Lesson Seven
Lesson Seven
Lesson Seven
ISA 315 Understanding the entity and its assessing the risk of material misstatement accounting
system is the series of tasks and records of an entity by which transactions are processed as a means
of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify,
record, summarize and report transactions and other events.
ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficient to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess audit
risk and to design audit procedures to ensure it is reduced to an acceptably low level.
The Companies Act Cap 486 places a duty upon the auditor in preparing his report to carry out
investigations that will enable him form an opinion on the financial statements in accordance with
the seventh schedule to the Companies Act Cap 486
The objective of the accounting system is to ensure that all transactions are completely and
accurately processed and recorded and that the resulting accounting entries are valid.
What constitutes an adequate system of accounting depends on the circumstances. The important
thing is that the system should provide for the orderly assembly of accounting information to
enable accounts to be prepared. A system of accounting cannot succeed in completely and
accurately processing and recording all transactions, unless internal arrangements set up by the
management known as Internal Controls are built into the system.
ISA 315: “Internal control system” means all the policies and procedures (internal controls)
adopted by the management of an entity to assist in achieving management’s objective of ensuring,
as far as practicable, the orderly and efficient conduct of its business, including adherence to
management policies, the safeguarding of assets, the prevention and detection of fraud and error,
the accuracy and completeness of the accounting records, and the timely preparation of reliable
financial information. The internal control system extends beyond those matters which relate
directly to the functions of the accounting system and comprises:
This means the overall attitude, awareness and actions of directors and management regarding the
internal control system and its importance in the entity. The control environment has an effect on
the effectiveness of the specific control procedures. A strong control environment, for example,
one with tight budgetary controls and an effective internal audit function, can significantly
complement specific control procedures. However, a strong environment does not, by itself, ensure
the effectiveness of the internal control system. Factors reflected in the control environment
include:
• The entity’s organizational structure and methods of assigning authority and responsibility.
• Management’s control system including the internal audit function, personnel policies and
procedures and segregation of duties.
ISA 240: The Auditor’s Responsibility to Consider Fraud and Error states that when planning and
performing audit procedures and evaluating and reporting the results thereof, the auditor should
consider the risk of Material misstatements in the financial statements resulting from fraud or error.
Misstatements in the financial statements can arise from fraud or error. The term “error” refers to
an unintentional misstatement in financial statements, including the omission of an amount or a
disclosure, such as the following:
• A mistake in gathering or processing data from which financial statements are prepared.
The term “fraud” refers to an intentional act by one or more individuals among management, those
charged with governance, employees, or third parties, involving the use of deception to obtain an
unjust or illegal advantage.
Although fraud is a broad legal concept, the auditor is concerned with fraudulent acts that cause a
material misstatement in the financial statements. Misstatement of the financial statements may
not be the objective of some frauds. Auditors do not make legal determinations of whether fraud
has actually occurred. Fraud involving one or more members of management or those charged
with governance is referred to as management fraud;” fraud involving only employees of the entity
is referred to as “employee fraud.” In either case, there may be collusion with third parties outside
the entity.
Two types of intentional misstatements are relevant to the auditor’s consideration of fraud:
•Misrepresentation in, or intentional omission from, the financial statements of events, transactions
or other significant information.
The distinguishing factor between fraud and error is whether the underlying action that results in
the misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is
intentional and usually involves deliberate concealment of the facts.
While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is
difficult, if not impossible, for the auditor to determine intent, particularly in matters involving
management judgment, such as accounting estimates and the appropriate application of accounting
principles.
Responsibility of Those Charged With Governance and of Management
The primary responsibility for the prevention and detection of fraud and error rests with both those
charged with the governance and the management of an entity. The respective responsibilities of
those charged with governance and management may vary by entity and from country to country.
Management, with the oversight of those charged with governance, needs to set the proper tone,
create and maintain a culture of honesty and high ethics, and establish appropriate controls to
prevent and detect fraud and error within the entity. This responsibility arise out of the contractual
relationship between the directors, managers and the company
The Auditor has no responsibility for the prevention and detection of fraud and error although the
annual audit may act as a deterrent.
As described in ISA 200, “Objective and General Principles Governing an Audit of Financial
Statements,” the objective of an audit of financial statements is to enable the auditor to express an
opinion whether the financial statements are prepared, in all material respects, in accordance with
an identified financial reporting framework.
An audit conducted in accordance with ISAs is designed to provide reasonable assurance that the
financial statements taken as a whole are free from material misstatement, whether caused by fraud
or error. The fact that an audit is carried out may act as a deterrent, but the auditor is not and cannot
be held responsible for the prevention of fraud and error.
An audit does not guarantee all material misstatements will be detected because of such factors as
the use of judgment, the use of testing, the inherent limitations of internal control and the fact that
much of the evidence available to the auditor is persuasive rather than conclusive in nature. For
these reasons, the auditor is able to obtain only reasonable assurance that material misstatements
in the financial statements will be detected.
In planning the audit, the auditor should discuss with other members of the audit team the
susceptibility of the entity to material misstatements in the financial statements resulting from
fraud or error. The auditor should make inquiries of management:
(a) To obtain an understanding of:
(i) Management’s assessment of the risk that the financial statements may be materially
misstated as a result of fraud; and
(ii) The accounting and internal control systems management has put in place to address such
risk;
(b) To obtain knowledge of management’s understanding regarding the accounting and internal
control systems in place to prevent and detect error;
(c) To determine whether management is aware of any known fraud that has affected the entity or
suspected fraud that the entity is investigating; and
When the auditor encounters circumstances that may indicate that there is a material misstatement
in the financial statements resulting from fraud or error, the auditor should perform procedures to
determine whether the financial statements are materially misstated.
When the auditor identifies a misstatement, the auditor should consider whether such a
misstatement may be indicative of fraud and if there is such an indication, the auditor should
consider the implications of the misstatement in relation to other aspects of the audit, particularly
the reliability of management representations.
Evaluation and Disposition of Misstatements, and the Effect on the Auditor’s Report When the
auditor confirms that, or is unable to conclude whether, the financial statements are materially
misstated as a result of fraud or error, the auditor should consider the implications for the audit.
Documentation
The auditor should document fraud risk factors identified as being present during the auditor’s
assessment process and document the auditor’s response to any such factors. If during the
performance of the audit, fraud risk factors are identified that cause the auditor to believe that
additional audit procedures are necessary, the auditor should document the presence of such risk
factors and the auditor’s response to them.
Communication
when the auditor identifies a misstatement resulting from fraud, or a suspected fraud, or error, the
auditor should consider the auditor’s responsibility to communicate that information to
management, those charged with governance and, in some circumstances, to regulatory and
enforcement authorities.
Communication of Audit Matters With Those Charged With Governance The auditor should
inform those charged with governance of those uncorrected misstatements aggregated by the
auditor during the audit that were determined by management to be immaterial, both individually
and in the aggregate, to the financial statements taken as a whole.
(a) Identified a fraud, whether or not it results in a material misstatement in the financial
statements; or
(b) Obtained evidence that indicates that fraud may exist (even if the potential effect on the
financial statements would not be material); the auditor should communicate these matters to the
appropriate level of management on a timely basis, and consider the need to report such matters to
those charged with governance in accordance with ISA 260.
The auditor’s professional duty to maintain the confidentiality of client information ordinarily
precludes reporting fraud and error to a party outside the client entity. The auditor considers
seeking legal advice in such circumstances.
Errors can be described as an intentional mistake and they can occur at any stage in a business
transaction and they can be of any type. Auditors would primarily be interested in the prevention,
detection and disclosure of errors for the following reasons:
(a) Existence of errors may indicate that accounting records are unreliable and are therefore not a
satisfactory basis from which to prepare financial statements. The auditor could therefore
conclude that proper books of accounts have not been kept where there are too many material
errors. This is a ground for qualification of an auditor’s report.
(b) Too many errors may also indicate that the system of internal control is not reliable, and
therefore the auditor wishing to place any reliance on a system of internal control may not be able
to do so.
(c) If errors are of sufficient magnitude, they may be sufficient to affect the true and fair view
given by the accounts.
Irregularities
Materiality
If the auditor knows or suspects that an error or irregularity has occurred or exists, then he cannot
apply materiality consideration until he has sufficient evidence of the extent of the error or
irregularity
1. Organization: Enterprises should have a plan of their organization defining and allocating
responsibilities and identifies lines of reporting for all aspects of the enterprises’ operation,
including the controls. The delegation of authority and responsibility should be clearly specified.
2. Segregation of duties: One of the prime means of control is the separation of those
responsibilities or duties which would if combined enable one individual to record and process a
complete transaction. Segregation reduces the risk of intentional manipulation and error and
increases the element of checking. Functions which should be separated include those of
authorization, execution, custody, and recording and in the case of a computer based accounting
system, systems development and daily operations.
3. Physical: These are concerned mainly with the custody of assets and involve procedures and
security measures designed to ensure that access to assets is limited to authorized personnel. This
includes both direct access and indirect access through documentation. These controls assume
importance in the case of valuable, portable, exchangeable or desirable assets.
5. Arithmetical and accounting: These are the controls within the recording function which
check that the transactions to be recorded and processed have been authorized, that they are all
included and that they are correctly recorded and accurately processed. Such controls include: the
checking of the arithmetical accuracy of the records, the maintenance and checking of totals,
reconciliations, control accounts and trial balances and accounting for documents.
6. Personnel: There should be procedures to ensure that personnel have capabilities commensurate
with their responsibilities. Inevitably, the proper functioning of any system depends on the
competence and integrity of those operating it. The qualifications, selection and training as well
as the innate personal characteristics of the personnel involved are important features to be
considered in setting up any control system.
7. Supervision: Any system of internal control should include the supervision by responsible
officials of day to day transactions and the recording thereof.
8. Management controls: These are the controls exercised by the management outside the day to
day routine of the system. They include: the overall supervisory controls, exercised by
management, the review of management accounts, and comparison thereof with budgets, the
internal audit functions and any special review procedures.
However, it is more usual now to classify transactions in accordance with their related cycles.
These cycles are recognized in a typical manufacturing organization as: sales cycles, purchases
cycle, wages cycle and conversion cycle.