audit notes-topic 7

8/6/2019 Audit Notes-ToPIC 7

1/30

TOPIC 7: INTERNAL AUDIT, COMPUTER AUDITING AND OTHER TYPES OF

AUDIT

INTERNAL AUDIT ISA 6107.1.1 Nature and Function/scope of Internal audit

According to theInstitute of internal auditors(www.iia.org.uk) internal audit is defined as :
http://www.iia.org.uk/http://www.iia.org.uk/http://www.iia.org.uk/


2/30

An appraisal or monitoring activity established by management and the

directors, for the review of the accounting and internal control systems as a

service to the entity.

It functions by, amongst other things, examining, evaluating and reporting to

management and the directors on the adequacy and effectiveness of components

of the accounting and internal control systems.

7.1.2 Scope/ Objectives / Functions of internal Audit

The scope of Internal audit is set by management and varies widely. It could

include:

I. Reviewing and appraising the soundness, adequacy and application of

accounting, operating and internal control systems. It is the responsibility ofmanagement to establish adequate accounting and internal control systems.

This demands proper attention on a continuous basis. Internal auditing is

ordinarily assigned specific responsibility by management for reviewing

these systems, monitoring their operation and recommending improvements

thereto.

I. Examination of financial and operating information. This may include

review of the means used to identify, measure, classify and report such

information and specific inquiry into individual items including detailed

testing of transactions, balances and procedures.

I. Ascertaining the extent to which the company assets are accounted for

and safeguarded from losses of all kinds.

I. Reviewing and ascertaining the extent of compliance with established

internal policies, plans and procedures as well as with laws, regulations and

other external requirements.

I. Ascertaining the reliability of accounting and other data developed

within the organization.

I. Reviewing of the 3Es - economy, efficiency and effectiveness ofoperations of the company. Also known as value-for-money Audit

(Economy operations at lowest reasonable cost ie the measure of

resources consumed against planned consumption, Efficiency Relationship

between input resources and output ie the ratio of resource consumption to

benefits produced-the input:output ratio, Effectiveness achievement of

predetermined objectives ie the measure of actual performance against

planned performance in terms of outputs)


3/30

I. Appraising the quality of performance in carrying out assigned

responsibilities (Quality assurance appraisal of lecturers etc )

I. Carry out special investigations, e.g. fraud

7.1.3 Distinction Between External & Internal Auditors

7.1.3.1 Common interests of the two auditors:

Ensuring

a The organization has an effective system of internal control.

a That management obtains adequate management information.

a That assets are safeguarded.

a That the organization has an adequate accounting system (to minimum

Companies Act standard).

a Compliance with statutory and regulatory framework.

7.1.3.2 Differences between the two auditors:

a Scope Scope of external auditor is determined by statute; internal

auditors scope is set by management and specified in an internal audit

charter. The Internal audit charter is a formal document approved by the

Board of directors, that (a) establishes the internal audit departments

position within the organization; (b) authorizes the internal auditor to have

unlimited access to records, personnel and physical properties relevant to theperformance of audits; and (c) defines the scope of internal auditing activities.

a Approach and primary objective External auditors primary objective

is the formation of an opinion as to the truth and fairness of the accounts. The

internal audits objective is set by the charter and may cover EEE.

a Relationship to the company External auditors are independent of

the company and its management. Internal auditors are often employees of

the organization, although some times the internal audit function is

outsourced.


4/30

a Reporting responsibility and appointment External Auditor is

appointed by shareholders in an Annual General Meeting and is therefore

responsible and reports to the shareholders of the company (NB: the external

auditors report is addressed to shareholders). The Ex. Auditor could also be

appointed by management to fill a casual vacancy. The external auditor could

also have a responsibility to others and the government.

The internal auditor is appointed according to management policy via

formal interview process. Ideally the Internal auditor reports to the Board

of directors or to the audit committee of the Board.

a Qualifications (Who is qualified to be Ex. / Int. Auditor ?) External

auditors qualifications are determined by the Companys Act and the

Accountants Statute (1992) auditor must be a certified/chartered public

accountant. The internal auditors qualifications are prescribed by

management according to prevailing needs.

a Skills required External auditor must posses Accounting, finance

based and analytical skills. Internal Auditor requires broad-based,

interpersonal and analytical skills.

a Remuneration External auditors remuneration is agreed by auditor

and management and ratified later by shareholders in general meeting via the

formal approval of accounts. The Internal auditors remuneration is salary

based and fixed internally by management.

a Security or tenure The Companys Act protects the external auditor

from unjustified dismissal and provides certain rights in Law. The internal

auditor has rights of any individual employee only.

a Error and fraud For the external auditor detection of errors and frauds

is incidental, while to the internal auditor detection of errors and frauds is a

very important objective.


5/30

7.2 Can External Auditors Rely On The Work Of Internal Auditor?

Where the external auditors intends to use the work of internal auditors they are

guided by auditing standard ISA 610 : Considering the work of Internal auditing.

The external auditor will assess the following matters before relying on

the work of internal auditors

a Independence of the internal audit.

a Organizational status of the Internal audit department as evidenced by

their reporting and the number of positive actions taken consequent to an

internal audit recommendation.

a Scope & objectives (relevance, set by?) and quality of internal audit work

as evidenced by their files and documentation.

a Standard of professional care Is the internal audit work properlyplanned, supervised, reviewed and documented? The existence of adequate

audit manuals, work programs and working papers would be considered.

a Technical competence of the internal audit staff ie their qualifications,

experience etc the external may for example review the policies for hiring

and training the internal audit staff and their experience and professional

qualifications.

a Reporting standards The institute of internal auditors, an international

body has issued 5 general standards covering the work of internal auditors (i)

Independence (ii) Professional proficiency (iii) Scope of Work (iv) Performance

of audit work (v) Management of audit department. These standards are

supported by specific practice statements and guide lines which provide

practical guidance for the internal auditor.

a Resources available


6/30

After assessing the above matters, the extent of reliance depends on :

Materiality of area under review.

Level of associated audit risk

Level of judgment required

Sufficiency of complementary evidence

Whether internals have some specialist skill.

BUT

The external auditor must always remember that it is his opinion and his

reputation at stake. The external auditor has the sole responsibility for the audit

opinion expressed, and that responsibility is not reduced by any use made of

internal auditing. All judgments relating to the audit of the financial accounts are

those of the external auditor.

7.3 Internal Audit Reports

The audit report is an end product of an internal audit. The objectives of an

internal audit report are:

To recommend and influence change.

To provide an understanding and overview of control issues within an area

under review.

To ensure action is taken on audit findings and recommendations.To document the work carried out on the audit and any limitations of scope

(for example because of disputes).

To provide some form of independent assurance to management.

To provide independent advice, guidance and recommendations to

management particularly on risk (financial or otherwise) and corporate

governance practices.

The report is a marketing tool for the Internal Audit department. It

demonstrates to the organization the value added by the internal audit

function.

Users of Internal Audit Reports

There are a number of users of such reports. For each report it is important to be

aware of the users and what their specific objectives are likely to be. The reports

need to be targeted to the appropriate audience. The users of a report may

include the following.

Operational Management

Audit committees


7/30

Board of directors

Organization as a whole

Risk committees

Finance director

Chief executive Officer

External auditors

Regulatory bodies

There is likely to be a principle user to whom the report will be addressed. This will

usually be the Director/executive of the business or area under review. The audit

committee/ the full board of directors should however see and follow up all reports

produced by the Internal audit department.

7.3.2 Format and content of Internal Audit Reports

Prior to issuing of the final report, the internal auditor should discuss the report

with the management of the audit area to iron out any differences and obtain

explanations to some of the issues the external audit team may have come

across.

Internal Audit reports need to be appropriately structured with a logical flow of

information. The format of reports can vary significantly according to the

organization and approach of the department.

The typical report may be in the following format:

Cover of the report

Subject

Distribution list

Date of issue

Period covered by the report

Any rating/evaluationExecutive summary this could include

Overall summary of outcome from review

Introduction

Overview of scope

Key risks

Opinion

Key findings and recommendations

The major exposures identified during the review and their significance.


8/30

Detailed findings and agreed action

Findings

Risk exposureAgreed action

Responsibility

Deadline/time scaleAppendices

Explanations and further details

Appropriate analysis to back up the matters referred to in the main body ofthe report.

COMPUTERS IN AUDIT MANAGEMENT

7.4.1 The use of computers in audit management: Audit practiceadministration

At the firm level i.e within the audit firm, the role of computers is similar to the role

they play in an audit client that is , it is a management information and

accounting system.

Audit staff log-on chargeable time, which goes into the audit firms billing

system

The computer system will produce partnership accounts, schedules of work-in-

progress and general management information, used by the audit firm

management for decision-making purposes.

Preparation of audit reports and accounts

- word processing, standard letters,- word processing, standard letters, reports etc.reports etc.

7.4.2 The use of computers in audit management: Auditing applications

The computer (P/C) may be used by auditors in the following ways to assist in audit

work:

Flow charting clients system flow-charting computer packages exist to assist the

auditor in drawing flow charts.

Evaluation of audit Risk computer packages exist to assist the auditor in evaluation of

risk.

Preparation of audit programmes audit programmes can be typed into a word

processor, which will allow easy access and up dating. And determining sample

sizes.

Analytical procedures Spreadsheets can be used to generate key details of the

accounts e.g. key accounting ratios that will assist the auditor when carrying out

analytical procedures. Spreadsheets are also vital in data analysis.

Preparation of audit working papers computers are a key resource in the production

of schedules, summaries and other audit working papers.

Used in the application of CAATS Computer- assisted audit techniques, which are a


9/30

key audit tool in a computerized environment.

CONTROLS IN COMPUTERIZED ACCOUNTING SYSTEMS EDP (Electronic Data

Processing System)

The main objectives of a strong Internal Control System be it in a manual or computer-

based accounting environment are (i) to ensure the proper and accurate recording of all

transactions and (ii) to prevent mismanagement, error, fraud and general abuse.

In the past, major components of an internal control system have included such things as:

Separation of duties,

Delegation of authority and responsibility in a clear unambiguous manner,

Recruitment and training of skilled personnel,

A system of authorizations,Adequate documentations and records to provide an audit-trail,

Physical controls over assets and records,

Management supervision and independent checks on performance.

Certainly, the above components must exist in an EDP system; however, use of EDP affects

the implementation of these components in a number of ways (The International

Federation of Accountants IFAC practice statement IAPS - International auditing Practices

statement 1002: EDP EDP Environment-On-line computer systems) these include:

Absence of input documents data may be entered directly into the EDP

system without supporting documents. In some on-line transaction

systems, written evidence of data entry authorization (for example,

approval for order entry) may be replaced by other procedures, such as

authorization controls contained in computer programs (for example, credit

limit approval)

Lack of a visible transaction trail certain data may be maintained on

computer files only. In a manual environment, it is normally possible to

follow a transaction through the system by examining source documents,

books of account and reports. In an EDP environment, however, the

transaction trail may be partly in machine-readable form, or it may existonly for a limited period of time.

Lack of visible output certain transactions or results of processing may not be

printed. In manual environments and in some EDP environments, it is

normally possible to visually examine the results of processing. In other

EDP environments, the results of the processing may not be printed, or only

summary data may be printed. Thus, the lack of visible output may result

in the need to access data retained on computer files readable only by the

computer.

Accessibility of data and computer programs data and computer programs


10/30

can be accessed and altered by persons through the use of on-line

terminals. Therefore, in the absence of appropriate controls, there is an

increased potential for unauthorized access to, and alteration of, data and

computer programs by persons inside or outside the entity.

The above statements indicate that despite the advantages of computerized accounting

systems to an organization, certain characteristics inherent in these systems represent

problems or risks that can only be addressed by developing and implementing special

control mechanisms in the organizations internal control systems. These special controls in

an EDP system can be categorized under 3 areas.

Systems development controls

General controls

Application / Procedural and processing controls

7.5.1 System Development Controls (SDCs)7.5.1 System Development Controls (SDCs)

These are Controls over the entire development process of the computer system, from theThese are Controls over the entire development process of the computer system, from the

initial idea/proposal, designing, testing, and implementation through to acceptance of ainitial idea/proposal, designing, testing, and implementation through to acceptance of a

fully operational system.fully operational system.

In many respects system development controls are the most important - if they areIn many respects system development controls are the most important - if they are

inadequate the whole project is at risk. Any system errors may remain undetected for someinadequate the whole project is at risk. Any system errors may remain undetected for some

time and cause countless problems.time and cause countless problems.Standards must be prescribed for theStandards must be prescribed for the design, development, testing and implementation ofdesign, development, testing and implementation of

systems, programs and amendments.systems, programs and amendments.

SDC 1

There must be proper Consultation with the following groups before Computer systems are

developed.

(i)(i) ManagementManagement

(ii)(ii) Users / departments going to use the systemUsers / departments going to use the system

(iii)(iii) Operators of the systemOperators of the system(iv)(iv) Auditors - internal andAuditors - internal and externalexternal

SDC 2


11/30

There is a need to have clear documentation and Recorddocumentation and Record of the system so developedof the system so developed. A. A

detailed description of the computer programme must be compiled. This could take thedetailed description of the computer programme must be compiled. This could take the

form of:form of:

(i)(i) flowcharts of clerical and computer proceduresflowcharts of clerical and computer procedures(ii)(ii) specification of types and form of inputspecification of types and form of input

(iii) Form and content of master and other files(iii) Form and content of master and other files

(iv)(iv) processing detail and dealing with errorsprocessing detail and dealing with errors

(v)(v) form of output and its distributionform of output and its distribution

(vi)(vi) operational controls and maintenance of audit trailoperational controls and maintenance of audit trail

SDC 3

The system so developed must be fully tested to ensure that all programmes have been

prepared correctly before operating it on live data . Systems testing will take the following

form:

(i)(i) Test packsTest packs - using dummy data on the new system- using dummy data on the new system

(ii) Pilot running(ii) Pilot running running the new system fully with live data for a . limited period.running the new system fully with live data for a . limited period.

(iii)(iii) Parallel runningParallel running with the manual system until it is proved that the new systemwith the manual system until it is proved that the new system

can operate satisfactorily.can operate satisfactorily.

SDC 4 AcceptanceAcceptanceUsers, operators and management must accept the system developed.Users, operators and management must accept the system developed.

7.5. 2 General Controls7.5. 2 General Controls

These are controls over the environment in which computer-based accounting systems areThese are controls over the environment in which computer-based accounting systems are

developed, maintained and operated.developed, maintained and operated.

Purposes - to ensurePurposes - to ensure

(i)(i) the integrity of data and program files and ofthe integrity of data and program files and of

(ii)(ii) operationsoperations..

Basic controls include:Basic controls include:

Segregation of dutiesSegregation of duties requiring appropriate segregation of responsibilities andrequiring appropriate segregation of responsibilities and

duties.duties. In a computerized environment the following functions must be carried out by

separate officers/sections/departments: Development, Data preparation, Computer

Data entry, File Library maintenance, Control.


12/30

Controls over OperatorsControls over Operators operators to have designated and restricted areas ofoperators to have designated and restricted areas of

access within the computer programme by use of pass words.access within the computer programme by use of pass words.

No unauthorized change should be made to accounting programmes that processNo unauthorized change should be made to accounting programmes that process

data by using Pass words and maintaining a record of all changes effected on thedata by using Pass words and maintaining a record of all changes effected on the

system. Also a physical control can be instituted e.g preventing people from havingsystem. Also a physical control can be instituted e.g preventing people from having

access to the computer terminalsaccess to the computer terminals

Hardware controls and SecurityHardware controls and Security Having Fire Precautions and Stand-byHaving Fire Precautions and Stand-by

Arrangements ( Protective measures should be put in place to secure the equipmentArrangements ( Protective measures should be put in place to secure the equipment

and dataand data standby power source, UPS etc)standby power source, UPS etc)

Controls to ensure continuity - File back systems on site and off-site, data recoveryControls to ensure continuity - File back systems on site and off-site, data recovery

procedures, insurance cover etc)procedures, insurance cover etc)

7.5.3 Application / procedural and processing Controls

These consist of controls over completeness, accuracy and authorization of These consist of controls over completeness, accuracy and authorization of

input/processing and maintenance of master files.input/processing and maintenance of master files.

They relate to the transactions and data belonging to each computer basedThey relate to the transactions and data belonging to each computer based accountingaccounting

system and are therefore specific to that system (e.g. payroll, debtors etc.).system and are therefore specific to that system (e.g. payroll, debtors etc.).

(i) Input controls(i) Input controls

These are controls designed to ensure that the integrity of the data entered intoThese are controls designed to ensure that the integrity of the data entered into

the computer system is maintained. That is they ensure that transactions are properlythe computer system is maintained. That is they ensure that transactions are properly

authorized, they are accurately recorded and that they are complete.authorized, they are accurately recorded and that they are complete.

batch totalsbatch totals

comparison of files (e.g. order/invoice)comparison of files (e.g. order/invoice)

sequential numbering of documents-document countsequential numbering of documents-document count

control totalscontrol totals

(ii) Processing and out put controls (Accuracy and Validity controls)(ii) Processing and out put controls (Accuracy and Validity controls)

Processing controls are those controls designed to ensure that the appropriate

computer processes have been performed on the data entered into the computer. These

are exercised within the computer.

Output controls are designed so that the results ultimately reported as a

consequence of the inputting and processing of data are valid, accurate and complete.


13/30

batch processing (not for real time)batch processing (not for real time)

segregation (e.g. of responsibility for application, transaction & master files)segregation (e.g. of responsibility for application, transaction & master files)

control totalscontrol totals

manual authorization and checkingmanual authorization and checkingpro-forma documents (pre-coded if possible)pro-forma documents (pre-coded if possible)

field presence (e.g. must have customer account number)field presence (e.g. must have customer account number)

master file compatibility (does customer exist?)master file compatibility (does customer exist?)

range (e.g. wages within ushs100,000-500,000 per week)range (e.g. wages within ushs100,000-500,000 per week)

batch (e.g. total hours worked)batch (e.g. total hours worked)

sequence (e.g. all delivery notes accounted for)sequence (e.g. all delivery notes accounted for)

logic (e.g. gross, VAT, net calculation checked)logic (e.g. gross, VAT, net calculation checked)

access controlsaccess controls

back-up facilitiesback-up facilities

anti-virus protectionanti-virus protection

effective staff trainingeffective staff training

testing and evaluation of programstesting and evaluation of programs

controls over data input etc.controls over data input etc.

7.67.6 PLANNING A COMPUTER BASED AUDITPLANNING A COMPUTER BASED AUDIT

A computer based system will affect the timing and recording of audit work. The absenceA computer based system will affect the timing and recording of audit work. The absence

of input documents, or audit trail, or output, will necessitate the use of special audit toolsof input documents, or audit trail, or output, will necessitate the use of special audit tools

known as CAATs.known as CAATs.

Broadly there are two approaches which might be considered:Broadly there are two approaches which might be considered:

Audit round the computerAudit round the computer

Audit through the computerAudit through the computer

Audit round the computer:Audit round the computer:

This involves substantive testing of computer input and its reconciliation to output. TheThis involves substantive testing of computer input and its reconciliation to output. The

approach saves time and cost in the short-run, especially when coupled with analyticalapproach saves time and cost in the short-run, especially when coupled with analytical

review.review.

Audit through the computerAudit through the computer::

This is usually preferable although the auditor does require a higher knowledge of EDP. TheThis is usually preferable although the auditor does require a higher knowledge of EDP. The

auditor is required to make detailed contact with the computer hardware and software.auditor is required to make detailed contact with the computer hardware and software.

Auditing through the computer will require the auditor to make use ofAuditing through the computer will require the auditor to make use of computer assistedcomputer assisted

auditing techniques (CAATauditing techniques (CAATs).s).


14/30

Advantages of using CAATs:Advantages of using CAATs:

i.i. CAATs are the only effective way of testing complex systems especially whereCAATs are the only effective way of testing complex systems especially where

large volumes of transactions take place.large volumes of transactions take place.

i.i. The use of CAATs enables the auditor to test a much larger population quicklyThe use of CAATs enables the auditor to test a much larger population quicklyand accurately, and therefore increase the confidenceand accurately, and therefore increase the confidence the auditor has in histhe auditor has in his

opinion.opinion.

i.i. CAATs enable the auditor to test the accounting system and its records (i.e theCAATs enable the auditor to test the accounting system and its records (i.e the

tapes and disk files) rather than relying on testing printouts of what they believe to betapes and disk files) rather than relying on testing printouts of what they believe to be

a copy of those records. I.E. allows testing of live/actual systems.a copy of those records. I.E. allows testing of live/actual systems.

i.i. Once set up , CAATs are likely to be a cost effective way of obtaining auditOnce set up , CAATs are likely to be a cost effective way of obtaining audit

evidence provided that the enterprise does not regularly change its systems.evidence provided that the enterprise does not regularly change its systems.

COMPUTER ASSISTED AUDIT TECHNIQUESCOMPUTER ASSISTED AUDIT TECHNIQUESThere are two main categories of CAATs:There are two main categories of CAATs:

test datatest data

audit softwareaudit software

TEST DATA:TEST DATA:

This is used to test application controls. It consists of data selected by theThis is used to test application controls. It consists of data selected by the

auditor for processing through a clientauditor for processing through a clients system, where the auditor knowss system, where the auditor knows

what results are expected from that processing.what results are expected from that processing.

The data may either be specially developed by the auditor or selected from theThe data may either be specially developed by the auditor or selected from the

clientclients data. It must, however, be as representative as possible of thes data. It must, however, be as representative as possible of the

whole population of data, which it is chosen to represent.whole population of data, which it is chosen to represent.

Test data may be used during a normal run or during a special run set up forTest data may be used during a normal run or during a special run set up for

the purpose.the purpose.

Difficulties in using audit test dataCosts in ascertaining the relevant controls and in constructing test

data from scratch. It may be very difficult to identify all relevant

conditions.

Dangers of live testing - requires careful planning otherwise data

may be corrupted !

Dangers of testing during a special run - this creates an artificial

testing environment. Assurance is needed that normal programs

and files have been used.

Recording - the use of test data does not necessarily provide visible

evidence of audit work performed. Working papers should

therefore include details of the controls to be tested, an

explanation of how they are to be tested, details of the

transactions and files used, details of the predicted results, the

actual results and evidence of the predicted and actual results

having been compared.


15/30

AUDIT SOFTWARE:AUDIT SOFTWARE:

This is used to test both system (general) and application controls. It consists ofThis is used to test both system (general) and application controls. It consists of

purpose written software (there are packages on commercial sale).purpose written software (there are packages on commercial sale).

It may also be built into the design of systems in the form of embedded software ofIt may also be built into the design of systems in the form of embedded software of

System Control And Review Files (SCARF).System Control And Review Files (SCARF).

It is designed to enable the auditor to interrogate a clientIt is designed to enable the auditor to interrogate a clients files, to download thems files, to download them

and to manipulate them. If properly used it is a very powerful tool as it enables theand to manipulate them. If properly used it is a very powerful tool as it enables the

auditor to test the whole system for a full year.auditor to test the whole system for a full year.

Difficulties in using audit software

a. Costs There will be substantial set-up costs .

a. Changes to the clients system there will be a need to alter the softwarebecause of changes made by clients to their own systems. This can be very costly.

7.6.1 Challenges of E-commerce

Its a problem for auditors Loss of audit trail !, E-crime

Basic audit requirement is unchanged obtaining sufficient and relevant evidence ,

on which to base your opinion.

Controls must be developed for the new environment E. signatures.

7.7 AUDIT OF NOT-FOR-PROFIT ORGANIZATIONS

7.7.1 Charity - A charity is a common form of not-for-profit organization.

Charities may be constituted in a variety of ways. Some may be unincorporated

entities, some are incorporated under company legislation, and others are

constituted and registered under the NGO Statute, in Uganda.

In all cases the objectives of the charity will be set out in its governing document,

The constitution and its activities should accord with its objectives and any

relevant legislation e.g. the NGO statute.

A copy of the constitution should be kept on the auditors permanent file.

7.7.2 Financial statements of charities include:

Statement of Financial activities (SOFA) that will include:

Receipts and payments statement

Income and expenditure statement watch out for any revenue

generating activity of the charity on commercial lines e.g.

Poultry farm etc


16/30

Balance sheet showing the assets, liabilities and funds of the charity.

Cash flow statement and notes

Auditors report on the truth and fairness of the financial statements.

7.7.3 Audit problems of charities

Lack of segregation of duties and use of unqualified staff it is

unlikely that the charity will employ many people, if any.

The level of internal control may well be low and it may be

difficult for the auditor to require many detailed checks on

the actions of unpaid volunteers.

Window-dressing The charity may wish to present a

reasonably favorable picture in its annual report to

encourage further donations. Auditors must, however,

guard against the possible window-dressing of the financial

statements.

Donations - These may either be cash donations or donations

in kind. In many cases they may not be supported by

invoices/ equivalent documentation. Obtaining assurance

as to the completeness and accuracy of recorded donations

can therefore be difficult.

There is a difficulty of obtaining suitable evidence with regards

to income some donors prefer to be anonymous.

Grants to beneficiaries how do you ascertain that they were

the rightful beneficiaries?

7.7. 4 Audit Procedures for charitiesPlanning auditor should properly plan and control their work in the light of

the accounting and auditing requirements of the charity under review. At

the planning stage the auditor should consider:

The scope of the audit

The requirements of the NGO Board/compliance with the law.

Accounting policies used by the charity

Special circumstances of the sector within which the charity operates

Key audit areas

Detail in the financial statements on which auditors to report.

Inherent Risk Consider IR factors like complexity/extent of

regulation, significance of donations and cash receipts, lack of

predictable income, tax rules etc.


17/30

Control Risk Consider CR factors like - Time committed and degree of

involvement by trustees, skills of trustees, Independence of

trustees from each other, division of duties.

Examine details of the trust deed / constitution and any other legislation

affecting the operations of the charity.

Vouch / check all expenditure, and ensure it relates to the objects of the

charity and has been properly authorised.

Where separate funds (restricted funds) are kept for specific purposes or

depending on donors requirements, ensure that the regulations governing

these have been observed. Look out for commingling of funds.

Ascertain that there is a proper system of internal control in force to ensure

that there is no misappropriation of subscriptions and donations.

Collections from the public - These should be checked for validity and

completeness: (church baskets, mosque boxes, charity tins etc)

a. There should be strict numerical control over collection boxes,

which should be sealed to prevent unauthorized opening.

a. The boxes should be regularly collected, and dual counting and

recording of the contents should be made.

a. There should be dual control if possible over the opening of mail,

and all postal receipts should be immediately recorded and later

reconciled to the cashbooks.

a. There must be agreement of bank paying-slips to record of

receipts by an independent person.

a. Acknowledgements sent to all donors should be considered.

Legacies should be related to detailed correspondence files and outstanding

legacies receivable should be followed up (legacy = receivable from the

estate of a dead person by way of a will)

Government grants to the charity should be checked and the auditor should

confirm that the grant is used as per conditions on that grant.

Where a charity has branches, there must be regular reports from such

branches to the head office. Auditor should check that all branches are

included in the financial reports of the charity.

Grants to beneficiaries should be checked against correspondence and should

be authorized by management committee. They should be in line with the

objectives of the charity.

Auditors should check that:


18/30

a. Bankings are made promptly upon receipt

a. Bankings are checked to receipt records

a. Regular bank reconciliations are made

a. Returned cheques are examined for date, signature, payee,

endorsements etc

Audit of Balance sheet and other financial statements will follow similar

procedures as for profit organizations. Focus will be on confirming the

assertions Completeness, Ownership, Valuation, Existence, and

Disclosure etc. In particular watch out for:

Understatement /incompleteness in income

Overstatement of grants or assets

Misanalysis of misuse of funds

Misstatement and out right theft of assets like donated properties

Carry out analytical review Vs budgets.

7.7. 5 Auditors report.Will take the normal form of auditor report except it must refer

to the constitution and other legal requirements setting up

the charity.

Where the financial statements are prepared on a cash basis

other than accruals basis the auditors report musthighlight that fact.

Provided auditors satisfy themselves on the reasonableness of

the accounting systems and controls in operation, and there

is no reason to suspect that income has been omitted

(because of difficulties of obtaining suitable evidence with

regards to income), they may be able to issue unqualified

report.


19/30

FEATURES OF GOVERNMENT AUDIT

Government audit is a means of ensuring public accountability for the use of

funds by the Government and also acts as a tool for exercising financial

control.

7.8.1 INSTITUTIONAL FRAMEWORK FOR GOVERNMENT AUDIT.

The

accountability cycle

In a democratic society, accountability falls in the following stages:

i. Members of public elected by the public

i. MPS vote funds for various programmes

i. Government spends the so voted for funds

i. Government has the obligation to account for the

manner in which the funds so voted have been spent;

and

i. The Auditor general independently audits theannual appropriation accounts prepared by Government

and reports back to Parliament through the annual

report whether the funds so allocated to government

have been properly spent.

In Uganda Government audit is performed by the Auditor General.

Recognizing the importance of a proper institutional framework for

Government accounting and auditing, the Constitution of Uganda (1995) and

the Public Finance and Accountability Act, 2003 give a special status to the

Auditor General and contains provisions to safeguard his independence from

the Legislature and the Executive arm of the Government.

The PublicParliament (The

Legislature)

Auditor General

Government Cabinet

(The Executive)


20/30

7.8.2 MANDATE OF THE AUDITOR GENERAL : APPOINTMENT, POWERS,

DUTIES AND RESPONSIBILITIES OF THE AUDITOR GENERAL

The powers, duties and responsibilities of the Auditor General are found in:

i. The Constitution, 1995.

i. The Public Finance and Accountability Act, 2003. (PFA

Act)

i. Other Acts of parliament.

7.8.2.1 Appointment :

According to Article 163 of the Constitution the Auditor General is appointed

by the President with approval of the Parliament.

7.8.2.2.Duties and responsibilities

Article 163 of the 1995 constitution of the Republic of Uganda and section

33 of the PFA, Act 2003 outline the duties of the Auditor General which cab

be summarized as follows:

i. To examine, inquire into , audit and report on all the

public accounts of Uganda and all public offices including

courts, the central and local administrations, Universities

and public institutions of like nature and any other public

corporation or other bodies or Organisations established by

an Act of Parliament,

i. To audit and report on all expenditures from the

Consolidated fund (this fund is defined by the Constitution,

1995 in section 153) in this regard he has to ascertain

whether the moneys shown in the accounts as having been

disbursed were legally available for and applicable to the

service or purpose to which they have been applied or

charged and whether the expenditure conforms to the

authority given.

i. To audit and report on all receipts which are payable

into the consolidated fund.

i. To assess the adequacy of management control of

public moneys and state property,

i. To review that financial businesses have been

conducted with due regard to economy, efficiency and

effectiveness ( to conduct financial and value for money


21/30

audits in respect of any project involving public funds)

i. To satisfy him/herself that there is proper safe guard of

public money and state property.

i. To prepare and submit an annual audit report to

Parliament. And draw the attention of the Parliament to any

irregularities in the accounts audited and any other matter

which in his opinion ought to be brought to the attention of

the parliament.

i. Examination and reporting on confidential government

contracts to express an opinion on the adequacy of the

summaries of confidential contracts.

7.8.2.3 Powers of the Auditor General

The 1995 constitution and the PFA, Act 2003 give the Auditor General powers

which reaffirms his independence.

i. The auditor general shall not be subject to direction or

control of any other person or authority in the exercise of

their function [Article 163(6) of the constitution]. This power

emphasizes the concept of independence of the auditor

general.

i. He has the power to require a public officer, within 3

months, to give explanation or information on any query

raised by the auditor general;

i. Power to appoint any competently qualified person to

carry out the audit on his behalf,

i. Power to access all records, books of accounts,

vouchers, documents, cash, stamps, securities, stores or

other public property in the possession of any public officer.

i. Power to disallow any item of expenditure which is

contrally to the law.

i. May, by summons, require the appearance of any

person or the production of any relevant accounts, records

or other documents

i. Power to require a person to make an oath or

affirmation to answer truthfully all questions relating to an

audit or examination.

i. Power to recommend to the attorney general any cases


22/30

for prosecution

i. The power to surcharge :

the amount of any expenditure disallowed upon the person

responsible for incurring or authorizing the expenditure,

any sum which has not been duly brought into account upon the

person whom the sum ought to have been brought into account.

7.8.2.4 Status of the Auditor General

The following provisions of the 1995 constitution and the PFA, Act 2003 seek to

safe guard the status and independence of the Auditor general :

1). The Auditor general can only be removed from office by the President only for:

Inability to perform the functions of his or her office arising from

infirmity of body or mind;

Misbehavior or misconduct; or incompetence

2). According to article 163(2) of the constitution, a person cannot be appointed

as Auditor General, unless that person meets the following criteria:

Is a qualified accountant (therefore, subject to theprofessional code of conduct) of not less than 15 years

standing and

Is a person of high moral character and proven integrity.

3). His salary and conditions of services are guaranteed by the constitution as a

charge from the consolidated fund.

4). Reports to the Parliament and the constitution requires parliament to debate

his report within six month of submitting it to parliament, and to take action on his

recommendations. PAC Public accounts Committee etc

5) Is not subject to the direction of any person/party as to the manner in which

functions are carried out; powers are exercised; or priority given to a particular

matter.

6). The constitution requires the accounts of the office of the auditor general to be

audited and reported upon by another auditor appointed by Parliament.

7.8.2.5 Organization of the office of auditor general

Auditor General

Directors of audit


23/30

Directorate of Central government accounts

Directorate for Prastatals and statutory commissions

Directorate for local governments

Administration and Training.

Principal auditors

Senior Auditors

Auditor Degree holders

Examiner of Accounts diploma holders

7.8.3 NATURE OF GOVERNMENT AUDITS

Government audit encompasses two main elements:

1. Fiscal accountability Compliance or regularity auditing and financial

auditing involving the audit of expenditure, receipts and other elements of

financial statements of the Government;

1. Managerial accountability Value for money audit: audit of efficiency,

economy and effectiveness

7.8.3.1Fiscal Accountability

Ensuring fiscal accountability is a very significant aspect of Government

audit. This involves:

Audit of expenditure

Auditor general will examine whether or not the following essential

conditions for incurring Government expenditure have been satisfied:

That there is Provision of funds out of which the expenditure can be

met. This provision should have been authorised by competent

authority fixing the limits within which the expenditure can be

incurred. This scrutiny is known as audit of provision of

funds .The executive (cabinet) will seek this authority from the

Parliament (annual budget), local governments get the authority

from their councils. Therefore the power of provision of funds is

with the legislature.

That there is proper sanction covering the expenditure. The sanction


24/30

may be either specific to the expenditure (i.e special sanction) or it

may be a general sanction. It should have been accorded by

competent authority. This part of the audit is term audit of

sanctions . The auditor therefore should be conversant with the

sanctioning powers of various authorities.

That the expenditure incurred conforms to the relevant provisions of

the constitution or of the laws made there under and is in

accordance with the financial rules and regulations framed by the

authority. This part of the audit is called audit of regularity .

Under this the auditor has to examine the following: all payments

are according to the rules and orders regarding powers to sanction

and incur expenditure and regarding mode or presentation of

claims for expenditure; Claims are made in accordance with rules

and in the proper form; the prescribed preliminaries for incurring

expenditure are observed; the rates paid for work done or supplies

made are in accordance with any scale or schedule prescribed by

competent authority etc.

That the expenditure is incurred with due regard to broad and general

principles of financial propriety/correctness/fitness i.e audit of

propriety . The auditor has to examine whether in making the

expenditure, a reasonably high standard of financial morality,

sound financial administration and devotion to the financial

interests of the Government has been maintained. While there are

no hard and fast rules laid down regarding the standards of

financial propriety, the auditor should, while conducting this phase

of audit, look into the following matters:

the expenditure does not seem prima facie to be more

than what the occasion demands,

the authorities involved in the expenditure have made

the expenditure with same degree of caution as a

person of ordinary prudence would exercise in

respect of his own money,

the authorities involved in the expenditure have not

derived any direct or indirect advantage from the

transaction,

public money is not utilized for the benefit of a

particular person or section of community and the


25/30

benefits accrues to the public in general unless :

the amount involved is insignificant; or a claim for

the amount could be enforced in a court of law; or

the expenditure is in pursuance of a recognised

policy or custom.

Audit of Receipts

Government audit also covers receipts payable into the

consolidated fund of the central government and of each of the

local authorities. Government revenue can be classified as tax

revenue and non-tax revenue. Tax revenues are on account of

direct taxes and indirect taxes.

An audit of tax revenues involves an examination of the quasi-

judicial act of assessments made by the relevant authorities. Non-

tax revenue, on the other hand, is generally governed by a

contract, a tariff or general financial rules and regulations e.g traffic

offence fines, passport fees etc. The auditor has to satisfy himself

that the rules and procedures in case are designed in such a

manner that amounts due to Government are regularly recovered

and duly brought into the accounts.

The emphasis in audit of receipts is on examining the procedure

regarding the assessment, collection and refund of all revenue

receipts to determine whether it provides adequately for actually

secures:

The collection and utilization of data necessary

for the computation of the demands or

refunds under law;

The prompt raising of demands on tax payers in

the manner required by law;

The regular accounting of demands, collections

and refunds

The correct accounting and allocation of

collections and their credit to the consolidated

fund;

The existence of proper safeguards to ensure

that there is no willful omission or negligence

to levy or collect taxes, or to issue refunds,


26/30

The follow up of claims on taxpayers with due

diligence. The claims should not be

abandoned or reduced except with adequate

justification and proper authority;

Prompt detection and investigation of double

refunds, fraudulent or forged refund orders, or

other losses of revenue through fraud, default

or mistake.

Audit of debts and investments

The procedures described above also apply here. The first step in

the process of verification of these items is to ascertain how far the

final balances agree with the ledger balances; secondly ascertain

where necessary, whether the person or persons by whom the

balance is owed or to whom it is due, admit its correctness, and in

case of balances due, to what extent are they recoverable.

Borrowings: The Auditor should examine whether the borrowings

are within the limits fixed by the legislature from time to time and

whether conditions relating to the loans are duly observed. The

auditor should also examine whether the proceeds from the loans

are properly accounted for and are spent only on objects for which

the loans were originally raised. Sections 20 30 of PFA, Act 2003

gives regulations for Government borrowings.

Investments : The auditor has to examine whether the

investments made on account of any regularly constitutes sinking

fund or other fund administered by the Government are of such

nature as is authorised by the statutory provisions or by instrument

governing the fund. The auditor should also take up promptly with

the Government, cases of investments, which he considers to be

unauthorized, irregular or unsound.

Loans and advances: The auditor should review the reasons for

making the loan or advance as well as the conditions on which it is

made.

Audit of stores and stocks (The term stores in

Government accounting includes all articles and

materials purchased or other wise acquired for the

use of the government, and thus includes items like


27/30

plant, machinery, instruments, furniture,

equipments, fixtures,livestock, cars etc)

Audit of all articles and materials including plant, machinery,

furniture and equipment is carried out as follows:

The internal regulations and controls governing purchase,

receipts, issue, custody, sale, write-off and stock taking

procedures and reviews (see Public Procurement and

Disposal of Public assets Act, 2003 PPDPA, Act 2003)

Purchases are audited according to the rules prescribed for

audit of expenditure and in line with procurement

guidelines(tendering, shopping etc) under the PPDPA, Act

2003.

The system of accounting for stores is reviewed. The auditor has

to examine whether the balance in hand is within the

maximum prescribed limits and is not excess of reasonable

requirements.

The sanction for write-offs /disposals is scrutunised and is

accordance with the PPDPA, 2003. The auditor examines

whether necessary action has been taken to segregate and

dispose of unserviceable, surplus or obsolete stores in

accordance with the prescribed procedures under the PPDPA,

2003.

The auditor reviews the system of physical stocktaking. Where

he finds discrepancies in the stores accounts, the auditor

has a right to inspect the physical balances

Where a priced ledger is maintained the auditor has to review

the prices charged and examine the balances at hand.

7.8.3.2 Managerial accountability Value for money audit

Government audit also seek to evaluate economy, efficiency and

effectiveness of selected government activities.

Economy is concerned with minimizing the cost of resources acquired or

used, having regard to appropriate quality.

Efficiency refers to the relationship between the output of goods / services

or other results and the resources used to produce them. Thus the auditor

examines how far maximum output is achieved for a given input, or

minimum input used for a given output.


28/30

Effectiveness is the relationship between the intended results and the

actual results of projects, programmes or other activities. Thus the auditor

examines how successfully the outputs of goods /services or other results

achieve policy objectives, operational goals and other intended effects.

In practice, the boundaries between economy, efficiency and effectiveness

are rarely clear-cut. Therefore in carrying out a value for money audit, the

auditor looks at these aspects together particularly when considering the

closely linked aspects of economy and efficiency.

EXAMPLE: Value for money audit Programme for construction of a hospital

might cover an examination of any or all of the following aspects:

i. The tendering, contract and project control

procedures to establish how far the hospital and

associated facilities have been built to specification, on

time and at lowest achievable cost or within approved

cost limits.

i. Utilisation of wards, beds, operation theatres and

equipment; medical and administrative staff

allocations and mix; integration of services;

maintenance; management and resource allocation

systems; etc

i. Results achieved e.g in terms of reduction in

patient waiting lists, increase in operations

performed, improved diagnostic and treatment

services and, ultimately, the improvement in health

and quality of life, reduced mortality rates, etc.

7.8.4 THE AUDIT REPORT :

The auditor generals report enables the public to know with confidence

how public funds have been spent. He issues both a management letter

and the audit report, parliament (PAC)

The basic elements of the report are:

i. Title

i. Content

Audit assignment: The auditor should state that the financial

statements identified in the report have been audited; the


29/30

responsibility of the management and of the auditor on the

financial statements.

Objectives and scope of the audit.

Opinion paragraph qualified or unqualified, adverse, disclaimer of

opinion.

i. Signature

i. Date

7.8.5 DOES THE AUDITOR GENERAL REALLY HAVE FULL CONTROL OF HIS

POWERS TO EFFECTIVELY CARRY OUT THE MANDATE?

(to what extent does auditor general carry out independent review of

accounts ?) The following factors affect the ability of the auditor general

to act effectively

a) The auditor general is not totally independent. For the office of the

Auditor general to function effectively and efficiently it should have freedom from

control or undue influence by the executive, but the practice is that Government

does not allow the full range of its activities to be subject to an independent

analysis and evaluation Classified expenditure!

b) Policy issues are a no go area which auditors dare not question directly,

so how do you assess value for money

c). Staff of the office of the auditor general are recruited by the public

service commission. This makes it difficult for the Auditor general to establish

standards in terms of quality of professional qualification of personnel,

d). The staff still depends on the Ministry of Finance Planning and Economic

Development for budgetary and financial matters,

e). Staff remuneration, conditions of services and other required logistics still lie

outside the ambit of the office of the auditor general

f) The attitude of public officers in providing records to auditors. Auditors

encounter with some civil servants, military and other security fields have not

been very pleasant, because some of these official refuse to adhere to statutory

rights, which assure the auditors access to all records.


30/30

g) Lack of effective follow-up on Audit reports these reports are relegated to

parliamentary committees many of whose members do not even have the ability

to understand the queries raised by the auditor general later on following up the

recommendations!

h) Insufficient legal foundation the law is insufficient to ensure total

independence and proper mandate to the auditor general. Is there a case for an

independent GOVT AUDIT AUTHORITY ?

audit notes-topic 7

Documents