● 0.

5% to 1% of revenue,
● 1% to 2% of total assets
● 5% to 10% of profit
the external auditor should consider the following when determining if a deficiency in internal controls is
significant:
1. MATTERS TO CONSIDER IN DETERMINING IF THE
CONTROL IS SIGNIFICANT (and thus if it should be reported)
1. The interaction of the deficiency with other deficiencies in the control process
2. The cause and frequency of the exceptions detected as a result of the deficiency
3. The amount of financial statements exposed to the deficiency
4. Importance of deficiency to the fr process
5. The susceptibility to loss or fraud of the related asset or liability
6. The likeness of the deficiency leading to a material misstatement in the fin
statements in the future
7. Complexity and subjectivity in determining an estimate
8. The volume of activity that have occurred or could occur in the account balances or
the class of transactions exposed to the deficiency
possible ways of documenting systems include:

2. NARRATIVE NOTES, FLOWCHARTS, AND

QUESTIONNAIRES
● Narrative Notes-written description of the company’s system. It provides details of
what occurs in the system at each stage and the relevant controls in place.
Advantage Disadvantage

1. Simple to record- discussions 1. Can be time consuming to

with staff easily written up as prepare
notes 2. Difficult to identify missing
2. Facilitate understanding by all controls
members of the audit team-
especially the junior staff.

● Flowcharts- Diagrammatic illustration of the internal control system. Lines identify

sequence of events and standard symbols used to signify controls or documents.

Advantage Disadvantage

1. Easy to review the system- all 1. Difficulty in amendment- as may

info in one single diagram need to be re prepared in whole
2. Effective in identifying missing 2. Need for accompanying narrative
controls due to use of std notes- time consuming
symbols

● Questionnaires- Simple list of questions for each major transaction cycle to be

asked to clients- whether ICQ- internal control questionnaires or ICEQ- Internal
control evaluation questionnaires
○ confirm ICQ- Yes or No type of standard set of questions can be asked to all
clients to the presence of particular controls- simple to prepare- easy to
identify missing controls
 Advantage Disadvantage

For both 1. Controls overstated if the

1. Quick to prepare, timely client is aware of the ans
method the auditor is looking for.
2. Easy to identify missing 2. Questions related to
controls if prepared unusual controls/controls
thoroughly specific to a client may not
be included on a standard
questionnaire.

as the client may say the ○ ICEQ- tests the level of effectiveness of the type of control present- controls
control is in place for the less likely to be overstated, easily identifiable lack of quality of control
○
control objective even if it is Risk of overstated controls, risk of not identifying unusual objectives as
not questionnaire may contain controls not relevant to client/miss unusual
controls relevant to client

3. COMMUNICATING WITH THOSE CHARGED WITH

GOVERNANCE
1. Helps in facilitating two way communication between auditor and tcwg
2. Helps the auditor and tcwg to understand key audit matters, develop a
constructive working relationship while maintaining the independent and
objective position of the auditor
3. Help tcwg to fulfil their responsibility of overseeing the fr process and thus
reduce the risk of material misstatement
4. Helps auditor to obtain information and effectively meet the objectives of
the audit.
4. EXAMPLES OF MATTERS TO BE COMMUNICATED
WITH TCWG
1. The auditor’s planned approach to audit including the audit timetable
2. Any significant deficiencies in the control process identified during the
audit process should be communicated in writing or verbally
3. Any significant matters arising during the audit as well as significant
accounting adjustments
4. The auditor’s responsibilities in relation to providing an opinion on the
financial statements and that they have carried out their work in accordance
with the international standards of auditing.
5. Key audit risks identified during the planning stage
6. Other matters identified that are significant to the oversight of the financial
reporting process
7. Notice about any written representations required by auditor
8. How the external and internal auditor work together and any planned use of
the internal audit work
9. A notice about the intention to issue a modified opinion
10. Any suspected or identified fraud
 11. For listed- a confirmation that the auditors have complied with any ethical
standards and that appropriate safeguards have been put in place for the
identified threats.

5. HOW TO MANAGE CONFLICT OF INTEREST

1. Notify both the clients about the arrangement and obtain their consent
2. Use of separate engagement teams including engagement partners for both the
audits. Once an employee has worked on the audit for one, they should not be
involved in the other’s for a period of time
3. Recommend one or both clients to consider the need to seek additional
independent advice
4. Consider the use of confidentiality agreements for the employees engaged in both
the teams
5. Use of appropriate methods to prevent access to data like physical separation of
both teams, confidential filing, etc
6. Clear communications about the guidelines relating to security and confidentiality
to both the teams
7. Regular monitoring of the safeguards applied by a senior partner of the firm not
involved in the client
8. Independent review by an external practitioner of work performed, key judgements
and the significant issues considered to evaluate their appropriateness

6. PRE-CONDITIONS OF AN AUDIT
1. Contact the previous auditor to obtain information about the client and whether
there were any existing concerns for the resignation after obtaining permission
from client - reject if permission is denied
2. Consider whether the firm has appropriate and adequate amount of resources in
terms of time skill and expertise to provide the client with a professional and
competent service
3. Carry out due diligence of the client to find out if they are involved in any
fraudulent activities. Carry out an investigation on the reputation of the client’s
directors and manager too.
4. Consider if fees offered are in a sufficiently proportionate level with the risk
involved and the amount of work to be carried out in the audit
5. Make sure that the preconditions of the audit are being met:
a. Determine whether the financial framework based on which the financial
statements are being prepared is acceptable. In assessing this, auditor
should consider the nature of the entity, nature and purpose of financial
statement and whether law or regulation prescribes the applicable reporting
framework
The management accepts and acknowledges its responsibility for
b. Preparation of the fin statements in accordance with an applicable financial
reporting framework
c. Internal controls necessary for the preparation of the financial statement to
be free from material misstatement whether due to fraud or error
d. Provide the auditor with access to info relevant to the audit and to staff
within the entity to obtain audit evidence and wherever required,
explanations necessary for the audit
 e. If the preconditions for an audit are not present, the auditor shall discuss
the matter with management. Unless required by law or regulation to do so,
the auditor shall not accept the proposed audit engagement: If the auditor
has determined that the financial reporting framework to be applied in the
preparation of the financial statements is unacceptable; or If management
agreement of their responsibilities has not been obtained

7. BENEFITS OF PLANNING
1. Devote appropriate amount of time and attention to the problematic areas of the
audit
2. Solve potential problems on a timely basis
3. Select team members with appropriate capabilities and competencies
4. Coordinate the work of others
5. Direct and supervise the team and review the work performed
6. Manage the audit and organise it in a way so that work is carried out effectively and
efficiently

8. WHY ANALYTICAL PROCEDURES ARE USED DURING

THE THREE STAGES OF AUDIT
1. During the planning stage analytical procedures are used to obtain an
understanding of the client and assess the risk of material misstatement.

2. During the final audit stage, the auditor uses procedures to obtain sufficient
appropriate evidence in respect of the financial statements to support the
auditor’s opinion. This can be either in the way of tests of details(to verify
individual account balances) or substantive analytical procedures

3. In the final audit review stage, analytical procedures are used as a part of the
whole review process of the financial statements to assess whether the fs as a
whole provide a true and fair picture. view.

9. INTERNAL VS. EXTERNAL AUDIT

BASIS INTERNAL EXTERNAL

Objective To assess the effectiveness To obtain sufficient

and efficiency of appropriate evidence to assess
management’s operations whether the fs give true and
fair view and to express the
opinion in a written report

Appointment By audit committee or BOD By shareholders or state

Availability of Report Available only to man for Publicly available

internal use

Scope Wide in scope- depends on To verify the fairness and

man needs factual accuracy of the fs
 Relationship with company May be employees or Auditor needs to be
outsourced independent

Formal form of work, required reports to management or those reports to shareholders.

charged with governance.
by law, quality control etc

reporting

10. COMPONENTS OF INTERNAL CONTROL

refer study text page no. 236
1. The Control Environment: This lays the foundation for the internal control system of the
entity. It includes the governance and management function and is a summation of the
following matters:
a. How the management carries out their functions- how committed they are to the
entity’s objectives and considerations of their demonstration of ethics and integrity
b. The exercise of the oversight function by those charged with governance and their
independence from management
c. The assignment of authority and responsibility across the organisational chart
d. How the entity attracts, retains and develops competent and capable personnel
including their recruitment and performance appraisal policies
e. How employees are held accountable for their responsibilities. E.g. for their failure
to maintain an internal control
2. The risk assessment process: The auditor must obtain an understanding of how the entity
identifies and assesses the significance of business risk (in terms of their likelihood of
occurrence, possible impact, etc) that are relevant to financial reporting. They should take
into consideration the overall process the entity follows once a risk has been identified and
evaluated as significant including how it manages to implement an appropriate control
and its sufficiency.
3. Information system and communication: Includes all activities and policies relevant to the
financial reporting process. It comprises both manual and computerised systems of
information processing in terms of how it is initiated, recorded and reported in the
financial statements. It looks at how significant matters related to the supporting activities
and reporting responsibilities are communicated within the organisation.
4. Monitoring activities: Entity’s systems to monitor the process of internal control. It
includes how the company monitors and ensures the effectiveness of its internal control
system and how the deficiencies identified are remedied.
5. Control activities: Designed to ensure that activities related to all other components of
controls are in proper working order. They include segregation of duties, authorisation of
transactions, reconciliations, etc.

11. LIMITATIONS OF INTERNAL CONTROL

1. Human Error- in the application and design of the control
2. Collusion of Staff- manipulation of deficiencies in the system by employees for
personal gain
3. Unoperational Control- failure to maintain 100% effectiveness, failure to operate as
intended
4. Management Override - Abuse of power by those who are in ultimate charge
5. Use of judgement- use of management’s judgement to decide on the nature and
extent of controls- certain controls may be absent or ineffective. Inadequacy of
controls for non-routine transactions
12. ASSESSING THE NEED FOR AN INTERNAL AUDIT
DEPARTMENT
1. Scale and complexity of the organisation
2. Diversity of activities
3. Number of employees
4. Level of assurance needed by management
5. Cost benefit considerations
6. Corporate governance requirements
7. Current control environment and the history of fraud
13. ASSIGNMENT FOR THE INTERNAL AUDIT
DEPARTMENT what does the internal audit department do?
1. Value for money review: Assessing whether the company is obtaining the optimum
output using the minimum input. It involves assessing the three e’S- Economy,
Effectiveness, and Efficiency and is most commonly used in Not-For-profit
organisations. EG- assessing capital expenditure
2. Operational Audits: To assess and review the operational efficiency and
effectiveness of the processes within the organisation and whether they can be
streamlined to provide smoother services
3. Regulatory Compliance: Where the company has to comply with special laws and
regulation relevant to the sector they operate in, the internal audit can be made
responsible for checking such compliance
4. Fraud Investigation- An internal audit department acts as a deterrent to fraud due
to greater fear of being caught. They can be made responsible for the investigation
of any suspected or actual fraudulent activity and also review the controls that are
in place for prevention and detection and quantifying the impact on the financial
statements
5. Review of Financial and Operational Controls : Undertake reviews of controls in
place and provide recommendations to management
6. IT system reviews
7. Monitoring Asset levels: Physical verification of PPE and comparison to asst
register. Report significant deficiencies- could be due to fraud or theft
8. Assessing whether company is following the best corporate governance practices

15. TYPES OF INTERNAL CONTROL

1. Segregation of Duties: This is to ensure that power isn’t concentrated in the hands of a few
people and there are separate people responsible for each control related activity to
decrease the possibility of fraud and error. Separate personnel should be made responsible
for recording and authorising transactions and monitoring asset levels
2. Authorisation: Activities of the operational staff should be appropriately supervised. In
addition, transactions beyond a certain limit should be authorised by a senior management
before it is entered into. E.g. Authorisation of credit limits by the sales director
3. Reconciliation: This involves comparing two or more data elements to confirm the
accuracy and completeness of the data. E.g Bank reconciliations
4. Verification: This involves checking two elements of data with each other or with an
established policy. E.g Checking the actual goods received matches with the purchase
invoice
5. Physical or Logical Controls: Involves restricting access to both physical assets and
 computer programs or file to reduce the possibility of theft or fraud

16. OUTSOURCING THE INTERNAL AUDIT ~~€

Advantages:
1. ~~: No need to spend time and money on recruiting further specialist staff.
2. Flexibility: Can hire for as long or as short as required without worrying about staff
shortages
3. Skills and experience: Will provide trained and skilled staff from a large pool of
staff
4. Cost control; money spent on training saved. Pre decided cost saved, can budget
accordingly
5. Immediate solution: Readily available staff, will save management time to recruit
candidates

Disadvantages:
1. Existing IAD: Redundancy costs
2. Increased costs: over time
3. Knowledge of company: each audit new staff, time lost by employees explaining the
systems
4. Confidentiality: Despite a confidentiality clause
5. Loss of in house knowledge: If IAD is not deployed elsewhere in the company.
Difficult to start up the department again.
6. Control: Need to discuss timings and areas of work well in advance with the service
provider which means losing some controls over the activities of the audit
department

17. AUDITOR’S RESPONSIBILITY IN RELATION TO

FRAUD-
1. Must conduct an audit in accordance with ISA 240 Auditor’s responsibilities
relating to fraud in an audit of financial statements and are responsible for
obtaining reasonable assurance that the financial statements as a whole are free
from material misstatement whether due to fraud or error
2. Identify and assess the risk of material misstatement in the financial statements
due to fraud
3. Required to obtain sufficient and appropriate audit evidence in relation to the
assessed risks in the financial statements due to fraud through designing and
implementing appropriate responses
4. To respond appropriately to identified or suspected fraud
5. To report actual or suspected fraud to appropriate parties
6. While obtaining reasonable assurance, auditor is responsible for maintaining an
attitude of professional scepticism and remain alert to fraud throughout the audit
and consider the possibility of management override of controls and recognise the
fact that procedures that are effective in detecting error may not be effective for
detecting fraud
7. To ensure that the engagement team is aware of their risks and responsibilities in
relation to fraud and error, ISAs require that a discussion is held within the team.

18. PROFESSIONAL SCEPTICISM

Professional scepticism is the attitude that involves a questioning mind and remaining alert
 to the possibility of fraud in the financial statements throughout the audit and a critical
assessment of the audit evidence.

Areas where professional scepticism needs to be applied:

Revenue Recognition after a fraud
Loan covenants
Provision estimates

19. ENGAGEMENT LETTERS

Engagement letters are letters sent to the client prior to audit that outlines the
responsibility of both the audit firm and the client. Their purpose is to
● Minimise the risk of misunderstanding between the client and the auditor
● To confirm the acceptance of the engagement
● Forms the basis of the contract by outlining the terms and conditions of the audit
It has the following contents
● The objective and scope of the audit
● Responsibilities of the auditor
● Responsibilities of the management
● The expansion of scope with respect to the legislation
● Basis on which firm will calculate the audit fees
● Expectation that management will provide any written representations
● The statement that some material misstatements may not be detected
● The involvement of internal audit and other staff during the audit
● A request for management to accept the terms of the engagement and acknowledge
the receipt of the engagement letter
● The arrangement concerning the planning and performance of the audit including
the staff composition
● The expected form and content of any reports to be issued

WHEN SHOULD ENGAGEMENT LETTER BE REVISED FOR EXISTING CLIENTS

● If there is any indication that management misunderstands the objective and scope
of the audit as this misunderstanding would need to be cleared.
● Any revision or inclusion of special terms to the terms of the engagement as these
would be naturally required in the letter.
● When there are any significant changes in the ownership or management of the
entity as a director signs the letter on behalf of those charged with governance and
if there have been significant changes in management then they need to be made
aware of what is included in the letter.
● If there have been recent significant changes to the nature or the size of the entity
as the auditor's approach will need to be changed to reflect the change in the entity.
This should be communicated through the engagement letter.
● If there have been recent changes in the legal or regulatory framework. The letter is
a contract. If it is not updated with the legal or regulatory changes then it is out of
date.
● If there are changes in the financial reporting framework based in which fs are
prepared. The letter includes the role of auditor, those charged with governance
and identifies the reporting framework of the financial statements. Thus, if there
are changes being made in the fr framework, then this needs to be updated in the
letter.
 ● If there have been recent changes in other reporting requirements. The audit
engagement letter may include a section on other reporting requirements and
these may need to be reasonably updated.

20. MATERIALITY AND PERFORMANCE MATERIALITY

Auditor needs to establish materiality levels for the fin statements as a whole as well as
assess performance materiality levels which are lower than the overall materiality
levels.
ISA 320
MATERIALITY: Misstatements, including omissions are said to be material if they can,
whether individually or in the aggregate, be reasonably expected to influence the
economic decisions of the user taken on the basis of the financial statements .
If financial statements contain material errors, they can't be expected to provide a true
and fair view of the financial statements
Errors or omissions can be material either based on their qualitative nature or
quantitative amount. Errors based on their nature can be material even if they are a
small amount like if the small amount turns a profit into a loss or fails to comply
with the law.
Preliminary materiality is often calculated based on quantities in the fs but ultimately
depends on the auditor’s judgement. It is affected by the auditor’s perception of the
financial information, the needs of the users of that information and the perceived
level of risk. The higher the assessed risk, the lower the materiality level is set.

PERFORMANCE MATERIALITY
The amount set by the auditor at a lower level than materiality for the financial
statements as a whole to reduce to a reasonably acceptable level the probability
that the aggregate of undetected and uncorrected misstatements exceed materiality
for the fs as a whole.

Thus performance materiality is set at a lower level than materiality and is used to
check individual transactions, account balances and disclosures. The aim is to
reduce the risk that the total of all errors in balances, transactions and disclosure
do not exceed overall materiality.

21. SUPERVISION AND REVIEW

SUPERVISION:
● Keep track of progress of audit and ensure that the timetable is being followed
● To ensure that the audit manager and partner are kept updated with the progress.
● Consider the capabilities and competencies of individual team member including:
○ Whether they have sufficient time and skills to carry out the work assigned to them
○ Whether they understand their instructions and
○ Are carrying out the work in accordance with the planned approach.
● Address significant matters arising during the audit, consider significance and modify
planned approach.
● Identify matters for consultation or consideration by the audit manager or engagement
partner

REVIEW
● Work done by the assistants in accordance with the planned approach and legal and
regulatory requirements
● Work done supports the conclusions reached and has been properly documented
 ● Significant matters have been raised for partner attention or for further consideration
● Where appropriate consultations have taken place that they are properly documented.

22. AREAS TO BE INCLUDED IN THE AUDIT STRATEGY

DOCUMENT
Discusses the scope, timing and nature of the engagement and supports the formulation of the
audit plan
● Main characteristics of engagement- which define scope
○ Whether fs are prepared in accordance with the relevant FR framework
○ The availability of key personnel at the client
○ Use of automated tools and techniques and effect of IT on audit procedures
● Reporting objectives, nature and timing of communication- reporting objectives like the
timetable of audit and the nature of communication to management
○ Timings for interim and final audit
○ Timings of any audit team meetings and the review of work performed
● Significant factors affecting the audit- matters in the auditor's judgement which have a
significant impact on the audit
○ Determination of materiality
○ Need to maintain professional scepticism…
● Preliminary engagement activities and knowledge from previous audits
○ Results of any tests of effectiveness of the controls
○ Evidence of management’s commitment to the design implementation and
maintenance of internal controls
● Nature, timing and extent of resources required
○ Human, technological and intellectual resources required
○ Audit budget including time set aside for areas with higher assessed romm

23. SOURCES OF INFORMATION TO GAIN AN

UNDERSTANDING OF THE CLIENT
● The company’s financial statements
This will provide information on the size of the entity, the accounting policies uses
and the disclosure notes made and whether a modified opinion was issued last year
● Prior year’s auditor’s report
○ This will provide info on the key matter identified during the previous year audit
and the audit approach adopted
● Prior year’s report to management
○ Info on deficiencies noted during the previous audit. If not corrected, impact
current year audit and the planned approach.
● Review of board minutes
○ Provides overview of key issues arisen during the year and how tcwg addressed
them
● Company website
○ Background on the company during the year from press releases to identify key
audit risks
● Current year budgets and management accounts
○ Financial info for the year. Helps performing preliminary analytical reviews and risk
identification
● Discussions with management
 ○ Info on the business and change to accounting policies from the prior year

24. AUDIT RISK AND ITS COMPONENTS

Risk that auditor expresses an inappropriate audit opinion when the financial statements are
materially misstated.
Audit risk is a function of two main components- risk of material misstatement and detection risk.
Risk of material misstatement further has two components- inherent risk and control risk.

Inherent risk is the susceptibility of an assertion about a class of transactions, account balances,
and disclosures to misstatements which could be material, whether individually whether in the
aggregate before consideration of related controls.

Control risk is the risk that misstatement which could occur in an assertion in the account
balances, classes of transactions or disclosure and which could be material, whether individually
or in the aggregate with other misstatements, will not be prevented or corrected by the entity’s
controls on a timely basis.

Detection risk is a risk that audit procedures performed by the auditor to reduce audit risk to an
acceptably low level will not be able to detect a misstatement which exists and that it could be
material whether individually or when aggregated with other misstatements. This could be either
sampling or non sampling risk.

25. QUALITY MANAGEMENT PROCEDURES

● Direction and briefing of team
○ The audit team should be informed of the objectives of the work performed,
the nature of the entity and other relevant info that might help them in
performing the audit more effectively and efficiently. This will help them in
assessing the risk of material misstatement and the areas which require
greater attention. They should also be made aware of their responsibility to
contribute towards the quality of the audit and that threats to quality
should not come in the way of performing planned audit procedures.
● Considering competence of team members- Supervision
○ The audit supervisor will consider the competence of team members and
provide additional coaching wherever required. Wherever necessary, work
should be assigned to more experienced staff members. The supervisor
should be available for the team in case of any queries.
● Consultation
○ The need for consultation arises whenever team members lack the necessary
experience or knowledge. The audit supervisor identifies areas where
external consultation is required and makes necessary adjustments for the
same. Whether this is referring to someone within the firm or bringing in an
external expert.
● Review of work
○ Each member’s work should be reviewed by someone more senior. This is to
ensure that work done is performed up to a required standard. The reviewer
might identify more work to be performed before forming a conclusion to
reduce the risk that material misstatements go undetected.
 ● Documentation: Audit work should be sufficiently documented in order to provide
evidence that the audit was performed in accordance with professional standards
and form the basis of the audit opinion issued. It should enable an experienced
auditor to understand the nature, extent and timing of the procedures performed
and their results and whether any key judgments were made. If the report is called
into court at a later date, then documentation should be able to prove that work
performed was up to the required standard of quality.
● EQR
○ An engagement quality is a requirement in case of listed or other high risk
clients
○ The EQR should be someone independent of the audit team with no prior
knowledge of the client and someone who could assess the judgemental
areas of the audit with an objective mind. The EQR will review the proposed
audit opinion and assess whether there is sufficient appropriate evidence to
support it before it is issued.
● Tracking the progress of the audit - supervision
○ The audit supervisor should ensure that work is being carried out according
to the timetable or whether action needs to be taken like if additional staff
needs to be brought in to keep up with the deadline or if the client needs to
be asked to extend it.
● Addressing significant matters- supervision
○ Supervisors need to make sure that significant matters are being dealt with
in an appropriate and timely manner as this will contribute towards the
timely completion of the work. If significant matters are dealt with as soon
as theta rise, it will ensure a smooth and even flow of work.

25. REVIEW ENGAGEMENTS

● Alternative to audit
● Practitioner review fin info
● Limited level of assurance - negatively worded report- evidence just enough to
report subject matter is plausible
● Sufficient evidence to conclude that they have no reason to believe that th fs
prepared are not in accordance with the fr framework
● Procedures less comprehensive to external audit and need not be performed in
accordance with ISAs
26. AUDITOR’S RESPONSIBILITY IN RELATION TO LAWS AND
REGULATIONS
● Must perform audit procedures to help identify non compliance with laws and
regulations that might have a material effect on the fs
● Must obtain sufficient appropriate evidence regarding compliance with laws and
regulations that have a direct effect on the fs
● Must perform audit procedures to identify non compliance with other laws and
regulations that might have a material impact on the fs
● Must report non compliance to management and those charged with governance
● Where he identifies non compliance, auditor must obtain an understanding of the
act, the circumstances of the acts and the potential impact on the fs
● Where the non compliance has a material effect, must issue a modified audit
opinion
● Consider whether they have legal or ethical responsibility to report non compliance
to a third party
27. MATTERS TO CONSIDER IN OBTAINING AN
UNDERSTANDING OF THE ENTITY
● Market and its competition
● Regulatory framework
● Legislation and regulation
● Ownership of entity
● Significant changes made to the entity in the prior year
● Financing structure
● Key customers and suppliers
● Nature of product/services and market
● Capital investment activities
● Location of product facilities and customers

28. REPORT TO MANAGEMENT

Board of Directors
Company name
Address

Date

Dear Mams,

AUDIT OF COMPANY FOR THE YEAR ENDED _________

Please find enclosed the report to management on the deficiencies in the internal controls
Identified during the audit for the year ended. The appendix to this report considers
deficiencies in the ___________ and the recommendations to address those deficiencies

Please note that this report only contains the deficiencies identified during the audit and
if further testing had been performed then more deficiencies may have been reported
This report is solely for the use of management and if you have any further queries please
do not hesitate to contact us

Yours Faithfully
FIRM NAME

29. INFORMATION PROCESSING CONTROLS

● Document counts: No of invoices to be input counted then entered one by one at the end
of which total count is compared. Ensures completeness of input
● Controls total: Total value of all invoices manually calculated and then entered into the
system which then aggregates the value too. Both totals compared. Ensures accuracy and
completeness
● One for one checking: Each input to the system traced back to the purchase invoice
manually on a one by one basis. Ensures completeness and accuracy
● Review of output to expected value- Independent assessment of the value of the
invoices to be input- expected value. Total value of invoices compared with this expected
value. Ensures completeness
● Check digits: Done to reduce transposition errors. Mathematical tests are performed using
application of formulas to particular data fields to ensure accuracy
 ● Range checks: a set range of inputs is set and inputs beyond this limit are rejected by the
system. Ensures accuracy
● Exis tence checks: The system is set up so that inputs can’t be made without certain key
fields

30. STEPS TO CONFIRM PRIOR YEAR FLOWCHARTS AND

SYSTEM NOTES
a. Obtain the system notes on documentation from last year and identify if they cover all the
expected stages and are complete.
b. Review the prior year audit file to identify weaknesses in the system and note these for
investigations later on
c. Review the prior year report to management for any recommendation made to
management as this might indicate the new changes made in the system during the year
d. Interview the client staff to ascertain whether any new systems have been introduced
during the year to assess whether the previous years notes and flowcharts are still valid.
e. Perform a walkthrough of the system by tracing a sample of transactions to ensure that the
flowcharts and the system notes contained in the audit file area still accurate
f. Obtain system documentation from the client possibly in the form of a procedure manual
to review and identify if any changes have been made in the last 12 months

31. CONTROL OBJECTIVES OF THE CASH RECEIPT SYSTEM

a. To ensure that all valid cash receipts are promptly received and banked
b. To ensure that cash receipts are recorded at the correct amounts in the cash books
c. Properly posted in the ledger
d. Recorded in the correct accounting period
e. Appropriately safeguarded against theft

32. NEED TO OBTAIN AN UNDERSTANDING OF

COMPONENTS OF INTERNAL CONTROL
a. Control risk is an element of audit risk. To assess control risk the auditor must obtain an
understanding of the elements of internal control such as control activities, information
systems etc
b. If the control environment is weak then this leads to greater risk of material misstatement
in the financial statement as the control system will not have detected prevented or
corrected errors on a timely basis
c. If the control system is weak, then less reliability can be placed on the audit evidence
obtained which thus gives rise to the need for greater substantive testing
d. If the control system is strong the auditor can place reliance on the controls and there is a
lesser need for substantive testing

33. SUITABILITY OF ANALYTICAL PROCEDURES

a. Nature of the balance or class of transactions: Analytical procedures work better on large
volumes of transactions that are predictable over time.
 b. Reliability of data being tested: Analytical procedures are only reliable to the extent that
the underlying source data is. This will depend on the data’s sourc, nature and
effectiveness
c. Precision of an expectation: Analytical procedures are only useful when an expectation can
be developed for determination of a material misstatement using reasonable precision
d. Relevance to the assertion being tested: The suitability of analytical procedures will also
depend on its relevance to the assertion being tested. For example, they would not usually
be used to test the existence of tangible assets.
e. Amount of differences between the expected amounts and the recorded amounts: This will
depend on the materiality level and the level of assurance needed by the auditor

34. IMPACT OF AN IAD ON INTERIM AND FINAL AUDIT

Interim Audit
a. Reliance on internal control documentation by the internal audit team to review if systems
have changed in any manner
b. Possible reliance on any internal control testing performed during the year- will reduce the
workload and the fees
c. Possible use of the risk assessment in the initial planning stage
d. Consider compliance with laws and regulations and risk of fraud and error- overlap of work
performed- scope for review of work performed by IAD

Final Audit
a. Assistance in year end inventory counts
b. Will still need to provide attendance and undertake reduced testing

35. PROCEDURES USING AUTOMATED TOOLS AND

TECHNIQUES
a. Audit software to calculate ratios and compare it to previous years- inventory holding
periods- assess whether inventory is turning over more slowly, indicating that it is
overvalued
b. Cast the listing of current assets or current liabilities to ensure completeness and accuracy
cast the inventory listing to ensure arithmetical accuracy
c. Audit software to review current asset register and produce an aged listing to identify slow
moving/old inventory or receivables which may require a write off or allowance
d. Pick representative samples of items for further testing of balances
e. Reperform calculations for samples of data to ascertain cost or NRV
f. Audit software can be utilised for cut-off testing by assessing whether the last recordings
relate to year end and no balances past the year end date have been recorded
g. Audit software to confirm that any inventory adjustments noted during the count have
been adjusted for

ADVANTAGES DISADVANTAGES

1. Test a large volume of transactions 1. Costly during the first year- initial set
accurately and quickly up costs are high and time consuming
process

2. Can be cost effective after being set up if 2. Additional training for the audit staff
the software doesn't need any major may be required
 alterations

3. Test data can test performance of program 3. Costly revisions may be required to maintain
controls like inventory or general IT if there are changes that need to be made in
controls like passwords, etc the foreseeable future

4. Provides a better quality of audit evidence 4. The audit software may not be compatible
by reducing human errors with the firm’s systems which may require
bespoke system which will increase audit costs

5. Improves the overall level of audit 5. If testing is performed on live data there is a
confidence as results from the automated risk that files may be lost
techniques can be compared from the
results of traditional techniques to confirm
accuracy.

6. Frees up the time of audit team members 6. If testing is performed using copy files
to focus more on judgemental areas rather instead of live data, there is a risk that these
than number crunching are not genuine copies of the system

7. Allows direct testing from the actual 7. There must be adequate system
system and records rather than testing documentation available for the systems to
data from printouts which could be obtain a good understanding of the entity
inaccurate before appropriate audit procedures can be
devised to tested

8. Enables the auditor to perform procedures 8. The data may not be complete restricting the
throughout the year rather than just at the level of assurance to be gained from the audit
year end

36. STEPS IN UNDERTAKING A POSITIVE RECEIVABLES

CIRCULARISATION
● Obtain the permission of FD prior to sending out the confirmation requests
● Obtain a list of trade receivables and cast it and agree to the receivables ledger and control
account total
● Obtain a representative sample from the receivables balance and make sure to pick old, nil
and large balances
● The confirmation request should be sent on the company letterhead paper and the request
should be made to send responses directly to the audit team using a pre paid envelope
● The confirmation requests should all be signed by the finance director prior to being sent
out
● Where no response is received, it should be followed up by another letter or phone all and
where necessary alternative procedures should be performed
● Where responses are received, they should be reconciled to the balance in the company's
ledger and any differences should be duly investigated.
37. KEY AUDIT MATTERS
Key audit matters are those matters, which, in the auditor’s professional judgement, were
of most significance during the audit of the financial statements. They are selected from the
matters communicated with those charged with governance.

The purpose is to help users understand the entity and provide a basis for the users to discuss with
management and those charged with governance about matters relating to the entity and the
financial statements.

KAM is decided taking into account the following factors

● Significant auditor’s judgments in the areas of the fs which required significant
management’s judgement
● Areas of higher assessed risk of material misstatement
● Effect of significant transaction or events that occurred in the year on the audit

KAM section should include

● Description of each KAM
● Cross Reference to the related disclosure note
● why the matter was considered to be of the most significance during the audit and
therefore determined to be a KAM
● and how the matter was addressed during the audit

38. RELIABILITY OF AUDIT EVIDENCE