auditing process of a company

8/11/2019 Auditing Process of a Company

1/33

Page | 1

Abstract

Auditing is nothing but the pillar of an organizations decision making capacity. An

organization involved in auditing due to the confirmation that the work that continuing in the

organization is exact or not. It is a process of objectively obtain and evaluating evidenceregarding assertion about the economic action and events to ascertain the degree of

correspondence between those ascertains, established criteria and communicating the result to

interest user. So it provides a clear conception about the clearance of the annual report or the

financial statement. We are the group SALVOmade an audit report with the help of the

balance sheet of the NAVANA CNG LTD 2013. Here we gathered all the relevant

information. Then we started to test the information. After completing all the testing,

evaluation and interpretation we have provided them an unqualified audit report.

Objective of the study

The main objective of the study is to analyze the procedure of providing an audit report.

Based on this specific objective, the following complementary objectives will be highlighted-

To know how an auditor become engaged with a firm.

To know how audit compliance with laws and regulations

To gather knowledge about different terms and symbols of auditing.

Scope of the study

As, we are the student of business it is our duty to know how an organization walks and how

the movement of the organization can be controlled. The most important matter is here that

very recently we have studied our audit course under a great and intellectual personality Md.

Zakir Hosen, Asst. professor& Chairman, Accounting and Information System. In this

course we have learned the accounting standards and the way to provide an audit report. Here

we have also learned the way analyze the information that is needed to prepare the report.

Here we gather the knowledge about the importance of the auditing in the achievement of an

organizations goal. So when we took the step to prepare the report then it became clear to usthat there are some deviations in the preparation of the audit report. SO it is a fact that there

are some deviation of the theoretical and the practical use of auditing method. So, the

preparation of this report helped us to know the deviation between the audit report

preparation process in practical and the theoretical stage. With the preparation of this report

we will be able to know how to control the conduct an audit operation and how it can help to

control the quality of the company. So preparation of this report will help us to prepare our

self for the future competitive world.


2/33

Page | 2

Methods of gathering information

According to the nature of the report we have used the descriptive method to prepare the

report.There are two sources of data; primary and secondary. Primary data means datacollected from the field survey through the active participation of the CA firm. Secondary

data means data collected from the published journals, books, internet, etc. In this study the

researchers have used secondary data to complete the report and the data is collected from the

books of assurance and internet.

Limitation of the study

Though we have tried our level best to prepare a prudent report, but at the period of preparing

the report we have to face a lot of obstacles. Because of the existence of these obstacles here

exist some limitations of the study-

We could not found any specific information.

Huge deviation in the practical and theoretical concept in our country.

The report is nothing but a hypothetical report.


3/33

Page | 3

ChapterOne (Concept of and need for assurance)

01.1. What is Assurance?

An assurance engagement is one in which a practitioner expresses a conclusion designed to

enhance the degree of confidence of the intended users other than the responsible party about

the outcome of the evaluation or measurement of a subject matter against criteria.

The key elements of an assurance engagement are as follows:

Three people or groups of people involved-

The practitioner (accountant)

The intended users

The responsible party (persons who prepared the subject matter)

A subject matter:It is likely to fall following categories-

Date (for example, financial statement or business projections)

Systems or process (internal control systems or computer systems)

Behavior (social and environmental performance or corporate governance)

Suitable criteria: The person providing the assurance must have something by which to

judge whether the information is reliable and can be trusted.

Sufficient and appropriate evidence to support the assurance opinion

A written report in appropriate form

01.2. Level of assurance:

Reasonable assurance engagement-

Sufficient and appropriate evidence: In a reasonable assurance the auditor look up a whole

system of a subject matter so the sufficient and appropriate evidence is very high.

Types of opinion:Here the auditor provides the opinion is positive and straight forward like-

The statement by the Chairman X is reasonable.

Limited assurance engagement-

Sufficient and appropriate evidence:As the auditor has limited access to the subject matter

so in a limited engagement evidence is relatively low.

Types of opinion: In limited engagement the auditor expressed opinion is negative and

indirect like- Nothing has come to attention indicating that the statement is reasonable.

01.3. Limitations of assurance:

The limitations of assurance services include-

The fact that testing is used.

Accounting systems may have inherent limitation.


4/33

Page | 4

Audit is persuasive rather than conclusive.

Assurance providers would not test every item in the subject matter.

Assurance provision can be subjective and professional judgments have to be made.

Nature of the assurance report might itself be limiting.

The fact that client members may collude in fraud.01.4.What is Audit?

Auditing is a systematic process of objectively obtaining and evaluating evidence regarding

assertions (Financial Statements including footnotes) about economic actions and events to

ascertain the degree of correspondence between the assertions and established criteria

(GAAP,GAAS) and communicating the results (Auditor's Report/Other Reports) to interested

users or stakeholders (Persons who rely on the financial reports i.e. Creditors, Investors etc.).

The objective of audit of financial statements is to enable the auditor to express whether the

financial statements are prepared, in all material respects, in accordance with an applicable

financial reporting framework.

All assurance is audit but all audits are not assurance.

Assurance subject matter may be data, systems or behaviors but the audit is only on the

economic actions or financial statements.

Evidence: Evidence includes all the information contained within the accounting records

underlying the financial statements, and other information gathered by the assurance

providers, such as confirmations from third parties.

Assertions:Representations by management, explicit or otherwise, that are embodied in the

financial statements, as used by the auditor to consider the different types of potential

misstatements that may occur.

Criteria:The benchmarks used to evaluate or measure the subject matter including, where

relevant, benchmarks for presentation and disclosure. Criteria can be formal or less formal.

There can be different criteria for the same subject matter.

01.5.Suitable criteria exhibit the following characteristics:

Relevance: relevant criteria contribute to conclusions that assist decision-making by the

intended users.

Completeness: criteria are sufficiently complete when relevant factors that could affect the

conclusions in the context of the engagement circumstances are not omitted. Complete

criteria include, where relevant, benchmarks for presentation and disclosure.

Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the

subject matter including, where relevant, presentation and disclosure, when used in similar

circumstances by similarly qualified practitioners.

Neutrality:neutral criteria contribute to conclusions that are free from bias.


5/33


6/33

Page | 6

01.8.Value of an Audit:

To society:capital markets benefit

To owners and prospective owners: remote ownership, complex transactions, investmentdecisions

To corporate governance, the Board of Directors and audit committee: representing

shareholders interests

To management

running the company with good information

cost of and access to capital

operating efficiency and effectiveness

credibility of performance indicators

properly accounting for complex transactions

Constituents: society, owners and prospective owners, corporate governance, management

All of these constituents need good information. Even nonpublic companies elect to have

audits, although they are not required to do so by any law or regulation.

01.9. The Auditing Process:

Management produces financial statements and ICFR report

Auditor gathers and evaluates evidence

Many forms of evidence; anything the auditor uses

Auditor uses established standards to compare evidence to the financial statementsand ICFR report

Looks for correspondence between what is presented and the underlying evidence

Uses processes described/required in auditing standards.

Auditor issues report

01.10. GenerallyAccepting Auditing System (GAAS):

In 1947, the American Institute of Certified Public Accountants (AICPA)adopted GAAS toestablish standards foraudits.The standards cover the following three categories:

General Standards relates to professional and technical competence, independence, and

professional due care.

Field Work Standardsrelates to the planning of an audit, evaluation of internal control,

and obtaining sufficient evidential matter upon which an opinion is based.

Reporting Standardsrelates to the compliance of all auditing standards and adequacy of

disclosure of opinion in the audit reports. If an opinion cannot be reached, the auditor is

required to explicitly state their assertions.
http://en.wikipedia.org/wiki/American_Institute_of_Certified_Public_Accountantshttp://en.wikipedia.org/wiki/Audithttp://en.wikipedia.org/wiki/Field_Workhttp://en.wikipedia.org/wiki/Field_Workhttp://en.wikipedia.org/wiki/Audithttp://en.wikipedia.org/wiki/American_Institute_of_Certified_Public_Accountants


7/33

Page | 7

01.11. Different types of comments/opinions against the report:

There are five types of audit report opinion. The details about these opinions are given below-

Standard unqualified: Auditors frequently issue the standard unqualified audit report

opinion. There have some conditions for standard unqualified audit report. These are given in

below:

Here all financial statements are included.

The three general standards have been followed in all aspects on the engagement.

Sufficient evidence has been accumulated to conclude that the three standards of field

work have been met.

The financial statements are presented in accordance with generally accepted

accounting principles.

There are no circumstances requiring the addition of an explanatory paragraph or

modification of the wording of the report.

Unqualified report with explanatory paragraph:Auditors may issue the unqualified audit

report with explanatory paragraph or modified wording report. Here also some conditions, as-

Lack of consistent application of generally accepted accounting principles.

Substantial doubt about going concern.

Auditor agrees with a departure from promulgated accounting principles.

Emphasis of a specific matter.

Repots involving other auditors.

Qualified Audit report or Opinion:Qualified opinion report can result from a limitation on

the scope of the audit or failure to follow generally accepted accounting principles.

Adverse Audit Report or Opinion:It is used only when the auditor believes that the overall

financial statements are so materially misstated or misleading that they do not present fairly

the financial position or results of operations and cash flows in conformity of generally

accepted accounting principles.

Disclaimer of Audit Report or Opinion: It is issued when the auditor is unable to be

satisfied that the overall financial statements are fairly presented.


8/33

Page | 8

01.12. The relationships among auditing, attestation, and assurance services:

10.13. Beneficiaries of Audits:

Assurance Services

Any Information

Attestation Services

Primarily Financial Information

Auditing

Financial Statements


9/33

Page | 9

ChapterTwo (Process of assurance: Obtaining an engagement)

Engagement Overview:

02.1. Obtaining an engagement:

Accountants are permitted to advertise for clients, within certain professional guidelines.

Accountants may sometimes be invited to tender for an audit. It means that they offer a quote

for services, outlining the benefits of their firm and personnel, usually in competition with

other firms which are tendering at the same time.

02.2. Accepting an engagement:

The present and proposed auditors should normally communicate about the client prior to the

audit being accepted.

The client must be asked to give permission for communication to occur. If the client refuses

to give permission, the proposed auditors must consider the reasons for such refusal.The auditors must ensure they have sufficient resources (time and staff, for example) to carry

out the appointment.

The audit firm must have client due diligence procedures in place in order to comply with the

Money Laundering Regulations 2003.

This section covers the procedures that the auditors must undertake to ensure that their

appointment is valid and that they are clear to act.

02.2.1. Acceptance procedures:

At the very beginning, the client organization calls for tender to the audit firms. Then the

audit firms drop tenders to be involved with the organization as a external auditor. When the

client organization gets all the tenders they start to evaluate all the tenders which will be more

profitable to their organization. At the period of evaluation the organization first have to

search for the following characteristics as the minimum requirement for accepting the

auditor-

The auditors must carry out the following characteristics-

Ensure professionally qualified to act:Consider whether disqualified on legal or ethical

grounds, for example, if there would be a conflict of interest with another client.

Obtain

(Or retain)

client

Risk

Assessmen

Substantive

Procedures

Issue

Report

Engagement

Planning


10/33

Page | 10

Ensure existing resources adequate:Consider available time, stuff and technical expertise

are available for the service.

Obtain references:Make independent enquiries if directors no personally known.

Communicate with present auditors:Enquire whether there are reasons or circumstances

behind the change which the new auditors ought to know, also as a matter of courtesy.02.2.2. Sources of information of new clients:

The can take information about the new clients from the following sources-

Enquires of other sources:Bankers, solicitors.

Review of documents:Most recent annual accounts, listing particulars, credit ratings.

Previous accountants or auditors: Previous auditors should be invited to disclose fully all

relevant information.

Review of rules and standards: Consider specific laws or standards that relate to industry.


11/33

Page | 11

02.2.3. Appoint decision chart:

Yes

No

No

Yes

No

Yes

No

Yes

Yes

Accept or Reject the Appointment.

A roach b otential new audit client.

Does client giveold auditor

permission to

reply?

Prospective auditor

should consider carefully

the reason for this

Does client

give

permission tocontact old

auditor?

Is this

the first

audit?

Does old

auditor reply

with

information?

Prospective can make own

decision.

Write for all information pertinent to the

Appointment.

Give old auditor due

notice then decide onbasis of knowled e


12/33

Page | 12

02.3. Agreeing terms of an engagement:

An engagement letter should be sent to all clients to clarify the terms of the engagement.

Agreement of audit engagement terms must be in writing.

It must include an explanation of the scope of the audit, the limitations of an audit and theresponsibilities of auditors and those charged with governance.

It may contain other information concerning practical details of the audit.

02.3.1. The purpose of an engagement letter:

At this stage the auditor has to provide an engagement letter to the client organization.

Auditing standards requires that the auditor and the client should agree on terms of the

engagement. The auditing terms must be writing and the form would be a letter of

engagement. The purpose of letter of engagement is to-

Define clearly the extent of audit of the auditors responsibilities and so minimize the

possibility of any misunderstanding between the client and the firm.

Provide written confirmation of the firms acceptance of the appointment, the scope of the

engagement and the form of their report.

02.3.2. Content of audit engagement letters:

The audit engagement letter should include the following-

The objective of the audit of financial statement.

Managements responsibility for the financial statements.

The scope of the audit, including reference to applicable legislation, regulations, orpronouncements of professional bodies.

The form of any reports or others communication of the results of the engagement.

Unrestricted access to whatever records, documentation and other information is

requested in connection with the audit.

Arrangements regarding the planning of the audit.

Expectation of receiving from management written confirmation of representation

made in connection with the audit.

Description of any others letters or reports the auditor expects to issue to the client.

Unrestricted access to whatever records, documentation and other information isrequested in connection with the audit.

Request for the client to confirm the terms of the engagement by acknowledging

receipt of the engagement letter.

The confidentiality of any reports issued, and, if relevant, the terms under which they

can be shared with third parties.

Basis on which fees are computed and any billing arrangements.

Arrangements concerning the involvement of other auditors and experts in some

aspects of the audit.

Arrangements concerning the involvement of internal auditors and other client staff.


13/33

Page | 13

Arrangements to be made with the predecessor auditor, if any, in the case of an initial

audit.

Any restriction of the auditor's liability when such possibility exists.

A reference to any further agreements between the auditor and the client.

ChapterThree (Process of assurance: Planning the assignment)

03.1. Audit strategy:

The formulation of the general strategy for the audit, which sets the scope, timing and

direction of the audit and guides development of the audit plans. Strategy is the direction and

scope of an organization over the long term, which achieves advantage for organization

through its configuration of resources within a changing environment, meets the needs of the

markets and to fulfill stakeholders expectations. Strategies are about the long term

development and survival of the business.

03.1.1. Key contents of an overall audit strategy:

The audit strategy includes the following-

Understanding the entitys environment:It includes the important characteristics of the

client like business, principal business, financial performance, reporting requirements, etc.

Understanding the accounting and internal control system:It encompasses the accounting

policies of the entity and changes in the policy, effect of new accounting or auditing

pronouncements, etc.Risk and materiality: The expected assessment of the risks of fraud or error and

identification of significant audit areas.

Consequent nature, timing and extent of procedures:Possible changes of emphasis on

specific audit areas and the effect of information technology on the audit.

Coordination, direction, supervision and review: This includes the numbers of locations,

staffing requirements; need to attend client premises, etc.

Others matters:The possibility that going concern basis may be subject to question,

conditions requiring special attention, the terms of the engagement and any statutory

responsibilities will be the special audit strategy.At this stage we tried to understand the entitys situation. Here we followed the rationale

(why), what and process (how) are behind understanding the entity-


14/33

Page | 14

03.1.2. Why obtaining an understanding of the entity and its environment?

To identify and assess the risks of material misstatement in the financial statements.To enable the auditor to design and perform further audit procedures.

To provide a frame of reference for exercising audit judgment, for example, when setting

audit materiality

03.1.3. What obtaining an understanding of the entity and its environment?

03.1.4. How obtaining an understanding of the entity and its environment?

Inquiries of management and others within the entity.

Analytical procedures (which we shall look at in the next section of this chapter).

Observation and inspection.

Prior period knowledge.

Discussion of the susceptibility of the financial statements to material misstatement

among the engagement team.

Understanding the

Entitys environment

Nature

Of the

entity

Objectives

And strategies

And relating

Business risks

Measurement

And review of

The entities

Financial

erformance

Internal

Control

Industry,

Regulatory

And other

External

Factors


15/33

Page | 15

03.2. Audit plan:

An audit plan is more detailed than the strategy and sets out the nature, timing and extent ofaudit procedures to be performed by the engagement team members in order to obtain

sufficient appropriate audit evidence.

03.2.1. Why audit should be well planned?

An audit plan shows how the overall audit strategy will be implemented.

Audits are planned to:

Ensure appropriate attention is devoted to important areas of the audit

Identify potential problems and resolve them on a timely basis

Ensure that the audit is properly organized and managed

Assign work to engagement team members properly

Facilitate direction and supervision of engagement team members

Facilitate review of work

03.2.2. A structured approach to planning will include:

Step 1

Ensuring that ethical requirements continue to be met.

Step 2

Ensuring the terms of the engagement are understood.

Step 3

Establishing the overall audit strategy

03.3. Professional skepticism:

An attitude of professional skepticism means the auditor makes a critical assessment, with aquestioningmind, of the validity of audit evidence obtained and is alert to audit evidence that

contradicts, or brings into question, the reliability of documents and responses to inquiries

and other information obtained from management and those charged with governance.

Misstatements which are significant to readers may exist in financial statements and auditors

will plan their work on this basis, that is, with professional skepticism. The concept of

'significance to readers' is theconcept of materiality.

Professional skepticism does not mean that auditors should disbelieve everything they are

told; however, they must have a questioning attitude.


16/33

Page | 16

03.4. Analytical procedures:

Analytical procedures mean evaluation of financial information made by a study of plausiblerelationships among both financial and non-financial data. Analytical procedures also

encompass the investigation of identified fluctuations and relationships that are inconsistent

with other relevant information or deviate significantly from predicted amounts.They include

consideration of comparisons of the entity's financial information with other information, and

the consideration of relationships among elements in that financial information or between

financial information and non-financial information.

Analytical procedures include:

The consideration of comparisons with:

Comparable information for prior periods

Anticipated results of the entity, from budgets or forecasts or expectations of the auditor

Similar industry information, such as a comparison of the client's ratio of sales to trade

receivables with industry averages, or with the ratios relating to other entities of comparable

size in the same industry.

Consideration of relationships between:

Elements of financial information that are expected to conform to a predicted pattern based

on the entity's experience, such as the relationship of gross profit to sales.

Financial information and relevant non-financial information, such as the relationship ofpayroll costs to number of employees.

A variety of methods can be used to perform the procedures discussed above, ranging from

simple comparisons to complex analysis using statistics. The choice of procedures is a matter

for the auditor's professional judgment.

03.5.Enterprise Risk Management Framework:

MonitoringInternal Environment

Objective

Setting

Event

Identification

Risk

Assessment

Risk

Response

Control

Procedures

Information

And

Communication


17/33

Page | 17

03.5.1. Risk assessment:

The auditor usually adopts a risk-based approach to auditing and focuses his testing on the

riskiest balances and classes of transactions.Audit risk has two elements, the risk that the financial statements contain a material

misstatement and the risk that the auditors will fail to detect any material misstatements.

Risk of material misstatement in the financial statements has two elements, inherent and

control risk.

The risk that the auditor will fail to detect material misstatements is known as detection risk.

Auditors set an acceptable level for overall audit risk and carry out sufficient tests to ensure

this level is met.

When the auditor has obtained an understanding of the entity, he must assess the risks of

material misstatement in the financial statements, also identifying significant risks.

Significant risks are complex or unusual transactions, i.e. those that may indicate fraud or

other special risks.

Audit risk:The risk that the auditors give an inappropriate opinion on the financial

statements.

Inheren

t risk

Detecti

on risk

Contr

ol

risk

Audit

AUDIT RISK = RISK OF MATERIAL MISSTATEMENT + DETECTION RISK

RISK OF MATERIAL MISSTATEMENT=Inherent risk + Control risk


18/33

Page | 18

Inherent risk: The susceptibility of an account balance or class of transactions to

misstatement that could be material individually or when aggregated with misstatements in

other balances or classes, assuming there were no related internal controls.

Inherent risk is the risk that items will be misstated due to characteristics of those items.

Control risk: The risk that a material misstatement would not be prevented detected or

corrected by the accounting and internal control systems.

Detection risk:The risk that the auditors' procedures will not detect a misstatement that exists

in an account balance or class of transactions that could be material, either individually or

when aggregated with misstatements in other balances or classes.

03.5.2. Identifying and assessing the risks:

Step 1

Identify risks throughout the process of obtaining an understanding of the entity

Step 2

Relate the risks to what can go wrong at the assertion level (this is the assertions made in the

financial statements by the directors, for example, that inventory is X)

Step 3

Consider whether the risks are of a magnitude that could result in a material misstatement

Step 4Consider the likelihood of the risks causing a material misstatement


19/33

Page | 19

Inherent, Control and Detection Risk

03.5.3. Significant risks:

Some risks may be significant risks, which require special audit consideration. The following

factors which indicate that a risk might be a significant risk:

Risk of fraud

Related to recent significant economic, accounting or other development

The complexity of the transaction

It is a significant transaction with a related party

`The degree of subjectivity in the financial information

It is an unusual transaction

Routine, non-complex transactions are less likely to give rise to significant risk than unusual

transactions or matters of director judgment. This is because unusual transactions are likely to

have more:

Management intervention

Manual intervention

Complex accounting principles or calculations

Opportunity for control procedures not to be followed

When the auditor identifies a significant risk, if he hasn't done so already, he. must evaluate

the design and implementation of the entity's controls in that area

Events,

Transacti

ons

AccountingInformation

Internal

Controls

Substantive

Procedures

Financia

l

AUDIT RISK

The likelihood thatan error or fraud will occur,

and not get caught

by either the internal controls

or auditors procedures.

DETECTION RISK

The likelihood that

an error or fraud

will not be caughtby the auditors

procedures.

CONTROL RISK

The likelihood that an error

or fraud will not get caught by the

clients internal controls.

INHERENT RISK

The likelihood that,in the absence of

internal controls,

an error or fraud

will enter the accounting

information system

Risk of Material Misstatement (RMM)


20/33

Page | 20

03.5.4. Documentation of Risk Assessment:

Once the assessed level of risk has been determined, so we have documented the following in

our work papers:

A description of the risk assessment technique used.

The identification of significant risks.The risks the audit is going to address.

The audit evidence used to support our assessment of risk.

Chapter- four: (Evidence & Sampling)

04.1. Audit evidence:

All of the information used by the auditor in arriving at the conclusions on which the audit

opinion are based. Audit evidence includes all the information contained within the

accounting records underlying the financial statements, and other information gathered by the

auditors, such as confirmations from third parties. Auditors are not expected to look at all the

information that might exist.In order to reach a position in which they can express a

professional opinion, the auditors need to gather evidence from various sources. There are

potentially two types of test which they will carry out: tests of controls and substantive

procedures.

The audit evidence gathered by us was documented and organized to support our findings and

conclusions. Finally, when we were enforced to believe that sufficient audit evidence cannot

be obtained, we then could disclose this fact as a scope limitation within the audit report.Tests of controls:Performed to obtain audit evidence about the effectiveness of controls in

preventing, or detecting and correcting material misstatements at the assertion level.

Substantive procedures:Audit procedures performed to detect material misstatements at the

assertion level. They include:

Tests of detail of classes of transactions, account balances and disclosures.

Substantive analytical procedures.

04.1.1. Sufficient appropriate audit evidence:

Audit Evidence requires auditors to 'obtain sufficient appropriate audit evidence to be able to

draw reasonable conclusions on which to base the audit opinion'. Sufficiency' and

appropriateness' are interrelated and apply to both tests of controls and substantive

procedures.

Sufficiency is the measure of the quantity of audit evidence.

Appropriateness is the measure of the quality or reliability of the audit evidence.

How much evidence is required will depend on the level of assurance being offered in an

engagement.

The quantity of audit evidence required is affected by the level of risk in the area being

audited. It is also affected by the quality of evidence obtained. If the evidence is high quality,

the auditor may need less than if it were poor quality. However, obtaining a high quantity of


21/33

Page | 21

poor quality evidence will not cancel out its poor quality. The following generalizations may

help in assessing the reliability of audit evidence.

04.1.2. Quality of evidence:

External Audit evidence from external sources is more reliable than that obtained from the

entity's recordsAuditor Evidence obtained directly by auditors is more reliable than that obtained indirectly

or by inference

Entity Evidence obtained from the entity's records is more reliable when related control

systems operate effectively

Written Evidence in the form of documents (paper or electronic) or written representations

are more reliable than oral representations

Originals Original documents are more reliable than photocopies, or facsimiles

04.1.3. Financial statement assertions:

The representations by management, explicit or otherwise, that are embodied in the financial

statements. By approving the financial statements, the directors are making representations

about the information therein. These representations or assertions may be described in

general terms in a number of ways.

The auditor should use assertions for classes of transactions, account balances, and

presentation and disclosures in sufficient detail to form a basis for the assessment of risks of

material misstatement and the design and performance of further audit procedures.

04.2. Sampling technique:

Audit sampling is the application of an audit procedure to less than 100% of the population toenable the auditor to evaluate audit evidence within a class of transactions for the purpose of

forming a conclusion concerning the population. When designing the size and structure of an

audit sample, we have considered the audit objectives determined when planning the audit,

the nature of the population, and the sampling and selection methods.


22/33

Page | 22

04.2.1. Selecting the Sample:

We have selected the sample items in such a way that they are representative of the

population. The most commonly used sampling selection methods are:

Statistical Sampling Methods

Random Samplingensures that all combinations of sampling units in the population have

an equal chance of selection.

Systematic Sampling involves selecting sampling units using a fixed interval between

selections with the first interval having a random start.

Non-Statistical Sampling Methods

Haphazard Sampling the auditor selects the sample without following a structured

technique.

Judgmental Samplingthe auditor places a bias on the sample. For example, selecting only

sampling units over a certain value.

The selection of the sample size is affected by the level of sampling risk that the auditor is

willing to accept.Sampling risk is the risk the auditors conclusion may be different from the

conclusion that would be reached if the entire population were subjected to the same audit

procedure. The two types of sampling risk are:

The Risk of Incorrect Acceptance the risk that a material misstatement is assessed as

unlikely, when in fact the population is materially misstated.

The Risk of Incorrect Rejectionthe risk that a material misstatement is assessed as likely,

when in fact the population is not materially misstated.

Once the sample items have been selected to be tested, we have begun the audit tests usingComputer Assisted Auditing Techniques (CAATs), which will be discussed shortly.
http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_riskhttp://en.wikipedia.org/wiki/Sampling_riskhttp://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29http://en.wikipedia.org/wiki/Sampling_%28statistics%29


23/33

Page | 23

Non statistical and Statistical Sampling

04.2.2. Evaluation and Documentation of Samples:

The performance and evaluation of a sample must address the following issues:

The effect of not being able to apply a planned procedure to a sample item.

A projection of the sample results to the population being tested, then comparing those results

with the planned amounts.

Appropriate consideration to the assessed level of sampling risk must be performed.

SAS 39 requires the auditor to adequately consider qualitative aspects of misstatements, such

as the nature and cause of the misstatement and the possible relationship of the misstatements

to other phases of the audit.

We have documented in our work papers the sampling objectives and the sampling process

used. The work papers included the source of the population, the sampling method used,

sampling parameters, items selected, details of audit tests performed, and conclusions

reached.

04.2.3. Contents of documentation:

All assurance work must be documented; the working paper papers are the tangible evidence

of the work done in support of the conclusion. Audi documentation or working paper should

provide-

A sufficient and appropriate record of the basis for the assurance providers report.

Evidence that the engagement was performed in accordance with standards and applicable

legal and regulatory requirements.

We have included in our working paper the following matters-


24/33

Page | 24

The name of the client.

The balance sheet date.

The file reference of the working paper.

The name of the prepared.The date of preparation.

The subject of the working paper.

The name of the reviewer.

The source of information.

The objective of the work done.

How any sample was selected?

The size determined.

The work done.

A key to any audit ticks or symbols.Appropriate cross-referencing.

The results obtained.

Analysis of errors.

The conclusions drawn

The key points highlighted.

04.2.4. Filling working paper:

For the proper handling of the audit we divide the records into two files-

Permanent audit files contain information of continuing importance to the audit.

Current audit files contain information of relevance to the current years audit.

The listing of permanent and current audit files are shown below-

04.2.5. Computer Assisted Auditing Techniques (CAATs):

CAATs are used to test application controls as well as perform substantive tests on sampleitems. Types of CAATs include:

Generalized Audit Software (GAS)allows the auditor to perform tests on computer files

and databases.

Custom Audit Software (CAS)generally written by auditors for specific audit tasks. CAS

is necessary when the organizations computer system is not compatible with the auditors

GAS or when the auditor wants to conduct some testing that may not be possible with the

GAS.

Test Data the auditor uses test data for testing the application controls in the clients

computer programs. The auditor includes simulated valid and invalid test data, used to test

Permanent audit files Current audit files

Engagement letters.

New client questionnaire.

The memorandums and articles of

association.Prospectus, leases, sales agreement.

Board minutes.

Accounting systems.

Previous signed accounts, analytical

procedures

Financial statements.

Accounts checklist.

Management account details.

A summary of unadjusted errors.Review notes.

Audit planning memorandum.

Time budgets and summaries.

Letter of representation.

Notes of board minutes.


25/33

Page | 25

the accuracy of the computer systems operations. This technique can be used to check data

validation controls and error detection routines, processing logic controls, and arithmetic

calculations, to name a few.

Parallel Simulation the auditor must construct a computer simulation that mimics the

clients production programs.Integrated test facility the auditor enters test data along with actual data in a normal

application run.
http://en.wikipedia.org/wiki/Integrated_test_facilityhttp://en.wikipedia.org/wiki/Integrated_test_facilityhttp://en.wikipedia.org/wiki/Integrated_test_facility


26/33

Page | 26

Chapter- Five: (Internal control)

05.1. Internal control:

Internal control is the process designed and affected by those charged with governance,

management, and other personnel to provide reasonable assurance about the achievement of

the entitys objectives with regard to reliability of financial reporting, effectiveness andefficiency of operations and compliance with applicable laws and regulations. It follows that

internal control is designed and implemented to address identified business risks that threaten

the achievement of any of these objectives.

05.2. Fundamental Concepts of Internal Controls:

Process integrated with an entitys infrastructure

People implement internal control

Can only provide reasonable assurance

Achieve objectives in financial reporting, compliance, and operations

05.3. Reasons for internal controls:

Minimizing the companys business risks

Ensuring the continuing effective functioning of the company

Ensuring the company complies with relevant laws and regulations

Most of these reasons funnel back to the ultimate objective that the company continues to

operate. For example, if the company failed to comply with relevant laws and regulations, itmight be forced to stop operations.


27/33

Page | 27

05.4. Limitations of Internal Control:

Mistakes in Judgment

Breakdowns

Collusion

Management Override Cost versus Benefits

05.5. Observations/components of the internal control:

Internal control can be defined as, a process, influenced by an entitys board of directors,

management, and other personnel, that is designed to provide reasonable assurance in the

effectiveness and efficiency of operations, reliability of financial reporting, and the

compliance of applicable laws and regulations.

We have evaluated the organizations control structure by understanding the organizations

five interrelated control components. These include:

Control EnvironmentProvides the foundation for the other components. Encompasses such

factors as managements philosophy and operating style.

Risk AssessmentConsists of risk identification and analysis.

Control ActivitiesConsists of the policies and procedures that ensure employees carry out

managements directions. Types of control activities an organization must implement are

preventative controls (controls intended to stop an error from occurring), detective controls

(controls intended to detect if an error has occurred), and mitigating controls (control

activities that can mitigate the risks associated with a key control not operating effectively).

Information and CommunicationEnsures the organization obtains pertinent information,

and then communicates it throughout the organization.

Monitoring Reviewing the output generated by control activities and conducting special

evaluations.

In addition to understand the organizations control components, we have also evaluated the

organizations General and Application controls.

Interrelated Components of Internal Control:

05.6. General Controls:

General controls relate to the overall information-processing environment and has a largeeffect on the organizations computer operations. Types of general controls include:


28/33

Page | 28

Organizational Controlsincludessegregation of duties controls.

Data Center and Network OperationsControls ensures the proper entry of data into an

application system and proper oversight of error correction.

Hardware & Software Acquisition and Maintenance Controls includes controls to

compare data for accuracy when it is input twice by two separate components.Access Security Controls ensures the physical protection of computer equipment,

software, and data, and is concerned with the loss of assets and information through theft or

unauthorized use.

Application System Acquisition, Development, and Maintenance Controlsensures the

reliability of information processing.

Managerial controls- To ensure that there is no unauthorized access to assets.

05.7. Application Controls:

Application controls apply to the processing of individual accounting applications and help

ensure the completeness and accuracy of transaction processing, authorization, and validity.

Types of application controls include:

Data Capture Controlsensures that all transactions are recorded in the application system,

transactions are recorded only once, and rejected transactions are identified, controlled,

corrected, and reentered into the system.

Data Validation Controlsensures that all transactions are properly valued.

Processing Controlsensures the proper processing of transactions.

Output Controls ensures that computer output is not distributed or displayed to

unauthorized users.

Error Controlsensures that errors are corrected and resubmitted to the application system

at the correct point in processing.Application controls may be compromised by the following application risks:

Weak security

Unauthorized access to data and unauthorized remote access

Inaccurate information and erroneous or falsified data input

Misuse by authorized end users

Incomplete processing and/or duplicate transactions

Untimely processing

Communication system failure

Inadequate training and support

05.8. Tests of Controls:

Tests of controls are audit procedures performed to evaluate the effectiveness of either the

design or the operation of an internal control. Tests of controls directed toward the design of

the control focuses on evaluating whether the control is suitably designed to prevent material

weaknesses. Tests of controls directed toward the operation of the control focuses on

assessing how the control was applied, the consistency with which it was applied, and who

applied it.

In addition to inquiring with appropriate personnel and observation of the application of the

control, we have focused when testing the controls is to do a re-performance of the

application of the control themselves.
http://en.wikipedia.org/wiki/Separation_of_dutieshttp://en.wikipedia.org/wiki/Separation_of_duties


29/33

Page | 29

Identify Necessary Controls

Chapter- Six:(Completing process & Sample of audit report)

06.1. Completing the Audit:

Before choosing the appropriate audit report, we have considered the following issues:

Review for Subsequent Eventstwo types of subsequent events requires an evaluation by

the auditor. They include:

Type I events events that provide additional evidence about the conditions that existed at

the date of the balance sheet.

Type II eventsevents that provide evidence about conditions that did not exist at the date of

the balance sheet, but arose after that date.

Audit procedures used to review for subsequent events include asking management whether

any unusual adjustments to their information systems have been made during the subsequent

events period (after the completion of the audit, but before the audit report is issued), or

obtaining a representation letter from management.

Final Evidential Evaluation Processesaudit steps performed by the auditor in this phaseto determine the most appropriate audit report includes obtaining a representation letter,

reviewing work papers, final assessment of audit results and obtaining an independent review

of the engagement.

Communications with the Audit Committee and Managementcommunications should

include significant audit adjustments, the auditors judgments about the quality of the entitys

accounting principles, disagreements with management, major issues discussed with

management before the auditor was retained, difficulties encountered during the audit, and

fraud involving senior management. Also, the auditor should discuss the draft of the audit

report with management to give management the chance to correct any weaknesses or


30/33

Page | 30

deficiencies before they are reported and released to the public. The auditor may decide to do

this in the form of a Management Comment Letter.

Subsequent Discovery of Facts Existing at the Date of the Auditors Report Auditing

standards 561 provides guidance for auditors when facts have come to the auditors attention

about the organizations processes that might have affected the report had they known aboutthem.

The auditors conclusion and findings, which are based on documented evidence, must be

objective, measurable, complete, and relevant. The findings are disclosed to management in

formal statements, typically an audit report. Any recommendations must be provided for each

audit finding for the report to be useful to management.

06.2. The audit report should include the following basic elements, usually in the

following layout:

Title

Addressee

Introductory paragraph identifying the financial statements audited

A statement of management's responsibility for the financial statements

A statement of the auditor's responsibility

Scope paragraph, including a description of the work performed by the auditor

Opinion paragraph containing an expression of opinion on the financial statements

Date of the report

Auditor's addressAuditor's signature

A measure of uniformity in the form and content of the audit report is desirable because it

helps to promote the reader's understanding and to identify unusual circumstances when they

occur.


31/33

Page | 31

06.3. Sample of an audit report:

Auditors Report

To the shareholders of

Nvana CNG Ltd.

Introduction:

We have audited the accompanying financial statements of Navana CNG Ltd, which

comprise the statement of financial position as at 31 December 2013, and the statement of

comprehensive income, statement of changes in equity and statement of cash flows for the

year then ended, and a summary of significant accounting policies and other explanatory

notes and all related consolidated financial statements of Navana CNG Ltd and its subsidiary

(together referred to as "the group").

Management's responsibility for the financial statements:

Management is responsible for the preparation and fair presentation of these financial

statements in accordance with International Financial Reporting Standards (IFRS),Bangladesh Financial Reporting Standards (BFRS), the Companies Act 1994, the Securities

and Exchange Rules 1987 and other applicable laws and regulations. This responsibility

includes: designing, implementing and maintaining internal control relevant to the

preparation and fair presentation of financial statements that are free from material

misstatements, whether due to fraud or error; selecting and applying appropriate accounting

policies; and making accounting estimates that are reasonable in the circumstances.

Auditors' responsibility:

Our responsibility is to express an opinion on these financial statements based on our audit.

We conducted our audit in accordance with International Standards on Auditing (ISA) and

Bangladesh Standards on Auditing (BSA). Those standards require that we comply with

relevant ethical requirements and plan and perform the audit to obtain reasonable assurance

whether the financial statements are free from material misstatement. An audit involves

performing procedures to obtain audit evidence about the amounts and disclosures in the

financialstatements. The procedures selected depend on the auditors' judgment, including the

assessment of the risks of material misstatement of the financial statements, whether due to

fraud or error. In making those risk assessments, we consider internal control relevant to the

entity's preparation and fair presentation of the financial statements in order to design audit

procedures that are appropriate in the circumstances, but not for the purpose of expressing an

Khan Ayub

Chartered Accountants

House# 384(4thFloor)

Road #28.NewDohs.Dhaka 1206, Bangladesh.

Telephone +880-2-8824828

Fax +880-2-8818784

Email [email protected]


32/33

Page | 32

opinion on the effectiveness of the entity's internal control. An audit also includes evaluating

the appropriateness of accounting policies used and the reasonableness of accounting

estimates made by management, as well as evaluating the overall presentation of the financial

statements. We believe that the audit evidence we have obtained is sufficient and appropriate

to provide a basis for our audit opinion.

Opinion:

In our opinion, the financial statements including consolidated financial statements, prepared

in accordance with International Financial Reporting Standards (IFRS) and Bangladesh

Financial Reporting Standards (BFRS), give a true and fair view of the state of the

company's/group's affairs as at 31 December 2013 and of the results of its operations and

cash flows for the year then ended and comply with the Companies Act 1994, the Securities

and Exchange Rules 1987 and other applicable laws and regulations.

We also report that:

a) We have obtained all the information and explanations which to the best of our knowledge

and belief were necessary for the purposes of our audit and made due verification thereof;

b) In our opinion, proper books of account as required by law have been kept by the company

and its subsidiary so far as it appeared from our examination of these books;

c) the statement of financial position (balance sheet) and statement of comprehensive income

(profit and loss account) dealt with by the report are in agreement with the books of account

and returns; andd) the expenditure incurred was for the purposes of the company's/group's business.

Dhaka, February 06, 2013

Khan Ayub

Chartered Accountants

Auditors


33/33

Dhaka, February 06, 2011

References:

Class lecture

Data from CA firm

Assurance (study manual) CA professional stage knowledge level-ICAB

Boynton, Johnson, modern auditing assurance services and the integrity of financialreporting-8

thedition

Auditing and assurance services understanding the integrated services- 1stedition

Louwers, R. Auditing and assurance services

auditing process of a company

Documents