1.

Definition of Auditing
Financial auditing is the process of examining an organization’s (or individual’s)
financial records to determine if they are accurate and in accordance with any
applicable rules (including accepted accounting standards), regulations, and laws.
External auditors come in from outside the organization to examine accounting and financial
records and provide an independent opinion on these records. Law requires that all public
companies have their financial statements externally audited.
Internal auditors work for the organization as internal employees to examine records and
help improve internal processes such as operations, internal controls, risk management, and
governance.

What is Auditing ?

Auditing is the process of assessment and ascertaining of financial, operational, and strategic
goals and processes in organizations to determine whether they are in compliance with the stated
principles in addition to them being in conformity with organizational and more importantly, regulatory
requirements. Indeed, among the objectives of auditing as mentioned above, conformance with regulatory
norms and rules and regulations is indeed one of the drivers behind auditing and historically and
traditionally, has been the main reason why organizations get their financial statements, operational
process, and strategic imperatives audited.

Types of Audits

Among the various types of audits, financial audits are the most popular followed by operational and
strategic audits and in addition to the emerging practice of IT (Information Technology) audits. Moreover,
auditing as a process has now become so routine and compulsory worldwide that organizations spend
quite some time getting their books of accounts and processes audited by both internal and external
auditors.

1. Internal Audits

Internal audits refer to the audits done by employees and stakeholders within the organizations
with a view to evaluate and assess whether the organization is following the internal processes,
norms, rules, and regulations in addition to determining whether it is in compliance with the
regulatory norms.

Indeed, internal audits are sometimes the first checkpoints for organizations to determine whether
their books of accounts, operational processes, and IT infrastructure and security protocols are in
order with both the internal objectives, strategic imperatives, and external regulatory
requirements.

Having said that, it must be noted that the reason why internal audits are not accorded more
importance over external audits is that since they are being performed by employees and
individuals within the organizations, the apparent lack of objectivity and thoroughness apart from
a tendency to “cover things up” means that often, external audits are considered more
trustworthy.

2. External Audits
 External audits are done by independent and third party agencies and companies that are
especially tasked with assessing and evaluating an organizations’ compliance with the regulatory
norms.

Further, some organizations also hire external auditors to “hold a mirror to themselves” in the
sense that any deficiencies and irregularities can be found that are otherwise not “visible” to the
senior leadership and management during the course of conducting the everyday operational
business.

Moreover, external audits are also mandatory due to regulatory and compliance reasons as well
as due to the shareholder requirements which mandate that external audits need to be done
annually, quarterly, and half yearly to be presented in the Annual General Meetings, and
meetings of the Board of Directors.

In addition, external audits might also be required in case of contingencies wherein the regulators
who suspect that “something is amiss” in the companies might mandate those companies to be
audited by independent and third party auditors to ascertain the “true picture” of the finances and
operational details of those companies.

3. Financial Audits

As mentioned earlier, financial audits are the most common form of audits for various reasons
including the fact that businesses exist to make money and return profits and generate wealth for
their shareholders. This means that investors and other stakeholders must know whether the
businesses are being run properly so that their capital is safe and generating the stated returns.

Moreover, financial audits are also the most common forms of audits since any discrepancies in
the books of accounts reflects the mismanagement of the companies in addition to finance
affecting almost all operational and strategic areas of the companies’ and their businesses.

In addition, financial audits are also the first point of evaluation as to whether the companies are
stating the truth and whether they are hiding or covering up some aspect that can be uncovered
and revealed in a forensic audit.

4. Strategic, Operational, and IT Audits

Having said that, there are other types of audits such as operational, strategic, and IT audits that
have become popular in recent years mainly due to the increasing complexity of organizational
processes as well as the IT infrastructure and the fast paced external marketplace which needs
an evaluation of whether the organizations are aligning their internal processes and strategies
with that of the external strategic drivers and imperatives.

In addition, IT audits are being sought to assess and evaluate the readiness of the organizations’
IT infrastructure and systems and IT processes to meet the stated goals and objectives in
addition to being able to withstand IT risks and security breaches. Indeed, with the increase in the
nature, type, and variety of IT risks as well as the increasing complexity of the IT infrastructure, IT
audits have now become as commonplace as financial and operational audits because both
internal and external stakeholders need to know whether the organization’s IT infrastructure is up
to the mark and whether it is capable of meeting the stated goals and objectives

2.Overall Objective of the Independent Audit

 An independent audit is an appraisal conducted by a third party with the aim of
establishing and assessing a company's accounts, business transactions and finance
records. Independent auditors, also known as external auditors, are not employees of
the company -- they are accounting professionals contracted for their services.
Companies often use independent auditors instead of internal auditors to avoid
potential conflict-of-interest situations. The goals and objectives of an independent
audit process vary with different companies. However, most audits are geared toward
the same end.

Examine Financial Statements

One of the primary goals of an independent auditor is to examine the company's
financial statement to ensure the financial books are accurate and compliant with fiscal
laws and regulations. Independent auditors inspect the accounting system and account
books of a company for accuracy. Auditors also compare their financial assessment
with a company's corporate financial reports. External auditors are permitted to publicly
release the results of their evaluation.

Make Recommendations
During an independent audit, auditors are given free access to all of the company's
financial statements. Because of this, most auditors become very familiar with their
client's accounting and management policies. This gives them a clearer picture of the
company's possible financial flaws. Based on this, auditors can offer recommendations
on how a company can improve its accounting methods.

Attestation Engagement
Another common objective behind an independent audit process is an attestation
engagement, a scenario where a company hires auditors to evaluate an earlier report
or analysis conducted by the company. The auditors' report is then presented in the
form of a written or sometimes oral report. After the evaluation is complete, the
auditors' final report must comply with the Statements on Standards for Attestation
Engagements set by the American Institutes of CPAs.

Specialized Objectives
Companies may hire independent auditors to achieve specialized goals. For instance,
some independent auditors specialize in risk management, where their primary goal is
to determine the accuracy of a financial document, while others specialize in
assurance services, where the objective is to review, confirm and improve the
information the management board already has. Auditors may focus on tax matters or
forensic accounting. Companies may also contract an independent audit to investigate
suspicion of fraud or embezzlement.

3. Purpose of an Audit
The purpose of an audit is to provide an objective independent examination of the
financial statements, which increases the value and credibility of the financial
statements produced by management, thus increase user confidence in the financial
 statement, reduce investor risk and consequently reduce the cost of capital of the
preparer of the financial statements.

4. Conduct of an Audit of Financial Statements

A financial statement audit is the examination of an entity's financial statements and
accompanying disclosures by an independent auditor. The result of this examination is a
report by the auditor, attesting to the fairness of presentation of the financial statements
and related disclosures. The auditor's report must accompany the financial statements
when they are issued to the intended recipients.

The purpose of a financial statement audit is to add credibility to the reported financial
position and performance of a business. The Securities and Exchange Commission
requires that all entities that are publicly held must file annual reports with it that are
audited. Similarly, lenders typically require an audit of the financial statements of any
entity to which they lend funds. Suppliers may also require audited financial statements
before they will be willing to extend trade credit (though usually only when the amount
of requested credit is substantial).

Audits have become increasingly common as the complexity of the two primary
accounting frameworks , Generally Accepted Accounting Principles and International
Financial Reporting Standards , have increased, and because there have been an ongoing
series of disclosures of fraudulent reporting by major companies.

5.Scope an Audit
Legal Requirements
The auditor can determine the scope of an audit of financial statements following the
requirements of legislation, regulations or relevant professional bodies.

The state can frame rules for determining the scope of audit work. In the same way, professional
bodies can make rules to conduct the audit.

Entity Aspects
The audit should be organized to cover all aspects of the entity as far as they are relevant to the
financial statements being audited.

A business entity has many areas of working. A small entity may have few functions while a large
concern has many functions. The auditor has to go through all the functions of the business.

The audit report should cover all functions so that the reader may know about all the workings
of a concern.

Reliable Information
The auditor should obtain reasonable assurance as to whether the information contained in the
underlying accounting records and other source data is reliable and sufficient as the basis for
the preparation of the financial statements.

The auditor can use various techniques to test the validity of data. All auditors while doing the
audit work usually apply the compliance test and substance test. The auditor can show such
information in the report.

Proper Communication
The auditor should decide whether the relevant information is properly communicated in the
financial statements.

Accounting is an information system so facts and figures must be so presented that the reader
can get information about the business entity. The auditor can mention this fact in his report.

The principles of accounting can be applied to decide about the disclosure of financial
information in the statements.

Evaluation
The auditor assesses the reliability and sufficiency of the information contained in the underlying
accounting records and other source data by making a study and evaluation of accounting
systems and internal controls to determine the nature, extent, and timing of other auditing
procedures.

Test
The auditing assesses the reliability and sufficiency of the information contained in the
underlying accounting records and other source data by carrying out other tests, inquiries and
other verification procedures of accounting transactions and account balances as he
considers appropriate in the particular circumstances.

There are compliance tests and substantive tests to examine the data. The vouching, verification
and valuation technique is also used.

Comparison
The auditor determines whether the relevant information is properly communicated by
comparing the financial statements with the underlying accounting records and other source
data to see whether they properly summarized the transactions and events recorded therein.

The auditor can compare the accounting records with financial statements to check that the
same has been processed for preparing the final accounts of a business concern.

Judgments
The auditor determines whether the relevant information is properly communicated by
considering the judgment that management has made in preparing the financial statements,
accordingly.

The auditor assesses the selection and consistent application of accounting policies, how the
information has been classified and the adequacy of disclosure.

6. Concept of Professional Skepticism

A brief definition
The professional standards define professional skepticism as “an attitude that
includes a questioning mind, being alert to conditions that may indicate possible
misstatement due to fraud or error, and a critical assessment of audit evidence.”
Given this definition, one quickly realizes that professional skepticism can’t be easily
measured. Nor is it something that is cultivated overnight. It is a skill developed over
time and a skill that auditors should constantly build and refine.

Recently, the extent to which professional skepticism is being employed has gained a
lot of criticism. Specifically, regulatory bodies argue that auditors are not skeptical
enough in carrying out their duties. However, as noted in the white paper
titled Scepticism: The Practitioners’ Take, published by the Institute of Chartered
Accountants in England and Wales, simply asking for more skepticism is not a practical
solution to this issue, nor is it necessarily always desirable. There is an inevitable tug of
war between professional skepticism and audit efficiency. The more skeptical the
auditor, typically, the more time it takes to complete the audit.
Why does it matter? Audit quality.
First and foremost, how your auditor applies professional skepticism to your audit
directly impacts the quality of their service. Applying an appropriate level of
professional skepticism enhances the likelihood the auditor will understand your
industry, lines of business, business processes, and any nuances that make your
company different from others, as it naturally causes the auditor to ask questions
that may otherwise go unasked.

These questions not only help the auditor appropriately apply professional standards,
but also help the auditor gain a deeper understanding of your business. This will enable
the auditor to provide insights and value-added services an auditor who doesn’t apply
the right degree of skepticism may never identify.

Therefore, as the white paper notes, audit committees, management, and investors
should be asking “How hard do our auditors get pushed on fees, and what effect does
that have on the quality of the audit?” If your auditor is overly concerned with completing
the audit within a fixed time budget, professional skepticism and, ultimately, the quality
of the audit, may suffer.

7.Concept of Reasonable assurance

Reasonable assurance is a high level of assurance regarding material
misstatements, but not an absolute one. Reasonable assurance includes the
understanding that there is a remote likelihood that material misstatements will not
be prevented or detected on a timely basis. To achieve reasonable assurance, the
auditor needs to obtain sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level. This means that there is some uncertainty arising from the use of
sampling , since it is possible that a material misstatement will be missed.

When conducting an audit  of financial statements , the high-level objectives of the
auditor include obtaining reasonable assurance as to whether a client’s financial
statements are free from material misstatement, thereby allowing the auditor to express
an opinion on whether the financial statements are presented fairly, in all material
respects, in accordance with the applicable financial reporting framework (such as
generally accepted accounting principles ).
8.Audit risks and materiality
What is materiality?
Materiality refers to quantative and qualitative omissions or misstatements
that make it probable the judgement of a reasonable person would have
been changed or influenced.

These omissions or misstatements can be individually or in the aggregate

material.

Accountants and auditors are concerned about this. Remember what will be in
your reports:

 Review report: "Based on my review, I am not aware of any material

modifications that should be made...."
 Audit report: "In my opinion, the financial statements referred to above present
fairly, in all material respects, the financial position of ....."

Materiality needs to be considered at two times, in

 planning the audit and designing audit procedures.

 evaluating whether financial statements taken as a whole are presented fairly, in
all material respects, is accordance with GAAP.

Materiality and Planning the Audit

Financial Statement Level - The planning starts here!

 Begin by making a preliminary estimate about materiality levels for balance

sheet and income statement. See pages 226 - 227 for some rules of thumb.
 Select the smallest estimate for purposes of developing your audit plan. If
o $100,000 would materially misstate income, and
o $200,000 would materially misstate total assets

Your audit plan should be designed to detect omissions or misstatements, that

individually or in the aggregate, equal $100,000.

Account Balance Level - Allocate materiality to each account.

 Remember that financial statement audits are done on an account by account
basis. Therefore, you need to estimate how much error you can tolerate in each
account before you conclude that the account is materially misstated.

Two ways to allocate materiality. See page 229.

o In proportion to the account's balance. This is the more mechanical

approach.
o In proportion to how difficult it is to audit the account. This is a more
judgemental approach.

Materiality and Evaluation of Audit Findings

 The auditor aggregates errors the client has not corrected. These include
o known misstatements - errors that you actually found.
o likely misstatements - errors that a sampling program indicates have a
high probability of exisiting.
 The auditor determines if these errors materially misstate any
o account balance,
o financial statement subtotal, or
o financial statement total.
 For an example, see page 730.

Audit Risk

Audit risk is the risk that an auditor will fail to modify his or her opinion
when the financial statements contain a material misstatement.

For each line in the financial statements, auditors want audit risk to be low for
each assertion.

How to get low audit risk.

Auditor's must evaluate the three components of audit risk. The combination
of these three components determines whether or not there is low audit risk.

 Inherent risk - How susceptiable is an assertion to a material misstatement,

assuming no controls?
o High inherent risk if account is prone to misstatement.
o Low inherent risk if account is not likely to contain a misstatement.
o Inherent risk is based on factors
 peculiar to a specific assertion. EG, Accounts receivable must be
shown a realizable value. This is an accounting estimate. Valuation is very
difficult for A/R.
 that affect many accounts. EG, the company is having financial
problems. They may try to overstate sales (occurrence) and understate
expenses (completeness).

 Control Risk - How likely is it that a material misstatement will not be detected
and corrected by controls relevant to an assertion?
o High Control Risk if
 Controls for a particular assertion are not operating effectively, or
 The auditors decides that it would not be efficient to test the
controls.
o Low Control Risk if tests of controls show the controls to be effective.

 Detection Risk - How likely is it that the auditor will not detect a meterial
misstatement in an assertion?
o High detection risk - It is very likely that the auditor will fail to detect a
material error. In other words, the auditor reduces substantive testing.
o Low detection risk - There is very little chance that the auditor will fail
to detect a material error. In other words, you do extensive substantive testing.

AR = IR * CR * DR

 The auditor knows that audit risk must be low for each assertion.
 Next, the auditor evaluates the assertion's inherent risk.
o Hi if prone to misstatement.
o Lo if not prone.
 Third, the auditor evaluates control risk.
o Hi if controls are poor or you decide not to test controls.
o Lo if your testing indicates that controls are OK.
 Finally, the auditor sets detection risk.
o Hi when assertion not likely to be materially misstated or controls are
good. This means reduced substantive testing.
o Lo when assertion is likely to be misstated and you are not relying on
controls. This means extensive substantive testing.
 Since detection risk is the last item to be figured out, the audit risk equation can
be re-written as:

 DR = AR
 ---------
 IR * CR
 All substantive testing approach. - Auditor tests the assertion on or after the
balance sheet date. Generally, IR and CR are Hi, while DR is low. For
example,
o Cash can be tested with 100% substantive testing by confirming the
balance with the bank and reviewing the year-end bank reconciliation.
o Depreciation expense can be tested with 100% substantive testing by
recomputing depreciation for each asset.
o Dividends paid can be tested with 100% substantive testing by
multiplying dividend amount per share * times number of shares outstanding.
 Rely on controls and reduce substantive testing approach. Generally, IR and
CR are lo to moderate, and DR is moderate to hi. For example,
o Confirm accounts receivable 2 months before balance sheet. Rely on
controls over processing of accounts receivable to reduce risk that error will
not occur during the final two months of the year. Rely on analytical
procedures to detect unusual situations that might arise.
o Confirm accounts receivable as of balance sheet date. However, auditor
sends out fewer confirmations because internal controls over accounts
receivable are good.

9.Responsibility for the Audit

01
The objective of the ordinary audit of financial statements by the independent
auditor is the expression of an opinion on the fairness with which they
present, in all material respects, financial position, results of operations, and
its cash flows in conformity with generally accepted accounting principles.
The auditor's report is the medium through which he expresses his opinion
or, if circumstances require, disclaims an opinion. In either case, he states
whether his audit has been made in accordance with generally accepted
auditing standards. These standards require him to state whether, in his opinion,
the financial statements are presented in conformity with generally accepted
accounting principles and to identify those circumstances in which such principles
have not been consistently observed in the preparation of the financial statements
of the current period in relation to those of the preceding period.

Distinction Between Responsibilities of

Auditor and Management
.02
The auditor has a responsibility to plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free of
material misstatement, whether caused by error or fraud. fn 1 Because of the
nature of audit evidence and the characteristics of fraud, the auditor is able to
obtain reasonable, but not absolute, assurance that material misstatements are
detected. fn2 The auditor has no responsibility to plan and perform the audit to obtain
reasonable assurance that misstatements, whether caused by errors or fraud, that
are not material to the financial statements are detected. [Paragraph added,
effective for audits of financial statements for periods ending on or after December
15, 1997, by Statement on Auditing Standards No. 82.]
.03
The financial statements are management's responsibility. The auditor's
responsibility is to express an opinion on the financial statements.
Management is responsible for adopting sound accounting policies and for
establishing and maintaining internal control that will, among other things,
initiate, record, process, and report transactions (as well as events and
conditions) consistent with management's assertions embodied in the
financial statements. The entity's transactions and the related assets, liabilities,
and equity are within the direct knowledge and control of management. The
auditor's knowledge of these matters and internal control is limited to that acquired
through the audit. Thus, the fair presentation of financial statements in conformity
with generally accepted accounting principles fn3 is an implicit and integral part of
management's responsibility. The independent auditor may make suggestions
about the form or content of the financial statements or draft them, in whole or in
part, based on information from management during the performance of the audit.
However, the auditor's responsibility for the financial statements he or she has
audited is confined to the expression of his or her opinion on them. [Revised, April
1989, to reflect conforming changes necessary due to the issuance of Statement on
Auditing Standards Nos. 53 through 62. As amended, effective for audits of
financial statements for periods beginning on or after January 1, 1997, by
Statement on Auditing Standards No. 78. Paragraph renumbered by the issuance
of Statement on Auditing Standards No. 82, February 1997. Revised, April 2002, to
reflect conforming changes necessary due to the issuance of Statement on Auditing
Standards No. 94.]