Audit Evidence Chapter 4 PDF

CHAPTER a 4 AUDIT EVIDENCE LEARNING OUTCOMES After studying this chapter, you would be able to understand-  Audit Evidence (SA 500)- Meaning, types, relevance and reliability, sufficiency and appropriateness and sources of audit evidence, audit procedures, nature and timing of audit procedures, Assertions, selecting items for testing, relying on the work of management expert and evaluation of audit evidence.  Using the work of internal Auditors (SA 610)- Meaning, scope and objective, nature and extent of work of internal audit function, their activities, external auditor’s responsibility for audit and objective having internal audit function, coordination between external auditor and internal auditor.  Audit Sampling (SA 530)- Meaning of Sample, sampling unit, sampling process, approaches and methods of sampling.  Audit Evidence- Specific Considerations for Selected Items (SA 501)- inventory, litigation and claims involving the entity, and segment information.  External Conﬁrmations (SA 505)- meaning, definition of external, positive and negative confirmations.  Initial Audit Engagements-Opening Balances (SA 510) - meaning and objective, sufficient appropriate audit evidence, audit procedures, and reporting regarding opening balances.  Related Parties (SA 550)- Definition, meaning and nature of related parties relationship and transactions.  Analytical Procedures SA (520)- meaning, scope, nature, timing, purpose, objective and forming overall conclusion based on analytical procedures.  Practicality of above concepts by studying through examples and case studies © The Institute of Chartered Accountants of India a 4.2 AUDITING AND ETHICS CHAPTER OVERVIEW W © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.3 “Audit evidence” is the very core on the basis of which conclusions are drawn and opinion is formed by an auditor. In fact, it is the foundation upon which edifice of auditing is built. On a Sunday evening, Sameer was interacting with one of his friends, Shekhar, who had joined articleship and was part of an engagement team conducting audit of a company engaged in manufacturing activities. He got to know that Shekhar was part of team attending physical count process of inventories of the company as at year end. Besides, he was also responsible for going through sales of the company, checking few sales invoices and tracing those entries in books. After some days, both of them had a chance to meet again. Informal conversations between them drifted towards audit of that company. Sameer was visibly excited to know that his friend was helping seniors in designing and sending confirmation requests to the entities to whom this company had sold goods. “Such a process must be providing sufficient appropriate evidence for the purpose of audit”- He murmured in between. He had an inkling that evidence should provide satisfaction to the auditor. What are the contours of it? Whether a piece of evidence coming from outside the company can only provide comfort to the auditor? What about company’s internal documents and records? Aren’t these also pieces of information which form part of audit evidence? His inquisitiveness was prompting him to know whether audit evidence has only to be in writing. Or can it take some other forms? Whether evidence in other forms can suffice for purpose of audit? Besides, he was also trying to understand about nuances of inventory counting process which had cropped up in their previous discussion. Such procedures help auditor to obtain audit evidence. He precisely wanted to understand what such procedures are called as. Are there other procedures also? He also recalled his earlier discussion where Shekhar had told him regarding his responsibility of checking “few sales invoices”. How the team would have arrived at the decision to check those sample invoices? Are some methods or techniques involved in it? How does team ensure that items being selected for checking are truly representative? Recapitulating that choosing of inappropriate sampling methods can lead to increase in detection risk and consequent rise in audit risk, significance of selecting appropriate samples was not lost on him. © The Institute of Chartered Accountants of India a 4.4 AUDITING AND ETHICS meaning relevance evaluation and reliability Audit evidence Audit sufficiency and procedures appropriateness sources 1. AUDIT EVIDENCE 1.1 Introduction Auditing is a logical process. An auditor is called upon to assess the actualities of the situation, review the statements of account and give an expert opinion about the truth and fairness of such accounts. This he cannot do unless he has examined the ﬁnancial statements objectively. Objective examination connotes critical examination and scrutiny of the accounting statements of the undertaking with a view to assessing how far the statements present the actual state of aﬀairs in the correct context and whether they give a true and fair view about the ﬁnancial results and state of aﬀairs. An opinion founded on a rather reckless and negligent examination and evaluation may expose the auditor to legal action with consequential loss of professional standing and prestige. He needs evidence to obtain information for arriving at his judgement. In accordance with SA 500, the objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.5 appropriate audit evidence to draw reasonable conclusions on which to base the auditor’s opinion. 1.2 Meaning of Audit Evidence as per SA 500 Audit evidence may be deﬁned as the information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence includes both information contained in the accounting records underlying the ﬁnancial statements and other information. Audit evidence is Information used by the auditor in arriving at the conclusions on which the auditor's opinion is based It includes both information contained in the accounting records underlying the financial statements and other information ILLUSTRATION 1 The auditor of JPJ Limited explained to the audit team members about the relationship between Audit Evidence and Opinion of Auditor. Explain what relationship exists between Audit Evidence and Opinion of Auditor. SOLUTION There exists a very important relationship between Audit Evidence and opinion of the Auditor. While conducting an audit of a company, the auditor obtains audit evidence and with the help of that audit evidence obtained, the auditor forms an audit opinion on the financial statements of that company. Explaining this further, audit evidence includes:- (1) Information contained in the accounting records Accounting records include the records of initial accounting entries and supporting records, such as cheques and records of electronic fund transfers; invoices; contracts; © The Institute of Chartered Accountants of India a 4.6 AUDITING AND ETHICS the general and subsidiary ledgers, journal entries and other adjustments to the ﬁnancial statements that are not reﬂected in journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures. (2) Other information that authenticates the accounting records and also supports the auditor’s rationale behind the true and fair presentation of the ﬁnancial statements Other information which the auditor may use as audit evidence includes, for example minutes of the meetings, written conﬁrmations from trade receivables and trade payables, manuals containing details of internal control etc. 1.3 Types of Audit Evidence (a) Depending upon nature: 1. Visual: For example, observing physical verification of inventory conducted by the client’s staff. 2. Oral: For example, discussion with the management and various officers of the client. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.7 3. Documentary: For example, fixed deposit certificate, loan agreement, sales bill etc. (b) Depending upon source: 1. Internal Evidence: Evidence which originates within the organisation being audited is internal evidence. Example Sales invoice, Copies of sales challan and forwarding notes, goods received note, inspection report, copies of cash memo, debit and credit notes, etc. 2. External evidence: The evidence that originates outside the client’s organization is external evidence. Example Purchase invoice, supplier’s challan and forwarding note, debit notes and credit notes coming from parties, quotations, conﬁrmations, etc. In an audit situation, the bulk of evidence that an auditor gets is internal in nature. However, substantial external evidence is also available to the auditor. Since in the origination of internal evidence, the client and his staﬀ have the control, the auditor should be careful in putting reliance on such evidence. It is not suggested that they are to be suspected; but an auditor has to be alive to the possibilities of manipulation and creation of false and misleading evidence to suit the client or his staﬀ. The external evidence is generally considered to be more reliable as they come from third parties who are not normally interested in manipulation of the accounting information of others. However, if the auditor has any reason to doubt the independence of any third party who has provided any material evidence e.g. an invoice of an associated concern, he should exercise greater vigilance in that matter. As an ordinary rule, the auditor should try to match internal and external evidence as far as practicable. Where external evidence is not readily available to match, the auditor should see as to what extent the various internal evidences corroborate one another. ILLUSTRATION 2 An audit team member of the auditors of Genuine Limited was of the view that audit evidence obtained internally from within the company under audit are more © The Institute of Chartered Accountants of India a 4.8 AUDITING AND ETHICS appropriate from the reliability point of view as compared to audit evidence obtained externally as evidence obtained internally are obtained from the company whose audit is being conducted. Give your views as auditor of Genuine Limited. SOLUTION Audit evidence obtained externally is more appropriate from reliability point of view as compared to those which are obtained internally. The reason that audit evidence obtained externally is more appropriate from the point of view of reliability is that there is a very low risk that they can be altered or changed. 1.4 Relevance and Reliability of audit evidence The auditor has to express opinion on the truth and fairness on the financial statements. He shall consider the relevance and reliability of the information to be used as audit evidence. The quality of all audit evidence is affected by the relevance and reliabili ty of the information upon which it is based. RELEVANCE AND RELIABILITY OF AUDIT EVIDENCE Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be aﬀected by the direction of testing. The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is inﬂuenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. 1.4.1 Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.9 Example If the purpose of an audit procedure is to test for overstatement in the existence or valuation of accounts payable, testing the recorded accounts payable may be a relevant audit procedure. On the other hand, when testing for understatement in the existence or valuation of accounts payable, testing the recorded accounts payable would not be relevant, but testing such information as subsequent disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may be relevant. A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation, but not necessarily cut-oﬀ. Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion, for example, the valuation of that inventory. On the other hand, audit evidence from diﬀerent sources or of a diﬀerent nature may often be relevant to the same assertion. Tests of controls are designed to evaluate the operating eﬀectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation in conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion. 1.4.2 Reliability Information to be used as audit evidence should be reliable. © The Institute of Chartered Accountants of India a 4.10 AUDITING AND ETHICS Reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalisations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exis t that could affect its reliability. For example, information obtained from an independent external source may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While recognising that exceptions may exist, the following generalisations about the reliability of audit evidence may be useful: The reliability of audit evidence is increased when it is obtained from independent sources outside the entity. The reliability of audit evidence that is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective. Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control). Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed). Audit evidence obtained as original documents is more reliable than audit evidence obtained as photocopies or facsimiles, or documents that have been filmed, digitised or otherwise transformed into electronic form because in these cases the reliability of which may depend on the controls over their preparation and maintenance. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.11 1.5 Sufficient appropriate audit evidence The auditor has to obtain sufficient appropriate audit evidence to draw reasonable conclusions on financial statements. 1.5.1 Sufficiency and Appropriateness are interrelated. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required) Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and nature, and is dependent on the individual circumstances under which it is obtained. measure of quantity of audit Sufficiency evidence measure of quality of audit evidence Appropriateness © The Institute of Chartered Accountants of India a 4.12 AUDITING AND ETHICS 1.5.2 Obtaining Sufficient and appropriate Audit Evidence by the Auditor The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient and appropriate audit evidence. Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It may, however, also include information obtained from other sources such as previous audits. In addition to other sources inside and outside the entity, the entity’s accounting records are an important source of audit evidence. Also, information that may be used as audit evidence may have been prepared using the work of a management’s expert. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. In addition, in some cases the absence of information (for example, management’s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. The auditor uses various audit procedures to obtain audit evidence such as inspection, observation, confirmation, recalculation, reperformance and analytical procedures, often in some combination, in addition to inquiry. Reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e., the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. SA 330 requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.13 SA 200 contains discussion of such matters as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost, which are relevant factors when the auditor exercises professional judgment regarding whether sufficient appropriate audit evidence has been obtained. ILLUSTRATION 3 There was a Partnership Firm of Chartered Accountants VM and Associates. Mr. M, one of the partners of VM and Associates, while explaining to his audit team members about importance of audit evidence informed them about sufficiency and appropriateness of audit evidence. Mr. A, one of the members of audit team of VM and Associates was of the view that sufficiency of audit evidence means simplicity of audit evidence and appropriateness of audit evidence means ease of obtaining audit evidence. Explain whether sufficiency and appropriateness of audit evidence mean simplicity and ease of obtaining audit evidence. SOLUTION Sufficiency and Appropriateness of audit evidence does not mean simplicity and ease of obtaining audit evidence rather sufficiency of audit evidence is related to the quantity of audit evidence and appropriateness of audit evidence is related to quality of audit evidence. 1.5.3 Further, auditor’s judgement as to suﬃciency may be aﬀected by the factors such as: Factors affecting auditor's judgement as to sufficiency of audit evidence Risk of Material Size & characteristics Materiality Misstatement of the population (a) Materiality: It may be deﬁned as the signiﬁcance of classes of transactions, account balances and presentation and disclosures to the users of the ﬁnancial statements. Less evidence would be required in case assertions are less material to users of the ﬁnancial statements. But on the other hand if assertions are more material to the users of the ﬁnancial statements, more evidence would be required. © The Institute of Chartered Accountants of India a 4.14 AUDITING AND ETHICS (b) Risk of material misstatement: It may be deﬁned as the risk that the ﬁnancial statements are materially misstated prior to audit. This consists of two components described as follows at the assertion level: Inherent risk—The susceptibility of an assertion to a misstatement that could be material before consideration of any related controls. Control risk—The risk that a misstatement that could occur in an assertion that could be material will not be prevented or detected and corrected on a timely basis by the entity’s internal control. Less evidence would be required in case assertions that have a lower risk of material misstatement. But on the other hand, if assertions have a higher risk of material misstatement, more evidence would be required. (c) Size & characteristics of a population: It refers to the number of items included in the population. Less evidence would be required in case of smaller, more homogeneous population but on the other hand in case of larger, more heterogeneous populations, more evidence would be required. 1.6 Source of audit evidence Some audit evidence is obtained by performing audit procedures to test the accounting records. Example  through analysis and review,  reperforming procedures followed in the ﬁnancial reporting process,  and reconciling related types and applications of the same information. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree to the ﬁnancial statements. More assurance is ordinarily obtained from consistent audit evidence obtained from diﬀerent sources or of a diﬀerent nature than from items of audit evidence considered individually. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.15 Example Corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. Information from sources independent of the entity that the auditor may use as audit evidence may include conﬁrmations from third parties, analysts’ reports, and comparable data about competitors. 1.7 Audit procedures for obtaining audit evidence Audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing: (a) Risk assessment procedures; and (b) Further audit procedures, which comprise: (i) Tests of controls, when required by the SAs or when the auditor has chosen to do so; and (ii) Substantive procedures, including tests of details and substantive analytical procedures. 1.7.1 Audit procedures to obtain audit evidence can include: (i) Inspection (ii) Observation (iii) External Conﬁrmation (iv) Recalculation (v) Reperformance (vi) Analytical Procedures (vii) Inquiry © The Institute of Chartered Accountants of India a 4.16 AUDITING AND ETHICS (i) Inspection Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorisation. Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity’s application of accounting policies, such as revenue recognition. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets. Inspection of individual inventory items may accompany the observation of inventory counting. ILLUSTRATION 4 While auditing the books of accounts of AB Limited for the financial year 2022 -23, the auditor of the company used an audit procedure according to which complete documents and records of the company were checked in detail in order to obtain audit evidence. Explain the audit procedure used by the auditor of Extremely Distinct Limited. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.17 SOLUTION The audit procedure used by auditor of AB Limited is known as Inspection because inspection is an audit procedure in which complete documents and records of a company are checked in detail for the purpose of obtaining audit evidence. (ii) Observation Observation consists of looking at a process or procedure being performed by others. For example, the auditor’s observation of inventory counting by the entity’s personnel, or of the performance of control activities. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place, and by the fact that the act of being observed may affect how the process or procedure is performed. (iii) External Confirmation An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. External confirmation procedures frequently are relevant when addressing assertions associated with certain account balances and their elements. However, external confirmations need not be restricted to account balances only. Example The auditor may request conﬁrmation of the terms of agreements or transactions an entity has with third parties; the conﬁrmation request may be designed to ask if any modiﬁcations have been made to the agreement and, if so, what the relevant details are. External conﬁrmation procedures also are used to obtain audit evidence about the absence of certain conditions. Example The absence of a “side agreement” that may inﬂuence revenue recognition. © The Institute of Chartered Accountants of India a 4.18 AUDITING AND ETHICS (iv) Recalculation Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically. (v) Reperformance Reperformance involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. Example Re-performing the reconciliation of bank statement, re-performing the aging of accounts receivable. (vi) Analytical Procedures Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Analytical procedures also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. (vii) Inquiry Inquiry consists of seeking information of knowledgeable persons, both financial and non- financial, within the entity or outside the entity. Inquiry is used extensively throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that diﬀers signiﬁcantly from other information that the auditor has obtained, for example, information regarding the possibility of management override of controls. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.19 Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management’s intent may be limited. In these cases, understanding management’s past history of carrying out its stated intentions, management’s stated reasons for choosing a particular course of action, and management’s ability to pursue a speciﬁc course of action may provide relevant information to corroborate the evidence obtained through inquiry. In respect of some matters, the auditor may consider it necessary to obtain written representations from management and, where appropriate, those charged with governance to conﬁrm responses to oral inquiries. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. 1.7.2 The following points are also relevant in respect of audit procedures for auditor’s consideration: The audit procedures inspection, observation, conﬁrmation, recalculation, re- performance and analytical procedures, often in some combination, in addition to inquiry may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. Audit evidence obtained from previous audits may, in certain circumstances, provide appropriate audit evidence where the auditor performs audit procedures to establish its continuing relevance. 1.7.3 Nature and Timing of the Audit Procedures The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference. © The Institute of Chartered Accountants of India a 4.20 AUDITING AND ETHICS Certain electronic information may not be retrievable after a specified period of time. For example if files are changed and if backup files do not exist. Accordingly, the auditor may find it necessary as a result of an entity’s data retention policies to request retention of some information for the auditor’s review or to perform audit procedures at a time when the information is available. At this stage, it would be pertinent to discuss the concept of Risk assessment procedures and Further audit procedures: 1.7a Risk assessment procedures: Risk assessment procedures refer to the audit procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the ﬁnancial statement and assertion levels. Risk assessment procedures are the audit procedures performed to obtain an understanding of the entity and its environment to identify and assess the risks of material misstatement, at the ﬁnancial statement and assertion levels. 1.7b Further Audit Procedures Further Audit Procedures comprise of: (i) Tests of controls, when required by the SAs or when the auditor has chosen to do so; and (ii) Substantive procedures, including tests of details and substantive analytical procedures. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.21 Further Audit Procedures comprise of: (i) Tests of Controls; and (ii) Substantive of procedures 1.7.b(i) Tests of controls Test of controls may be deﬁned as an audit procedure designed to evaluate the operating eﬀectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. in preventing or to evaluate the detecting and Audit procedures operating correcting material designed effectiveness of misstatement at the controls assertion level 1.7.b(ii) Substantive Procedures- Tests of details and Substantive analytical procedures Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion. In other words, Substantive procedure may be deﬁned as an audit procedure designed to detect material misstatements at the assertion level. to detect material at the assertion Audit procedures designed misstatement level © The Institute of Chartered Accountants of India a 4.22 AUDITING AND ETHICS Substantive procedures comprise: (i) Tests of details (of classes of transactions, account balances, and disclosures), and (ii) Substantive analytical procedures. The following chart illustrates diﬀerent audit procedures: Test Your Understanding 1 On perusal of financial statements of a company, auditor of company finds that notes to accounts contain aging of trade payables in accordance with requirements of Schedule III of Companies Act, 2013. The accountant of company is responsible for ensuring proper aging of trade payables included in notes to accounts. The auditor wants to verify whether aging of trade payables made in financial statements is proper or not. Identify what he is trying to do. Test Your Understanding 2 CA Sooryagaythri is conducting audit of an entity. During the course of audit, she has made oral inquiries from head accountant regarding preparing of bank reconciliations every month as has been laid down by the management. Discuss, whether inquiries as stated above would provide satisfaction to her that controls in respect of preparing bank reconciliations statements have operated effectively. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.23 Test Your Understanding 3 A company has stipulated a control that reconciliations of its records showing quantitative details of its property, plant and equipment are carried out at regular intervals with physical verification of such items. The auditor has found that such reconciliations are being carried out as stipulated. Discuss, whether above factor, increases reliability of other internally generated evidence within the company relating to existence of such items. In obtaining audit evidence from substantive procedures, the auditor is concerned with the following assertions: 1.8 Assertions Assertions refer to representations by management, explicit or otherwise, that are embodied in the ﬁnancial statements, as used by the auditor to consider the diﬀerent types of potential misstatements that may occur. Representations by management that are embodied in the financial statements to consider different types of potential misstatements 1.8.1 Assertions contained in the Financial Statements. 1. In representing that the ﬁnancial statements are in accordance with the applicable ﬁnancial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of ﬁnancial statements and related disclosures. 2. Assertions used by the auditor to consider the diﬀerent types of potential misstatements that may occur fall into the following three categories and may take the following forms: © The Institute of Chartered Accountants of India a 4.24 AUDITING AND ETHICS Classes of Account Presentation and transactions and balances Disclosure events Occurence and Occurence Existence rights and obligations Completeness Rights and obligations Completeness Accuracy Completeness Classification and Cut - Off understandability Valuation and Accuracy and Classification allocation valuation (a) Assertions about classes of transactions and events for the period under audit: (i) Occurrence – transactions and events that have been recorded have occurred and pertain to the entity. (ii) Completeness – all transactions and events that should have been recorded have been recorded. (iii) Accuracy – amounts and other data relating to recorded transactions and events have been recorded appropriately. (iv) Cut-oﬀ – transactions and events have been recorded in the correct accounting period. (v) Classiﬁcation – transactions and events have been recorded in the proper accounts. (b) Assertions about account balances at the period end: (i) Existence – assets, liabilities, and equity interests exist. (ii) Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. (iii) Completeness – all assets, liabilities and equity interests that should have been recorded have been recorded. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.25 (iv) Valuation and allocation – assets, liabilities, and equity interests are included in the ﬁnancial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. (c) Assertions about presentation and disclosure: (i) Occurrence and rights and obligations – disclosed events, transactions, and other matters have occurred and pertain to the entity. (ii) Completeness – all disclosures that should have been included in the ﬁnancial statements have been included. (iii) Classiﬁcation and understandability – ﬁnancial information is appropriately presented and described, and disclosures are clearly expressed. (iv) Accuracy and valuation – ﬁnancial and other information are disclosed fairly and at appropriate amounts. 3. The auditor may use the assertions as described above or may express them diﬀerently provided all aspects described above have been covered. For example, the auditor may choose to combine the assertions about transactions and events with the assertions about account balances. 4. When making assertions about the ﬁnancial statements of certain entities, especially, for example, where the Government is a major stakeholder, in addition to those assertions set out in paragraph 2, management may often assert that transactions and events have been carried out in accordance with legislation or proper authority. Such assertions may fall within the scope of the ﬁnancial statement audit. Let us elaborate this with the help of two illustrations. We must clearly understand that each item contained in ﬁnancial statements asserts something to the readers of the accounts to indicate the ownership, existence, quantity of various things, etc. Auditing is concerned with the testing of the authenticity of the information thus conveyed. © The Institute of Chartered Accountants of India a 4.26 AUDITING AND ETHICS Example When we ﬁnd in the balance sheet, an item under current assets reading as “cash in hand - ` 10,000” the obvious assertions that would strike the mind are the following: (i) The ﬁrm concerned had ` 10,000 in hand in valid notes and coins on the balance sheet day; (ii) That the cash was free and available for expenditure to the ﬁrm; and (iii) That the books of account show a cash balance of identical amount at the end of the day on which the balance sheet is drawn up. Example Particulars ` Plant and Machinery (at cost) 2,00,000 Less: Depreciation till the end of previous year 70,000 Depreciation for the year 13,000 83,000 1,17,000 The assertions are as follows: (i) the ﬁrm owns the plant and machinery; (ii) the historical cost of plant and machinery is ` 2 lacs; (iii) the plant and machinery physically exists; (iv) the asset is being utilised in the business of the company productively; (v) total charge of depreciation on this asset is ` 83,000 to date on which ` 13,000 relates to the year in respect of which the accounts are drawn up; and (vi) the amount of depreciation has been calculated on recognised basis and the calculation is correct. From the above two illustrations we know the sort of assertions that are implied in the ﬁnancial statements. Incidentally, the assertions are generally implied and not speciﬁcally spelt out, though some explicit assertions are also found in the ﬁnancial statements. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.27 Explicit assertions are made when otherwise the reader will be left with an incomplete picture; it may even be misleading. An example of the former category may be found in the following items appearing in the liability side of the balance sheet: Secured Loans ` 4,00,000 The description does not give us a complete picture. We do not know: (i) the name of the lender, if it is relevant; (ii) the nature of security provided; and (iii) the rate at which interest in payable. A speciﬁc mention is required about these things for a proper appreciation of the item and the ﬁnancial position. Negative assertions are also encountered in the ﬁnancial statements and the same may be expressed or implied. For example, if it is stated that there is no contingent liability it would be an expressed negative assertion; On the other hand, if in the balance sheet there is no item as “building”, it would be an implied negative assertion that the entity did not own any building on the balance sheet date. Every ﬁnancial statement contains an overall representation in addition to the speciﬁc assertions so far discussed. Each ﬁnancial statement purports to present something as a whole in addition to its component details. For example, an income statement purports to present “the results of operations” a balance sheet purports to present “ﬁnancial position”. The auditor’s opinion is typically directed to these overall representations. But to formulate and oﬀer an opinion on the overall truth of these statements he has ﬁrst to inquire into the truth of many speciﬁc assertions, expressed and implied, both positive, and negative, that makes up each of these statements. Out of his individual judgements of these speciﬁc assertions he arrives at a judgement on the ﬁnancial statements as a whole. 1.9 Audit Trail An audit trail is a documented flow of a transaction. It is used to investigate how a source document was translated into an account entry and from there it was © The Institute of Chartered Accountants of India a 4.28 AUDITING AND ETHICS inserted into financial statement of an entity. It is used as audit evidence to establish authentication and integrity of a transaction. Audit trails help in maintaining record of system and user activity. Like, in case of banks, there is an audit trail keeping track of log-on activity detailing record of log-on attempts and device used. It is a step-by-step record by which accounting, trade details, or other financial data can be traced to their source. Audit trails are used to verify and track many types of transactions including accounting and financial transactions. Audit trails (or audit logs) act as record-keepers that document evidence of certain events, procedures or operations, because their purpose is to reduce fraud, material errors, and unauthorized use. Audit trails help to enhance internal controls and data security. Audit trails can help in fixing responsibility, rebuilding events and in thorough analysis of problem areas. For example, audit trails can track activities of users thus fixing responsibility for users. These can also be used to rebuild events upon occurring of some problem. Audit trail analysis can specify reason of the problem. It can also help in ensuring operation of system as intended. In this way, audit trails can help entities in their regular system operations. However, audit trails involve costs. The cost is not only in terms of system expenditure but also in terms of time involved in analysing data made available by audit trails. However, use of automated tools can be made to analyse large volume of data thrown up by audit trails. Systems which have a feature of audit trail inspires confidence in auditors. It helps auditors in verifying whether controls devised by the management were operating effectively or not. It aids in verification whether a transaction was indeed performed by a person authorised to do it. Since audit trails also enhance data security, these can be used by auditor while performing audit procedures thus increasing reliability of audit evidence obtained. 1.10 Information to Be Used as Audit Evidence 1.10.1 When information to be used as audit evidence has been prepared using the work of a management’s expert, the nature, timing and extent of audit procedures may be affected by such matters; The nature and complexity of the matter to which the management’s expert relates. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.29 The risks of material misstatement in the matter. The availability of alternative sources of audit evidence. The nature, scope and objectives of the management’s expert’s work. Whether the management’s expert is employed by the entity, or is a party engaged by it to provide relevant services. The extent to which management can exercise control or influence over the work of the management’s expert. Whether the management’s expert is subject to technical performance standards or other professional or industry requirements. The nature and extent of any controls within the entity over the management’s expert’s work. The auditor’s knowledge and experience of the management’s expert’s field of expertise. The auditor’s previous experience of the work of that expert. 1.10.2 When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor’s purposes, including as necessary in the circumstances: (a) Obtaining audit evidence about the accuracy and completeness of the information; and (b) Evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes. 1.11 Selecting Items for Testing to Obtain Audit Evidence When designing tests of controls and tests of details, the auditor shall determine means of selecting items for testing that are effective in meeting the purpose of the audit procedure. The means available to the auditor for selecting items for testing are: (a) Selecting all items (100% examination); (b) Selecting specific items; and (c) Audit sampling. © The Institute of Chartered Accountants of India a 4.30 AUDITING AND ETHICS The application of any one or combination of these means may be appropriate depending on the auditors’ judgement to obtain audit evidence. 1.11(a) Selecting All Items The auditor may decide that it will be most appropriate to examine the entire population of items that make up a class of transactions or account balance (or a stratum within that population). 100% examination is unlikely in the case of tests of controls; however, it is more common for tests of details. 100% examination may be appropriate when, For example: The population constitutes a small number of large value items; There is a significant risk and other means do not provide sufficient appropriate audit evidence; or The repetitive nature of a calculation or other process performed automatically by an information system makes a 100% examination cost effective. 1.11(b) Selecting Specific Items The auditor may decide to select specific items from a population. In making this decision, factors that may be relevant include the auditor’s understanding of the entity, the assessed risks of material misstatement, and the characteristics of the population being tested. The judgmental selection of specific items is subject to non-sampling risk. Specific items selected may include: High value or key items. The auditor may decide to select specific items within a population because they are of high value, or exhibit some other characteristic. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.31 For example items that are suspicious, unusual, particularly risk-prone or that have a history of error. All items over a certain amount. The auditor may decide to examine items whose recorded values exceed a certain amount so as to verify a large proportion of the total amount of a class of transactions or account balance. Items to obtain information. The auditor may examine items to obtain information about matters such as the nature of the entity or the nature of transactions. 1.11(c) Audit Sampling Audit sampling is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it. Audit sampling is discussed in subsequent paragraphs. 1.12 Inconsistency in or Doubts over Reliability of Audit Evidence If: (a) audit evidence obtained from one source is inconsistent with that obtained from another; or (b) the auditor has doubts over the reliability of information to be used as audit evidence, the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit. For example responses to inquiries of management, internal audit, and others are inconsistent. © The Institute of Chartered Accountants of India a 4.32 AUDITING AND ETHICS SA 230 includes a specific documentation requirement if the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter. Who is management’s expert? An individual or organisation possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements. 1.13 Relying on the work of a management’s expert If the entity has employed or engaged experts, the auditor may rely on the works of experts, provided he is satisfied that sufficient and appropriate audit evidence is obtained with reasonable assurance to form an opinion on the financial statements. When information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes; (a) Evaluate the competence, capabilities and objectivity of that expert; (b) Obtain an understanding of the work of that expert; and (c) Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion. 1.14 Evaluation of Audit Evidence SA 500 “Audit Evidence” is applicable to all the audit evidence obtained during the course of the audit to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. The auditor has to conclude whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.33 2. USING THE WORK OF INTERNAL AUDITORS (SA 610) 2.1 Definition of Internal Audit Function Internal audit function refers to A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control processes. The objectives and scope of internal audit functions typically include assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance processes, risk management and internal control such as the following: (1) Activities Relating to Governance The internal audit function may assess the governance process in its accomplishment of objectives on ethics and values, performance management and accountability, communicating risk and control information to appropriate areas of the organization and effectiveness of communication among those charged with governance, external and internal auditors, and management. (2) Activities Relating to Risk Management The internal audit function may assist the entity by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and internal control (including effectiveness of the financial reporting process). The internal audit function may perform procedures to assist the entity in the detection of fraud. (3) Activities Relating to Internal Control Evaluation of internal control. The internal audit function may be assigned specific responsibility for reviewing controls, evaluating their operation, and recommending improvements thereto. In doing so, the internal audit function provides assurance on the control. © The Institute of Chartered Accountants of India a 4.34 AUDITING AND ETHICS For example the internal audit function might plan and perform tests or other procedures to provide assurance to management and those charged with governance regarding the design, implementation and operating effectiveness of internal control, including those controls that are relevant to the audit. Examination of financial and operating information. The internal audit function may be assigned to review the means used to identify, recognize, measure, classify and report financial and operating information, and to make specific inquiry into individual items, including detailed testing of transactions, balances and procedures. Review of operating activities. The internal audit function may be assigned to review the economy, efficiency and effectiveness of operating activities, including non- financial activities of an entity. Review of compliance with laws and regulations. The internal audit function may be assigned to review compliance with laws, regulations, and other external requirements, and with management policies and directives and other internal requirements. 2.2 Ways in which the external auditor may make use of the function for purposes of the audit. While the objectives of an entity’s internal audit function and the external auditor differ, the function may perform audit procedures similar to those performed by the external auditor in an audit of financial statements. If so, the external auditor may make use of the function for purposes of the audit in one or more of the following ways: (i) to obtain information that is relevant to the external auditor’s assessments of the risks of material misstatement due to error or fraud. (ii) Unless prohibited, or restricted to some extent, by law or regulation, the external auditor, after appropriate evaluation, may decide to use work that has been performed by the internal audit function during the period in partial substitution for audit evidence to be obtained directly by the external auditor. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.35 (iii) Unless prohibited, or restricted to some extent, by law or regulation, the external auditor may use internal auditors to perform audit procedures under the direction, supervision and review of the external auditor (referred to as “direct assistance”). 2.3 Scope of SA 610 Standard on Auditing (SA) 610 deals with the external auditor’s responsibilities if using the work of internal auditors. This includes (a) using the work of the internal audit function in obtaining audit evidence and (b) using internal auditors to provide direct assistance under the direction, supervision and review of the external auditor. Nothing in this SA requires the external auditor to use the work of the internal audit function to modify the nature or timing, or reduce the extent, of audit procedures to be performed directly by the external auditor; it remains a decision of the external auditor in establishing the overall audit strategy. 2.4 External Auditor’s Responsibility for the audit The external auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the external auditor’s use of the work of the internal audit function or internal auditors to provide direct assistance on the engagement. Although they may perform audit procedures similar to those performed by the external auditor, neither the internal audit function nor the internal auditors are independent of the entity as is required of the external auditor in an audit of financial statements in accordance with SA 200. This SA, therefore, defines the conditions that are necessary for the external auditor to be able to use the work of internal auditors. It also defines the necessary work effort to obtain sufficient appropriate evidence that the work of the internal audit function, or internal auditors providing direct assistance, is adequate for the purposes of the audit. The requirements are designed to provide a framework for the external auditor’s judgments regarding the use of the work of internal auditors to prevent over or undue use of such work. © The Institute of Chartered Accountants of India a 4.36 AUDITING AND ETHICS 2.5 Objectives of the external auditor, where the entity has an internal audit function The objectives of the external auditor, where the entity has an internal audit function and the external auditor expects to use the work of the function to modify the nature or timing, or reduce the extent, of audit procedures to be performed directly by the external auditor, or to use internal auditors to provide direct assistance, are: (a) To determine whether the work of the internal audit function or direct assistance from internal auditors can be used, and if so, in which areas and to what extent; and having made that determination: (b) If using the work of the internal audit function, to determine whether that work is adequate for purposes of the audit; and (c ) If using internal auditors to provide direct assistance, to appropriately direct, supervise and review their work. 2.6 Evaluating the Internal Audit Function The external auditor shall determine whether the work of the internal audit function can be used for purposes of the audit by evaluating the following: (A) The extent to which the internal audit function’s organizational status and relevant policies and procedures support the objectivity of the internal auditors; (B) The level of competence of the internal audit function; and (C) Whether the internal audit function applies a systematic and disciplined approach, including quality control. Objectivity and Competence The external auditor exercises professional judgment in determining whether the work of the internal audit function can be used for purposes of the audit, and the nature and extent to which the work of the internal audit function can be used in the circumstances. The extent to which the internal audit function’s organizational status and relevant policies and procedures support the objectivity of the internal auditors and the level of competence of the function are particularly important in determining © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.37 whether to use and, if so, the nature and extent of the use of the work of the function that is appropriate in the circumstances. 2.6A Objectivity and its evaluation Objectivity refers to the ability to perform those tasks without allowing bias, conflict of interest or undue influence of others to override professional judgments. Factors that may affect the external auditor’s evaluation in relation to Objectivity include the following: 1. Whether the organizational status of the internal audit function, including the function’s authority and accountability, supports the ability of the function to be free from bias, conflict of interest or undue influence of others to override professional judgments. For example whether the internal audit function reports to those charged with governance or an officer with appropriate authority, or if the function reports to management, whether it has direct access to those charged with governance. 2. Whether those charged with governance oversee employment decisions related to the internal audit function. For example determining the appropriate remuneration policy. 3. Whether there are any constraints or restrictions placed on the internal audit function by management or those charged with governance, for example, in communicating the internal audit function’s findings to the external auditor. 4. Whether the internal audit function is free of any conflicting responsibilities, for example, having managerial or operational duties or responsibilities that are outside of the internal audit function. © The Institute of Chartered Accountants of India a 4.38 AUDITING AND ETHICS 2.6B Competence and its evaluation Competence of the internal audit function refers to the attainment and maintenance of knowledge and skills of the function as a whole at the level required to enable assigned tasks to be performed diligently and in accordance with applicable professional standards. Factors that may affect the external auditor’s determination in relation to competence include the following: 1. Whether the internal audit function is adequately and appropriately resourced relative to the size of the entity and the nature of its operations. 2. Whether there are established policies for hiring, training and assigning internal auditors to internal audit engagements. 3. Whether the internal auditors have adequate technical training and proficiency in auditing. 4. Whether the internal auditors possess the required knowledge relating to the entity’s financial reporting and the applicable financial reporting framework. Objectivity and competence may be viewed as a continuum. Objectivity and competence may be viewed as a continuum. The more the internal audit function’s organizational status and relevant policies and procedures adequately support the objectivity of the internal auditors and the higher the level of competence of the function, the more likely the external auditor may make use of the work of the function and in more areas. However, an organizational status and relevant policies and procedures that provide strong support for the objectivity of the internal auditors cannot compensate for the lack of sufficient competence of the internal audit function. Equally, a high level of competence of the internal audit function cannot compensate for an organizational status and policies and procedures that do not adequately support the objectivity of the internal auditors. 2.6C Application of a Systematic and Disciplined Approach The application of a systematic and disciplined approach to planning, performing, supervising, reviewing and documenting its activities distinguishes the activities of © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.39 the internal audit function from other monitoring control activities that may be performed within the entity. Factors that may affect the external auditor’s determination of whether the internal audit function applies a systematic and disciplined approach include the following: 1. The existence, adequacy and use of documented internal audit procedures or guidance covering such areas as risk assessments, work programs, documentation and reporting, the nature and extent of which is commensurate with the size and circumstances of an entity. 2. Whether the internal audit function has appropriate quality control policies and procedures. 2.7 Circumstances When Work of the Internal Audit Function Cannot Be Used The external auditor shall not use the work of the internal audit function if the external auditor determines that: (a) The function’s organizational status and relevant policies and procedures do not adequately support the objectivity of internal auditors; (b) The function lacks sufficient competence; or (c ) The function does not apply a systematic and disciplined approach, including quality control. 2.8 Determining the Nature and Extent of Work of the Internal Audit Function that Can Be Used As a basis for determining the areas and the extent to which the work of the internal audit function can be used, the external auditor shall consider the nature and scope of the work that has been performed, or is planned to be performed, by the internal audit function and its relevance to the external auditor’s overall audit strategy and audit plan. In other words, once the external auditor has determined that the work of the internal audit function can be used for purposes of the audit, a first consideration is whether the planned nature and scope of the work of the internal audit function © The Institute of Chartered Accountants of India a 4.40 AUDITING AND ETHICS that has been performed, or is planned to be performed, is relevant to the overall audit strategy and audit plan that the external auditor has established. Examples of work of the internal audit function that can be used by the external auditor include the following: 1. Testing of the operating effectiveness of controls. 2. Substantive procedures involving limited judgment. 3. Observations of inventory counts. 4. Tracing transactions through the information system relevant to financial reporting. 5. Testing of compliance with regulatory requirements. 2.9 Circumstances in which the external auditor shall plan to use less of the work of the Internal audit function and perform more of the work directly The external auditor shall make all significant judgments in the audit engagement and, to prevent undue use of the work of the internal audit function, shall plan to use less of the work of the function and perform more of the work directly if: (a) The more judgment is involved in: (i) Planning and performing relevant audit procedures; and (ii) Evaluating the audit evidence gathered; (b) The higher the assessed risk of material misstatement at the assertion level, with special consideration given to risks identified as significant; (c ) The less the internal audit function’s organizational status and relevant policies and procedures adequately support the objectivity of the internal auditors; and (d) The lower the level of competence of the internal audit function. 2.10 Using the Work of the Internal Audit Function If the external auditor plans to use the work of the internal audit function, the external auditor shall © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.41 (A) discuss the planned use of its work with the function as a basis for coordinating their respective activities. (B) read the reports of the internal audit function relating to the work of the function that the external auditor plans to use to obtain an understanding of the nature and extent of audit procedures it performed and the related findings. (C) perform sufficient audit procedures on the body of work of the internal audit function as a whole that the external auditor plans to use to determine its adequacy for purposes of the audit. Discussion and Coordination with the Internal Audit Function In discussing the planned use of their work with the internal audit function as a basis for coordinating the respective activities, it may be useful to address the following: 1. The timing of such work. 2. The nature of the work performed. 3. The extent of audit coverage. 4. Materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures), and performance materiality. 5. Proposed methods of item selection and sample sizes. 6. Documentation of the work performed. 7. Review and reporting procedures. Coordination between the external auditor and the internal audit function is effective when, for example; 1. Discussions take place at appropriate intervals throughout the period. 2. The external auditor informs the internal audit function of significant matters that may affect the function. 3. The external auditor is advised of and has access to relevant reports of the internal audit function and is informed of any significant matters that come to the attention of the function when such matters may affect the work of the external auditor so that the external auditor is able to consider the implications of such matters for the audit engagement. © The Institute of Chartered Accountants of India a 4.42 AUDITING AND ETHICS 2.11 Determining Whether, in Which Areas, and to What Extent Internal Auditors Can Be Used to Provide Direct Assistance Direct assistance refers to the use of internal auditors to perform audit procedures under the direction, supervision and review of the external auditor. The external auditor may be prohibited by law or regulation from obtaining direct assistance from internal auditors. If using internal auditors to provide direct assistance is not prohibited by law or regulation, and the external auditor plans to use internal auditors to provide direct assistance on the audit, the external auditor shall evaluate the existence and significance of threats to objectivity and the level of competence of the internal auditors who will be providing such assistance. The external auditor’s evaluation of the existence and significance of threats to the internal auditors’ objectivity shall include inquiry of the internal auditors regarding interests and relationships that may create a threat to their objectivity. The external auditor shall not use an internal auditor to provide direct assistance if: (a) There are significant threats to the objectivity of the internal auditor; or (b) The internal auditor lacks sufficient competence to perform the proposed work. The external auditor shall not use internal auditors to provide direct assistance to perform procedures that: (a) Involve making significant judgments in the audit; (b) Relate to higher assessed risks of material misstatement where the judgment required in performing the relevant audit procedures or evaluating the audit evidence gathered is more than limited; (c) Relate to work with which the internal auditors have been involved and which has already been, or will be, reported to management or those charged with governance by the internal audit function; or © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.43 (d) Relate to decisions the external auditor makes in accordance with this SA regarding the internal audit function and the use of its work or direct assistance. Prior to using internal auditors to provide direct assistance for purposes of the audit, the external auditor shall: (a) Obtain written agreement from an authorized representative of the entity that the internal auditors will be allowed to follow the external auditor’s instructions, and that the entity will not intervene in the work the internal auditor performs for the external auditor; and (b) Obtain written agreement from the internal auditors that they will keep confidential specific matters as instructed by the external auditor and inform the external auditor of any threat to their objectivity. 2.12 Basics of Internal Financial Control and Reporting Requirements You have already read about basics of Internal Financial Control and regulatory/reporting requirements in Chapter 3 in detail. Now, we shall understand distinction between Internal Financial Control and Internal Control over financial reporting. Distinction between Internal Financial Control and Internal Control over financial reporting The term Internal Financial Controls (IFC) refers to the policies and procedures put in place by companies for ensuring reliability of financial reporting, effectiveness and efficiency of operations, compliance with applicable laws and regulations, safeguarding of assets and prevention and detection of frauds. On the other hand, Internal controls over financial reporting is required where auditors are required to express an opinion on the effectiveness of an entity’s internal controls over financial reporting, such opinion is in addition to and distinct from the opinion expressed by the auditor on the financial statements. Therefore, “internal financial control” is a wider term where as “internal controls over financial reporting” is a narrower term restricted to entity’s internal controls over financial reporting only. © The Institute of Chartered Accountants of India a 4.44 AUDITING AND ETHICS 3. AUDIT SAMPLING (SA 530) 3.1 Sampling: An Audit Procedure No conscious eﬀort in human society is divested of economic considerations and auditing is no exception. There is a growing realisation that the traditional approach to audit is economically wasteful because all the eﬀorts are directed to check all transactions without any exception. This invariably leads to more emphasis on routine checking, which often is not necessary in view of the time and the cost involved. With the shift in favour of formal internal controls in the management of aﬀairs of organisations, the possibilities of routine errors and frauds have greatly diminished i.e the internal controls as designed by the management are for the very purpose of prevention, detection and correction of frauds and errors. Thus the auditors often ﬁnd extensive routine checking as nothing more than a ritual because it seldom reveals anything material Now the approach to audit and the extent of checking are undergoing a progressive change in favour of more attention towards the questions of principles and controls with a curtailment of non- consequential routine checking. By routine checking we traditionally think of extensive checking and vouching of all the entries, disregarding the concept of materiality. The extent of the checking to be undertaken is primarily a matter of judgment of the auditor, there is nothing statutorily stated anywhere which speciﬁes what work is to be done, how it is to be done and to what extent it has to be done. It is also © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.45 not obligatory that the auditor must adopt the sampling technique. What he is to do as an auditor is to express his opinion on the financial statements and become bound by that. To ensure good and reasonable standard of work, he should adopt standards and techniques that can lead him to an informed professional opinion. On consideration of this fact, it can be said that it is in the interest of the auditor that if he decides to form his opinion on the basis of a part checking ( i.e sampling), he should adopt standards and techniques which are widely followed and which have a recognised basis. Since statistical theory of sampling is based on a scientiﬁc law, it can be relied upon to a greater extent than any arbitrary technique which lacks in basis and acceptability. This enables the auditor to make conclusions and express fair opinion without having to check all of the items within the financial statements. 3.2 Meaning of Audit Sampling According to SA 530 “Audit sampling”, ‘audit sampling’ refers to the application of audit procedures to less than 100% of items within a population relevant under the audit, such that all sampling units (i.e all the items in the population) have a equal chance of selection. This is to ensure that the items selected represent the entire population which enables the auditor to draw conclusions and express his opinion based on a pre-determined objective. The objective of the auditor when using audit sampling is to provide a reasonable basis for the auditor to draw conclusions about the population from which the sample is selected. Scope of SA-530 SA 530 becomes applicable when the auditor has decided to use audit sampling in performing audit procedures. This standard deals with the auditor’s use of -  Statistical and  Non-statistical sampling when designing and selecting the- (i) audit sample, © The Institute of Chartered Accountants of India a 4.46 AUDITING AND ETHICS (ii) performing tests of controls and tests of details, and (iii) evaluating the results from the sample. SA 500 “Audit Evidence”, deals with the auditor’s responsibility to design and perform audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. SA 500 lays down the means available to the auditor for selecting the items for testing. One of those is audit sampling. Hence SA 530 complements SA 500. 3.3 Population Population refers to the entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions. The auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items in the population have an opportunity of being selected. 3.3.1 Characteristics of Population 1. Appropriateness: The auditor will need to determine that the population from which the sample is drawn is appropriate for the specific audit objective. Appropriate means population from which the samples are drawn shall be relevant for the specific objective under audit. This is because when the samples are drawn, the audit procedures are applied on the sample and the conclusions are projected on the population. It is important for the auditor to ensure that the population is appropriate to the objective of the audit procedure, which will include consideration of the direction of testing. Example If the auditor’s objective were to test for overstatement of accounts receivable, the population could be defined as the accounts receivable listing. On the other hand, when testing for understatement of accounts payable, the population would not be the accounts payable listing, but rather subsequent disbursements, unpaid invoices, suppliers’ statements, unmatched receiving reports, or other populations that would provide audit evidence of understatement of accounts payable. © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.47 2. Completeness: The population also needs to be complete, which means that if the auditor intends to use the sample to draw conclusions about whether a control activity is operated effectively during the financial reporting period, the population needs to include all relevant items i.e all the activities that form part of that relevant internal control, throughout the entire period. If population is complete in all respects, the conclusions drawn on the population will be considered to be reasonable. 3. Reliable: When performing the audit sampling, the auditor performs audit procedures to ensure that the information upon which the audit sampling is performed is sufficiently complete and accurate. Auditor should obtain evidence about the reliability of population. If population is not reliable with respect to accuracy and source, the sample drawn will definitely not be relevant for the specific audit objective. 3.4 Sampling Unit The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways. It is a selection from the population that is used as an extrapolation of the population. Audit procedures are applied on these units and the conclusions drawn from them are projected on the population. In simple words, conclusions drawn on the sample becomes the conclusion of the population from where it is drawn. Example: If the auditor’s objective were to test the validity of accounts receivables, the sampling unit could be defined as customer balances or individual customer invoices. The auditor defines the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit objectives. The conclusion on the population is based on the audit procedures applied on the sampling unit. Sample must be representative Whatever may be the approach non-statistical or statistical sampling, the sample must be representative. This means that it must be closely similar to the whole population although not necessarily exactly the same. The sample must be large enough to provide statistically meaningful results. © The Institute of Chartered Accountants of India a 4.48 AUDITING AND ETHICS SAMPLING PROCESS is performed on Tests of controls Tests of details to identify deviations from to identify misstatements of expected internal controls account balances and class of transactions 3.5 Approaches to Sampling (Types of Sampling) Audit sampling enables the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion about the population, from which the sample is drawn. Audit sampling can be applied using either A) non-statistical or B) statistical sampling approaches. Statistical sampling is an approach to sampling that has the random selection of the sample units; and the use of probability theory to evaluate sample results, including measurement of sampling risk characteristics. Sample is chosen by applying certain mathematical and statistical methods. A sampling approach that does not have the above features s considered as non- statistical sampling. 1. An approach to 2. The use of 3. The use of probability theory sampling that has probability theory to including the random evaluate sample measurement of selections of the results, and sampling risk sample items characteristics Characteristics of Statistical sampling approach © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.49 3.5A Statistical Sampling-More Scientiﬁc 1. Audit testing done through this approach is more scientiﬁc than testing based entirely on the auditor’s own judgment because it involves use of mathematical laws of probability in determining the appropriate sample size in varying circumstances. 2. Statistical sampling has reasonably wide application where a population to be tested consists of a large number of similar items and more in the case of transactions involving compliance testing, trade receivables’ conﬁrmation, payroll checking, vouching of invoices and petty cash vouchers. 3. There Is no personal bias of the auditor in case of statistical sampling. Since it is scientific, the results of sample can be evaluated and projected on the whole population in a more reliable manner. In larger organisations, with huge transactions, statistical sampling is always recommended as it is unbiased and the samples selected are not prejudged. For Example: An auditor while verifying the Purchases during the year realised that the purchase transactions in that year are more than 45000 in number, then in such case, statistical sampling will be highly recommended in the audit program. Random Sampling (discussed ahead in this topic) is the method you decide to choose sample in such a situation. 3.5B Non-Statistical Sampling Under this approach, the sample size and its composition are determined on the basis of the personal experience and knowledge of the auditor. This approach has been in common application for many years because of its simplicity in operation. Traditionally, the auditor on the basis of his personal experience will determine the size of the sample and express it in terms that number of pages or personal accounts in the purchases or sales ledger to be checked. For example, March, June and September may be selected in year one and diﬀerent months would be selected in the next year, On basis of value of items, top 10 highest value. Etc. An attempt would be made to avoid establishing a pattern of selection year after year, i.e the way of selecting samples, to maintain an element of surprise as to what the auditor is going to check. It is a common practice to check large number of items towards the close of the year so that the adequacy of cut-oﬀ procedures can © The Institute of Chartered Accountants of India a 4.50 AUDITING AND ETHICS also be determined. Also, because year end transaction are prone to high risk of misappropriation. The non-statistical sampling is criticized on the grounds that it is neither objective nor scientiﬁc. The expected degree of objectivity cannot be assured in non- statistical sampling because the risk of personal bias in selection of sample items cannot be eliminated. The closeness of the qualities projected by the sample results with that of the whole population cannot be measured because the sample has not been selected in accordance with the mathematically based statistical techniques. However, it may be stated that the auditor with his experience and knowledge of the client’s business can evaluate accurately enough the sample ﬁndings to make audit decision and the mathematical proof of accuracy in some cases may be a luxury which the auditor cannot aﬀord. This method is simple to operate but sometimes the sample may not be a true representative of the total population because of personal bias and no scientific method of selection. 3.6 Sampling Vs Traditional method of Auditing In most of the circumstances, the evidence available is not conclusive and the auditor always takes a calculated risk in giving his opinion. Even by undertaking hundred percent checking of the transactions, the auditor does not derive absolute satisfaction. This state of uneasiness led pragmatic auditors to adopt the statistical theory of sampling to derive the necessary satisfaction about the state of aﬀairs by checking only a part of the total population of entries. Auditors realised that they can derive good satisfaction by undertaking a much lesser checking by adoption of this technique in the auditing process. It is a mathematical truth that the sample, if picked purely on a random basis would reveal the features and characteristics of the population. By adopting the sampling technique, the auditor only checks a part of the whole mass of transactions. The satisfaction he used to derive earlier, by checking all the transactions, can be derived by a sample checking provided he can put reliance on the internal controls and checks within the client’s organisation because they provide the reliability of the records. Sampling is used as a part of Tests of controls. Auditor will check few internal controls and their operating effectiveness. Based on the conclusion derived, he can then design the sample size for tests of details (i.e checking of transactions and balances) © The Institute of Chartered Accountants of India a AUDIT EVIDENCE 4.51 If the internal control is satisfactory in its design and implementation, a much smaller sampl

Audit Evidence Chapter 4 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue