Auditing Techniques & Internal Audit Introduction PDF

# Auditing Techniques & Internal Audit Introduction ## 5.1 Auditing Techniques After deciding the nature and type of audit and after preparing an audit program, the auditor should actually commence the audit. There are various techniques and procedures of auditing. Techniques of auditing mean the methods used by the auditor to obtain audit evidence. According to Auditing & Assurance Standard - 5 (AAS-5), audit techniques are as follows: 1. **Inspection:** It consists of the examination of records, documents, and tangible assets. Physical examination of tangible assets ensures the existence and possession of assets and examination of documents ensures the ownership of assets. Documents and vouchers are examined by the auditor with reference to authenticity or genuineness, appropriateness or legitimacy, authorization or proper approval, as well as proper and correct recording of transactions. 2. **Observation:** It consists of observing or witnessing a process or procedure performed by others. Auditors may observe the procedure of stocktaking done by the client's staff. 3. **Enquiry:** It consists of seeking information from the right persons. Auditors may seek information from the officers or workers of the client or from outsiders such as bankers, customers, suppliers, lenders, consultants of the client. 4. **Confirmation:** It consists of obtaining confirmation of balances. Auditors may contact bankers, customers, suppliers, lenders, etc. of the client and obtain confirmation of their balances with the concern. 5. **Computation:** It consists of checking the arithmetical accuracy of the transactions recorded in the books of account. Nowadays, as many accounts are computerized, checking of arithmetical accuracy is not required. 6. **Analytical Review:** It consists of studying various accounting ratios such as gross profit ratio, stock-turnover ratio, debtors' turnover ratio, etc., studying trend analysis, comparison of current year's figures with previous year's figures, and investigating into unusual fluctuations. Auditors can scan various unusual transactions and make detailed ledger scrutiny to examine and analyze accounts. ## 5.2 Audit Procedures Audit Procedures mean steps taken by the auditor to obtain audit evidence. According to Auditing & Assurance Standard - 5, audit procedures can be classified into compliance procedures and substantive procedures. * **(a) Compliance Procedures** These include steps taken by the auditor to obtain evidence regarding the internal controls. The auditor has to see that the internal controls exist, they are effective, and they are actually in operation during the year. The auditor checks and examines in depth a few selected transactions to see that the internal control is effective and is free from defects. * **(b) Substantive Procedures** These include steps taken by the auditor to obtain evidence regarding the transactions during the year and the assets and liabilities as on the date of the Balance Sheet. These procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system. Following are the main substantive procedures used by the auditor during an audit: 1. Vouching 2. Posting Checking 3. Casting Checking (i.e., checking totals) 4. Ledger Scrutiny 5. Verification and Valuation of Assets and Liabilities 6. Grouping, disclosure and presentation in final accounts ## 5.3 Test Check According to Prof. Meigs, "Testing and Test-checking means to select and examine a representative sample from a large number of similar items." These days, in case of big companies, the number of transactions is so large that it is physically impossible for the auditor to check each and every transaction, and hence he has to apply test-check in such cases. After analyzing and evaluating the internal control system, internal check system and internal audit, the auditor should decide the extent of the test-check he can apply. The auditor selects certain transactions for detailed examination and checks them in detail from their commencement to conclusion. In Test-Check, the auditor checks some of the similar transactions to form an opinion about the whole of those transactions. ### Features of Test Checking 1. Few transactions are selected from large number of similar transactions for detailed examination or checking. 2. For non-similar transactions, extraordinary transactions, cash transactions, test-check is generally not applied. 3. Test-checking covers all the types of expenses, incomes, assets, and liabilities and the entire period of audit during a planned period. E.g., if Printing & Stationery account is checked thoroughly for April, June, August, and so on in one year, then during the next year thorough checking is done for May, July, September, and so on. 4. Test-checking is kept flexible and changed as per the information gathered during the course of audit. E.g., if a lot of mistakes are detected in selected transactions, then instead of test-checking, all the transactions of that type should be checked. 5. Transactions selected for test-checking are examined thoroughly from their commencement to conclusion. 6. The method of the test-checking is changed suddenly during the course of the audit with an element of surprise. E.g., if transactions above Rs. 10,000/- are selected for the test-checking, then suddenly during a month transactions less than Rs.10,000/- may be selected for the test-checking. The auditor decides the extent of test-checking on the basis of his judgement about the internal control system and his previous audit experience about the client. ## Factors To Be Considered While Applying Test Checking 1. All the transactions or a large number of transactions at the beginning and at the end of the year should be checked, and a test-check should not be applied for the cutoff period transactions. 2. Selection of entries for checking should be done on a random basis or on some scientific or other basis for selection of sample transactions. 3. Transactions of every description should be covered: e.g., sales, purchases, receipts, payments, etc. 4. As far as is possible, test-check should not be applied for cash transactions. 5. Every year, the period and entries for checking should be changed for the same company and for different companies, the period and entries for checking should be different for the same year. 6. The auditor should suddenly change the method of the test-checking, and make surprise verification. 7. A large number of transactions should be checked from the area where the system of internal control is weak, and a few number of transactions should be checked from the area where the system of internal control is strong. 8. Test-check should be applied in such a manner that the work done by all the employees of the client is covered. 9. Important items should be checked fully without applying test-check, e.g., if there are only five transactions of export sale, then all of these transactions of export sale should be checked. 10. The method of test-checking should be kept as a secret, and the accounts staff of the client should not know the details of the test-check. ## Circumstances Under Which Test Checking Can Be Adopted 1. In case of big companies where the number of transactions is very large. 2. Transactions are of identical nature. Similar transactions of small values are the ones where, checking each and every transaction is neither possible nor necessary. 3. Internal Control System, internal check system, and internal audit is very strong and the accounts department is competent and reliable. 4. The auditor has limited time at his disposal to complete the audit. Though test-check saves the auditor's time of checking, it does not reduce the liability of the auditor and hence the auditor should take maximum care in deciding the extent of the checking and in selecting the sample for checking. ## Transactions For Which Test Checking Is Not Suitable 1. Opening and closing entries. Transactions at the cutoff period: i.e., at the beginning of the year and towards the end of the year. 2. Transactions of exceptional nature; transactions involving high value and which are extraordinary. 3. Transactions on which the auditor has to report: e.g., Managerial remuneration, Audit fees, etc., which are required to be disclosed separately in the final accounts. 4. Transactions with related parties. 5. Transactions which require calculation or estimate: e.g., depreciation, provision for outstanding expenses, etc. 6. Important Statements such as: Bank Reconciliation Statement, Closing Stock Reconciliation Statement, Computation of Income and Provision for Tax, etc. ## Advantages of Test Checking 1. **Saves Time:** Test-checking saves considerable time of the auditor. They can complete the audit in time and submit an audit report to the client before the statutory date for the client to obtain an audit report from the auditor. 2. **Reduces Work-load:** Test-checking reduces a lot of audit work. Auditors can complete less important areas of audit fast and have more time for checking important areas of audit. 3. **Improves Quality of Audit:** As the auditor is not much involved in less-important work, they devote more time for important audit work. This improves the quality of audit, which can be maintained at a high level. 4. **Moral Check:** As the auditor keeps details of test-checking secret and confidential from the client's staff, there is a moral check on them. They have to be constantly alert and have to keep records error-free, fraud-free, and up-to-date. 5. **Saving in Cost:** As audit is completed fast and the workload is reduced, it also has the effect of reducing the cost of carrying out audit. It is helpful for the auditor as well as for the client as audit fees can also be less where test-checking is done as compared to audit fees where 100% checking is done. ## Disadvantages of Test Checking 1. **Errors and Frauds Remain Undetected:** When test-checking is done, there is a greater risk of some errors and frauds remaining undetected even after audit. 2. **Not Reliable:** As many transactions are not checked by the auditor, audit is not reliable or authentic. There is a scope for doubt in the results shown by the audited financial statements. 3. **Personal Judgement:** Auditors have to use their personal judgement in selecting transactions for the test-checking. Their personal judgement can go wrong and they may do thorough checking in the area where there are no errors or frauds, and miss those areas from the audit where there are errors and frauds. 4. **Not Suitable:** If test-checking is adopted for audit of companies where the internal control system is weak or for transactions at the cutoff period, then the quality of audit may reduce to a poor standard. 5. **Prompts Errors and Frauds:** If the details of the test-checking are revealed to the staff of the client then they may be prompted to make errors or frauds in the period or in the area of accounts where there will not be any checking. The auditor should keep in mind factors to be kept in mind while applying test-checking, the circumstances in which test-checking can be applied, and the transactions for which test-checking is not suitable, to overcome the disadvantages of test-checking. ## Precautions For Test Checking Test-checking is an accepted auditing procedure. For achieving the objectives of audit, the auditor should take the following precautions while adopting test-checking: 1. **Classify and Stratify Transactions:** The transactions should be classified under proper heads. While designing an audit sample for test-checking, the auditor should consider the population or classification from which they wish to take a sample. If there are wide variations in the classification, stratification may be appropriate. Stratification is the process of dividing a population into subpopulations. 2. **Systems and Procedures:** The auditor should study the system of authorisation, documentation, recording, and evidencing of transactions. They should examine the procedures in the organisation about a transaction from its commencement till its conclusion. 3. **Internal Controls:** The auditor should examine the whole system of internal control including the internal check system and the internal audit existing in the organisation. The auditor should take a decision about the extent of applying test-check on the basis of the reliability of the internal control system in the organisation. 4. **Planning:** The auditor should prepare a well-thought-out plan for test-checking to be applied. There should be clarity of thought in the test-checking to be applied and the audit objectives to be achieved. 5. **No Bias:** While selecting a sample of transactions for test-checking from a large number of similar transactions, there should not be any bias. All items in a particular classification should have an equal opportunity of being selected. 6. **Avoid Unsuitable Areas:** While applying the test-checking, the auditor should avoid important transactions, important areas of the audit, and important periods under the audit. They should identify such transactions to which the test-checking is not to be applied: e.g., cutoff period transactions, cash transactions, etc. 7. **Decide The Size of Sample:** While applying test-checking, the auditor should decide the number of transactions to be selected for test-checking. The auditor should use various statistical tables for deciding the size of the sample. 8. **Decide Significance of Errors:** The auditor should set norms to decide whether an error is material or immaterial. Immaterial errors need not be further investigated, but material errors need proper attention and rectification. ## 5.4 Audit Sampling (SA - 530) Audit sampling means applying audit procedures to a few transactions within a class of similar transactions so as to enable the auditor to form an opinion or draw conclusions about the entire class of transactions. (AAS-15) The Standard of Auditing 530 on "Audit Sampling" states that the auditor should design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence. While designing an audit sample, the auditor should consider specific audit objectives, the population or classification from which a sample is selected, and the size of the sample. ### Purpose of Audit Sampling * (a) To enable the auditor to design and select an audit sample by using statistical or non-statistical methods and to enable them to do stratification of audit sample, i.e., dividing audit classification into sub-classification. * (b) To perform audit procedures on audit samples. * (c) To evaluate sample results. * (d) To provide appropriate and sufficient audit evidence. The purpose of audit sampling is to achieve objectives of audit in an efficient manner. In case of big companies, it is impractical and not necessary to check each and every transaction. The number of transactions is so large that if each and every transaction is checked, then the auditor will complete the audit much after the due date. It is not necessary also as many transactions are repetitive in nature, small in value, and quite similar in a particular class. In such cases, it is well-accepted to select sample transactions and check them in detail to arrive at a conclusion about that entire class of transactions. It helps in completing the audit in time without compromising on quality. It also helps in achieving the audit's objectives efficiently. ## Factors In Determining Audit Sample Size As per the Standard of Auditing - 530, while determining the audit sample size, auditors should consider the following: * (a) Sampling risk * (b) Tolerable error, and * (c) Expected error. ### Sampling Risk While determining the audit sample size, the auditor must consider the risk involved in such a sample checking. There is a possibility that the conclusions drawn by the auditor, based on such sample checking, may be different from the conclusions that they may draw if the entire population or class of such transactions are checked or subjected to the same audit procedures. When the auditor is carrying out the compliance procedures and substantive procedures, there are the following risks: * **(1) Sampling Risks in Compliance Procedures:** When the auditor is checking internal controls in the organization: i.e., checking whether the internal control system is existing, whether such a system is effective, and whether it is actually in operation, they face the following risks: * **(i) Risk of Under Reliance:** The risk that although the sample result does not support the auditor's assessment of risk, the actual compliance rate would support such an assessment. E.g., if the sample result indicates that many transactions should be checked or the population should be large as the controls are weak, the actual compliance rate may be high and due to under reliance on controls, the population size selected for checking may be unnecessarily large. * **(ii) Risk of Over Reliance:** The risk that although the sample result supports the auditor's assessment of risk, the actual compliance rate would not support such an assessment. E.g., if the sample result indicates that few transactions can be checked or the population may be very small as controls are strong, the actual compliance rate may be poor and due to over reliance and keeping the size of the population small, even after the audit many errors and frauds may remain undetected due to the wrong population size. * **(2) Sampling Risks in Substantive Procedures:** When the auditor is carrying out substantive procedures: i.e., obtaining evidence for the transactions during the year, they face the following risks: * **(i) Risk of Incorrect Rejection:** The risk that although the sample result supports the conclusion that a recorded account balance or class of transactions is materially misstated, in fact, it is not materially misstated. E.g., if there are 1000 debtor parties and a sample size of 100 debtors is selected for the balance confirmation and the sample results show that out of 100 debtors, nearly 90 debtors' balance confirmations are not matching and hence on the basis of this result, the auditor may reject all the debtors and ask for all party confirmations. However, actually, it may turn out that out of 1000 debtors only 92 debtors' balances were not matching and the differences were also of very small amounts of discounts being not written-off. * **(ii) Risk of Incorrect Acceptance:** The risk that although the sample result supports the conclusion that a recorded account balance or class of transactions is not materially misstated, actually, it is materially misstated. E.g., if in the above example out of 1000 debtor parties, 100 debtors are selected as a sample for the balance confirmation and if sample results are all matching as rightly stated in the Balance Sheet, however, this sample result may be misleading if actually out of 1000 debtors, balances of 800 debtors are not matching and the differences are of big amounts due to non-recording of sales returns. ## Effects of Sampling Risk on Audit 1. The risk of under-reliance and incorrect rejection results in additional work, which was not necessary. The audit takes more time for completion. This increases the cost of audit. It affects the efficiency of the audit. 2. The risk of overreliance and incorrect acceptance affects the quality of audit. Many errors and frauds remain undetected even after the audit. It adversely affects the effectiveness of the audit. The sample size depends upon the level of sampling risk that the auditor is willing to accept. The lower the level of risk which the auditor is willing to accept, the larger or greater will be the size of the sample. ## Tolerable Error It means the maximum error in the population that the auditor would be willing to accept and still conclude that the result from the sample has achieved the audit objective. Auditors decide the tolerable error while doing the planning for the audit. For substantive procedures, the tolerable error means the auditor's judgement about materiality. It is the maximum monetary error that the auditor is willing to accept as tolerable or immaterial. The smaller the tolerable error, the greater will be the size of the sample. In compliance procedures or tests of controls, tolerable error means the maximum deviation from a prescribed control procedure that the auditor is willing to accept as tolerable deviation, based on preliminary assessment of control risk. ## Expected Error If the auditor expects the error to be present in the population, a larger sample than when no error is expected ordinarily needs to be examined to conclude that the actual error in the population is not greater than the planned tolerable or acceptable error. In determining the expected error in a population, the auditor should consider the following: * (i) Error levels identified in the previous audits. * (ii) Changes in the entity's procedures, and * (iii) Evidence available from other procedures. ## Factors Other Than Those Mentioned In SA-530, While Determining Audit Sample Size * **(1) System of Internal Control:** The auditor should study the system of internal control and its efficiency before deciding the size of the audit sample. If the internal control system is strong and efficient, then the sample size can be small, but if the controls are weak, then the sample size must be large. * **(2) Level of Assurance Required:** If the level of assurance required from the auditor is very high, then the sample size should be large so that the risk involved is less. If the level of assurance required in case of a client is not high, then the sample size can be kept small. E.g., if there is a voluntary audit of a partnership firm having a turnover of only Rs. 10 Lakhs and the client just wants assurance that the accounts are maintained properly and have moral check on employees, then the audit sample size can be smaller. * **(3) Past Experience:** If the past experience with the client's audit is very bad where there were a lot of mistakes and frauds, then the auditor should have a large sample size. If the past experience of the audit of the client is very good, then the auditor may keep the sample size small. * **(4) Sub-classification:** If a large class or population is sub-divided into smaller population or classification, i.e., if the stratification is done, then the smaller size of the sample can be made. If the class or population is very large, then the audit sample size should also be large. ## Methods of Selecting Sample Items The auditor should select sample items in such a way that the sample items reasonably represent the entire population or classification to which they belong. This requires that all the items in the population have an equal opportunity of being selected as a sample item. There are different methods of selection of items as a sample. However, the following three methods are commonly used: * **(i) Random Selection:** In this method, all the items in the population have an equal chance of being selected as a sample. Random sampling can be: * **(a) Simple Random Sampling:** * **(b) Stratified Sampling** In Simple Random Sampling, each item has an equal and unbiased chance of being selected as a sample. Random number tables are used for selection. In stratified sampling, the main population or class is divided into subpopulations or sub-classes, and within each sub-population, simple random selection is made of sample items. * **(ii) Systematic Selection:** In this method, the selection of items is made by using a constant interval between items selected, the first interval having a random start. The interval is sometimes based on a certain number, or sometimes it is based on a monetary total. E.g., every item after 25 entries is selected in the sample, or every item after the increase in the total by Rs. 50,000/- is selected in the sample. In this method, the auditor should take care that the population is not structured in such a manner that the sampling interval corresponds with a particular pattern in the population. E.g., if in case of a company's sales bills, if every 50th bill is that of its branch's sales bill and the auditor has decided to take every 40th bill in the sample, then not a single sales bill of that branch will be selected in the sample. Such things should be taken care of to see that no type or class is totally omitted from being selected in the sample. This method of sampling is also known as Interval Sampling. * **(iii) Haphazard Selection:** In this method, the auditor takes a representative sample from the population without any intention to include or exclude any specific item. It is neither totally random selection nor totally systematic selection. There may be random selection for some of the population and systematic selection for other populations or it may be selection without any system or random number table. In haphazard selection, the auditor should take care that the selection is not biased. If items, which are easily located, are selected in the sample, then these items may not be representative of the entire population, and then conclusions based on the sample may be wrong. ## Evaluation of Sample Results After selecting the sample items, the auditor carries out those audit procedures on each sample item which are appropriate for achieving the particular audit objective. The auditor has to evaluate sample results. This is done in the following manner: * **(1) Analysis of Errors in the Sample:** While designing the sample, the auditor defines the conditions that constitute an error by reference to the audit objectives. In the analysis of errors, the auditor should first determine that an item in question is in fact an error or not. They should also consider the qualitative aspects of the errors: i.e., the nature and cause of the error and the possible effect of the error on the other phases of audit. The auditor may be able to perform an alternative procedure and obtain sufficient audit evidence. E.g., if balance confirmation is not received from a debtor, the auditor can see whether next year the customer has paid the outstanding amount or not. If next year, the customer has paid the outstanding amount to the client, then even if the balance confirmation is not received, the auditor can conclude that there is no error, and the balance shown of the debtor is correct. If on a sales bill, the amount in words is not written but the amount is only in figures, then if the amount of the bill is paid by the debtor then the auditor can conclude that there is no error. However, if the amount received is different or not received, then the auditor should treat this as an error. While analyzing errors, the auditor may observe that many errors have common factors such as the type of transaction, location, production or period of the time, etc. In such cases, the auditor should make sub-classification: i.e., stratification of the population and perform further audit procedures in this area. E.g., if there are errors in sales bills of refrigerators but no errors in other household appliances sales, then the auditor should sub-classify refrigerator sale from the total sale and perform further audit procedures on such a subclass. They should prepare a separate analysis of errors for such subpopulations. * **(2) Projection of Errors:** The auditor projects the error result of the sample to the entire population or class of transactions from which the sample is selected. While doing the projection, the method of the projection should be consistent with the method used to select the sampling item or unit. The auditor should also keep in mind the qualitative aspects of the errors found. When a population is divided into subpopulations, the projection of errors should be done for each subpopulation, and then the results should be combined. * **(3) Reassessing Sampling Risk:** The auditor defines tolerable error while designing the sample. They compare the errors in the population with tolerable errors. If the projected error in the population exceeds tolerable error, then the auditor reassesses the sampling risk and if that risk is unacceptable, then the auditor should consider extending the audit procedure or performing alternative audit procedures. ## Auditor's Liability In Conducting Audit Based On Samples Audit based on samples is well-accepted these days, and it has become the need of the present time. However, while adopting audit based on samples, the auditor is liable for the following: * **(1) Scientific Selection of Sample:** The auditor must adopt scientific methods of selecting sample items from the population. They should see to it that if required, then the population is divided into subpopulations. Items selected in the sample, cover all types of transactions. The selection is not biased. They should take care that the sample is true representative of the population to which it belongs. * **(2) Due Diligence:** As audit based on samples saves a lot of time, energy, and money of the auditor, they are expected to take utmost care and exercise due diligence while adopting audit by samples. They should use their skill to design a representative sample of correct size, to perform audit procedures on the sample, to analyse the sample result, and assess sampling risk. If the auditor fails to adopt scientific selection of samples or if they fail to take due care and exercise due diligence while adopting audit based on samples, then they can be held responsible for negligence. However, if they have selected samples on a scientific method and if they have taken proper care and used their skill in conducting audit based on samples, then they cannot be held responsible for negligence. ## 5.5 Internal Control Human behaviour is such that if there is no regulation, control, or discipline, it tends to depart from the proper path. It is correctly said that self-discipline is the best discipline. Similarly, the internal control system is the best system for optimum utilisation of resources and opportunities for any business entity. Every organisation must have its own internal control system for maximisation of the profits and for achieving the organisational goals. According to Auditing and Assurance Standard - 6 (AAS-6) issued by the Institute of Chartered Accountants of India, the system of internal control means "the plan of organisation and all the methods and procedures adopted by the management of a concern to ensure the orderly and efficient conduct of its business." Internal Control is a wider term than internal check or internal audit. It includes all types of controls whether financial or otherwise established by the management to assist in achieving management objectives including adherence to management policies, safeguarding of assets, detection and prevention of errors and frauds, and securing reliability, accuracy and completeness of accounting records. Internal Control includes internal check and internal audit. The system of internal control is classified as follows: ### Accounting Controls These include the system of controls such as internal check, internal audit etc., which aim at detection and prevention of errors and frauds, safeguarding of the assets of the concern, ensuring the reliability of the accounting records and preparing financial information in time. Accounting and financial controls include budgetary control, standard costing, self-balancing ledgers, bank reconciliation statement, etc. ### Administrative Controls These include operational controls such as Quality control, Quantitative control, etc., which ensures that the management policies in respect of the operations and administration are implemented. It also ensures that the business is conducted in an orderly and efficient manner. These controls extend beyond accounting and financial matters. These include plant maintenance programs, personal training programs, statistical analysis, etc. Thus, internal control system is the whole system of controls whether financial or otherwise established by the management in the conduct of a business which includes internal check, internal audit and other controls. ## Objectives / Purposes of Internal Control The objectives of internal control which cover accounting and operational controls can be summarized as follows: 1. To ensure that all the transactions are properly authorized. 2. To ensure that all the transactions are properly and promptly recorded. 3. To ensure that the assets are safeguarded: i.e., there is no purchase or sale of assets without proper authorization, and assets are verified regularly. 4. To detect and prevent errors and frauds. 5. To ensure that accounting policies adopted regarding depreciation, stock valuation, etc., and other administrative & operational policies are implemented. 6. To aid in management planning. 7. To avoid inefficiency and increase accuracy and reliability in the business. 8. To measure the effectiveness of business policies and to assist in achieving management's objectives. ## Review of Internal Control The auditor has to study and evaluate the internal control system. They have to satisfy themselves that the accounting system is adequate, and all the information which should be recorded in the accounting books is in fact recorded correctly. They should review internal control system and find out the basis on which the controls and procedures are laid down by the management. They should find out where internal control is strong and where it is weak. The auditor reviews the internal control system by obtaining information about the controls by using Internal Control Questionnaire (ICQ). These ICQs contain questions about procedures and controls in the company. The auditor also obtains the flow-chart of administration, procedure's manual, check list and has discussions with the managers of the company to understand different control systems. The auditor's review of internal control system is very important as only on this basis, they decide how much reliance they can place in determining the nature, timing and extent of other audit procedures ## Advantages of Review of Internal Control 1. The auditor knows whether the internal control system exists in the organization, whether it is effective, and whether it is actually in operation during the year. 2. The auditor knows where the internal control system is strong and where it is weak. It helps in deciding the extent of the test check they can apply. 3. It helps the auditor in deciding the sample size. They can keep a large sample size where internal control is weak and keep a small sample size where the internal control is strong. They know whether the stratification of the population is required or not. 4. It helps in deciding the expected error while designing the audit sample. The auditor knows where errors and frauds are likely to be located. 5. It helps in deciding the tolerable error while designing the audit sample. Review of the internal control helps the auditor in deciding how much risk they can take, or to what extent they can accept errors. 6. The auditor can decide what would be the best evidence. They can decide what audit procedures and techniques would be appropriate in the given circumstances. 7. The auditor can give suggestions to the management about improving the internal control system. ## Auditor's Duties Regarding Internal Control It is the duty of the management to design and establish the internal control system in the organization. The auditor can rely on such internal control system while conducting the audit. However, the auditor's duties regarding internal control as recommended by AAS - 6 are as follows: 1. **Study internal control system in the organization.** The auditor should satisfy themselves that the internal control system is existing, it is effective, and it is actually in operation during the year. The auditor should find out whether errors and frauds are likely to be located in the ordinary course of operations of the business. They should also find out whether the effective internal auditing department is operating. 2. **Evaluate the internal control system.** The auditor should see that whether all the transactions which are required to be recorded in the books of accounts are actually recorded in the books, that they are correctly recorded, that there is proper authorisation for such transactions, and that there is proper documentary evidence in support of the transactions recorded. They should evaluate the internal controls to ensure that the books of accounts are complete, accurate and free from errors and frauds. They should see that management's policies are followed during the year. 3. **Audit planning and Audit program.** The auditor should understand the internal control system and based on this information, they should design their audit planning and formulate their audit program. 4. **Audit procedures.** The auditor should decide which audit procedures to be adopted based on their study of the internal control system of the organization. The system of internal control should be tested by applying procedural tests which mean testing the compliance with the procedures laid down by the management in respect of initiation, authorization, recording, and documentation of transactions at each stage through which it flows. The auditor should also check and examine in depth a few selected transactions and thus evaluate the system of internal control. In evaluation of internal control system, the auditor should test these controls through compliance procedures, i.e., to test whether all the procedures laid down by the management are complied with or not. * **(i) Decide extent of Test-checking.** The auditor should decide the extent of the test checking they can apply based on their study of the internal control system. The auditor should decide the sample size, classification and sub-classification of items, tolerable error, expected error, acceptable level of risk, level of materiality, etc. based on the study of internal controls. * **(ii) Suggestion to Management.** It is the duty of the auditor to give their suggestions to the management to improve the internal control system. They should communicate in writing about the serious weaknesses in the control system by writing "letter of weakness" and also give suggestions for improvement. * **(iii) Reporting Requirements.** Under CARO, 2003, company auditor has to report regarding the internal control on following matters: * (a) Is there an adequate internal control system commensurate with the size of the company and the nature of its business, for the purchase of inventory and fixed assets and for the sale of goods and services? * (b) Whether there is a continuing failure to correct major weaknesses in the internal control system? It is very clear that the auditor's duty towards the study and evaluation of internal control system is extremely important, as the extent of the audit, the nature of the audit program, the selection of the audit procedures and the plan of the test-checking is substantially influenced by the effectiveness of the internal control system in operation. ## Inherent Limitations of Internal Control * **(1) Human Error:** Internal Control Systems may not be effective due to wrong judgments, carelessness, etc. of the employees. * **(2) Unusual Transactions:** Unusual transactions may escape from the control system. * **(3) Fails to prevent fraud:** If there is a collusion between employees, in spite of the control system, frauds may remain unprevented and undetected. * **(4) Costly:** The cost of designing and implementing the internal control system may be more than the benefits derived from it. * **(5) Manipulation by Management:** If the management itself is involved in fraud, it may do manipulations in spite of the internal control system. ## Examples of Internal Control * **(1) Cash Sales:** * In a retail shop, the counter salesman should explain the product to the customers and convince them to buy the product. On the decision of the customer to buy the product, the counter salesman should prepare the cash-memo in quadruplicate. The first two copies should be given to the customer, the third copy should be given to the packing department alongwith the goods, and the last copy should be retained by the salesman. The packing department should pack the goods mentioned in the cash-memo and keep them ready for delivery. The customer should take the first two copies to the cash-counter where they should make payment to the cashier, and after receiving the cash, the cashier should put "PAID" stamp on both the copies and keeping the second copy with themselves, they

Auditing Techniques & Internal Audit Introduction PDF

Document Details

Tags

Related

Summary

Full Transcript