CHAPTER ONE

TESTING AND AUDIT SAMPLING

Audit sampling is an investigative tool in which less than 100% of the total items within the
population of items are selected to be audited. It is an auditing technique that provides
supporting evidence that allows auditors to issue audit opinions without having to audit every
single item and transaction.
1.1 Audit Sampling Concepts
Audit sampling is the use of an audit procedure on a selection of the items within an account
balance or class of transactions. The sampling method used should yield an equal probability
that each unit in the sample could be selected. The intent behind doing so is to evaluate some
aspect of the information. Audit sampling is needed when population sizes are large, since
examining the entire population would be highly inefficient. There are multiple ways to engage
in audit sampling, including the methods noted below.
a) Block Sampling: Under block sampling, consecutive series of items are selected for review.
Though this approach may be efficient, there is a risk that a block of items will not reflect
the characteristics of the entire population.
b) Haphazard Sampling: Under haphazard sampling, there is no structured approach to how
items are selected. However, the person doing the selections will probably skew the
selections (even if inadvertently), so the selections are not truly random.
c) Personal Judgment: Under the personal judgment approach, the auditor uses her own
judgment to select items, perhaps favoring items that have larger monetary values or which
appear to have a higher level of risk associated with them.
d) Random Sampling: Under random sampling, a random number generator is used to make
selections. This approach is the most theoretically correct, but can require more time to
make selections.
e) Stratified Sampling: Under stratified sampling, the auditor splits the population into
different sections (such as high value and low value) and then selects from each section.
f) Systematic Sampling: Under systematic sampling, selections are taken from the population
at fixed intervals, such as every 20th item. This tends to be a relatively efficient sampling
technique.

1
1.2 Sampling for Tests of Controls
Financial statements audit allows auditors to track their truthfulness and objectivity in order to
minimize the risk for the users of financial statements who make their business and investment
decisions on the grounds of financial ability and profit-gaining capacity of the company. The
danger of inappropriate audit opinion is always present. In order to avod this danger, auditors
have to gather enough qualitative evidence. Audit sampling is the method used among auditors
to form their opinion on the grounds of the evidence gathered. By using audit sampling method
auditors should gather enough competent evidence leading to a reasonable basis for their
conclusions.

Audit sampling is used for various tests of controls. Auditors use samples to test internal
controls, accounting system adequacy and completeness of transactions and immediate review
of validity of account balances.
1.3 Sampling for Substantive Tests
The sufficiency of tests of details for a particular account balance or class of transactions is
related to the individual importance of the items examined as well as to the potential for
material misstatement. When planning a sample for a substantive test of details, the auditor uses
his judgment to determine which items, if any, in an account balance or class of transactions
should be individually examined and which items, if any, should be subject to sampling. The
auditor should examine those items for which, in his judgment, acceptance of some sampling
risk is not justified. For example, these may include items for which potential misstatements
could individually equal or exceed the tolerable misstatement. Any items that the auditor has
decided to examine 100 percent are not part of the items subject to sampling. Other items that,
in the auditor's judgment, need to be tested to fulfill the audit objective but need not be
examined 100 percent, would be subject to sampling.

2
 CHAPTER TWO
AUDIT OF THE SALES AND COLLECTION CYCLE

An auditor determines if the financial statement amounts of sales and accounts receivable are
correct by verifying individual transactions. Accounts receivable balances are tested by sending
confirmation letters to customers to obtain objective assurance that the balance is correct. The
auditor also chooses sales transactions from the sales ledger and verifies that there are
legitimate sales receipts to back up the transaction. To test the accuracy of the sales figure, the
auditor reviews sales transactions in the ledger close to the financial statement date to ensure
that the company only included sales prior to that date.

The overall objective in the audit of the sales and collection cycle is to evaluate whether the
account balances affected by the cycles are fairly presented in accordance with GAAP.
 Accounts in the sales and collection cycle includes: Sales, A/Receivable, Cash in Bank,
Cash Discounts Taken, Allowance for Uncollectible Accounts, and Bad Debt Expense.
 Classes of transactions in the sales and collection cycle are – Sales (cash and sales
on account), Cash receipts, Sales returns and allowances, Charge-off of uncollectible
accounts and Estimate of bad debt expense.
1.4 Overview of the cycle
The Sales and Collection Cycle involves the decisions and processes necessary for the transfer
of the ownership of goods and services to customers after they are made available for sale.
It begins with are quest by a customer and ends with the conversion of material or service
into an account receivable, and ultimately into cash.
1.5 Key Internal Control

Merriam-Webster defines internal control as, “a system or plan of accounting and financial
organization within a business comprising of the methods and measures necessary for
safeguarding its assets, checking the accuracy of its accounting data or otherwise substantiating
its financial statements, and policing previously adopted rules, procedures, and policies as to
compliance and effectiveness.”

3
Internal controls are essential to any organization, and crucial to its ability to drive operations
and measure success. Internal controls are the key policies, rules, and procedures that establish
and promote:
 Accurate financial reporting
 Compliance
 Operational effectiveness and efficiency
Proper controls help organizations to both detect and prevent from a negative occurrence that
may risk the protection of its assets. Five key components make up the framework for strong
and effective internal controls – control environment, risk assessment, control activities,
information and communication, and monitoring.

The control activities are at the heart of proper policies and procedures that prevent and protect
the organization from errors, issues, and fraud:

a) Separation of duties: Separation of duties helps to reduce the likelihood of errors and
lower the risk for an occurrence of fraud by dividing accounting processes and tasks
when it comes to bookkeeping, authorizations, deposits, and more. Effective
separation of duties divides certain actions or steps within a key process among two
or more individuals.
b) Authorization: Proper authorization practices prevent invalid transactions from
occurring. Approval for various transactions is a necessary control to help ensure that
all business activities adhere to established guidelines and objectives, and to prevent
fraud or theft. Requiring specific individuals to authorize certain types of transactions
provides internal record that an activity has been seen, reviewed, and approved by
appropriate authority before it can be processed or paid.
c) Documentation: Documentation is a crucial component to maintaining internal
controls. Documented processes clearly establish accounting procedures and the
process steps, associated rules, and ownership within them. They provide an internal
record for what actions need to take place, by whom, and in what order they should
be taken, ensuring consistency in the completeness and accuracy of activities.
Processes to document should span all those related to expenses, revenues, inventory,

4
 personnel, and other types of organizational transactions.

1.6 Tests of Controls & Substantive Tests of Transactions

Internal controls can serve two purposes: to protect a business from accounting fraud, asset loss,
or similar failures of financial reporting; and to assure that the business meets regulatory
compliance obligations. An audit evaluates the accuracy of a company’s financial statements
and the effectiveness of its system of internal controls, seeking to identify control weaknesses.
Audits typically include some form of substantive testing, which tests for material
misstatements and errors. These substantive audit procedures review, test, and analyze a
company’s financial records.

Substantive testing is a type of audit that looks for flaws in financial records. These tests are
required as proof to back up the claim that a company’s financial records are comprehensive,
valid, and accurate.
A) Substantive Testing

Substantive testing is known as the phase of an audit where the auditor gathers samples to
identify any material misstatements in the client’s accounting records or other information. This
proof is required to support the judgment that a company’s financial records are complete,
relevant, and accurate. Substantive audit procedures provide evidence about the truth of each
material assertion in the financial statements. On the other hand, tests may also reveal monetary
errors or misstatements in the recording or presentation of transactions and balances.

Substantive testing is performed according to Generally Accepted Auditing Standards (GAAS).

These standards require the auditor to understand the controls relevant to the audit, and to assess
whether those controls are designed effectively to prevent (or at least detect and correct)
material misstatements that may appear in the financial statements.
The Goal of Substantive Testing
The main goal of substantive testing is to provide reasonable assurance about the validity and
correctness of financial reporting, or to identify material misstatements. Substantive procedures
are therefore designed to obtain audit evidence about the completeness, accuracy, and validity

5
of the data produced by the accounting system.

Types of Substantive Tests

There are three types of substantive tests, explained below.
a) Analytical procedures: Substantive analytical procedures entail comparing several financial
and operational data sets to examine if trends and relationships are consistent. These
techniques are intended to alert you to potential issues with your financial records, which
you can then investigate further.
b) Test of details of transactions: A test of transactions focuses on the individual transactions
that make up an account balance. This test of details is done to check for the accuracy of the
financial statement transactions. Auditors typically choose a sample to test whether the
details match the transaction recorded in a company’s books.
c) Tests of details of balances: A test of balances is done to check whether any material
misstatement exists in the balances of the financial statements’ accounts. This test of details
tries to demonstrate that the tests of control and the substantive tests related to transactions
are all reasonable.
Best Practices for Substantive Testing
The auditor determines the tests’ nature, scope, and timing to assure that they meet an
acceptable level of risk detection.

1. Nature: This relates to the efficacy and type of audit procedure used by an auditor based on
whatever level of risk is acceptable. The methods are more expensive and extensive if the
acceptable level of risk is low. Conversely, the procedures are less expensive (and less
effective) when the acceptable level of risk is higher.
2. Extent: This is the quantity of evidence an auditor gathers depending upon how substantive
testing is conducted. Procedures that need more tests and larger sample sizes are frequently
required when acceptable risk is low. When it’s high, processes require fewer tests and
smaller sample sizes.
3. Timing: This relates to how the timing of an audit event might change due to the acceptable
risk level. The auditor may perform audits in the middle of the month if controls are solid
and the expected level of risk identification is minimal. Conversely, the auditor may audit

6
 closer to month- or year-end if the expected risk is high.

B) Control Testing
Control testing is an audit procedure used to determine whether internal controls effectively
prevent or discover material misstatements at the appropriate assertion level. Control tests
determine whether a policy or practice is well-designed to prevent or detect significant
misstatements in a financial statement. The operating effectiveness of controls focuses on three
questions: how is the control applied, is it consistently applied during the year, and who applies
it?

The Goal of Control Testing

Control testing’s ultimate goal is to evaluate the performance of the internal control system to
improve the organization’s operations, financial reporting, and compliance. With these
objectives in mind, an auditor uses several evaluation techniques to understand control
procedures fully. For example, using a risk-based approach to audit testing, an auditor can focus
on areas where risk is most likely to occur, identify problems, and recommend improving the
effectiveness of a control.

Types of Control Tests

a) Concurrent test: The auditor obtains an understanding of a process that also provides
evidence on the effectiveness of the control policy or practice. These tests are performed
based on the discretion of the auditor. For example, auditors may inquire about the
budgeting system to verify users’ familiarity with the processes.
b) Planned test of control: An auditor will look for evidence of proper and consistent
application of control policies and procedures throughout the audited year.
Best Practices for Control Testing
The following best practices can help you test controls more effectively.

 Prioritize testing of controls: Large organizations routinely have hundreds or even

thousands of documented controls. For each control under consideration, determine its
effect on the organization, and then use this information to determine the nature and

7
 frequency of testing that you should perform. In addition, consider the specific regulations
or compliance standards that the organization must follow, such as the Sarbanes–Oxley Act
(SOX) or General Data Protection Regulation (GDPR). Requirements for these standards
will often guide the testing process and determine which controls to test first.
 Design an appropriate test for each control: The nature of the control often determines the
testing approach. For example, if the organization relies on controls to mitigate significant
risks, you should test that control more frequently. You may also evaluate the design of the
control before testing its operation.
 Documenting and tracking identified problems: An essential aspect of control testing is to
remediate issues encountered during testing quickly. Always check corrections by
rerunning the test program after allowing time for the remediation to verify that all
problems have been resolved.

8
 CHAPTER THREE
AUDIT OF PAYROLL AND PERSONNEL CYCLE
As Government sets aside substantial amounts for salaries and allowances, the systematic and
proper management of the same should be ascertained by the audit of salaries and allowances.

Internal control system

All public bodies should maintain an appropriate internal control system with regard to
controlling salaries and allowances including the following:
a. Personal files of employees
Ascertaining that the personnel section maintains adequate records regarding employees’
salary information (e.g. information originating from staff recruitment, the salary of
incoming and outgoing staff; changes in salary scales; changes in personal circumstances
that have an impact on salary, deductions and allowances; the amount of approved
deductions and the formal documents supporting the current level of payments);
Ensuring that staff employment, transfer, departure, change in salary, details of
deductions and the like are approved under the signature of an authorized official and
sent to payroll section before the payroll sheet is prepared;
Ascertaining that the personal files of employees are in the safekeeping of a designated
staff member who is not part of the Accounts Division and Payroll Section.
b. Attendance sheet
Ensuring the accuracy of attendance sheets (or other documents confirming the
performance of distinct duties) and their approval by designated officials;
nsuring that documents confirming entitlements to over-time or other monetary benefits
are signed by the immediate superior of the employee (the superior must not be engaged
in payroll preparation and effecting of salary payment);
Verifying that duties such as ascertaining the accuracy of attendance sheets and the
preparation of payroll are not carried out by the same staff.
c. Payroll sheet
Checking that gross pay, deductions, allowances and unclaimed salary have been
computed accurately and on the basis of current scales and eligibility;

9
 Ascertaining that the accuracy of payroll calculations is verified by a staff member other
than those preparing the payroll;
Checking that staff engaged in payroll preparation and the computation of pay are
independent of staff engaged in the keeping of personnel files.
d. Deductions from salary
Ensuring that deductions of a repetitive nature such as those for personal income tax,
pension, repayment of loan and the like, are allocated separate columns in the payroll
sheet;
Ascertaining that deductions other than those determined by law (such as deduction for
edir contribution, resettlement bank loan, family allowance, and the like) are deducted
from the salary of an employee only after a written application from the employee is
authorized by the concerned official and that such documents are kept in the personal file
of the employee;
Checking that collections from salary deductions are paid to the concerned public bodies
and other beneficiaries in full and in a timely manner.
e. Payment of salary
Checking that any changes to staff salaries, arising from such factors as the employment
of new staff, promotion, dismissal, fine or court judgment, are communicated to the
payroll section before the preparation of the payroll sheet;
Assuring when allowances are paid in addition to basic salary, that documents exist in
the individual personnel files of officials and ordinary staff members receiving
allowances, which certify their eligibility to the allowances;
Ascertaining that the payroll sheet prepared for effecting the payment of wages to daily
laborers is supported by contracts of employment and a signed attendance sheet;
Confirming that the different duties in the payroll section ranging from initiation of
payroll calculations to delivering the payroll sheet for the effecting of salary payment
are carried out by different persons;
Checking that the various staff members who are engaged in preparing, reviewing and
approving the payroll sign in their respective places on the payroll sheet;
Ascertaining that the accuracy of details in the payroll sheet such as names, working
hours, over time, salary scale and the computation of deductibles, is verified by a staff

10
 member who is entirely independent of those who have prepared the payroll sheet;
Ensuring that the total salary payment for each month is compared with the payment
made in the previous month and that the causes of any difference are identified and
explained.

Audit objectives
The objectives of the audit of salaries and allowances include but are not limited to the
following:
to ascertain that there is a strong internal control system to prevent theft and fraudulent acts
during the preparation of payroll sheet, recording and effecting of salary payment;
to ascertain that deductions from salaries are made in accordance with the existing
proclamation and other relevant legislation;
to ascertain that the salary payment being effected is for services rendered by employees
and to ensure that the persons who receive salaries actually exist, and are in fact entitled to
the payment of salary.
to ascertain that the payment of allowances is effected strictly in accordance with the
relevant legislation;
to ensure that the arrangements made with respect to unclaimed salary are in accordance
with regulations and that the unpaid sums are correctly retained and properly recorded;
to ensure that the necessary controlling mechanisms exist to prevent unclaimed salary being
utilized improperly.
f. Audit procedures
The following audit procedures should be followed in order to ensure the proper control of
salaries and wages: -
A. Personal file of employees
See whether the personnel section holds employees’ personal files, which contain
information such as letter of engagement, letter of resignation, notification letter of salary
scale, documents related to special deductible items, and other relevant information;
Ensure that employees’ engagement, resignation, change in salary scale and details of
special deductible items have been approved by a designated official and that appropriate
instructions are sent to the payroll section before the payroll for the month is prepared;

11
 Check that documents kept in employees’ personal files have been signed by officials who
are not involved in payroll preparation;
Ascertain that employees’ personal files are kept in the custody of a staff member who is
not part of the accounts division or payroll section.
B. Attendance sheet
Ensure that the accuracy of attendance sheets (or similar documents for those under
contract) have been approved by appropriate officials not involved in the preparation of
payroll;
Ascertain that staff members who are responsible for ensuring the accuracy of
attendance sheets are not involved in the preparation of payroll;
Check that documents giving an entitlement to the payment of overtime and other
benefits are signed by the immediate superior of the employee who is eligible for that
entitlement (and that such superior is not involved in the preparation of payroll and
effecting of salary payment).
C. Computation of Payroll
Ascertain that the payroll clerk does not have direct access to employees’ personal files;
Ensure that the computation of gross pay and deductibles have been made in
compliance with the present scales of pay and eligibility;
Check that the staff member who verifies the accuracy of the computation of payroll,
has no involvement in payroll preparation.
D. Deductions from salary
See that a separate column is maintained in the payroll sheet for deductibles of a
repetitive nature such as income tax, pension, repayment of loan and the like;
Check deductions other than those authorized by law (such as deduction for edir
contribution, resettlement bank loan, family allowance, and the like) to ensure that the
deduction is in accordance with an approved written application from the employee (or
other official document) and that such documentary evidence is kept in the personal file
of the employee;
Ascertain that collections from deductibles have been paid to the correct beneficiary
account in full and in a timely manner.

12
E. Payment of salary
Ascertain that documentary evidence relating to matters such as salary scale changes, the
employment of new staff, promotion, resignation, penalty or court order has been sent to
payroll section before the payroll for the month is prepared;
Ensure that contracts and properly signed attendance sheets support the payroll sheet for
daily laborers;
See that documentary evidence of entitlement for the payment of allowances is kept in
the personal files of those employees and officials who are eligible for such payment;
Check that necessary caution has been exercised to prevent an employee from being
involved in the whole process of payroll preparation, from its initiation to the delivery of
the payroll sheet for salary payment to be effected;
Ascertain that the accuracy of details shown in the payroll sheet such as names, gross
salary, working hours, over time and the computation of deductibles has been verified by
an official with no involvement in payroll sheet preparation;
Ascertain that the payroll sheets have been signed by the payroll clerk, the staff member
responsible for checking and finally by the designated official who authorizes the
payment;
Verify that the salary payment for each month has been compared with the payment for
the previous month and that the causes of any differences are identified and reconciled;
Check that every employee on the payroll signs on the payroll sheet to acknowledge the
receipt of the net pay;
Check that no employee is allowed to take the salary of another employee without a
written delegation.
F. Unclaimed salary
Verify unclaimed salaries against summation of net pays unclaimed on payroll sheets;
Ascertain that unclaimed salaries are deposited in to the bank within predefined period
of time.
G. Accounting records
Test postings of payrolls to subsidiary and general ledgers;
Compare actual expenditure against the budget.

13
 CHAPTER FOUR
AUDIT OF ACQUISITION AND PAYMENT CYCLE
The Acquisition and Payment Cycle (also referred to as the PPP Cycle for Purchases, Payables,
and Payments) consists mainly of two classes of transactions. The first class is the acquisition
class. The typical journal entry for this class of transactions is a debit to inventory or an expense
and a credit to accounts payable. The classification assertion is highly important in this scenario
because there are many possible debits that can fulfill the journal entry.

The second class of transactions in the acquisition and payment cycle is the cash disbursements
class. The typical journal entry for this class is simply a debit to accounts payable and a credit
to cash. All in all, this cycle is mainly about incurring payables and paying off those payables
with cash. Although many companies follow different internal processes and use electronic-
based methods, the following flowchart is a typical business process in the acquisition and
payment cycle.

2. The Audit of Property, Plant and Equipment

The term property, plant and equipment (fixed assets) include all tangible assets with a service
life of more than one year that are used in the operation of the business and are not acquired for
the purpose of resale. Three major subgroups of such assets are generally recognized.

Land, such as property used in the operation of the business, has the significant characteristics
of not being subject to depreciation. Building machinery, equipment and land improvements,
such as fences and parking lots, have limited service lives and are subject to depreciation.
Natural resources (wasting assets), such as oil wells, coal mines, and tracts of timber, are
subject to depletion as the natural resources are extracted or removed. Fixed asset constitute a
significant proportion of the total assets of many organizations particularly those engaged in
manufacturing activities. Audit of fixed asset is, therefore generally considered to be an
important part of an independent financial audit. Though the number of transactions involving

14
 fixed assets is smaller in number, the amount involved in these transactions will be very high.
Hence the auditor has to give more attention while auditing the transactions relating to fixed
asset.

The auditor’s objectives in the audit of fixed assets are

Consider internal control over property, plant and equipment.

Determine the existence of recorded property, plant and equipment.
Establish the completeness of recorded property, plant and equipment.
Establish that the client has ownership rights to the recorded property, plant and
equipment.
Establish the clerical accuracy of schedules of property, plant, and equipment.
Determine that the valuation or allocation of the cost of property, plant, and equipment
is in accordance with generally accepted accounting principles.
Determine that the presentation and disclosures of property, plant, and equipment,
including disclosure of depreciation methods is appropriate.
In conjunction with the audit of property, plant, and equipment, the auditors also obtain
evidence about the related accounts of depreciation expenses, accumulated depreciation, and
repair and maintenance expenses.

Internal controls relating to fixed assets

The auditor studies and evaluates the accounting system and the effectiveness of internal control
relating to fixed assets. The auditor’s study and evaluation of internal control relating to fixed
assets covers the following aspects:
1. Segregation and rotation of duties: The auditor has to see whether there is proper
segregation of various duties relating to fixed assets such as
 Authorization of acquisition and disposals
 Execution of transactions relating to execution and disposals
 Recording of transactions
 Physical custody of items.

15
 The auditor also has to see whether the duties of various persons relating to fixed assets are
rotated periodically or not.
2. Authorization of acquisition, transfer and disposal of fixed assets: The auditor has to check
the internal control relating to capital budgeting. i.e., whether the proposal for capital
expenditure has been received in time in the proper format, approved by the top management
and whether it is properly communicated to the various departments after the approval.
 Whether a written authorization from a senior level of the management is included in the
budget.
 Whether the organization have laid down proper procedures for acquisition of fixed
assets i.e. for inviting quotations, selection of suppliers, approval of prices, payment
terms, safeguard for timely delivery etc.
 Whether the purchases are made on the basis of competitive bids. And whether there is
requirement for documenting the reasons for making purchases other than at lowest
price.
 Whether the control over receipt of fixed assets are effective ie., whether the technical
specifications of the assets received are verified with the purchase orders before
accepting and if rejected whether the debit notes are raised promptly.
 Whether periodic comparisons of the actual expenditures of the fixed assets are
compared with the capital expenditure budget and whether approval from the competent
authority is received if there is a deviation from the budget.
 Whether there any system of getting prior approval from the competent authority in case
of transfer of fixed assets from one department to another?
 Whether adequate controls exist for disposal of fixed assets i.e. with proper
authorization, invitation of quotations, approval of prices, proper documentation etc
3. Maintenance of records and documents: The auditor has to check whether the company
maintains proper records of fixed assets including those items, which are fully depreciated.
 Whether the organization maintains the record of assets given on lease or used by the
organization but owned by others.
 Whether a register containing title deeds of the assets are maintained properly.
 Whether the title deeds or registration documents are kept in safe custody and verified
periodically.

16
  Whether the organization maintained a detail record of projects which are in progress.
 Whether the expenditures incurred are properly allocated between capital and revenue.
4. Accountability for and safeguarding of fixed assets:
 Whether there is any system for identification of fixed assets.
 Whether adequate safeguards are made to protect the fixed assets from fire, theft
accessibility to unauthorized persons, and use of locks burglar alarms etc.
 Whether the fixed assets are properly insured and the auditor has to check regarding the
adequacy of the cover the time period, etc.
 Whether the fixed assets are physically verified on a periodic basis including those assets
lying with third parties.
 Whether follow up action has been taken for the discrepancies between the record books
and physical verifications.
 Whether there is any system for identifying and reporting damaged, obsolete and idle
fixed assets.
5. Independent checks: The auditor has to see whether there is any internal audit for fixed
assets and determining the coverage and effectiveness of the internal audit. The auditor has
to examine the scope of the work of the internal auditors and their reports.

Substantive procedures for fixed assets

The auditor determines the nature timing and extent of substantive procedures relating to fixed
assets after evaluating the effectiveness of internal controls. The procedures normally followed
are the following
(A). Examination of records and documents.
 Verify the opening balances from the previous years financial statements or ledger
accounts.
 Verify the additions made during the year from the approval of appropriate authority
copies of purchase orders, invoices receiving reports, acknowledgement form the
supplier and bank statement.
 Verify the assets constructed during the year by examining work order records,
statement of allocation and apportionments of costs, certificate of work performed,
contractors bills, invoices of suppliers of materials, bank statement etc.

17
  Verify the major repairs and maintenance to ensure no revenue expenditure related to
the capital assets is included.
 Verify the disposal or retirement of fixed assets by examining the approval of
appropriate authority, quotations invited from buyers, contract with the buyer, copy of
the sale bills, evidence of physical deliveries etc.
 Examine whether the book values and accumulated depreciation of the fixed assets
disposed or discarded are properly adjusted accounting the resulting gains or losses
properly.
 Verify the minutes of the board of directors, agreements, and correspondence with
lawyers to identify any charges or encumbrances on the fixed assets.
 Verify the arithmetical accuracy of the fixed asset records.
 Verify whether the value shown in the financial statement is after charging adequate
depreciation.
 Examine the evidence of ownership of fixed assets.

(B). Review or observation of a second verification

Though the physical verification is the duty of the management, the auditor can review or
observe the verification by examining the documents relating to the physical verification.
The procedures followed are:
 Review the instructions issued to the staff entrusted with the responsibility of physical
verification and judges the appropriateness and adequacy of the instructions.
 Assess the competence of the personnel conducting the physical verification.
 Examine the frequency of the verification and verify whether it is reasonable in the
circumstances of the case.
 When direct physical verification is not possible examine any indirect evidence of the
existence of the fixed assets.
 Tests check the fixed asset record with the physical verification records.
 Examine the appropriate follow up action taken for the discrepancies revealed by
physical verification with the fixed asset records.
 Examine whether appropriate adjustments have been made in the fixed asset records and

18
 financial accounts for obsolescence, damage, or other losses reveled by the physical
verification.
(C). Examination of Valuation and disclosure
 Examine whether the fixed assets have been valued according to the generally accepted
accounting principles.
 Examine whether adequate depreciation have been provided.
 Examine whether the fixed assets have been revalued in a systematic/ scientific/
appraisal basis considering the future life and the possibility of obsolescence.
 Examine the basis on which the consideration has been proportionated to various assets
when several assets have been purchased for a consolidated price.
 Examine the relevant documents such as title deeds agreements etc in order to ascertain
the extent of the shares of the organization when the organization owns assets jointly
with others.
(D). Analytical Procedures

The analytical procedures employed by the auditors in the audit of fixed assets are the
following:
 Compare the additions or disposals of fixed assets made during the year with the
budgeted figures.
 Compare the ratio of depreciation for the current year to the average book value of the
fixed assets with the corresponding figures of the previous year.
 Compare the amount of repairs and maintenance of the current year with the figures of
the previous year.
 Compare the ratio of actual capacity utilization with the installed capacity of the current
year with the figures of the previous year.
(E). Obtaining Management Representation

The auditor has to obtain an appropriate representation form the management concerning the
fixed assets stating that the fixed assets shown in the balance sheet are arrived at after
considering all capital expenditures on additions, eliminating the cost and accumulated
depreciation relating to the items discarded, destroyed and disposed off and adequate

19
 depreciation has been provided for during the current year.
Audit program for auditing fixed assets

The following procedures are typical of the work required in many engagements for the
verification of property, plant and equipment.
A) Consider internal control over property, plant and equipment
1. Obtain an understanding of internal control over property, plant and equipment

Auditors may use written description, flow chart or internal control questionnaire to describe
the nature of client’s internal control structure. After preparing description of internal
control, the auditors will determine whether the controls as described to them have been placed
in operation, whether there is appropriate segregation of duties and considered the
misstatements that may occur.

2. Assess control risk and design additional tests of control for the assertions about property,
plant, and equipment.

Based on an understanding of the client’s internal control over property, plant and equipment,
the auditors develop their planned assessed level of control risk for the various financial
statement assertion assertions and obtain additional evidences of the operating effectiveness of
the client’s controls by designating additional tests of control.

3. Perform additional tests of controls for those controls that the auditors plant to consider to
support their planned assessed levels of control risk.
As auditors obtain an understanding of the client’s internal control; certain tests of control are
performed. E.g. select a sample of purchase of plant and equipment to test the control related to
authorization, receipts and proper recording of the transactions.
4. Reassess control risk for each of the major financial statements assertions about property,
plant, and equipment based on the results of tests of controls and, if necessary, modify
substantive tests.

20
The final step in the auditor’s consideration of internal control involves a reassessment of
control risk based on the results of the tests of control. On the basis of the reassessed level of
control risk auditor modify their planned program of substantive testing procedures for
property, plant, and equipment assertions.

21
 CHAPTER FIVE
AUDIT OF INVENTORY AND WAREHOUSE CYCLE
5.1. Nature of inventory
Audit of inventory is complicated by a number of factors including:
Variety (diversity) of items.
High volume of activity.
Various (sometimes complex) valuation.
Difficulty in identifying obsolete or defective inventory.
Many frauds involve the inventory account.
Easily transportable making it subject to double counting.
May be stored at multiple locations, some may be remote.
May be returned by customers
5.2. Control activities and Tests of Controls
A. Flow of Inventory
Receiving raw materials
Put raw materials in to storage
Put raw materials in to production
Put finished goods in to storage
Ship finished goods to customers
B. Business functions in the cycle

The sequence of functions in the inventory and warehousing cycle are the following:
a. An employee recognizes a need for purchase; completes a requisition and sends it to
purchasing (Requisitioning).
b. Purchasing shops for the appropriate quality at the best price, then prepares a
purchase order.
c. When goods arrive from the vendor, the receiving department inspects, counts, and prepares
a receiving report (Receiving).
d. Goods are moved from receiving to a warehouse; raw materials perpetual inventory master
file is updated.
e. When needed, goods are moved from the warehouse to production; raw materials perpetual

22
 inventory master file and cost accounting records are updated.
f. When finished, goods are moved from production to the warehouse; finished goods
perpetual inventory master file and cost accounting records are updated.
g. When sold, goods are shipped and perpetual inventory records are updated.
C. Accounts Affected
Raw materials
Direct labor
Manufacturing overhead
Work-in-Process
Finished goods
Cost of goods sold etc
D. Audit of Inventory
Part of audit Cycle in which tested
Acquire and record raw materials, labor, and Acquisition and payment plus payroll and
overhead personnel
Internally transfer assets and costs Inventory and warehousing
Ship goods and record revenue and costs Sales and collection
Physically observe inventory Inventory and warehousing
Price and compile inventory Inventory and warehousing

5.3. Auditing Cost accounting

A. Cost Accounting Controls
Physical controls over raw materials, work in process, and finished goods.
 Purpose: to prevent loss of inventory due to theft or misuse.
 Control Measures:
 Physically segregate storage areas for raw materials, work in process, and
finished goods
 Restrict access to storage
 Assign responsible custodian
 Use of pre numbered documents
 Segregation of duties (e.g. separate responsibility for perpetual

23
 inventory master file from custodian of inventories)
 Controls over related costs
 Integrate production and accounting records for the purpose of pricing
finished goods, controlling costs, and costing inventory
B. Tests of cost accounting
Auditor’s primary concerns:
 Physical controls over inventory.
 Suggested procedures: Observation and inquiry.
 Documents and records for transferring inventory
 Test for existence of recorded transfers
 Test whether all actual transfers were recorded
 Test for the accuracy of the quantity, description, and date of all
recorded transfers
Specific procedures:
 Understand internal controls for recording transfers
 Account for a numerical sequence of raw materials requisition
 Examine raw materials requisition for proper approval
 Compare raw materials requisitions with raw materials perpetual
inventory master file (for quantity, description, and date of all recorded
transfers)
 compare completed production records with perpetual inventory master
file
 Perpetual inventory master file
 Test for the reliability of master file. The reliability of perpetual
inventory master file affects the timing and nature physical examination.
 Examine documents supporting additions and reductions of inventory
amounts in master file.
 Unit cost records (Procedures)
 Understand internal controls in costing accounting systems.
 Trace the units and unit costs of raw materials to additions recorded in
perpetual inventory master file.

24
  Trace the total costs to cost accounting records.
 Trace the payroll summary directly to production cost records.
 Determine the reasonableness of manufacturing overhead allocation
methods and their consistency
5.4. Observing physical inventory
A. Assess Business and control risks.
 The auditor is required to obtain an understanding of the client’s
business and industry risk.
 Common sources of business risk:
 Short product cycle
 Potential obsolescence
 Use of just in time system
 Reliance on a few key suppliers
 Use of sophisticated inventory management technology.
 Auditor’s key considerations:
 Inventory valuation method selected by management
 Potential for inventory obsolescence
 Risk of mixing consignments with own inventory
 Procedure: conduct a tour of the client’s inventory facilities.
 The auditor is required to decide on tolerable misstatement based on the results
of business risk assessment. Situations under which misstatements are expected:
 Inventory stored in multiple locations
 Complex costing methods
 Greater potentials for obsolescence
 After assessing business risk, the auditor should assess control risk by focusing
on:
 Internal controls over perpetual records
 Physical controls over inventory
 Inventory counts
 Inventory compilation and pricing
B. Inventory observation requirements

25
  Required by auditing standards.
“Auditors should satisfy themselves about the effectiveness of the client’s methods of counting
inventory and the reliance they can place on the client’s representations about the quantities
and physical conditions of the inventories”
 To meet the requirements, auditors must:
 Be present at the time the client counts their inventory for determining
year-end balances
 Observe the client’s counting procedures
 Make inquiries of client personnel about their counting procedures
 Make their own independent tests of the physical count
 Responsibilities in inventory taking:
 Client
o Set up procedures for inventory taking
o Make actual counts
o Record the counts
 Auditor
o Evaluate the client’s procedures
o Observe the count procedures
o Conduct test counts of inventory
o Draw conclusions about the adequacy of the physical inventory
 Exceptions to physical examination of inventories:
 Inventories housed in a public warehouse
 Inventories overseen by outside custodians if inventory does
not represent significant portion
 Alternative procedures when physical examination is not needed:
 Confirmation from public warehouse or outside custodian
 Investigate the custodian’s inventory procedures
 Obtain an independent accountants reports on the custodian control
procedures over the custody of goods
C. Controls over physical count

26
  Timing of physical count
 Elements of the client’s physical count of inventory
 Proper client instructions for the physical count
 Supervision by the responsible personnel of the client
 Independent internal verification of the counts by client personnel
 Independent reconciliation of the physical counts with perpetual
inventory master files
 Adequate client control over count sheet or tags used to record
inventory counts
D. Audit Decisions
 The auditor’s decisions in the physical observation of inventory include:
a. Selecting audit procedures
b. Deciding on the timing of procedures
 Physical count may be taken either before year end or at year end
 If physical count has taken place before year end, the auditor
can test transactions recorded in the perpetual inventory master file from
the date of the count to the end of the year.
 When there are no perpetual and the inventory is material, the client must
take a complete physical count near the end of the accounting period
c. Determining sample size
 Sample size in physical observation may be considered in terms of the
total number of hours spent rather than the number of inventory
items counted because the auditors concentrate on observing the client’s
procedures instead of selecting items of testing.
 The key determinants of the amount of time needed to test inventory are:
o The adequacy of internal controls over the physical count
o The accuracy of the perpetual inventory master file
o Total birr amount and type of inventory
o Number of different significant inventory locations
o Nature and extent of misstatements discovered in previous years,
o Other inherent risks

27
 CHAPTER SIX
AUDIT OF THE CAPITAL AND REPAYMENT CYCLE
6.1. Overview of the cycle
 Capital acquisition and repayment cycle is the transaction cycle involving the
acquisition of capital resources in the form of interest-bearing debt and owners’ equity,
and the repayment of the capital.
 Four unique characteristics of the capital acquisition and repayment cycle significantly
influence the audit of these accounts:
o Relatively few transactions affect the account balances, but each transaction is
often highly material in amount.
o The exclusion of a single transaction could be material in itself.
o There is a legal relationship between the client entity and the holder of the stock,
bond, or similar ownership document.
o There is a direct relationship between the interest and dividend accounts and debt
and equity.
Notes Payable
Overview of Accounts for Notes Payable
 Auditors commonly include tests of principal and interest payments as a part of the audit
of the acquisition and payment cycle, because the payments are recorded in the cash
disbursements journal.
 Identify significant risk and assess risk of material misstatement for notes payable and
Related Accounts.
 Auditors often learn about capital acquisition transactions while gaining an
understanding of the client’s business and industry.
Assess Inherent Risk and Fraud Risk
 Inherent risks are primarily concerned with the authorization of notes payable, receipt of
funds, recording of transactions, and compliance with the debt covenants.
 One particular factor that can increase inherent risk and fraud risk is the presence of
related-party transactions.
 The most important balance-related assertions in notes payable are completeness and
accuracy because misstatement could be material if even one note is omitted or

28
 incorrect.
The following are risks of fraud and error for notes payable:
 Errors in calculating interest payments, posting such amounts to the wrong period, or
omitting them.
 Misclassifying debt as equity or vice versa, or misclassifications between current and
long-term.
 Recording debt transactions in the wrong period.
 Incorrect or inaccurate disclosure of terms or amounts.
 Deliberate misclassification of debt as revenue or other fraudulent manipulations

6.2. Key Internal Control

 Proper authorization of transactions.
o Type, nature, timing, and terms (if any) should be approved by the board of
directors as evidenced in the minutes of meetings.
 Proper recordkeeping and adequate segregation of duties between maintaining owners’
equity records and handling cash and stock certificates:
o In addition, there should be (1) well-defined policies for preparing share
certificates and recording share transactions and (2) independent verification of
both transaction details and amounts.
o One of the objectives of the controls is to maintain current share capital records,
which will be used to pay dividends or repurchase shares (part of the acquisitions
and payments cycle) and to record issues of shares.
 The use of an independent registrar and share transfer agent.
o The independent registrar issues share in accordance with the provisions in the
articles of incorporation and as authorized by the board of directors.
o The share transfer agent maintains shareholder records (including changes in
ownership), adding independence to this process.
6.3. Auditing Long-term debt
In determining the tests of details of balances for long-term debts such as bonds payable,
mortgage payable, notes payable, the auditor considers tolerable misstatement, inherent risk,
control risk, the results of tests of controls and substantive tests of transactions, and the results

29
of analytical procedures. Tolerable misstatement if often set at a low level because it is often
possible to completely audit the account balance or the transactions affecting the account
balance. Inherent risk is also typically set at a low level because it is usually easy to determine
the correct account value. Auditors are normally most concerned about the adequacy of
disclosures, such as collateral and covenant restrictions for notes payable.

Audit Objectives and Procedures

 The following assertions, audit objectives and audit procedures apply to long term debts:
1) Existence or Occurrence
 Audit Objectives
 To determine that long- term debts exist at year end.
 Audit Procedures
 Obtain an analysis of long term debt accounts and related interest,
premium and discount accounts.
 Review debt agreements and confirm with payees the principal amount
maturity date, interest rate, etc.
 Inspect bonds redeemed, retired or surrendered during the period.
2) Completeness
 Audit Objectives
 To determine that all transactions relating to long-term debts are
properly recorded.
 Audit Procedures
 Trace authorization for issuance of debt to credits to the long-term debt
account.
 Vouch borrowing and repayment transactions and review transactions
to supporting documents occurring near year-end.

3) Rights and Obligations

 Audit Objectives
 To determine that long term debts represent valid obligation of the
entity.

30
  Audit Procedures
 Review minutes of board of directors' meetings.
 Review payments and renewals after the statement of financial position
date.
4) Valuation or Allocation
 Audit Objectives
 To determine that the long-term debts are recorded at the proper
amount.
 Audit Procedures
 Recalculate interest expense and amortization of premium or discount
if any.
 Ascertain the amount of long-term debt maturing within one year.
5) Presentation and Disclosure
 Audit Objectives
 To determine that long term debts are presented and disclosed in
accordance with PAS/PFRS.
 Audit Procedures
 Send confirmation letters to financial institution to obtain information
about finance arrangement.
 Evaluate presentation in the financial statement of the long-term debt.
Examine classification of obligation as either secured or unsecured.
6.4. Auditing Capital stock
The following are risks of fraud and error for owners’ equity and its related accounts:
 Misclassifying equity as debt, or misclassifications between current and long-term
equity.
 Recording equity transactions in the wrong period.
 Incorrect or inaccurate disclosure of terms or amounts.
 Equity issues or dividends that violate debt covenants.
 Backdating stock options.
 Paying dividends to wrong parties or at incorrect amounts.
 Deliberately misclassifying equity as revenue or other fraudulent manipulations

31
There are four main concerns in auditing share capital:
 Existing share capital transactions are recorded (completeness).
o If a registrar or transfer agent is used, the auditor confirms balances and
transactions with them.
 Recorded share capital transactions exist and are accurately recorded (occurrence and
accuracy).
o All share capital transactions are verified (e.g., due to mergers, issuance, or
repurchase) by looking for authorizations in the minutes of board of directors’
meetings and agreement with share transfer agent records (using confirmations or
physical inspection at their offices).
o Changes due to mergers and acquisitions will require inspection of relevant legal
documents and may require auditor specialist assistance on the audit team.
 Share capital is accurately recorded (accuracy).
o Confirmation with the share transfer agent will provide balances and details.
 Share capital is fully presented and clearly disclosed (completeness and
understandability.
6.5. Auditing Dividends
 The emphasis in the audit of dividends is on the transactions rather than the ending
balance.
 The following are the most important objectives, including those concerning dividends
payable:
o Recorded dividends occurred (occurrence).
o Existing dividends are recorded (completeness).
o Dividends are accurately recorded (accuracy)
o Dividends that exist are paid to shareholders (existence).
o Dividends payable are recorded (completeness).
o Dividends payable are accurately recorded (accuracy).
 Existence of recorded dividends can be checked by examining the minutes of board of
directors’ meetings for the amount of the dividend per share and the dividend date.
 The accuracy of a dividend declaration can be audited by re-computing the amount on

32
 the basis of the dividend per share and the number of shares outstanding.
6.6. Auditing Retained Earnings
 The starting point for the audit of retained earnings is an analysis of retained earnings
for the entire year.
 The audit of the credit to retained earnings for net income for the year (or the debit for a
loss) is accomplished by tracing the entry in retained earnings to the net earnings figure
on the income statement.
 Once the auditor is satisfied that the recorded transactions are appropriately classified as
retained earnings transactions, the next step is to decide whether they are accurately
recorded.
 Another important consideration in the audit of retained earnings is evaluating whether
there are any transactions that should have been included but were not.

33
 CHAPTER SEVEN
AUDIT OF CASH BALANCES
The audit of cash is considered an important part of an audit mainly due to two reasons:
a) Almost all business transactions will be ultimately settled through the cash accounts,
the audit of cash accounts also assists in the verification of other asset and liability
accounts as well as revenue and expenses.
b) Cash is the highly liquid asset in a company and it is an area of high inherent risk
since there is a relatively high risk of misappropriation.
7.1. Cash in the Bank and transaction Cycles
Test of the bank reconciliation often identify these misstatements:
 Failure to include a check that has not cleared the bank on the outstanding check list,
even though it has been recorded in the cash disbursements.
 Cash received by the client subsequent to the balance sheet date but recorded as cash
receipts in the current year.
 Deposits recorded as cash receipts near the end of the year, deposited in the bank in the
same month, and included in the bank reconciliation as a deposit in transit.
 Payments on notes payable debited directly to the bank balance by the bank but not
entered in the client’s records.
Reconciliations of cash most likely will not detect these misstatements:
 Failure to bill a customer.
 An embezzlement of cash by intercepting cash receipts from customers before they are
recorded, with the account charged off as a bad debt.
 Duplicate payment of a vendor’s invoice.
 Improper payments of officers’ personal expenditures–Payment of raw materials that
were not received.
 Payment to an employee for more hours than he or she worked.
 Payment of interest to a related party for an amount in excess of the going rate.

34
 CHAPTER EIGHT
COMPLETING THE AUDIT
It is worth noting that the procedures performed in completing the audit have several distinct
characteristics. The auditor’s responsibilities in completing the audit involve completing the
fieldwork, evaluating the findings, and communicating with the client. The three steps in
completing the audit are:
a) Completing the audit field work
b) Evaluating the findings
c) Communicating with the client
A) Completing the audit field work
In particular, completing the fieldwork involves performing the following procedures to obtain
additional audit evidence:
 Making a Subsequent Events Review: Subsequent events are events and transactions
that occur after the balance sheet date but before the issuance of the financial statements
and the auditor’s report. In effect, the subsequent events period extends from the balance
sheet date to the end of the fieldwork. During this period, the auditor is required by
GAAS to discover the occurrence of any subsequent event that has a material effect on
the financial statements. However, the auditor has no responsibility to discover
subsequent events between the end of fieldwork and the issuance of the audit report.
 Reading Minutes of Meetings: The reading of minutes of meetings of stockholders, the
board of directors, and its subcommittees may reveal information about matters that have
audit significance. These should be read as soon as they become available.
 Obtaining Evidence Concerning Litigation, Claims, and Assessments: In completing
an audit following GAAS, the auditor must determine whether litigation, claims, and
assessments are reported in conformity with accounting standards. Management
represents the primary source of such information, whereas a letter of audit inquiry to the
client’s outside legal counsel is the auditor’s primary means of corroborating this
information.
 Obtaining a Management Representation Letter: The auditor must also obtain written
representations from management regarding the matters that are either individually or

35
 collectively material to the financial statements. Such a letter complements other
auditing procedures and may reveal matters not otherwise discovered by the auditor. It
should be noted that the refusal by management to provide such a letter in effect limits
the scope of the audit and could result in the auditor not issuing a standard audit report.
 Performing Analytical Procedures: Performing analytical procedures at the end of the
fieldwork is a required part of an overall review. It assesses the conclusions reached
during the audit and evaluates the overall financial statement preparation. The
procedures are applied to critical audit areas identified during the audit and are based on
financial statement data after all adjustments and reclassifications have been recognized.

B) Evaluating the findings

After an audit team collects the facts and completes its investigation, it is time to determine its
results. For audits, the results are called reported audit findings. The first step is to evaluate the
evidence against the audit criteria. The evidence is the factual information collected or observed
during the audit performance. The audit criteria are the standards, procedures, regulations, or
objectives the organization was audited against. The criteria represent requirements the
organization must comply with. Informing an opinion on whether the financial statements are
presented fairly, in all material respects, and in conformity with the applicable financial reporting
framework, the auditor should take into account all relevant audit evidence, regardless of
whether it appears to corroborate or contradict the assertions in the financial statements.

In the audit of financial statements, the auditor’s evaluation of audit results should include
evaluation of the following:
 The results of analytical procedures performed in the overall review of the financial
statements (“overall review”);
 Misstatements accumulated during the audit, including, in particular, uncorrected
misstatements;
 The qualitative aspects of the company’s accounting practices;
 Conditions identified during the audit that relate to the assessment of the risk of material
misstatement due to fraud (“fraud risk”);
 The presentation of the financial statements, including the disclosures; and

36
  The sufficiency and appropriateness of the audit evidence obtained.
C) Communicating with the client
The auditor’s communicating with the client after the audit involves the following aspects:
 Communication of Internal Control Structure Matters: Communication of internal
control structure represents significant deficiencies in the design or operation of the
internal control structure, which could adversely affect the organization’s ability to
record, process, summarize, and report financial data consistent with the assertions of
management in the financial ‘statements.
 Communicating Matters About Conduct of Audit: Communication with the audit
committee requires the auditor to communicate certain matters about the conduct of the
audit to those responsible for overseeing the financial reporting process. Normally this
responsibility is assigned to an audit committee of the board of directors or a group with
equivalent authority, such as a financial committee. The communication may be oral or
written and may occur during or shortly after the audit. When the communication is in
writing, the report should indicate that it is intended for the audit committee, the board of
directors, and, if appropriate, management.
 Preparing Management Letter: Auditors observe many facets of the client’s business
organization and operations during an audit engagement. After an audit, many auditors
believe it is desirable to write a letter to management, known as a management letter that
contains recommendations not included in the required communication with the audit
committee. These recommendations usually relate to improving the efficiency and
effectiveness of the company’s operations. Management letters may include comments
on:
o Internal control structure matters that are not considered to be reportable
conditions.
o Management of resources such as each inventory and investment.
o Tax-related matters.

37
 CHAPTER NINE
AUDITING COMPUTERIZED ACCOUNTING SYSTEMS: AN OVERVIEW
A computer system requires procedures to:
 Convert data to machine readable form.
 Input data into the computer.
 Process data.
 Store data in machine readable form.
 Convert data into desired output form.
For these procedures to be undertaken, a mixture of hardware and software is needed.
The hardware will consist of:
 Input devices: These include keyboards, optical readers, and bar code scanners.
 Processing devices: These are the computers themselves. i.e. CPU.
 Storages devices: Include hard disk, diskettes and magnetic tapes.
 Output devices: These include the visual display unit (VDU) and printers.
The computer software consists of programs and operating systems.
a) Programs: are the instructions telling the computer how each type of transaction is
to be processed. These instructions include routines of checking and controlling data,
matching data with master files and performing mathematical operations on data. E.g. for
sales transactions, matching routines will enable the computer to identify the right
sales price from the sales master file and the right customer from debtors master file.
Mathematical routines will include calculating the total debtor’s amount and updating
customer’s balance in the debtors’ master file.
b) Operating system: relates to a series of related programs to provide instructions as to
what files are required to be on-line, what output devices are required to be ready
and what additional file need to be created for further processing. E.g. with a batch of sales
transactions, the sales price file and debtor’s file need to be on-line. The printer must be
loaded with blank invoice forms and the totals must be retained for posting to the
sales and debtors control accounts in the general ledger master file.
c) Computer files: These are equivalent of books and records in a manual system and
are described as either transaction files or master files.

38
The approach taken by the auditor when examining computerized records takes either of the two
main forms:
 Auditing round the computer
 Auditing through the computer
.
A) Auditing round the computer

This means examining evidence for all items in the financial statements without getting
immersed in the details of the computerized information system. The benefits of this approach
are that it saves time and its justification is that computers are 100% accurate in processing
transactions and therefore material processing errors simply do not occur. The drawback of
this approach is that once an application is programmed to process an item incorrectly,
then it processes exactly as programmed indefinitely. However, major frauds and error or
system failures should be picked up in the assets and liabilities verification e.g. if processing of
sales is incorrect, verification of debtors can uncover the error. Also an analysis of gross profit
margins will help discover any errors in sales. This approach is suitable for small businesses
but largely unsuitable for large scale entities.

B) Auditing through the computer

There are two basic techniques available to the auditor for auditing through the computer.
These are use of test data and use of computer audit programs which are also called CAATs
(computer assisted audit techniques).
8.1. Impact of Information Technology on the Audit Process

Information technology affects the reduction of audit risk through electronic data processing
and electronic auditing, which helps auditors reduce the likelihood of errors in audit work and
increase the probability of discovery, which in turn leads to a reduction in audit risk. Most
errors in data processed by computerized information systems can be traced to errors made
when the data was being input into the system. Controls over input fulfill the following

39
objectives.
a) Completeness of input: This ensures that all transactions that took place have been
processed.
b) Accuracy: This ensures that the recorded transactions have been captured accurately.
c) Validity: This ensures that only valid or genuine transactions appropriately authorized
have been recorded. It also ensures credibility and reliability of recorded transactions.

8.2. Controls in a computerized environment

To mitigate the risks occasioned by the features of a computerized information system, the
management should design internal controls over the system. These controls are mainly
classified into general controls and application controls.

A) General controls

These relate to the environment within which the computer based systems are developed,
maintained and operated aimed at providing reasonable assurance that the overall objectives of
internal controls are achieved e.g. completeness, accuracy and validity of financial information.
The objective of the general controls is to ensure the proper development and implementation of
applications and the integrity of program files and information. These controls could either
be manual or programmed and are classified into:
 System development controls: These relate to controls that must be exercised by
the client when developing new systems or modifying existing systems. The controls
that can be exercised during systems development can be discussed in the following
groupings
 Access controls: The success of computerized information systems is largely
dependent on the accuracy, validity and credibility of the data processed by the
system. Access controls to computer hardware, software and data files is therefore vital.
Access controls provide assurance that only authorized individuals use the system
and that the usage is for authorized purposes only. Access may be restricted to
specified persons, files, functions or computer devices. This can be achieved using

40
 both physical and programmed controls. Examples of access controls include
o Physical restriction of access to computer facilities to specified persons
only e.g. file servers should be maintained in a secure location where access is
granted to only specified persons.
o Controls over computers stored in the user department could be improved by
making sure that vital data on programs are not left running when the computer
is left unattended
o Passwords should be used by all staff when accessing computer facilities.
 Computer operations and other controls: The organization should have a
reconstruction or disaster recovery plan that will allow it to regenerate important
programs and data files in case of disasters or accidental destructions. The recovery plan
should create back up or duplicate copies of important data files and programs which
should be stored off site. The recovery plan should also be tested on regular basis to
ensure that it indeed works.

8.3. Computer assisted techniques (CAATS) in gathering audit evidence

Computer Assisted Audit Technique is the implementation of taking audit evidence material
using a computer, an audit is carried out using a computer or software to support the
implementation of the examination. Audit techniques are methods used by auditors to collect
audit evidence. There are two broad categories of CAAT such as audit software and test data.

A) Audit software
Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf
software or it can be purpose written to work on a client's system. The main advantage of these
programs is that they can be used to scrutinize large volumes of data, which it would be
inefficient to do manually. The programs can then present the results so that they can be
investigated further.

Specific procedures they can perform include:

 Extracting samples according to specified criteria, such as:

41
 o Random;
o Over a certain amount;
o Below a certain amount;
o At certain dates.
 Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e.
benchmarking);
 Check arithmetical accuracy (for example additions);
 Preparing reports (budget vs actual);
 Stratification of data (such as invoices by customer or age);
 Produce letters to send out to customers and suppliers; and
 Tracing transactions through the computerized system.
These procedures can simplify the auditor's task by selecting samples for testing, identifying
risk areas and by performing certain substantive procedures. The software does not, however,
replace the need for the auditor's own procedures.

B) Test data
Test data involves the auditor submitting 'dummy' data into the client's system to ensure that the
system correctly processes it and that it prevents or detects and corrects misstatements. The
objective of this is to test the operation of application controls within the system.

To be successful test data should include both data with errors built into it and data without
errors. Examples of errors include:
 Codes that do not exist, e.g. customer, supplier and employee;
 Transactions above pre-determined limits, e.g. salaries above contracted amounts, credit
above limits agreed with customer;
 Invoices with arithmetical errors; and
 Submitting data with incorrect batch control totals.
Data may be processed during a normal operational cycle ('live' test data) or during a special
run at a point in time outside the normal operational cycle ('dead' test data). Both has their
advantages and disadvantages:
 Live tests could interfere with the operation of the system or corrupt master files/standing

42
 data;
 Dead testing avoids this scenario but only gives assurance that the system works when
not operating live. This may not be reflective of the strains the system is put under in
normal conditions.
Advantages of CAATs
CAATs allow the auditor to:
 Independently access the data stored on a computer system without dependence on the
client;
 Test the reliability of client software, i.e. the IT application controls (the results of which
can then be used to assess control risk and design further audit procedures);
 Increase the accuracy of audit tests; and
 Perform audit tests more efficiently, which in the long-term will result in a more cost
effective audit.
Disadvantages of CAATs
 CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
 Client permission and cooperation may be difficult to obtain;
 Potential incompatibility with the client's computer system;
 The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required;
 The audit team may not have the knowledge or training needed to understand the results
of the CAATs; and
 Data may be corrupted or lost during the application of CAATs.

Other techniques
There are other forms of CAAT that are becoming increasingly common as computer
technology develops, although the cost and sophistication involved currently limits their use to
the larger accountancy firms with greater resources. These include:
 Integrated test facilities - this involves the creation of dummy ledgers and records to
which test data can be sent. This enables more frequent and efficient test data procedures
to be performed live and the information can simply be ignored by the client when

43
 printing out their internal records; and
 Embedded audit software - this requires a purpose written audit program to be
embedded into the client's accounting system. The program will be designed to perform
certain tasks (similar to audit software) with the advantage that it can be turned on and off
at the auditor's wish throughout the accounting year. This will allow the auditor to gather
information on certain transactions (perhaps material ones) for later testing and will also
identify peculiarities that require attention during the final audit.

Text and reference books

 Arens, Elder and Beasley (2016) Auditing and Assurance Service, Global Edition, 16th
Edition.
 Hayes R., Wallage P., and Gortemake H., (2014) Principles of Auditing: An
Introduction to International Standards on Auditing, 3rd Edition.
 Leung P., Coram P. (2015) Modern Auditing and Assurance Services, 6th Edition,
Wiley.
 Messier. Glover, Prawitt. (2016) Auditing & Assurance Services, 9th Edition, with ACL
software McGraw- Hill.
 Louwers, T. Ramsay, (2012). Auditing & Assurance Services (5th ed.). Boston, MA:
McGraw‐Hill.
 R. Whittington and K. Pany; (2014) Principles of Auditing & Other Assurance Services
19th Edition, McGraw-Hill Irwin.
 Timothy Louwers, Robert Ramsey, et. al., 2008 ) (Auditing and Assurance Services (3rd
ed.). Irwin McGraw-Hill,

44