the matters in respect of which information and explanations are required by him. When the auditor is not provided the information required by him or is denied access to books, etc., his only remedy would be to report to the members that he could not obtain all the information and explanations he had required or considered necessary for the performance of his duties as auditors.

(c) Right to receive notices and to attend general meeting – The auditors of a company are entitled to attend any general meeting of the company (the right is not restricted to those at which the accounts audited by them are to be discussed); also to receive all the notices and other communications relating to the general meetings, which members are entitled to receive and to be heard at any general meeting in any part of the business of the meeting which concerns them as auditors.

Section 146 of the Companies Act, 2013 discusses right as well as duty of the auditor. According to the section 146:
“all notices of, and other communications relating to, any general meeting shall be forwarded to the auditor of the company, and the auditor shall, unless otherwise exempted by the company, attend either by himself or through his authorised representative, who shall also be qualified to be an auditor, any general meeting and shall have right to be heard at such meeting on any part of the business which concerns him as the auditor.”

Thus, it is right of the auditor to receive notices and other communications relating to any general meeting and to be heard at such meeting, relating to the matter of his concern, however, it is duty of the auditor to attend the same or through his authorised representative unless otherwise exempted.

(d) Right to report to the members of the company on the accounts examined by him – The auditor shall make a report to the members of the company on the accounts examined by him and on every financial statements which are required by or under this Act to be laid before the company in general meeting and the report shall after taking into account the provisions of this Act, the accounting and auditing standards and matters which are required to be included in the audit report under the provisions of this Act or any rules made there under or under any order made under this section and to the best of his information and knowledge, the said accounts, financial statements give a true and fair view of the state of the company’s affairs as at the end of its financial year and profit or loss and cash flow for the year and such other matters as may be prescribed.

(e) Right to Lien – In terms of the general principles of law, any person having the lawful possession of somebody else’s property, on which he has worked, may retain the property for non-payment of his dues on account of the work done on the property. On this premise, auditor can exercise lien on books and documents placed at his possession by the client for non payment of fees, for work done on the books and documents. The Institute of Chartered Accountants in England and Wales has expressed a similar view on the following conditions:

(i) Documents retained must belong to the client who owes the money.

(ii) Documents must have come into possession of the auditor on the authority of the client. They must not have been received through irregular or illegal means. In case of a company client, they must be received on the authority of the Board of Directors.

(iii) The auditor can retain the documents only if he has done work on the documents assigned to him.

(iv) Such of the documents can be retained which are connected with the work on which fees have not been paid.

Under section 128 of the Act, books of account of a company must be kept at the registered office. These provisions ordinarily make it impracticable for the auditor to have possession of the books and documents. The company provides reasonable facility to auditor for inspection of the books of account by directors and others authorised to inspect under the Act. Taking an overall view of the matter, it seems that though legally, auditor may exercise right of lien in cases of companies, it is mostly impracticable for legal and practicable constraints. His working papers being his own property, the question of lien, on them does not arise.

SA 230 issued by ICAI on Audit Documentation (explanatory text, A- 25), “Standard on Quality Control (SQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services

CEILING ON NUMBER OF AUDITS

CEILING ON NUMBER OF AUDITS

It has been mentioned earlier that before appointment is given to any auditor, the company must obtain a certificate from him to the effect that the appointment, if made, will not result in an excess holding of company audit by the auditor concerned over the limit laid down in section 141(3)(g) of the Companies Act, 2013 which prescribes that a person who is in full time employment elsewhere or a person or a partner of a firm holding appointment as its auditor, if such person or partner is at the date of such appointment or reappointment holding appointment as auditor of more than twenty companies other than one person companies, dormant companies, small companies and private companies having paid-up share capital less than ` 100 crore, shall not be eligible for appointment as an Auditor of a Company.

In the case of a firm of auditors, it has been further provided that ‘specified number of companies’ shall be construed as the number of companies specified for every partner of the firm who is not in full time employment elsewhere.

This limit of 20 company audits is per person. In the case of an audit firm having 3 partners, the overall ceiling will be 3 × 20 = 60 company audits. Sometimes, a chartered accountant is a partner in a number of auditing firms. In such a case, all the firms in which he is partner or proprietor will be together entitled to 20 company audits on his account. Subject to the overall ceiling of company audits, how they allocate the 20 audits between themselves is their affairs.

Council General Guidelines, 2008 (Chapter VIII): In exercise of the powers conferred by clause (ii) of Part II of the Second Schedule to the Chartered Accountants Act, 1949, the Council of the Institute of Chartered Accountants of India hereby specifies that a member of the Institute in practice shall be deemed to be guilty of professional misconduct, if he holds at any time appointment of more than the “specified number of audit assignments of the companies under Section 224 and /or Section 226 of the Companies Act, 1956 (now section 141(3)(g) of the Companies Act, 2013).

It may be noted that in the case of a firm of chartered accountants in practice, the specified number of audit assignments shall be construed as the specified number of audit assignments for every partner of the firm.

It may also be noted that where any partner of the firm of chartered accountants in practice is also a partner of any other firm or firms of chartered accountants in practice, the number of audit assignments which may be taken for all the firms together in relation to such partner shall not exceed the specified number of audit assignments in the aggregate.

It is further provided that where any partner of a firm or firms of chartered accountants in practice accepts one or more audit assignments in his individual capacity, or in the name of his proprietary firm, the total number of such assignment which may be accepted by all firms in relation to such chartered accountant and by him shall not exceed the specified number of audit assignments in the aggregate.

(1) In computing the specified number of audit assignments-

(a) the number of such assignments, which he or any partner of his firm has accepted whether singly or in combination with any other chartered accountant in practice or firm of such chartered accountants, shall be taken into account.

(b) the number of partners of a firm on the date of acceptance of audit assignment shall be taken into account.

(c) a chartered accountant in full time employment elsewhere shall not be taken into account.

(2) A chartered accountant in practice as well as firm of chartered accountants in practice shall maintain a record of the audit assignments accepted by him or by the firm of chartered accountants, or by any of the partner of the firm in his individual name or as a partner of any other firm as far as possible, in the prescribed manner.

APPOINTMENT OF AUDITOR OTHER THAN RETIRING AUDITOR

 Appointment of Auditor Other Than Retiring Auditor

Section 140(4) lays down procedure to appoint an auditor other than retiring auditor who was removed-

(1) Special notice shall be required for a resolution at an annual general meeting appointing as auditor a person other than a retiring auditor, or providing expressly that a retiring auditor shall not be re-appointed, except where the retiring auditor has completed a consecutive tenure of five years or as the case may be, ten years, as provided under sub-section (2) of section 139.

(2) On receipt of notice of such a resolution, the company shall forthwith send a copy thereof to the retiring auditor.

(3) Where notice is given of such a resolution and the retiring auditor makes with respect thereto representation in writing to the company (not exceeding a reasonable length) and requests its notification to members of the company, the company shall, unless the representation is received by it too late for it to do so,-

    (a) in any notice of the resolution given to members of the company, state the fact of the                           representation having been made; and

    (b) send a copy of the representation to every member of the company to whom notice of the                meeting is sent, whether before or after the receipt of the representation by the company and if a          copy of the representation is not sent as aforesaid because it was received too late or because of          the company’s default, the auditor may (without prejudice to his right to be heard orally) require          that the representation shall be read out at the meeting.

Students may note that if a copy of representation is not sent as aforesaid, a copy thereof shall be field with the Registrar.
Curtailing right of the auditor regarding circulation of copy of representation in the case of appointment of auditor other than retiring auditor under section 140(4) of the companies act, 2013:
If the Tribunal is satisfied on an application either of the company or of any other aggrieved person that the rights conferred by section 140(4) of the Companies Act, 2013 are being abused by the auditor, then, the copy of the representation may not be sent and the representation need not be read out at the meeting.

REMOVAL OF AUDITORS

REMOVAL OF AUDITORS 

 Removal of Auditor Before Expiry of Term 

According to Section 140(1), the auditor appointed under section 139 may be removed from his office before the expiry of his term only by a special resolution of the company, after obtaining the previous approval of the Central Government in that behalf as per Rule 7 of CAAR, 2014-

(1) The application to the Central Government for removal of auditor shall be made in Form ADT-2 and shall be accompanied with fees as provided for this purpose under the Companies (Registration Offices and Fees) Rules, 2014.

(2) The application shall be made to the Central Government within 30 days of the resolution passed by the Board.

(3) The company shall hold the general meeting within 60 days of receipt of approval of the Central Government for passing the special resolution.

It is important to note that before taking any action for removal before expiry of terms, the auditor concerned shall be given a reasonable opportunity of being heard.

It is hereby clarified that in the case of a firm, the liability shall be of the firm and that of every partner or partners who acted in a fraudulent manner or abetted or colluded in any fraud by, or in relation to, the company or its director or officers.

AUDITOR'S REMUNERATION

AUDITOR’S REMUNERATION
As per section 142 of the Act, the remuneration of the auditor of a company shall be fixed in its general meeting or in such manner as may be determined therein. However, board may fix remuneration of the first auditor appointed by it.

Further, the remuneration, in addition to the fee payable to an auditor, include the expenses, if any, incurred by the auditor in connection with the audit of the company and any facility extended to him but does not include any remuneration paid to him for any other service rendered by him at the request of the company. Therefore, it has been clarified that the remuneration to Auditor shall also include any facility provided to him.

APPOINTMENT OF AUDITOR

APPOINTMENT OF AUDITOR

Section 139 of the Companies Act, 2013 contains provisions regarding Appointment of Auditors. Discussion on appointment of auditors may be grouped under two broad headings-

I. Appointment of First Auditors.

II. Appointment of Subsequent Auditors.

SECTION 144 OF THE COMPANIES ACT 2013

Section 144 of the Companies Act, 2013 prescribes certain services not to be rendered by the auditor. An auditor appointed under this Act shall provide to the company only such other services as are approved by the Board of Directors or the audit committee, as the case may be, but which shall not include any of the following services (whether such services are rendered directly or indirectly to the company or its holding company or subsidiary company), namely:

(i) accounting and book keeping services;

(ii) internal audit;

(iii) design and implementation of any financial information system;

(iv) actuarial services;

(v) investment advisory services;

(vi) investment banking services;

(vii) rendering of outsourced financial services;

(viii) management services; and

(ix) any other kind of services as may be prescribed

ELIGIBILITY,QUALIFICATION,AND DISQUALIFICATION OF AN AUDITOR

ELIGIBILITY, QUALIFICATIONS AND DISQUALIFICATIONS OF AN AUDITOR

The provisions relating to eligibility, qualifications and disqualifications of an auditor are governed by section 141 of the Companies Act, 2013 (hereinafter referred as the Act). The main provisions are stated below:

(1) A person shall be eligible for appointment as an auditor of a company only if he is a chartered accountant.

It may be noted that a firm whereof majority of partners practising in India are qualified for appointment as aforesaid may be appointed by its firm name to be auditor of a company.

(2) Where a firm including a limited liability partnership is appointed as an auditor of a company, only the partners who are chartered accountants shall be authorised to act and sign on behalf of the firm.

(3) Under sub-section (3) of section 141 along with Rule 10 of the Companies (Audit and Auditors) Rules, 2014 (hereinafter referred as CAAR), the following persons shall not be eligible for appointment as an auditor of a company, namely-

(a) a body corporate other than a limited liability partnership registered under the Limited Liability Partnership Act, 2008;

(b) an officer or employee of the company;

(c) a person who is a partner, or who is in the employment, of an officer or employee of the company;

(d) a person who, or his relative or partner -

       (i) is holding any security of or interest in the company or its subsidiary, or of its holding or                      associate company or a subsidiary of such holding company;

            It may be noted that the relative may hold security or interest in the company of face value                  not  exceeding ` 1,00,000.

           It may also be noted that the condition of ` 1,00,000 shall, wherever relevant, be also                            applicable in the case of a company not having share capital or other securities.

INTRODUCTION (COMPANY AUDIT)

INTRODUCTION  (COMPANY AUDIT)

Companies Act, 2013 is rule based Act. Sections 139 to 148 of the Companies Act, 2013 (hereinafter referred to as the Act unless otherwise mentioned) deal with provisions relating to audit of companies. Therefore, it is quite important to understand these provisions very carefully. You may also study sections 128 to 138 relating to “Accounts” of companies for better understanding of the subject. The provisions relating to ‘audit’ broadly deal with who can be appointed as an auditor under the Act, i.e., qualifications and disqualifications, the manner of appointment and removal of an auditor and rights and duties of an auditor.

EXTENT OF RELIANCE ON ANALYTICAL PROCEDURES

EXTENT OF RELIANCE ON ANALYTICAL PROCEDURES
The reliability of data is influenced by its source and nature and is dependent on the circumstances under which it is obtained. Accordingly, the following are relevant when determining whether data is reliable for purposes of designing substantive analytical procedures:

(i) Source of the information available. For example, information may be more reliable when it is obtained from independent sources outside the entity;

(ii) Comparability of the information available. For example, broad industry data may need to be supplemented to be comparable to that of an entity that produces and sells specialised products;

(iii) Nature and relevance of the information available. For example, whether budgets have been established as results to be expected rather than as goals to be achieved; and

(iv) Controls over the preparation of the information that are designed to ensure its completeness, accuracy and validity. For example, controls over the preparation, review and maintenance of budgets.

The auditor may consider testing the operating effectiveness of controls, if any, over the entity’s preparation of information used by the auditor in performing substantive analytical procedures in response to assessed risks. When such controls are effective, the auditor generally has greater confidence in the reliability of the information and, therefore, in the results of analytical procedures. The operating effectiveness of controls over non-financial information may often be tested in conjunction with other tests of controls. 

For example, in establishing controls over the processing of sales invoices, an entity may include controls over the recording of unit sales. In these circumstances, the auditor may test the operating effectiveness of controls over the recording of unit sales in conjunction with tests of the operating effectiveness of controls over the processing of sales invoices. Alternatively, the auditor may consider whether the information was subjected to audit testing. SA 500 establishes requirements and provides guidance in determining the audit procedures to be performed on the information to be used for substantive analytical procedures.

SUITABILITY OF PARTICULAR ANALYTICAL PROCEDURES FOR GIVEN ASSERTIONS

SUITABILITY OF PARTICULAR ANALYTICAL PROCEDURES FOR GIVEN ASSERTIONS

• Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be predictable over time. The application of planned analytical procedures is based on the expectation that relationships among data exist and continue in the absence of known conditions to the contrary. 
• However, the suitability of a particular analytical procedure will depend upon the auditor’s assessment of how effective it will be in detecting a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated.
• Different types of analytical procedures provide different levels of assurance. Analytical procedures involving, for example, the prediction of total rental income on a building divided into apartments, taking the rental rates, the number of apartments and vacancy rates into consideration, can provide persuasive evidence and may eliminate the need for further verification by means of tests of details, provided the elements are appropriately verified. 
• In contrast, calculation and comparison of gross margin percentages as a means of confirming a revenue figure may provide less persuasive evidence, but may provide useful corroboration if used in combination with other audit procedures. 
• The determination of the suitability of particular substantive analytical procedure is influenced by the nature of the assertion and the auditor’s assessment of the risk of material misstatement. For example, if controls over sales order processing are weak, the auditor may place more reliance on tests of details rather than on substantive analytical procedures for assertions related to receivables.
• Particular substantive analytical procedures may also be considered suitable when tests of details are performed on the same assertion.
•  For example, when obtaining audit evidence regarding the valuation assertion for accounts receivable balances, the auditor may apply analytical procedures to an aging of customers’ accounts in addition to performing tests of details on subsequent cash receipts to determine the collectability of the receivables.

ANALYTICAL PROCEDURES USED AS SUBSTANTIVE TESTS

 Analytical Procedures used as Substantive Tests

When designing and performing substantive analytical procedures, either alone or in combination with tests of details, as substantive procedures in accordance with SA 330, the auditor shall:

(i) Determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions;

(ii) Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation;

(iii) Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and

(iv) Determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation.

TECHNIQUES AVAILABLE AS SUBSTANTIVE ANALYTICAL PROCEDURES

 Techniques Available as Substantive Analytical Procedures

The design of a substantive analytical procedure is limited only by the availability of reliable data and the experience and creativity of the audit team. Substantive analytical procedures generally take one of the following forms:

Trend analysis – A commonly used technique is the comparison of current data with the prior period balance or with a trend in two or more prior period balances. We evaluate whether the current balance of an account moves in line with the trend established with previous balances for that account, or based on an understanding of factors that may cause the account to change.

Ratio analysis – Ratio analysis is useful for analysing asset and liability accounts as well as revenue and expense accounts. An individual balance sheet account is difficult to predict on its own, but its relationship to another account is often more predictable (e.g., the trade receivables balance related to sales). Ratios can also be compared over time or to the ratios of separate entities within the group, or with the ratios of other companies in the same industry.

Reasonableness tests – Unlike trend analysis, this analytical procedure does not rely on events of prior periods, but upon non-financial data for the audit period under consideration (e.g., occupancy rates to estimate rental income or interest rates to estimate interest income or expense). These tests are generally more applicable to income statement accounts and certain accrual or prepayment accounts.

Structural modelling – A modelling tool constructs a statistical model from financial and/or non-financial data of prior accounting periods to predict current account balances (e.g., linear regression).

FACTORS TO BE CONSIDERED FOR SUBSTANTIVE AUDIT PROCEDURES

 Factors to be considered for Substantive Audit Procedures

The auditor should consider the following factors for Substantive Audit Procedures:

Availability of Data – The availability of reliable and relevant data will facilitate effective procedures.

Disaggregation – The degree of disaggregation in available data can directly affect the degree of its usefulness in detecting misstatements

Account Type – Substantive analytical procedures are more useful for certain types of accounts than for others. Income statement accounts tend to be more predictable because they reflect accumulated transactions over a period, whereas balance sheet accounts represent the net effect of transactions at a point in time or are subject to greater management judgment.

Source – Some classes of transactions tend to be more predictable because they consist of numerous, similar transactions, (e.g., through routine processes). Whereas the transactions recorded by non-routine and estimation SCOTs are often subject to management judgment and therefore more difficult to predict.

Predictability – Substantive analytical procedures are more appropriate when an account balance or relationships between items of data are predictable (e.g., between sales and cost of sales or between trade receivables and cash receipts). A predictable relationship is one that may reasonably be expected to exist and continue over time.

Nature of Assertion – Substantive analytical procedures may be more effective in providing evidence for some assertions (e.g., completeness or valuation) than for others (e.g., rights and obligations). Predictive analytical procedures using data analytics can be used to address completeness, valuation/measurement and occurrence.

Inherent Risk or “What Can Go Wrong” – When we are designing audit procedures to address an inherent risk or “what can go wrong”, we consider the nature of the risk of material misstatement in order to determine if a substantive analytical procedure can be used to obtain audit evidence. When inherent risk is higher, we may design tests of details to address the higher inherent risk. When significant risks have been identified, audit evidence obtained solely from substantive analytical procedures is unlikely to be sufficient.

SUBSTANTIVE ANALYTICAL PROCEDURES

SUBSTANTIVE ANALYTICAL PROCEDURES

• The auditor’s substantive procedures at the assertion level may be tests of details, substantive analytical procedures, or a combination of both.
•  The decision about which audit procedures to perform, including whether to use substantive analytical procedures, is based on the auditor’s judgment about the expected effectiveness and efficiency of the available audit procedures to reduce audit risk at the assertion level to an acceptably low level. 
• The auditor may inquire of management as to the availability and reliability of information needed to apply substantive analytical procedures, and the results of any such analytical procedures performed by the entity. 
• It may be effective to use analytical data prepared by management, provided the auditor is satisfied that such data is properly prepared.

ANALYTICAL PROCEDURES IN PLANNING THE AUDIT

 Analytical Procedures in Planning the Audit

• In the planning stage, analytical procedures assist the auditor in understanding the client’s business and in identifying areas of potential risk by indicating aspects of and developments in the entity’s business of which he was previously unaware. 
• This information will assist the auditor in determining the nature, timing and extent of his other audit procedures.
•  Analytical procedures in planning the audit use both financial data and non-financial information, such as number of employees, square feet of selling space, volume of goods produced and similar information.

PURPOSE AND TIMING OF ANALYTICAL PROCEDURES

PURPOSE AND TIMING OF ANALYTICAL PROCEDURES 

 Purpose of Analytical Procedures

Analytical procedures use comparisons and relationships to assess whether account balances or other data appear reasonable. 

Analytical procedures are used for the following purposes:
(i) To obtain relevant and reliable audit evidence when using substantive analytical procedures; and

(ii) To design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity.

For instance, establishing the relationship that exists between certain balances included in the Balance Sheet and the Statement of Profit and Loss and comparing them with those that existed between the same set of balances in the previous year, reconciling the physical balances of assets with the relevant financial record; obtaining of account from the bankers, account receivables and account payables and reconciling with relevant balances in books of account; confirming amounts of outstanding income and expenses by preparing reconciliation statements, etc. These are helpful in the detection of unusual state of affairs and mistakes in accounts.

Similarly, it would also be possible to compare the balances on the Statement of Profit and Loss with that of the previous period, it would be possible to find out the reasons for increase or decrease in the amount of profits of those years. By setting up certain expenses ratios on the basis of balances included in the Statement of Profit and Loss, for the year under audit, comparing them with the same ratios for the previous year, it is possible to ascertain the extent of increase or decrease in various items of expenditure in relation to sales and that of trading profit in relation to sales. If differences are found to be material, the auditor would ascertain the reasons thereof and assess whether the accounts have been manipulated to inflate or suppress profits.

An abnormal fall in the cost of manufacture or that in the administrative cost, apart from economy in expenses, there could be no provision or less provision for expenses incurred in the year. When it is suspected, the auditor should compare the entries in the outstanding book with those in the previous year. He must also check the vouchers for one month immediately before the close of the following years. To verify that none of the expenses in the accounts under audit have been charged to the accounts of the following years.

Often it is possible to independently verify the correctness of some of the items of expenses included in the Statement of Profit and Loss. For instance, the cost of importing goods which are subjected to an ad-valorem duty at uniform rate can be verified from the amount of duty paid. Similarly, a quantity of sugar sold by sugar mill can be verified independently from the amount of excise duty paid. Similarly, the amount of any income or expenses which has a direct relationship with the amount of profits or that of sales can be verified independently, e.g., commission paid to a manager calculated on the basis of net profits, commission paid to a selling agent as percentage of sales, etc. Such calculation of ratios, trends and comparisons is also termed as analytical review.

Thus, it is important to note that Analytical procedures may help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have audit implications. Unusual or unexpected relationships that are identified may assist the auditor in identifying risks of material misstatement, especially risks of material misstatement due to fraud.

MEANING OF ANALYTICAL PROCEDURES

MEANING OF ANALYTICAL PROCEDURES
Since routine checks cannot be depended upon to disclose all the mistakes or manipulation that may exist in accounts, certain other procedures also have to be applied like trend and ratio analysis in addition to reasonable tests. These collectively are known as overall tests. With the passage of tests, analytical procedures have acquired lot of significance as substantive audit procedure. SA-520 on Analytical Procedures discusses the application of analytical procedures during an audit.

Meaning of Analytical Procedures. As per the Standard on Auditing (SA) 520 “Analytical Procedures”, the term “analytical procedures” means evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.
Thus, analytical procedures include the consideration of comparisons of the entity’s financial information with as well as consideration of relationships.

CHARACTERISTICS OF POPULATION

Characteristics of Population

1. Appropriateness : The auditor will need to determine that the population from which the sample is drawn is appropriate for the specific audit objective.
The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways.
It is important for the auditor to ensure that the population is appropriate to the objective of the audit procedure, which will include consideration of the direction of testing.

2. Completeness : The population also needs to be complete, which means that if the auditor intends to use the sample to draw conclusions about whether a control activity operated effectively during the financial reporting period, the population needs to include all relevant items from throughout the entire period.

3. Reliable : When performing the audit sampling, the auditor performs audit procedures to ensure that the information upon which the audit sampling is performed is sufficiently complete and accurate.

MEANING OF AUDIT SAMPLING

MEANING OF AUDIT SAMPLING

According to SA 530 “Audit sampling”, ‘audit sampling’ refers to the application of audit procedures to less than 100% of items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population.

The objective of the auditor when using audit sampling is to provide a reasonable basis for the auditor to draw conclusions about the population from which the sample is selected.

SAMPLING: AN AUDIT PROCEDURE

SAMPLING: AN AUDIT PROCEDURE

• No conscious effort in human society is divested of economic considerations and auditing is no exception. There is a growing realisation that the traditional approach to audit is economically wasteful because all efforts are directed to check all transactions without exception. This invariably leads to more emphasis on routine checking, which often is not necessary in view of the time and the cost involved.
•  With the shift in favour of formal internal controls in the management of affairs of organisations, the possibilities of routine errors and frauds have greatly diminished and auditors often find extensive routine checking as nothing more than a ritual because it seldom reveals anything material.
•  Now the approach to audit and the extent of checking are undergoing a progressive change in favour of more attention towards the questions of principles and controls with a curtailment of non-consequential routine checking. By routine checking we traditionally think of extensive checking and vouching of all entries. 
• The extent of the checking to be undertaken is primarily a matter of judgment of the auditor, there is nothing statutorily stated anywhere which specifies what work is to be done, how it is to be done and to what extent. 
• It is also not obligatory that the auditor must adopt the sampling technique. What he is to do is to express his opinion and become bound by that. 
• To ensure good and reasonable standard of work, he should adopt standards and techniques that can lead him to an informed professional opinion. On a consideration of this fact, it can be said that it is in the interest of the auditor that if he decides to form his opinion on the basis of a part checking, he should adopt standards and techniques which are widely followed and which have a recognised basis. 
• Since statistical theory of sampling is based on a scientific law, it can be relied upon to a greater extent than any arbitrary technique which lacks in basis and acceptability.

ASSESS AND REPORT AUDIT FINDINGS

ASSESS AND REPORT AUDIT FINDINGS

At the conclusion of each audit, it is possible that there will be certain findings or exceptions in IT environment and IT controls of the company that need to be assessed and reported to relevant stakeholders including management and those charged with governance viz., Board of directors, Audit committee [Students may refer SA 260 (Revised) – Communication with Those Charged with Governance for more details]. 

Some points to consider are as follows:

•  Are there any weaknesses in IT controls? 
•  What is the impact of these weaknesses on overall audit? 
•  Report deficiencies to management – Internal Controls Memo or Management Letter. 
•  Communicate in writing any significant deficiencies to Those Charged With Governance. 

The auditor needs to assess each finding or exception to determine impact on the audit and evaluate if the exception results in a deficiency in internal control. Refer to the flowchart to learn how this assessment should be carried out. This approach and thought process is the same when auditing in an automated environment or when auditing in a more manual environment.

A deficiency in internal control exits if a control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or the control is missing.

Evaluation and assessment of audit findings and control deficiencies involves applying professional judgement that include considerations for quantitative and qualitative measures. Each finding should be looked at individually and in the aggregate by combining with other findings/deficiencies.

DATA ANALYTICS FOR AUDIT

DATA ANALYTICS FOR AUDIT

In today’s digital age when companies rely on more and more on IT systems and networks to operate business, the amount of data and information that exists in these systems is enormous. A famous businessman recently said, “Data is the new Oil”.

The combination of processes, tools and techniques that are used to tap vast amounts of electronic data to obtain meaningful information is called data analytics. While it is true that companies can benefit immensely from the use of data analytics in terms of increased profitability, better customer service, gaining competitive advantage, more efficient operations, etc., even auditors can make use of similar tools and techniques in the audit process and obtain good results. The tools and techniques that auditors use in applying the principles of data analytics are known as Computer Assisted Auditing Techniques or CAATs in short.

Data analytics can be used in testing of electronic records and data residing in IT systems using spreadsheets and specialised audit tools viz., IDEA and ACL to perform the following:

•  Check completeness of data and population that is used in either test of controls or substantive audit tests.
•   Selection of audit samples – random sampling, systematic sampling. 
•  Re-computation of balances – reconstruction of trial balance from transaction data. 
•  Reperformance of mathematical calculations – depreciation, bank interest calculation. 
•  Analysis of journal entries as required by SA 240. 
•  Fraud investigation. 
•  Evaluating impact of control deficiencies. 

There are several steps that should be followed to achieve success with CAATs and any of the supporting tools.

INTERNAL FINANCIAL CONTROLS AS PER REGULATORY REQUIREMENTS

 INTERNAL FINANCIAL CONTROLS AS PER REGULATORY REQUIREMENTS

The term Internal Financial Controls (IFC) basically refers to the policies and procedures put in place by companies for ensuring:

•  reliability of financial reporting 
•  effectiveness and efficiency of operations 
•  compliance with applicable laws and regulations 
•  safeguarding of assets 
•  prevention and detection of frauds 

The Companies Act, 2013 has placed a greater emphasis on the effective implementation and reporting on the internal controls for a company. The table below gives a summary of the requirements of the Act.

TESTING METHODS

TESTING METHODS

• Having learnt about the various IT risks and controls, let us understand the different ways testing is performed in an automated environment. There are basically four types of audit tests that should be used. 
• They are inquiry, observation, inspection and reperformance. As shown in the illustration below, inquiry is the most efficient audit test but it is also gives the least audit evidence. Hence, inquiry should always be used in combination with any one of the other audit testing methods. Inquiry alone is not sufficient. 
• Reperformance is most effective as an audit test and gives the best audit evidence. However, testing by reperformance could be very time consuming and least efficient most of the time. 
• Generally, applying inquiry in combination with inspection gives the most effective and efficient audit evidence. 
• However, which audit test to use, when and in what combination is a matter of professional judgement and will vary depending on several factors including risk assessment, control environment, desired level of evidence required, history of errors/ misstatements, complexity of business, assertions being addressed, etc. The auditor should document the nature of test (or combination of tests) applied along with the judgements in the audit file as required by SA 230. 

When testing in an automated environment, some of the more common methods are as follows:

•  Obtain an understanding of how an automated transaction is processed by doing a walk through of one end-to-end transaction using a combination of inquiry, observation and inspection. 
•  Observe how a user processes transactions under different scenarios. 
•  Inspect the configuration defined in an application.

IT DEPENDENT CONTROLS

 IT dependent Controls

IT dependent controls are basically manual controls that make use of some form of data or information or report produced from IT systems and applications. In this case, even though the control is performed manually, the design and effectiveness of such controls depends on the reliability of source data.

Due to the inherent dependency on IT, the effectiveness and reliability of Automated application controls and IT dependent controls require the General IT Controls to be effective.

APPLICATION CONTROLS

 Application Controls

Application controls include both automated or manual controls that operate at a business process level. Automated Application controls are embedded into IT applications viz., ERPs and help in ensuring the completeness, accuracy and integrity of data in those systems.

GENERAL IT CONTROLS

 General IT Controls

“General IT controls are policies and procedures that relate to many applications and support the effective functioning of application controls. They apply to mainframe, miniframe, and end-user environments.

General IT-controls that maintain the integrity of information and security of data commonly include controls over the following:” (SA 315)

•  Data center and network operations 
•  Program change 
•  Access security 
•  Application system acquisition, development, and maintenance (Business Applications) 

These are IT controls generally implemented to mitigate the IT specific risks and applied commonly across multiple IT systems, applications and business processes. Hence, General IT controls are known as “pervasive” controls or “indirect” controls. Let us now learn about each of the General IT controls in more detail.

TYPES OF CONTROLS IN AN AUTOMATED ENVIRONMENT

 Types of Controls in an Automated Environment

•  General IT Controls 
•  Application Controls 
• IT-Dependent Controls

RISKS & CONTROLS IN AN AUTOMATED ENVIRONMENT

RISKS & CONTROLS IN AN AUTOMATED ENVIRONMENT 

 Understanding and Documenting Automated Environment

In the previous section, we have learnt that, in an audit of financial statements, an auditor is required to understand the entity and its business, including IT as per SA 315. Understanding the entity and its automated environment involves understanding how IT department is organised, IT activities, the IT dependencies, relevant risks and controls.

Given below are some of the points that an auditor should consider to obtain an understanding of the company’s automated environment:

•  Information systems being used (one or more application systems and what they are).
•  Their purpose (financial and non-financial). 
•  Location of IT systems - local vs global. 
•  Architecture (desktop based, client-server, web application, cloud based). 
•  Version (functions and risks could vary in different versions of same application).
•   Interfaces within systems (in case multiple systems exist). 
•  In-house vs Packaged. 
•  Outsourced activities (IT maintenance and support). 
•  Key persons (CIO, CISO, Administrators).

The understanding of a company’s IT environment that is obtained should be documented [Ref. SA 230 – Audit Documentation] using any standard format or template.

RELEVANCE OF 'IT' IN AN AUDIT

RELEVANCE OF ‘IT’ IN AN AUDIT

When a business operates in a more automated environment it is likely that we will see several business functions and activities happening within the systems. Consider the following aspects instead of:

•  Computation and Calculations are automatically carried out (for example, bank interest computation and inventory valuation). 
•  Accounting entries are posted automatically (for example, sub-ledger to GL postings are automatic). 
•  Business policies and procedures, including internal controls, are applied automatically (for example, delegation of authority for journal approvals, customer credit limit checks are performed automatically).
•  Reports used in business are produced from systems. Management and other stakeholders rely on these reports and information produced (for example, debtors ageing report). 
• User access and security are controlled by assigning system roles to users (for example, segregation of duties can be enforced effectively). 

Companies derive benefit from the use of IT systems as an enabler to support various business operations and activities. Auditors need to understand the relevance of these IT systems to an audit of financial statements.
While it is true that the use of IT systems and automation benefit the business by making operations more accurate, reliable, effective and efficient, such systems also introduce certain new risks, including IT specific risks, which need to be considered, assessed and addressed by management.

To the extent that it is relevant to an audit of financial statements, even auditors are required to understand, assess and respond to such risks that arise from the use of IT systems.
[Note: Students may refer SA 315 – Identifying and assessing the risks of material misstatement through understanding the entity and its environment for detailed understanding] 

In an audit of financial statements, the primary focus is around those risks that are relevant to financial reporting. However, there could be other non-audit assurance engagements that auditors maybe involved wherein the area of focus could include those IT risks relevant to company’s compliance and business operations in addition to financial reporting risks.

With the introduction of the Companies Act 2013, there is greater emphasis given to internal financial controls (IFC) from a regulatory point of view. Directors and those charged with governance (including Board of directors, Audit committee) are responsible for the implementation of internal controls framework within the company. The auditors’ responsibilities now include reporting on Internal Financial Controls over Financial Reporting which include and understanding IT environment of the company and relevant risks & controls. We will learn more about IFC in further sections of this chapter.

In some of the above situations it is likely that carrying out audit using traditional substantive audit procedures may be difficult or even not feasible if the company prepares, records and conducts majority of business activities through IT systems only.

On the other hand, many companies may use less complex IT systems including desktop based accounting or spreadsheets. In such situations, the relevance of IT to an audit could be less. However, the auditor is still required to carry out at least an understanding the IT environment of the company and document the same.

Another area where IT can be relevant to audit is by using data analytics using computer assisted audit techniques (CAATs). By using data analytics, it is possible to improve the effectiveness and efficiency of an audit. We will learn more about data analytics in the later sections of this chapter.

From the above, we can see how IT is relevant to an audit under different situations viz., audit, non-audit and meeting regulatory compliance requirements. We will learn more about understanding risks, controls and documentation in further sections of this chapter.

WHAT IS AN AUTOMATED ENVIRONMENT?

WHAT IS AN AUTOMATED ENVIRONMENT?

Let us first understand what the term “Automated Environment” means. An automated environment basically refers to a business environment where the processes, operations, accounting and even decisions are carried out by using computer systems – also known as Information Systems (IS) or Information Technology (IT) systems. Nowadays, it is very common to see computer systems being used in almost every type of business.

THE ENTITY'S INTERNAL CONTROL

The Entity’s Internal Control

The auditor shall obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit.

OBJECTIVES OF INTERNAL CONTROL

Objectives of Internal Control
(i) transactions are executed in accordance with managements general or specific authorization;

(ii) all transactions are promptly recorded in the correct amount in the appropriate accounts and in the accounting period in which executed so as to permit preparation of financial information within a framework of recognized accounting policies and practices and relevant statutory requirements, if any, and to maintain accountability for assets;

(iii) assets are safeguarded from unauthorised access, use or disposition; and

(iv) the recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken with regard to any differences.

INTERNAL CONTROL

INTERNAL CONTROL

Meaning of Internal ControlAs per SA-315, “Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its Environment”, the internal control may be defined as “the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control.”

THE REQUIRED UNDERSTANDING OF THE ENTITY & ITS ENVIRONMENT, INCLUDING THE ENTITY'S INTERNAL CONTROL

 The Required Understanding of the Entity and Its Environment, Including the Entity’s Internal Control 

The auditor shall obtain an understanding of the following:

(a) Relevant industry, regulatory, and other external factors including the applicable financial                   reporting framework.

 (b) The nature of the entity, including:

          (i) its operations;

          (ii) its ownership and governance structures;

          (iii) the types of investments that the entity is making and plans to make, including                                     investments in special-purpose entities; and

           (iv) the way that the entity is structured and how it is financed;

            to enable the auditor to understand the classes of transactions, account balances, and                            disclosures to be expected in the financial statements.

(c) The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.

(d) The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement.

(e) The measurement and review of the entity’s financial performance.

UNDERSTANDING OF THE ENTITY - A CONTINUOUS PROCESS

UNDERSTANDING OF THE ENTITY- A CONTINUOUS PROCESS

Obtaining an understanding of the entity and its environment, including the entity’s internal control (referred to hereafter as an “understanding of the entity”), is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. The understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment throughout the audit, for example, when:

•  Assessing risks of material misstatement of the financial statements; 
•  Determining materiality in accordance with SA 320; 
•  Considering the appropriateness of the selection and application of accounting policies; 
•  Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of management’s use of the going concern assumption, or considering the business purpose of transactions; 
• Developing expectations for use when performing analytical procedures; 
•  Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the appropriateness of assumptions and of management’s oral and written representations.

IDENTIFY & ASSESS THE RISKS OF MATERIAL MISSTATEMENT

 Identify and assess the risks of material misstatement

(i) The auditor shall identify and assess the risks of material misstatement at:
      (a) the financial statement level
      (b) the assertion level for classes of transactions, account balances, and disclosures to provide a              basis for designing and performing further audit procedures

(ii) For the purpose of Identifying and assessing the risks of material misstatement, the auditor shall:

    (a) Identify risks throughout the process of obtaining an understanding of the entity and its                     environment, including relevant controls that relate to the risks, and by considering the classes            of  transactions, account balances, and disclosures in the financial statements;

     (b) Assess the identified risks, and evaluate whether they relate more pervasively to the financial             statements as a whole and potentially affect many assertions;

    (c) Relate the identified risks to what can go wrong at the assertion level, taking account of                     relevant controls that the auditor intends to test; and

    (d) Consider the likelihood of misstatement, including the possibility of multiple misstatements,          and whether the potential misstatement is of a magnitude that could result in a material                         misstatement.

IDENTIFYING & ASSESSING THE RISKS OF MATERIAL MISSTATEMENT

IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT

Objective of Auditor as per SA 315: As per SA 315 - “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment”, the objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. This will help the auditor to reduce the risk of material misstatement to an acceptably low level.

COMBINED ASSESSMENT OF THE RISK OF MATERIAL MISSTATEMENT

 Combined Assessment of the Risk of Material Misstatement
The SAs do not ordinarily refer to inherent risk and control risk separately, but rather to a combined assessment of the “risks of material misstatement”. However, the auditor may make separate or combined assessments of inherent and control risk depending on preferred audit techniques or methodologies and practical considerations. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made.

AUDITOR ASSESSES CONTROL RISK AS RELY OR NOT RELY ON CONTROLS

Auditor assesses control risk as Rely or Not rely on Controls.

 When making control risk assessments, consider:

•  The control environment’s influence over internal control. A control environment that supports the prevention, and detection and correction, of material misstatements allows greater confidence in the reliability of internal control and audit evidence generated within the entity. However it does not guarantee the effectiveness of specific controls. We therefore, test the operating effectiveness of controls over significant class of transactions (SCOTs) when we plan to take a controls reliance strategy. Conversely, the control environment may undermine the effectiveness of specific controls and is a key factor in our control risk assessments. 
•  Evaluations of the related IT processes that support application and IT-dependent manual controls. 
• Our testing approach over SCOTs and disclosure processes (i.e., controls reliance or substantive only strategy). 
• The expectation of the operating effectiveness of controls based on the understanding of entity’s processes.

COMPONENT OF RISK OF MATERIAL MISSTATEMENT

 Components of Risk of Material Misstatement
The risks of material misstatement at the assertion level consist of two components:

(i) Inherent risk and

(ii) control risk.

Inherent risk and control risk are the entity’s risks; they exist independently of the audit of the financial statements.

Inherent risk is higher for some assertions and related classes of transactions, account balances, and disclosures than for others. For example, it may be higher for complex calculations. External circumstances giving rise to business risks may also influence inherent risk. For example, technological developments might make a particular product obsolete. Factors in the entity and its environment may also influence the inherent risk related to a specific assertion.

Inherent risk factors are considered while designing tests of controls and substantive procedures. Category of auditor’s assessment lower or higher, each category covers a range of degrees of inherent risk. Auditor may assess the inherent risk of two different assertions as lower while recognizing that one assertion has less inherent risk than the other, although both have been assessed as lower. It is important to consider the reason for each identified inherent risk even if the risk is lower, when auditor designs tests of controls and substantive procedures.

Control risk is a function of the effectiveness of the design, implementation and maintenance of internal control by management. However, internal control can only reduce but not eliminate risks of material misstatement in the financial statements. This is because of the inherent limitations of internal control.

RISKS OF MATERIAL MISSTATEMENT AT TWO LEVELS

 Risks of Material Misstatement at Two levels

The risks of material misstatement may exist at two levels:

(i) The overall financial statement level- Risks of material misstatement at the overall financial statement level refer to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many assertions. 

(ii) The assertion level for classes of transactions, account balances, and disclosures-Risks of material misstatement at the assertion level are assessed in order to determine the nature, timing, and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk.

WHAT IS NOT INCLUDED IN AUDIT RISK?

 What is not included in Audit Risk ?

(i) Audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. This risk is ordinarily insignificant.

(ii) Further, audit risk is a technical term related to the process of auditing; it does not refer to the auditor’s business risks such as loss from litigation, adverse publicity, or other events arising in connection with the audit of financial statements.

ASSESSMENT OF RISKS

 Assessment of Risks - Matter of Professional Judgement

The assessment of risks is based on audit procedures to obtain information necessary for that purpose and evidence obtained throughout the audit. The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement.

AUDIT RISK

AUDIT RISK
Audit risk means the risk that the auditor gives an inappropriate audit opinion when the financial statement are materially misstated. Thus, it is the risk that the auditor may fail to express an appropriate opinion in an audit assignment.

Audit risk is a function of the risks of material misstatement and detection risk.

From the above, it is clear that –

 Audit Risk = Risk of Material Misstatement x Detection Risk- (1)

Note 1: Risk of material misstatement may be defined as the risk that the financial statements are materially misstated prior to audit. This consists of two components, described as follows at the assertion level:

(a) Inherent risk—The susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.

(b) Control risk—The risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.

Note 2: Misstatement refers to a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. Misstatements can arise from error or fraud.

AUDIT PROCEDURES

Audit Procedures
Audit procedures to obtain audit evidence can include:

(i) Inspection

(ii) Observation

(iii) External Confirmation

(iv) Recalculation

(v) Reperformance

(vi) Analytical Procedures

NATURE AND TIMING OF THE AUDIT PROCEDURES

Nature and Timing of the Audit Procedures

• The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time.
•  For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference.
• Certain electronic information may not be retrievable after a specified period of time, for example, if files are changed and if backup files do not exist.
•  Accordingly, the auditor may find it necessary as a result of an entity’s data retention policies to request retention of some information for the auditor’s review or to perform audit procedures at a time when the information is available.

AUDIT PROCEDURE TO OBTAIN AUDIT EVIDENCE

 Audit Procedures to Obtain Audit Evidence

Audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing:

(a) Risk assessment procedures; and

(b) Further audit procedures, which comprise:

       (i) Test of controls, when required by the SAs or when the auditor has chosen to do so; and

       (ii) Substantive procedures, including tests of details and substantive analytical procedures.

The audit procedures inspection, observation, confirmation, recalculation, re- performance and analytical procedures, often in some combination, in addition to inquiry described below may be used as risk assessment procedures, test of controls or substantive procedures, depending on the context in which they are applied by the auditor

AUDIT EVIDENCE

AUDIT EVIDENCE 

 Introduction

• Auditing is a logical process. An auditor is called upon to assess the actualities of the situation, review the statements of account and give an expert opinion about the truth and fairness of such accounts. 
• This he cannot do unless he has examined the financial statements objectively. 
• Objective examination connotes critical examination and scrutiny of the accounting statements of the undertaking with a view to assessing how far the statements present the actual state of affairs in the correct context and whether they give a true and fair view about the financial results and state of affairs. 
• An opinion founded on a rather reckless and negligent examination and evaluation may expose the auditor to legal action with consequential loss of professional standing and prestige. 
• He needs evidence to obtain information for arriving at his judgment. 
• Audit evidence may be defined as the information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based.
•  Audit evidence includes both information contained in the accounting records underlying the financial statements and other information. 

Explaining this further, audit evidence includes:-

(1) Information contained in the accounting records: Accounting records include the records of initial accounting entries and supporting records, such as checks and records of electronic fund transfers; invoices; contracts; the general and subsidiary ledgers, journal entries and other adjustments to the financial statements that are not reflected in journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures.

(2) Other information that authenticates the accounting records and also supports the auditor’s rationale behind the true and fair presentation of the financial statements: Other information which the auditor may use as audit evidence includes, for example minutes of the meetings, written confirmations from trade receivables and trade payables, manuals containing details of internal control etc. A combination of tests of accounting records and other information is generally used by the auditor to support his opinion on the financial statements.

ASSEMBLY OF THE FINAL AUDIT FILE

 Assembly of the Final Audit File

The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report.

SQC 1 “Quality Control for Firms that perform Audits and Review of Historical Financial Information, and other Assurance and related services”, requires firms to establish policies and procedures for the timely completion of the assembly of audit files. An appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report.

The completion of the assembly of the final audit file after the date of the auditor’s report is an administrative process that does not involve the performance of new audit procedures or the drawing of new conclusions. Changes may, however, be made to the audit documentation during the final assembly process, if they are administrative in nature.

After the assembly of the final audit file has been completed, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period.

SQC 1 requires firms to establish policies and procedures for the retention of engagement documentation. The retention period for audit engagements ordinarily is no shorter than seven years from the date of the auditor’s report, or, if later, the date of the group auditor’s report.