BACHELOR OF COMMERCE SEMESTER III AUDITING STANDARDS IN INDIA BCM215
CHANDIGARH UNIVERSITY Institute of Distance and Online Learning Course Development Committee Prof. (Dr.) R.S.Bawa Pro Chancellor, Chandigarh University, Gharuan, Punjab Advisors Prof. (Dr.) Bharat Bhushan, Director – IGNOU Prof. (Dr.) Majulika Srivastava, Director – CIQA, IGNOU Programme Coordinators & Editing Team Master of Business Administration (MBA) Bachelor of Business Administration (BBA) Coordinator – Dr. Rupali Arora Coordinator – Dr. Simran Jewandah Master of Computer Applications (MCA) Bachelor of Computer Applications (BCA) Coordinator – Dr. Raju Kumar Coordinator – Dr. Manisha Malhotra Master of Commerce (M.Com.) Bachelor of Commerce (B.Com.) Coordinator – Dr. Aman Jindal Coordinator – Dr. Minakshi Garg Master of Arts (Psychology) Bachelor of Science (Travel &TourismManagement) Coordinator – Dr. Samerjeet Kaur Coordinator – Dr. Shikha Sharma Master of Arts (English) Bachelor of Arts (General) Coordinator – Dr. Ashita Chadha Coordinator – Ms. Neeraj Gohlan Academic and Administrative Management Prof. (Dr.) R. M. Bhagat Prof. (Dr.) S.S. Sehgal Executive Director – Sciences Registrar Prof. (Dr.) Manaswini Acharya Prof. (Dr.) Gurpreet Singh Executive Director – Liberal Arts Director – IDOL © No part of this publication should be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording and/or otherwise without the prior written permission of the authors and the publisher. SLM SPECIALLY PREPARED FOR CU IDOL STUDENTS Printed and Published by: TeamLease Edtech Limited www.teamleaseedtech.com CONTACT NO:01133002345 For: CHANDIGARH UNIVERSITY Institute of Distance and Online Learning 2 CU IDOL SELF LEARNING MATERIAL (SLM)
First Published in 2021 All rights reserved. No Part of this book may be reproduced or transmitted, in any form or by any means, without permission in writing from Chandigarh University. Any person who does any unauthorized act in relation to this book may be liable to criminal prosecution and civil claims for damages. This book is meant for educational and learning purpose. The authors of the book has/have taken all reasonable care to ensure that the contents of the book do not violate any existing copyright or other intellectual property rights of any person in any manner whatsoever. In the event the Authors has/ have been unable to track any source and if any copyright has been inadvertently infringed, please notify the publisher in writing for corrective action. 3 CU IDOL SELF LEARNING MATERIAL (SLM)
CONTENTS Unit 1 – Introduction To Auditing ...............................................................................................5 Unit 2 – Classes Of Audit..........................................................................................................16 Unit 3 – Audit And Investigation...............................................................................................51 Unit 4 – Working Papers And Evidence ....................................................................................60 Unit 5 – Audit Procedure...........................................................................................................81 Unit 6 – Company Auditor ......................................................................................................160 Unit 7 – Divisible Profits And Dividend..................................................................................184 Unit 8 – Auditor’s Report........................................................................................................198 Unit 9 – International Resources To Auditing Needs ...............................................................213 Unit 10 – Rationale To Auditing Standards .............................................................................226 Unit 11 – Auditing And Assurance Standards Board (Aasb) ....................................................234 Unit 12 – Comparative Statement Of As And Ind As...............................................................239 4 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT 1 – INTRODUCTION TO AUDITING Structure 1.0Learning Objectives 1.1 Introduction 1.2 Definition 1.3 Objectives 1.4 Advantages 1.5 Limitations of an Audit 1.6 Principles governing an Audit 1.7 Summary 1.8 Keywords 1.9 Learning activity 1.10 Unit End Questions 1.11 References 1.0 LEARNING OBJECTIVES After studying this unit students will be able to: Explain the Meaning of the term Audit Learn the objectives of Audit Evaluate the advantages of Audit Describe the limitations of Audit Outline the principles governing an Audit 1.1INTRODUCTION Auditing is a subject that is as old as accounting. It can be traced back to ancient civilizations such as Greece, Egypt, Rome, the United Kingdom, and India. Even the Vedas in India make 5 CU IDOL SELF LEARNING MATERIAL (SLM)
mention of accounting and auditing. Kautilya's Arthasashthra prescribes guidelines for public finance accounting and auditing. The initial aim of auditing was to spot and prevent fraud and errors. When stakeholder expectations shifted quickly, auditing expanded quickly and took on new forms and methodologies. The aim of auditing changed, and it was now expected to determine if financial statements were prepared and presented in such a way that they conveyed a real and reasonable picture of a company's financial situation. The conventional method of auditing has changed and taken on even more roles and opportunities in the industry in recent days, with major investment channels opened for FDI and dramatic economic changes occurring everywhere. Stakeholder expectations have increased by a factor of two, and auditors are also expected to examine not only the financial situation but also the operating performance and perform a SWOT review (Strength, Weakness, Opportunities and Threats). Students should study auditing methods because it entails the fundamentals of vouching/scrutinizing an entity's records and books of accounts. The aim of this lesson is to teach the fundamentals of auditing, including auditing principles and auditing standards. 1.2DEFINITION Prof Montgomery has defined Auditing as follows: “Auditing is a systematic examination of the books and records of business or other organization, in order to ascertain or verify and to report upon the facts regarding its financial operations and the result thereof”. The Institute of Chartered Accountants of India (“ICAI”) has defined Auditing as “Auditing is defined as a systematic and independent examination of data, statements, records, operations and performance of an enterprise for a stated purpose. In any auditing situation, the auditor perceives and recognizes the propositions before him for examination, collect evidence, evaluates the same and on this basis formulates his judgement which is communicated through his audit report”. With the various definition available, the term auditing can be summarized as follows: 6 CU IDOL SELF LEARNING MATERIAL (SLM)
systematic and independent examination such examination is on the vouchers, documents, information and explanations received from the clients carried out by the independent qualified person The auditor after satisfying himself with the authenticity of the financial accounts prepared for a particular period. 1.3OBJECTIVES The objectives of auditing may be classified into two parts: The primary objective The secondary or incidental objective. Primary Objective: The primary goal of the auditors is to inform the owners if the balance sheet presents an accurate and realistic picture of the company's financial situation, as well as the right profit or loss figure for the fiscal year. The accounts are said to be true and fair: • The books of account accurately reported all business transactions; • The books of account were prepared in accordance with agreed accounting principles and accounting standards provided by various regulatory bodies. • The books of account do not contain any mistakes or frauds. • The company's financial statements are consistent with the books of accounts, and all necessary provisions of the Companies Act and all applicable laws have been implemented. • The profit and loss report reveals the real and equitable results of the entity's activities, while the balance sheet shows the right financial picture with the value of assets and liabilities. • All relevant information about sales, expenditures, properties, and liabilities must be disclosed in the books of accounts. The term \"material\" refers to something that is significant and 7 CU IDOL SELF LEARNING MATERIAL (SLM)
necessary. The accounts' disclosure of sensitive issues assists consumers in making business decisions. There should be no obfuscation or suppression of critical information. Secondary objective: It's also known as the incidental target because it occurs as a result of the achievement of the primary goal. • Detection and prevention of frauds, and • Detection and prevention of mistakes are two incidental auditing goals. According to the ICAI's statement on auditing practises, an auditor should consider the risk of frauds or irregularities in the accounts under audit because they could cause the financial condition to be misstated. Difference between Fraud and Error Fraud is described as the deliberate Errors are unintended mistakes in financial misrepresentation of financial data with the data that result from a lack of understanding of aim to deceive. Manipulation of accounts, accounting principles, such as theory errors, or misappropriation of currency, and from the negligence of accounting personnel, misappropriation of goods are all examples of such as clerical errors. fraud. It is important for the auditor to spot any frauds and prevent them from happening again. 1.4ADVANTAGES • It protects the financial interests of those that are not affiliated with the entity's management. • It serves as a deterrent to workers committing deception or embezzlement. • Audited financial statements are useful for calculating tax liability, negotiating loans, and determining the purchase price of a company. • This is also used to settle labour disputes, such as higher salaries or bonuses, as well as lawsuits for property damage caused by fire or other calamity. 8 CU IDOL SELF LEARNING MATERIAL (SLM)
• An audit may also aid in the identification of wastage and losses by demonstrating the various methods by which these can be verified, particularly those that occur due to a lack of adequate internal checks or internal control measures. • An audit determines if the requisite books of accounts and related documents have been adequately maintained and assists the client in correcting any errors or inadequacies. Audit examines the nature and execution of different controls in organizations and reports on their weaknesses, inadequacy, and other flaws. • Audited accounts are extremely useful in settling accounts at the time of a partner's admission or death. • Before providing assistance or issuing a license for a specific trade, the government can request an audited and certified declaration. 1.5LIMITATIONS OF AN AUDIT The limitations of an audit arises from 1) Nature of financial reporting: Management must exercise judgement in applying the relevant reporting framework to the entity's facts and circumstances when preparing financial statements. Furthermore, many financial statement items include subjective judgments or evaluations, and there may be a variety of interpretations. 2) Nature of auditing procedures: The auditor's ability to obtain audit evidence is constrained by both practical and legal constraints. As an example, • Management can deliberately or unintentionally fail to provide complete details. • Fraud may take the form of well-planned schemes intended to hide it. • Auditors are not granted legal authority, such as the power of search, which may be required for certain functions. 3) Timeliness of financial reporting and the balance between benefit and cost:Stakeholders expect the auditor to have an opinion in a reasonable amount of time and at a reasonable rate 4) Others: 9 CU IDOL SELF LEARNING MATERIAL (SLM)
• Fraud, particularly by senior management. • Transparency in the recording of transactions between associated parties • Disobedience of rules and regulations • Future events that may have an effect on the principle of going concern 1.6 BASIC PRINCIPLES GOVERNING AN AUDIT The basic principles that govern the auditor's professional obligations are defined in Standards on Auditing (SA) 200, \"Basic Principals Governing an Audit,\" and should be followed anywhere an audit is conducted. They're outlined below: • Honesty, sincerity, impartiality, and independence: An auditor should be truthful, genuine, impartial, and unbiased. He must be a man of good moral character and objectivity. • Confidentiality: The auditor should maintain the confidentiality of information obtained during the course of his work and not reveal it without the client's permission unless there is a legal obligation to do so. • Knowledge and skill: The auditor must have sufficient qualifications and experience. He should be knowledgeable, qualified, and up to date on the latest trends, including ICAI pronouncements on accounting and auditing issues. • Other people's work: Even though the auditor delegated some work to others and relied on other people's work, such as that of an expert, he is still responsible for developing and voicing his opinion on the financial data. • Documentation: To ensure that the audit was carried out in compliance with the basic standards, the auditor should record matters that are relevant in presenting evidence. • Planning: The auditor should schedule his work so that he can complete the audit in a timely, accurate, and productive manner. He should become familiar with the client's accounting method, as well as the degree to which internal control can be relied upon and plan the work to be done. • Audit proof: During enforcement and other substantive procedures, the auditor should obtain sufficient appropriate evidence to allow him to draw fair conclusions and form an opinion on the financial details. 10 CU IDOL SELF LEARNING MATERIAL (SLM)
• Accounting System and Internal Control: It is the responsibility of management to maintain an effective accounting system that incorporates multiple internal controls relevant to the size and nature of the company. The auditor should ensure that the accounting system is sufficient, and that all relevant information has been documented, and that the internal control system contributes to this assurance. • Audit findings and reporting: He should review and determine the audit conclusions based on the audit data. A clean audit report implies that the auditor is satisfied in all areas, and when a competent, adverse, or disclaimer of opinion is to be issued, or when a reservation of opinion is to be made on any matter, the audit report should state the reasons. 1.7SUMMARY The primary goal of an audit is to express an opinion on the accurate and reasonable view of the Company's state of affairs. The conventional method of auditing has changed and taken on even more roles and opportunities in the industry in recent days. Stakeholder expectations have increased by a factor of two, and auditors are also expected to examine not only the financial situation but also the operating performance and perform a SWOT review. The aim of this lesson is to teach the fundamentals, including auditing principles and auditing standards. Accounts are said to be true and fair if they accurately report all business transactions. Fraud is the deliberate misrepresentation of financial data with the aim to deceive. It is important for the auditor to spot any frauds and prevent them from happening again. Audited financial statements are useful for calculating tax liability, negotiating loans, and determining the purchase price of a company. According to the ICAI's statement on auditing practises, an auditor should consider the risk of frauds or irregularities in the accounts under audit. Audit examines the nature and execution of different controls in organizations. Auditors are not granted legal authority, such as the power of search. Stakeholders expect the auditor to have an opinion in a reasonable amount of time. The basic principles that govern the auditor's professional obligations are defined in Standards on Auditing (SA) 200, \"Basic Principals Governing an Audit\" The limitations of an audit arise from the 11 CU IDOL SELF LEARNING MATERIAL (SLM)
nature of financial reporting and the balance between benefit and cost, among other things, an auditor must consider. Auditor should maintain confidentiality of information obtained during the course of his work. The auditor should schedule his work so that he can complete the audit in a timely, accurate manner. Management should maintain an effective accounting system that incorporates multiple internal controls. A clean audit report implies that the auditor is satisfied in all areas, says the auditor. The audit report should state the reasons for making a reservation of opinion. 1.8 KEYWORDS Internal Control SA – Standards on Auditing SWOT-Strength weakness opportunities and threats 1.9 LEARNING ACTIVITY Mr. Akshay of Jalandhar has started a new business of selling Biscuits and chocolates. He purchasesthese items from a factory located in Jaipur and sells to local customers . However, he feels that he could expand this business ,for this he needs more money, people and resources. Having seen the potential of Akshaya’s business, Dilip wants to invest. Dilip sets up a business unit and requests Akshay to take care of it along with his business completely and Akshay will be entitled only for a commission of 15% on net profits and a monthly salary of Rs.25,000/-At the end of the year after seeing the financial results he feels that expected profits has not been achieved, he wants more clarity and assurance on the books of Accounts prepared by Akshay Dilipwants a solution for his problem. The solution is that the assurance Dilip is seeking may be given by an Independent Audit of accounts. ______________________________________________________________________________ _________________________________________________________________ 12 CU IDOL SELF LEARNING MATERIAL (SLM)
1.10UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. Define the term “Audit”? 2. Primary objective of an Audit is to express an opinion. Comment on the statement? 3. What are the objectives of an Audit? 4. Explain the Advantages of an Audit. 5. What are the Limitations of an Audit? 6. Explain in detail the basic principles governing an Audit 7. Comment on the validity of the statement with reasons. a) The audit of financial statements relives management from its responsibilities. b) The duties of an auditor is limited to the arithmetical accuracy of books of accounts Long Questions 1. It is the Duty of an Auditor to detect fraud or misreporting in the Financial statements. Comment 2. Explain in detail the basic principles governing an Audit 3. What are the advantages and limitations of an Audit? 4. Explain in detail about Evolution of Auditing. 5. Explain about the inherent limitations of an Audit B. Multiple choice Questions 1. The primary objective of an Audit is to __________ a. Determine fraud b. Find out errors c. To express opinion on the financials d. None of these 13 CU IDOL SELF LEARNING MATERIAL (SLM)
2. Audit gives 100% assurance about correctness of financials a. True b. False c. Partly True d. None of these 3.______________describes the basic principles which govern the auditor’s professional responsibilities, and which should be complied with wherever an audit is carried a. Basic Principals Governing an Audit b. General purpose Framework c. Both a and b d. None of these 4. Misstatement due to which of the following is hard to detect? a. Omission b. Error c. Fraud d. None of these 5. The results of Audit of Financial statements gives ____________ about the True and fair view of state of Affairs. a. Reasonable Assurance b. Complete Assurance c. Certification d. None of these Answers 1-c 2-b 3-a 4-c 5-a 14 CU IDOL SELF LEARNING MATERIAL (SLM)
1.11 REFERENCES Text Books: T1 ArunaJha, Auditing, Taxmann’s Publications, University Edition T2 Ravinder Kumar, Auditing: Principles and Practice :PHI Learning Pvt. Ltd Reference Books: R1 N.D Kapoor, Auditing, Sultan Chand & Sons R2 Gupta; Contemporary Auditing, Tata McGraw Hill 15 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT 2 – CLASSES OF AUDIT Structure 2.0Learning Objectives 2.1Introduction 2.2Definition - Internal Check (ICH), Internal Control (ICO) & Internal audit (IA) 2.3Difference between ICH& ICO, ICO & IA and ICH & IA 2.4Techniques of Internal Control system 2.5Summary 2.6Keywords 2.7Learning activity 2.8Unit End Questions 2.9References 2.0 LEARNING OBJECTIVES After studying this unit students will be able to: Explain about Internal check, Internal Control and Internal Audit Describe differences between Internal check, Internal Control and Internal Audit Outline techniques of Internal control system Learn about other Audit areas 2.1INTRODUCTION In one's personal life, having control is a basic human requirement. “The mind that is uncontrolled and unguided will destroy us and pull us down; the mind that is regulated and guided will save us and set us free,” Swami Vivekananda says. Control is a widely used tool in the corporate world to make the most efficient use of resources while maintaining the entity's goal in mind. 16 CU IDOL SELF LEARNING MATERIAL (SLM)
The level of control required by a sole proprietor in a small company is not the same as the level of control required by a large corporation. We may be confident that the activities are under the control of the owner because, in the former case, the entrepreneur runs the show with the assistance of very assistants and is aware of day-to-day business operations. In the latter case, where operations are assigned to different individuals, one may not be aware of day-to-day ground level operations. When things are out of balance, people have a tendency to stray from the road they should be on. As a result, proper monitoring must be in place not only to ensure that things are moving in the right direction, but also to ensure that the end goal is met. 2.2DEFINITIONS Internal Control As per Standard on Auditing (SA) 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”, Internal control may be defined as “The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations”. Internal Check Internal checks are better understood as checks on day-to-day transactions that function continuously as a part of routine processes whereby the work of one person is proven independently or in conjunction with the work of another, with the goal of preventing or detecting errors and frauds. Internal Audit According to the Institute of Internal Auditors (IIA), Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, 17 CU IDOL SELF LEARNING MATERIAL (SLM)
disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 2.3DIFFERENCES Table 2.1Difference between internal control and internal check Internal Control Internal Check Internal control is broader concept as Internal check system is one part of internal compare to internal check system control system Internal control is the system of control Internal check is a system of allocation of established by the management in order to responsibility, division of work and methods of carry on business in an orderly and efficient recording transactions, whereby the work of one manner, ensure adherence to management employee is checked continuously by another. policies, and safeguard assets and completeness of records. The essence of internal control system is in The essence of internal check system is that the implementation of Internal check and check should be automatic, continuous and Internal audit. objective In internal control system, controls other It is a routine check on the same work than the internal check system are internal audit system and other nonfinancial control systems like quality control, purchasing controls, marketing controls etc. 18 CU IDOL SELF LEARNING MATERIAL (SLM)
Difference between Internal Control And Internal Audit Internal Control Internal Audit Internal control is the system of control Internal auditing is an independent, objective established by the management in order to assurance and consulting activity designed to carry on business in an orderly and efficient add value and improve an organization’s manner, ensure adherence to management operations. It helps an organization accomplish policies, safeguard assets and completeness its objectives by bringing a systematic, of records disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes Internal control system is a broad concept Internal audit system is comparatively a narrow and in includes internal audit system as well concept Internal control system is necessary for Internal audit system is to be implemented as per every organization the suitability of the organization Primary objective of Internal control system The Internal audit is primarily a backward- is to prevent the occurrence of fraud looking activity. Difference between Internal Check And Internal Audit Internal Check Internal Audit In Internal check system work is In Internal audit system work is checked automatically checked specifically 19 CU IDOL SELF LEARNING MATERIAL (SLM)
In Internal check system checking is done Mistake can be checked at an early stage in when the work is being done. internal check system. Thrust of Internal check system is to prevent The thrust of Internal audit system is to detect the errors the errors and frauds In Internal check system checking is done In Internal audit system work is checked after it when the work is being done is done Understanding Entity, Environment and Internal control The Entity and Its Environment: Auditor shall obtain understanding about the following Relevant industry, regulatory, and other external factors, including the applicable financial reporting framework. The entity's nature, which includes: The company's operations. The ownership and governance mechanisms of the company. the kinds of investments that the entity is making or intends to make, such as Investments in organizations with a specific purpose; and How the company is organized and financed. To allow the auditor to understand the types of sales, account balances, and other financial information Expected reports in the financial statements The entity's accounting policy and implementation, and the rationale for doing so.alterations thereto 20 CU IDOL SELF LEARNING MATERIAL (SLM)
The auditor is responsible for determining if the entity's accounting procedures are sound, reasonable for its industry and compliant with financial reporting requirements The entity's goals and plans, as well as any market threats that can arise. The financial success of the entity must be measured and reviewed. Purpose of Internal control Purpose of Internal Control: Internal control is designed, implemented and maintained to address identified business risks that threaten the achievement of any of the entity’s objectives that concern- The reliability of the entity’s financial reporting. The effectiveness and efficiency of its operations. Its compliance with applicable laws and regulations; and Safeguarding of assets. The way in which internal control is designed, implemented and maintained varies with an entity’s size and complexity. Limitations of Internal Control: Internal control, no matter how effective, can provide an entity with only reasonable assurance about achieving the entity’s financial reporting objectives. The likelihood of their achievement is affected by inherent limitations of internal control. These include- (i) Role of Human Judgement: The realities that human judgment in decision-making can be faulty and that breakdown in internal control can occur because of human error. For example, there may be an error in the design of, or in the change to, a control. (ii) Ineffective Operation of Control: Equally, the operation of a control may not be effective, such as where information produced for the purposes of internal control (for example, an exception report) is not effectively used because the individual responsible for reviewing the information does not understand its purpose or fails to take appropriate action (iii) Collusion among Employees: Additionally, controls can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions 21 CU IDOL SELF LEARNING MATERIAL (SLM)
of the entity’s standard sales contracts, which may result in improper revenue recognition. Also, edit checks in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled. (iv) Judgement by Management: Further, in designing and implementing controls,management may make judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume. (v) Considerations specific to Smaller Entities: Smaller entities often have fewer employees which may limit the extent to which segregation of duties is practicable. However, in a small owner-managed entity, the owner-manager may be able to exercise more effective oversight than in a larger entity. This oversight may compensate for the generally, more limited opportunities for segregation of duties. On the other hand, the owner-manager may be more able to override controls because the system of internal control is less structured. This is taken into account by the auditor when identifying the risks of material misstatement due to fraud. Division of Internal Control into Components: The division of internal control into the following five components provides a useful framework for auditors to consider how different aspects of an entity’s internal control may affect the audit: (a) The control environment. (b) The entity’s risk assessment process. (c) The information system, including the related business processes, relevant to financial reporting, and communication. (d) Control activities; and (e) Monitoring of controls Controls Relevant to the Audit: There is a direct relationship between an entity’s objectives and the controls it implements to provide reasonable assurance about their achievement. The entity’s objectives, and therefore controls, relate to financial reporting, operations and compliance: however, not all of these objectives and controls are relevant to the auditor’s risk assessment. 22 CU IDOL SELF LEARNING MATERIAL (SLM)
(i) Factors relevant to the auditor’s judgment about whether a control, individually or in combination with others, is relevant to the audit may include such matters as the following: Materiality. The significance of the related risk. The size of the entity. The nature of the entity’s business, including its organisation and ownershipcharacteristics. The diversity and complexity of the entity’s operations. Applicable legal and regulatory requirements. The circumstances and the applicable component of internal control. The nature and complexity of the systems that are part of the entity’s internal control,including the use of service organisations. Whether, and how, a specific control, individually or in combination with others, prevents,or detects and corrects, material misstatement. (ii) Controls over the completeness and accuracy of information produced by the entity may be relevant to the audit. (iii) Internal control over safeguarding of assets against unauthorised acquisition, use, or disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of such controls is generally limited to those relevant to the reliability of financial reporting. (iv) An entity generally has controls relating to objectives that are not relevant to an audit and therefore, need not be considered. (v) In certain circumstances, the statute or the regulation governing the entity may require the auditor to report on compliance with certain specific aspects of internal controls as a result, the auditor’s review of internal control may be broader and more detailed. Nature and Extent of the Understanding of Relevant Controls: 23 CU IDOL SELF LEARNING MATERIAL (SLM)
(i) Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. An improperly designed control may represent a significant deficiency in internal control. (ii) Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include- Inquiring of entity personnel. Observing the application of specific controls. Inspecting documents and reports. Tracing transactions through the information system relevant to financialreporting. Inquiry alone, however, is not sufficient for such purposes. (iii) Obtaining an understanding of an entity’s controls is not sufficient to test their operating effectiveness, unless there is some automation that provides for the consistent operation of the controls. Control Environment: The auditor shall obtain an understanding of the control environment. As part of obtaining this understanding, the auditor shall evaluate whether- (i) Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior; and (ii) The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and whether those other components are not undermined by deficiencies in the control environment. The control environment includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. The control environment sets the tone of an organization, influencing the control consciousness of its people. Accounting and Financial controls Internal control, so far as financial and accounting aspects are concerned, aims at: (i) Providing the flow of work through various stages. 24 CU IDOL SELF LEARNING MATERIAL (SLM)
(ii) Breaking the chain of the work in a manner so that no single person can handle a transaction from the beginning to the end. (iii) Segregation of accounting and custodial functions. (iv) Securing proper documentation at each stage. (v) Specifying authority to enter into the various transactions and for every action connected therewith. (vi) Recording the transactions in the books of account correctly. (vii) Safeguarding of assets Internal control and Managementit is necessary to appreciate that devising and installation of internal control is the responsibility of the management. In any business, the management is vested with the responsibility of carrying on the business, safeguarding its assets and recording the transactions in the books of account and other records. The management is responsible for maintaining an adequate accounting system incorporating various internal controls to the extent appropriate to the size and nature of the business”. It should also be appreciated that in every business organisation, small or big, simple or complex, some sort of control is perceptively or otherwise in operation. It ensures uniform treatment and operation. It outlines the broad line of authority and specifies each one’s task. The form and details, however, may vary from organisation to organisation. It is also important to bear in mind that the system installed needs review by the management to ascertain: (i) Whether the prescribed management policies are being properly interpreted by the employees and are faithfully implemented. (ii) Whether the prescribed procedures need a revision because of changed circumstances or whether they have become obsolete or cumbersome; and (iii) Whether effective corrective measures are taken promptly when the system appears to break down. It is desirable that the management also installs an internal audit system as an independent function to check, amongst other things, the actual operation of the internal control system and report to it the deviations and non-compliances. 25 CU IDOL SELF LEARNING MATERIAL (SLM)
Internal control and Auditor The auditor shall determine whether, on the basis of the audit work performed, the auditor hasidentified one or more deficiencies in internal control. If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis: (a) In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and (b) Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention. The auditor shall include in the written communication of significant deficiencies in internal control: (a) A description of the deficiencies and an explanation of their potential effects; and (b) Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that: (i) The purpose of the audit was for the auditor to express an opinion on the financial statements. (ii) The audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control; and 26 CU IDOL SELF LEARNING MATERIAL (SLM)
(iii) The matters being reported are limited to those deficiencies that the auditor has identified during the audit and that the auditor has concluded are of sufficient importance to merit being reported to those charged with governance. Review of Internal Control by the Auditor So far as the auditor is concerned, the examination and evaluation of the internal control system is an indispensable part of the overall audit programme. The auditor needs reasonable assurance that the accounting system is adequate and that all the accounting information which should be recorded has in fact been recorded. Internal control normally contributes torelated internal controls and should study and evaluate the operations of these internal controls upon which he wishes to rely in determining the nature, timing and extent of other audit procedures. The review of internal controls will enable the auditor to know: (i) Whether errors and frauds are likely to be located in the ordinary course of operations of the business. (ii) Whether an adequate internal control system is in use and operating as planned by the management. (iii) Whether an effective internal auditing department is operating. (iv) Whether any administrative control has a bearing on his work (for example, if the control over worker recruitment and enrolment is weak, there is a likelihood of dummy names being included in the wages sheet and this is relevant for the auditor); (v) Whether the controls adequately safeguard the assets. (vi) How far and how adequately the management is discharging its function in so far as correct recording of transactions is concerned. (vii) How reliable the reports, records and the certificates to the management can be. (viii) The extent and the depth of the examination that he needs to carry out in the different areas of accounting. (ix) What would be appropriate audit technique and the audit procedure in the given circumstances? 27 CU IDOL SELF LEARNING MATERIAL (SLM)
(x) What are the areas where control is weak and where it is excessive; and (xi) Whether some worthwhile suggestions can be given to improve the control system. The auditor can formulate his entire audit programme only after he has had a satisfactoryunderstanding of the internal control systems and their actual operation. If he does not care to study this aspect, it is very likely that his audit programme may become unwieldy and unnecessarily heavy and the object of the audit may be altogether lost in the mass of entries and vouchers. It is also important for him to know whether the system is actually in operation. Often, after installation of a system, no proper follow up is there by the management to ensure compliance. The auditor, in such circumstances, may be led to believe that a system is in operation which in reality may not be altogether in operation or may at best operate only partially. This state of affairs is probably the worst that an auditor may come across and he would be in the midst of confusion, if he does not take care. It would be better if the auditor can undertake the review of the internal control system of client. This will give him enough time to assimilate the controls and implications and will enable him to be more objective in the framing of the audit programme. He will also be in a position to bring to the notice of the management the weaknesses of the system and to suggest measures for improvement. At a further interim date or in the course of the audit, he may ascertain how far the weaknesses have been removed. From the foregoing, it can be concluded that the extent and the nature of the audit programme is substantially influenced by the internal control system in operation. In deciding upon a plan of test checking, the existence and operation of internal control system is of great significance. A proper understanding of the internal control system in its content and working also enables an auditor to decide upon the appropriate audit procedure to be applied in different areas to be covered in the audit programme. In a situation where the internal controls are considered weak in some areas, the auditor might choose an auditing procedure or test that otherwise might not be required; he might extend certain tests to cover a large number of transactions or other items than he otherwise would examine and at times he may perform additional tests tobring him the necessary satisfaction. For example, normally the distribution of wages is not observed by the auditor. But if the internal control over wages is so weak that there exists a possibility of dummy 28 CU IDOL SELF LEARNING MATERIAL (SLM)
workers being paid, the auditor might include observation of wages distribution in his programme in order to find out the workers who do not turn up for receipt of wages. On the other hand, if he is satisfied with the internal control on sales and trade receivables, the auditor can get trade receivables’ balances confirmed at almost any time reasonably close to the balance sheet date. But if the control is weak, he may feel that he should get the confirmation exactly on the date of the year closing so that he may eliminate the risk of errors and frauds occurring between the intervening period. Also, he may in that situation, decide to have a large coverage of trade receivables by the confirmation procedure. A review of the internal control can be done by a process of study, examination and evaluation of the control system installed by the management. The first step involves determination of the control and procedures laid down by the management. By reading company manuals, studying organisation charts and flow charts and by making suitable enquiries from the officers andemployees, the auditor may ascertain the character, scope and efficacy of the control system. To acquaint him about how all the accounting information is collected and processed and to learn the nature of controls that makes the information reliable and protect the company’s assets, calls for considerable skill and knowledge. In many cases, very little of this information is available in writing; the auditor must ask the right people the right questions if he is to get the information he wants. It would be better if he makes written notes of the relevant information and procedures contained in the manual or ascertained on enquiry. To facilitate the accumulation of the information necessary for the proper review and evaluation of internal controls, the auditor can use one of the following to help him to knowand assimilate the system and evaluate the same: (i) Narrative record. (ii) Check List. (iii) Questionnaire; and (iv) Flow chart. 29 CU IDOL SELF LEARNING MATERIAL (SLM)
The narrative record is a complete and exhaustive description of the system as found in operation by the auditor. Actual testing and observation are necessary before such a system is in operation and would be more suited to small business. The basic disadvantages of narrative records are: To comprehend the system is operation is quite difficult. To identify weaknesses or gaps in the system To incorporate charges arising on account of reshuffling of manpower, etc. A check list is a series of instruction and/or answer. When he completes instruction, he initials the space against the instruction. Answers to the check list instruction are usually Yes, No or Not applicable. This is again an on the job requirement and instructions are framed having regard to the desirable element of control. A few examples of check list instruction are given hereunder: Are tenders called before placing orders? Are the purchases made on the basis of a written order? Is the purchase order form standardized? Are purchase order forms are pre-numbered? Are the stock control accounts maintained by persons who have nothing to do with? Custody of work. Receipt of stock. Inspection of stock; and Purchase of stock? The complete check list is studied by the principle/manager/senior to ascertain existence of internal control and evaluate its implementation and efficiency. Internal control questionnaire is a comprehensive series of questions concerning internal control. This is the most widely used from for collecting information An important advantage of the questionnaire approach is that oversight or omission of significant internal control review procedures is less likely to occur with this method. With a proper questionnaire, all internal control evaluation can be completed at one time or in sections. The review can more easily be made on an interim basis. The questionnaire form also provides an orderly means of disclosing 30 CU IDOL SELF LEARNING MATERIAL (SLM)
control defects. It is the general practice to review the internal control system annually and record the review the detail. In the questionnaire, generally questions are so framed that a ‘Yes’ answer denotes satisfactory position and a ‘No’ answer suggests weakness. Provision is made for an explanation or further details of ‘No’ answers. In respect of questions not relevant to the business, ’Not applicable’ reply is given. The questionnaire is annually issued to the client and the client is requested to get it filled by the concerned executives and employees. If on a perusal of the answers, inconsistencies or apparent incongruities are noticed, the matter is further discussed by auditor’s staff with the client employees for a clear picture. The concerned auditor then prepares a report of deficiencies and recommendation for improvement. A flow chart is a graphical presentation of each part of the company’s system of internal control. A flow chart is considered to be the most concise way of recording the auditor’s review of the system. It minimizes the amount of narrative explanation and thereby achieves and consideration or presentation not possible in any other form. It gives bird’s eye view of the system and the flow of transactions and integration and in documentation, can be easily spotted and improvements can be suggested. It is also necessary for the auditor to study the significant features of the business carried on by the concern: the nature of its activities and various channels of goods and materials as well as cash, both inward and outward, and also a comprehensive study of the entire process of manufacturing, trading and administration. This will help him to understand and evaluate the internal controls in the correct perspective. Two Dimensions of Internal Control The two dimensions of internal controls are 1. Administrative Controls, which include but are not limited to the plan of organization and records that are concerned with the decision processes leading to the management’s authorization of transactions. 2. Accounting Controls comprise the plan of organization, procedures and records that are concerned with safeguarding of assets and the reliability of financial records designed to provide reasonable assurance that the transactions are recorded and executed in accordance Notes with 31 CU IDOL SELF LEARNING MATERIAL (SLM)
the general and /or specific authorization of the Management, recording of transactions to ensure the preparation of financial statements in conformity with the generally accepted accounting principles and any other criteria applicable to such statements, proper maintenance of accountable of assets, Management’s authorization of access to assets and accountability for the physical verification of assets. From the above it is clear that in an audit engagement the distinction between the two types of controls requires considerable dexterity as the two are very often inter-related. Needless to say that the distinction should not be artificially made and administrative controls generally have a nexus with the accounting controls even if the linkage is indirect. Scope of Review Naturally therefore, the scope and objectives of the Statutory Auditor would vary and depend upon both the size and structure of the entity as also the requirements of the Management. Normally, however, the Statutory Auditor operates in one or more of the following areas. 1. Review of the Accounting Systems and the related internal controls. Thus, while the adequacy of the accounting systems is the responsibility of the Management, the Statutory Auditor is usually assigned the specific responsibility for reviewing the accounting systems and the related internal controls, as also monitoring their operations. 2. Review of financial and operating information including identification, measurement, and classification and reporting such information specifically enquiring into individual items including detailed testing of transactions, procedures and balances. 3. Examination of the economy, efficiency and effectiveness of operations including non- financial controls. Thus, before an evaluation is undertaken the auditor should determine:- 1. The degree of reliance that can be placed on the various systems and procedures in existence. 2. The nature, extent and timing of substantive audit tests to be applied. In this process due to factors including the limitations of time, the volume of transactions and magnitude of operations the Auditor can conduct:- 3. Selective Verification in areas where he finds that internal control is effective. 32 CU IDOL SELF LEARNING MATERIAL (SLM)
4. Detailed or comprehensive verification of transactions in areas where the internal control is weak. 5. Internal control investigation and evaluation is most relevant in the context of (a) Independent financial audits, (b) Special systems study engagements. Advantages of Internal Control Evaluation 1. Enables an Auditor to restrict his detailed examination in areas where internal controls is satisfactory and intensifying the scrutiny in areas where the controls are weak. 2. Resultantly, the time available to the auditor is more gainfully employed. 3. Highlights areas of weakness in the operating systems, for suitable remedial action to be taken by the Management. Inter-relationship between Audit and Internal Controls The Statement on Standard Auditing Practices (SAP) pertaining to the “Study and Evaluation of the Accounting System and Related Internal Controls in connection with an Audit”, defines the inter-relationship between the Statutory Auditor and internal control. The System of Internal Control is the plan of organization and all the methods and procedures adopted by the Management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and efficient conduct of business, including adherence to Management policies, the safeguarding of assets, prevention and detection of fraud and error, the accuracy and completeness of the accounting records and the timely preparation of reliable financial information. The system of internal control extends beyond those matters which relate directly to the functions of the accounting system. The internal audit functions constitute a separate component of internal control established with the objective of determining whether other internal controls are well designed and properly operated. Distinction between Control Environment and Control Procedures It would be necessary at this stage, to make a distinction between the concepts of ‘control environment’ and ‘control procedures. The control environment refers to the overall attitude, 33 CU IDOL SELF LEARNING MATERIAL (SLM)
awareness and actions of the Management regarding control and its role and importance in the entity. Factors reflected in the control environment include: 1. Management’s philosophy and operating style. 2. The organizational structure and methods of assigning authority and responsibility. 3. Management’s control system (including internal audit functions). 4. The functions of the Board of Directors, personnel policies, procedures and external influences. A strong control environment (e.g. one with tight budgetary controls and an effective audit function) can significantly complement specific controls. However, this by itself does not ensure the overall effectiveness of the system of internal control. Hence arises the necessity for ‘control procedures. Control Procedures Control procedures encompass policies and procedures established by the Management, in order to provide for the attainment of certain objectives. These could include the existence of systems for: 1. An effective system of reconciliation of Books of Accounts. 2. Check of the arithmetical accuracy of the records. 3. Controls over computer applications and environment. 4. Maintenance of control accounts and Trial Balances. 5. Approval and control of balances. 6. Comparison of results of cash, security and inventory checks with accounting records. 7. Limiting direct physical access to assets and records. 8. Comparison of budgetary estimates with actual estimates 9. Physical verification of assets and a system of safeguarding the assets. 10. Appropriate action taken with regard to any differences and discrepancies. 34 CU IDOL SELF LEARNING MATERIAL (SLM)
11. Distribution and proper allocation of functional responsibilities. 12. System of operation of accounting procedures for ascertainment of accurate of accurate and reliable accounting data. 13. Existence of an effective system for the efficient operation of the asset and a well-regulated system for safeguarding of assets. 14. System of managerial review of the work allocated to various individuals in the organization. Test of Internal controls After assimilating the internal control system, the auditor needs to examine whether and how far the same is actually in operation. For this, he resorts to actual testing of the system in operation. This he does on a selective basis: he can plan this testing in such a manner that all the important areas are covered in a period of, say, three years. Selective testing is being done by application of procedural tests and auditing in depth. Tests of Control: Tests of control are performed to obtain audit evidence about the effectiveness of the: (a) Design of the accounting and internal control systems, that is, whether they are suitably designed to prevent or detect and correct material misstatements; and (b) Operation of the internal controls throughout the period.Tests of control include tests of elements of the control environment where strengths in the control environment are used by auditors to reduce control risk. Some of the procedures performed to obtain the understanding of the accounting and internal control systems may not have been specifically planned as tests of control but may provide audit evidence about the effectiveness of the design and operation of internal controls relevant to certain assertions and, consequently, serve as tests of control. For example, in obtaining the understanding of the accounting and internal control systems pertaining to cash, the auditor may have obtained audit evidence about the effectiveness of the bank reconciliation process through inquiry and observation. When the auditor concludes that procedures performed to obtain the understanding of theaccounting and internal control systems also provide audit evidence about the suitability ofdesign and operating effectiveness of policies and procedures relevant to a particular financial 35 CU IDOL SELF LEARNING MATERIAL (SLM)
statement assertion, the auditor may use that audit evidence, provided it is sufficient to support a control risk assessment at less than a high level. Tests of control may include: Inspection of documents supporting transactions and other events to gain audit evidence those internal controls have operated properly, for example, verifying that a transaction has been authorised. Inquiries about, and observation of, internal controls which leave no audit trail, for example, determining who actually performs each function and not merely who is supposed to perform it. Re-performance of internal controls, for example, reconciliation of bank accounts, to ensure they were correctly performed by the entity. Testing of internal control operating on specific computerised applications or over the overall information technology function, for example, access or program change controls. While obtaining audit evidence about the effective operation of internal controls, the auditor considers how they were applied, the consistency with which they were applied during the period and by whom they were applied. The concept of effective operation recognises that some deviations may have occurred. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. When deviations are detected, the auditor makes specific inquiries regarding these matters, particularly, the timing of staff changes in key internal control functions. The auditor then ensures that the tests of control appropriately cover such a period of change or fluctuation. Based on the results of the tests of control, the auditor should evaluate whether the internalcontrols are designed and operating as contemplated in the preliminary assessment of control risk. The evaluation of deviations may result in the auditor concluding that the assessed level of control risk needs to be revised. In such cases, the auditor would modify the nature, timing and extent of planned substantive procedures. Before the conclusion of the audit, based on the results of substantive procedures and other audit evidence obtained by the auditor, the auditor should consider whether the assessment of control 36 CU IDOL SELF LEARNING MATERIAL (SLM)
risk is confirmed. In case of deviations from the prescribed accounting and internal control systems, the auditor would make specific inquiries to consider their implications. Where, on the basis of such inquiries, the auditor concludes that the deviations are such that the preliminary assessment of control risk is not supported, he would amend the same unless the audit evidence obtained from other tests of control supports that assessment. Where the auditor concludes that the assessed level of control risk needs to be revised, he would modify the nature, timing and extent of his planned substantive procedures. It has been suggested that actual operation of the internal control should be tested by the application of procedural tests and examination in depth. Procedural tests simply mean testing of the compliance with the procedures laid down by the management in respect of initiation, authorisation, recording and documentation of transaction at each stage through which it flows. For example, the procedure for sales requires the following: (i) Before acceptance of any order the position of inventory of the relevant article should be known to ascertain whether the order can be executed in time. (ii) An advice under the authorisation of the sales manager should be sent to the party placing the order, internal reference number, and the acceptance of the order. Thisadvice should be prepared on a standardised form and copy thereof should be forwardedto inventory section to enable it to prepare for the execution of the order in time. (iii) The credit period allowed to the party should be the normal credit period. For any special credit period a special authorisation of the sales manager would be necessary. (iv) The rate at which the order has been accepted and other terms about transport, insurance, etc., should be clearly specified. (v) Before deciding upon the credit period, a reference should be made to the credit section to know the creditworthiness of the party and particularly whether the party has honoured its commitments in the past. An auditor testing the internal controls on sales should invariably test whether any of the aforesaid procedures have been omitted. If credit has actually been granted without a reference to the credit section to know the creditworthiness of the party, it is possible that the amount may prove bad because of the financial crisis or deadlock in the management of the party, a fact 37 CU IDOL SELF LEARNING MATERIAL (SLM)
which could have been easily gathered from the credit section. Similarly, if an order is received without a reference to the inventory section, it is likely due to non-availability of the inventory on the stipulated date, execution of the order may be delayed and the company may have to compensate the buyer for the damages suffered by him. Internal Check Internal check has been defined by the Institute of Chartered Accountants of England and Wales as the “checks on day-to-day transactions which operate continuously as part of the routine system whereby the work of one person is proved independently or is complementary to the work of another, the object being the prevention or early detection of errors or fraud”. Internal check is a part of the overall internal control system and operates as a built-in device as far as the staff organisation and job allocation aspects of the control system are concerned. A system of internal check in accounting implies organisation of system of bookkeeping andarrangement of staff duties in such a manner that no one person can completely carry through a transaction and record every aspect thereof. The essential elements of a goods system of internal check are: (i) Existence of checks on the day-to-day transaction. (ii) Which operate continuously as a part of the routine system? (iii) Whereby the work of each person is either proved independently or is made complementary to the work of another. Its objective is to prevent and to bring about a speedy detection of frauds, wastes and errors. The system is based on the principle that when the performance of each individual in an organisation, normally and automatically, is checked by another, the chances of occurrence of errors, or their remaining undetected, are greatly reduced; also that, when two or more persons essentially must combine either to receive or to make a payment, there will be lesser possibility of a fraud being perpetrated by them. Internal Audit Introduction about Internal Audit 38 CU IDOL SELF LEARNING MATERIAL (SLM)
Internal audit is described as the verification of the operationswithin the business by a specially assigned staff. It is an important tool ofmanagement to evaluate the correctness of records on a continuousbasisinanorganisation. The term internal audit has been defined as \"an independentappraisal of activity” within an organisation for review of operations as abasisofservicetomanagement.Itisamanagerialcontrolwhichfunctionsbymeasuringandevaluatingth eeffectivenessofothercontrols. AccordingtoHowardF.Stettler,\"internalauditingisanindependent appraisal activity within an organisation for the review ofoperationsasaservicetomanagement.” The overall objective of internal auditing, therefore, is to assist themanagementintheeffectivedischargeoftheirresponsibilitiesby furnishingthemwithobjectiveanalysis,appraisals,recommendationsandpertinent comments concerning the activities reviewed. In short internalauditassuresthemanagementthatthesystemofinternalcheckandothertypesofcontrolsareeffec tiveindesignandoperation. Thus, internal audit is a thorough examination of the accountingtransactionstoensurethat- Thetransactionsareproperlyrecorded. Theaccountsaremaintainedsystematicallyand There is no possibility for manipulation of accounts or misappropriation ofpropertyofthebusiness. Inmoderntimes,aninternalauditorcarriesanewtask.Thetraditionalfunctionofcheckingthearithmetica lcorrectnessoftheaccountswiththehelpofvouchersanddocumentsandverificationoffewitems such as stock, cash and fixed assets is not sufficient. The duty ofinternal auditor now is to chart the procedure, examine the efficiency andworkonprogramsofimprovementofassessingtheeffectivenessofcontrols.Heisexpectedtoplanan darrangehistaskforeffectivefunctioning, set clear objectives of his own section, phase his objectives,gaintheconfidenceofthemanagementanddemonstratethevalueofhisfunctionsinareasofpe rformance. 39 CU IDOL SELF LEARNING MATERIAL (SLM)
Theinternalauditiscarriedoutgenerallyinthesamemannerasisfollowedforaprofessionalaudit.Howev er,itvariesinformfromenterprise to enterprise according to its size and specific needs. It isinstalled in large organisation and is carried out by the salaried staff whoare qualified to conduct professional audit. Being the employee of theorganisation, he has to ensure that there is no waste in the organisation.Internal auditor has to follow the provisions of law, standard auditingpractices and procedure prescribed for professional auditors and by theprofessional bodies controlling the audit system in the country. At thesame time internal auditor must be aware of the policies and programs oftheenterpriseheshouldbeprofessionallycompetenttocarryoutadetailedexaminationoftheworkingo fthebusiness.Equippedwithprofessional expertise and knowledge of the business, he will be in abetterpositiontomaketheinternalauditsystemmoreeffective. It is also worthwhile to know the modern concept of internal auditing. The Institute of Internal Auditors, USA defined internal auditing “as an independent appraisal function, established within an organisation to examine and evaluate its activities as a service to the organisation. The objective of internal auditing is to assist members of the organisation in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed”. According to proponents of modern internal auditing, it embraces not only the operational audit of various operating activities in the organisation but also includes the audit of management itself. Recently, the Institute of Internal Auditors revised the definition of Internal Auditing as under: \"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.\" The main thrust of the revised definition is to reemphasize the increasing scope of internal audit with a view to achieving maximum organisational effectiveness. It is felt that if such an activity is an integral part of the organisation, it shall go a long way to maximise the organisational goals. As students, if you trace the emergence of internal auditing over a period of time since early forties in the twentieth century, the scope of internal auditing increased considerably from financial to nonfinancial activities. With the passage of time, the internal audit came to be recognised as a valuable resource to achieve overall growth objectives of the organisation. “Internal Audit is an 40 CU IDOL SELF LEARNING MATERIAL (SLM)
independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity, including the entity’s risk management and internal control system.” The objects of internal audit can be stated as follows: (i) To verify the accuracy and authenticity of the financial accounting and statistical records presented to the management. (ii) To ascertain that the standard accounting practices, as have been decided to be followed by the organisation, are being adhered to. (iii) To establish that there is a proper authority for every acquisition, retirement and disposal of assets. (iv) To confirm that liabilities have been incurred only for the legitimate activities of the organisation. (v) To analyse and improve the system of internal check; in particular to see that it is (a) working; (b) sound; and (c) economical. (vi) To facilitate the prevention and detection of frauds. (vii) To examine the protection afforded to assets and the uses to which they are put. (viii) To make special investigations for management. (ix) To provide a channel whereby new ideas can be brought to the attention of management. (x) To review the operation of the overall internal control system and to bring material departures and non-compliances to the notice of the appropriate level of management ; the review also generally aims at locating unnecessary and weak controls for making the entire control system effective and economical. As per SA-610, “Using the Work of an Internal Auditor”, the objectives of internal audit functions vary widely and depend on the size and structure of the entity and the requirements of management and, where applicable, those charged with governance. The activities of the internal audit function may include one or more of the following: 41 CU IDOL SELF LEARNING MATERIAL (SLM)
Monitoring of internal control. The internal audit function may be assigned specific responsibility for reviewing controls, monitoring their operation and recommending improvements thereto. Examination of financial and operating information. The internal audit function may be assigned to review the means used to identify, measure, classify and report financial and operating information, and to make specific inquiry into individual items, including detailed testing of transactions, balances and procedures. Review of operating activities. The internal audit function may be assigned to review the economy, efficiency and effectiveness of operating activities, including non- financial activities of an entity. Review of compliance with laws and regulations. The internal audit function may be assigned to review compliance with laws, regulations and other external requirements, and with management policies and directives and other internal requirements. Risk management. The internal audit function may assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. Governance. The internal audit function may assess the governance process in its accomplishment of objectives on ethics and values, performance management and accountability, communicating risk and control information to appropriate areas of the organization and effectiveness of communication among those charged with governance, external and internal auditors, and management. Applicability of Provisions of Internal Audit: As per section 138 of the Companies Act, 2013 the following class of companies (prescribed in rule 13 of Companies (Accounts) Rules, 2014) shall be required to appoint an internal auditor or a firm of internal auditors, namely- (a) Every listed company. (b) Every unlisted public company having- (i) Paid up share capital of fifty crore rupees or more during the preceding financial year: or (ii) Turnover of two hundred crore rupees or more during the preceding financial year; or 42 CU IDOL SELF LEARNING MATERIAL (SLM)
(iii) Outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or (iv) outstanding deposits of twenty five crore rupees or more at any point of time during the preceding financial year; and (c) every private company having- (i) turnover of two hundred crore rupees or more during the preceding financial year; or (ii) outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year: It is provided that an existing company covered under any of the above criteria shall comply with the requirements within six months of commencement of such section. Who can be appointed as Internal Auditor? As per section 138, the internal auditor shall either be a chartered accountant whether engaged in practice or not or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the companies. The auditor may or may not be an employee of the company. To be effective, the internal auditor must be regarded as part of the management and not merely as an assistant thereto. He must have authority to investigate from the financial angles, every phase of the organisational activity under any circumstances. In recent years, there has been a growing tendency in Western countries to make the internal auditor responsible directly to the Board of Directors for the maintenance of adequate accounting procedures and for the preparation of financial statements and reports as regards the functioning of the business. His main responsibility, however, must be to maintain adequate system of internal control by a continuous examination of accounting procedures, receipts and disbursements and to provide adequate safeguards against misappropriation of assets. In carrying out these functions, he must operate independently of the accounting staff and must not in any way divest himself of any of the responsibilities placed upon him. He should also not involve himself in the performance of executive functions in order that his objective outlook does not get obscured by the creation of vested interest. It may be further pointed out that internal auditors who are qualified accountants, because of their training and experience, can be of great assistance to the management even in fields other than accounting. They can observe facts and situations and bring them to notice of authorities who would otherwise never know them; also, they critically appraise various policies of the 43 CU IDOL SELF LEARNING MATERIAL (SLM)
management and draw its attention to any deficiencies, wherever these require to be corrected. In order that an internal auditor may be able to play such a role in the field of management, he must be closely associated with it and his knowledge must be kept up to date by his being kept informed about all important occurrences and events affecting the business, as well as the changes that are made in business policies. Also, he must enjoy an independent status. In addition, the Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit. It may also be noted that the Central Government may, by rules, prescribe the manner and the intervals in which the internal audit shall be conducted and reported to the Board. Internal Audit vs. Internal Check: Internal audit is a review of the operations and records, sometimes continuously undertaken, within a business, by specially assigned staff. But internal audit must not be confused with internal check. Internal check consists of a set of rules or procedures that are part of the accounting system, introduced so as to ensure that accounts of a business shall be correctly maintained, and the possibility of occurrence of frauds and errors eliminated. On the other hand, internal audit is a thorough examination of the accounting transactions as well as that of the system according to which these have been recorded, with a view to reassuring the management that the accounts are being properly maintained and the system contains adequate safeguards to check any leakage of revenue or misappropriation of property or assets and the operations have been carried out in conformity with the plans of the management. However, the routine processes by which an internal audit is carried out are broadly the same as those followed for professional audit. But internal audit often differs in its scope and emphasis: it is more managerial than accounting; also, its form is varied, depending on the size of the organization. For instance, whereas a professional auditor is primarily concerned with the legality or validity of transactions entered into by a business, an internal auditor in addition is expected to ensure that the standards of economy and efficiency are being maintained. On that account, the internal auditor must ascertain that orders for the purchase of inventory are placed only after inviting tenders, sales are affected at the highest ruling rates, standard procedures as regards requirement of staff are followed, and losses in manufacturing process suffered during the period under review are not higher than those in the earlier periods and so on. He must further confirm that there has been no leakage of inventories or revenue, overpayment of expenditure or pilferage or misappropriation of inventories or of any other asset, reconciling 44 CU IDOL SELF LEARNING MATERIAL (SLM)
the physical accounting records and physical balance. The nature and extent of checking that the auditor should carry out also would depend on the size and type of the business organization. 2.4 TECHNIQUES OF INTERNAL CONTROL SYSTEM Internal control systems use two types of techniques. Internal monitoring techniques that are both preventative and detective. Internal control strategies of all types are essential for an efficient internal control system. Preventive controls approaches are critical in terms of quality because they are constructive and prioritize quality. However, detective controls techniques are important because they provide proof that preventive controls are working properly. Preventive Controls techniques are designed to discourage errors or irregularities from occurring. They are proactive in nature that helps to ensure departmental objectives are being met. Examples of preventive controls techniques are: Duties Segregation: Duties are divided among different people to minimise the risk of error or improper behaviour. Authorizing transactions (approval), recording transactions (accounting), and managing the associated asset (custody) are typically divided. Approvals, Authorizations, and Verifications: Under certain conditions, management authorizes workers to perform certain tasks and conduct certain transactions. Asset Security: Access to equipment, inventories, securities, currency, and other properties is limited, and assets are counted and compared to amounts on control records on a regular basis. Detective Controls are used to detect errors or anomalies after they have occurred. Below are some examples of detective monitoring techniques: Management compares actual output to schedules, projections, previous periods, or other metrics to determine the degree to which targets and objectives are being met and to detect unexpected outcomes or irregular conditions that need further investigation. Reconciliations: An employee compares and contrasts various sets of data, recognises and investigates discrepancies, and takes corrective action as required. Physical Inventory verification 45 CU IDOL SELF LEARNING MATERIAL (SLM)
Internal Audits Other Audit Areas Propriety audit Propriety, according to Kohler, is defined as that which satisfies the public interest, generally accepted norms, and standards of conduct, especially when it comes to professional performance, government regulations, and professional codes. Propriety audits are conducted to determine if transactions were completed in accordance with defined rules, principles, and standards. The Propriety Audit means the verification of following main aspects to find out whether: • The funds have not been misused and have been adequately safeguarded, as evidenced by careful documentation in appropriate books of records. • The company's profits have been wisely spent. • The problem is producing the desired outcomes. Compliance audit A compliance audit is a comprehensive review of a company's regulatory compliance. The aim of a compliance audit is to see whether the organization is following the prescribed laws, regulations, policies, or procedures. These audits can be conducted for internal purposes or in response to requests from third parties. Efficiency audit In a nutshell, productivity refers to how effectively a company uses its capital to manufacture products and services. It concentrates on resources (inputs), products and services (outputs), and the pace at which inputs are used to generate or deliver outputs (productivity). The term \"efficiency audit\" refers to a comparison of real and desired/projected outcomes. Its aim is to determine if plans have been carried out successfully. It is concerned with the most cost-effective and remunerative use of capital in order to achieve the company's goals. 2.5 SUMMARY Control is a widely used tool in the corporate world to make the most efficient use of resources. The level of control required by a sole proprietor in a small company is not the 46 CU IDOL SELF LEARNING MATERIAL (SLM)
same as that of a large corporation. Proper monitoring must be in place to ensure that things are moving in the right direction. Internal control is the system of control established by the management in order to carry on business in an orderly and efficient manner. Internal check is a system of allocation of responsibility, division of work and methods of recording transactions. The thrust of internal audit system is to detect the errors and frauds. Auditor: Internal control is designed, implemented and maintained to address identified business risks that threaten the achievement of any of the entity's objectives. Limitations of Internal Control include: Human judgment in decision-making can be faulty and breakdowns in internal control can occur because of human error. Internal control can be circumvented by the collusion of two or more people. Considerations specific to Smaller Entities: Smaller entities often have fewer employees which may limit the extent to which segregation of duties is practicable. In a small owner-managed entity, the owner-manager may be able to exercise more effective oversight than in a larger entity. Not all objectives and controls are relevant to the auditor's risk assessment. Audit of financial reporting may be broader and more detailed. An improperly designed control may represent a significant deficiency in internal control. The auditor shall obtain an understanding of the control environment. The control environment sets the tone of an organization, influencing the control consciousness of its management. In every business organisation, small or big, simple or complex, some sort of control is perceptively or otherwise in operation. It ensures uniform treatment and operation. The form and details, however, may vary from organisation to organisation. It is desirable that the management also installs an internal audit system. The auditor needs reasonable assurance that the accounting system is adequate. Internal control normally contributes to related internal controls. Review of internal controls will enable the auditor to know: (i) whether errors and frauds are likely to be located in the ordinary course of operations of the business. The auditor can formulate his entire audit program only after he has had a satisfactory understanding of the internal control systems and their actual operation. It is also important for him to know whether the system is actually in operation. 47 CU IDOL SELF LEARNING MATERIAL (SLM)
Often, after installation of a system, no proper follow up is there by the management to ensure compliance. In deciding upon a plan of test checking, the existence and operation of internal control system is of great significance. A review of the internal control can be done by a process of study, examination and evaluation of the control system installed by the management. In many cases, very little of this information is available in writing. The narrative record is a complete and exhaustive description of the system as found in operation by the auditor. Actual testing and observation are necessary before such a system is in operation and evaluated. 2.6 KEYWORDS IIA-Institute of Internal Auditors IC-Internal control 2.7 LEARNING ACTIVITY 1. Prepare an Internal control Questionnaire to vouch Purchases and Trade Payables. ______________________________________________________________________________ ______________________________________________________ 2.8UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. Difference between Preventive control and Detective control 2. Explain Internal audit and its advantages 3. What are the different techniques in internal audit? Explain in brief 4. Explain in detail about Test of controls. 5. Discuss in detail about the relationship between Internal Audit and Internal controls. Long Questions 1. Discuss differences between Internal Audit and Internal Check? 48 CU IDOL SELF LEARNING MATERIAL (SLM)
2. Discuss difference between Internal Audit and Internal Control? 3. Discuss difference between Internal Check and Internal Control? 4. Explain in detail about Other Audits. 5. Explain the provisions of Section 138 of companies Act 2013 in detail B. Multiple Choice Questions 1.______________ means whether the transactions have been done in conformity with established rules, principles, and some established standard. a. Efficiency Audit b. Propriety Audit c. Compliance Audit d. None of these 2.______________are designed to discourage errors or irregularities from occurring a. Preventive Controls techniques b. Detective internal control techniques c. Both a and b d. None of these 3.In ____________ checking is done when the work is being done a. Internal control system b. Internal check system c. Internal Audit d. None of these 4. Who amongst the following cannot be appointed as Internal Auditor? 49 a. Statutory Auditor b. CA CU IDOL SELF LEARNING MATERIAL (SLM)
c. CS d. CMA 5.Checking less than 100% of the Transactions is called as ___________ a. Internal check b. Test check c. Both a and b d. None of these Answers 1-b 2-a 3-b4-a5-b 2.9 REFERENCES Text Books: T1 ArunaJha, Auditing, Taxmann’s Publications, University Edition T2 Ravinder Kumar, Auditing: Principles and Practice :PHI Learning Pvt. Ltd Reference Books: R1 N.D Kapoor, Auditing, Sultan Chand & Sons R2 Gupta; Contemporary Auditing, Tata McGraw Hill Website: www.icai.org 50 CU IDOL SELF LEARNING MATERIAL (SLM)
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
