Unit - 2
Checking, Vouching & Audit Report
INTRODUCTION
SA 700 (Audit Report) mentions that an audit includes examination, on a test basis, of evidence supporting the amounts and disclosures in financial statements.
MEANING
SA 500 issued by the institute of Chartered Accounts of India (ICAI) states that in forming an opinion an auditor may obtain audit evidence on selective basis. The selection may be based on auditor’s personal judgment or statistical sampling technique.
TEST CHECKING VS. STATISTICAL SAMPLING
When items are selected and checked on the basis of the personal judgment of auditor, it is called Test Checking. When items are selected by applying statistical techniques of sampling, random selection etc., it is called Statistical Sampling.
UNSUITABLE
The following transaction/balances are not suitable for test checking.
- Opening and closing entries.
- Bank Reconciliation statements.
- Item recurring calculations/estimates e.g. Depreciation, royalty etc.
- Very important/material transactions/ balances etc.
IMPORTANCE
- Full Checking Impossible
When the number of transactions is large auditor cannot check all the transactions 100%. In such cases auditor has to resort to test checks.
2. Full Checking Unnecessary
In most cases, 100% checking is unnecessary. Statements on Auditing Practices issued by the ICAI states that where an adequate system of internal control is in force, the auditor is entitled to apply test checks.
3. Extent of Checking
The extent of checking should be based on the following factors:
- Possibility of errors and frauds.
- Nature and materiality of item being checked.
- Nature of the business and size of the company.
- The system of accounting.
- Internal controls.
- Internal audit.
ADVANTAGES
- Reduces the cost of audit.
- It helps to speed up the audit work.
- It helps to decide whether the financial records are reliable and to what extent.
- It is a labor saving technique.
- It helps auditor to arrive at a conclusion regarding the true and fair view.
DRAWBACKS
- Arbitrary Selection
The selection depends upon the personal judgment of the auditor.
2. Ignores Statistical Techniques
Test checking ignores statistical techniques of sampling, random selection, risk assessment etc. Thus, auditor cannot be confident that he has selected the right sample.
3. Ignores Quality
An audit instruction regarding, say 25% checking of purchase entries, does not indicate how those 25% entries are to be selected.
4. Risks
Risk means the possibility that conclusions from test checks may be different from those based on 100% checking. Risks are of the following types –
(a) Reliance on Internal Controls
(b) Wrong Conclusions
PRECAUTIONS
- Classify Transactions under proper heads
- System and Procedures for a transaction right from the beginning to the end should be studied in their sequence.
- The whole of the system of internal control in the areas of accounts and finance should be studied and evaluated.
- A properly thought-out test check plan should be prepared.
- The transactions falling under each tests-check plan should be selected in such a manner that bias cannot enter in the selection.
- Auditor should identify the areas where test check may not be suitable.
AUDITOR’S LIABILITY
The test checking does not reduce auditor’s liability. If an auditor is accused of negligence, he cannot say that the items for test checking were free of errors. It is the duty of the auditor to take reasonable care and exercise his skill during an audit. Auditors must keep proper record of the test checks carried out, to help him defend his conclusions later on.
MEANING
Routine Checking means checking of arithmetical accuracy of books of original entry and ledgers with a view to detecting clerical errors and simple frauds. It involves the
- Checking of casting, sub casting (total, sub-totals), carry-forward, extension and calculation etc. in subsidiary books,
- Checking of postings into the ledgers, casting of ledger account and
- Extraction of their balance into the trial balance.
FEATURES
1. Detailed Checking
Routine chewing involves detailed checking of each and every accounting step-entry in the original books, postings into the ledger and preparation of the trial balance.
2. Traditional system
It is the traditional system of audit also known as ‘vouch and post’ audit.
3. Juniors
The work is usually done by junior members of the auditor’s staff.
4. Ticks
Distinctive ‘ticks’ are used in routine checking for different purposes e.g. For totals, for posting etc. hence ‘routine checking’ is also called ‘tick-work’.
5. Routine Errors / Frauds
Routine Checking can reveal routine clerical errors / frauds.
OBJECTIVES
The main objects of routine checking are:
1. Verification of the arithmetical accuracy of the entries,
2. Verification of the accuracy of posting of ledgers.
3. Verification of the balancing of the ledger accounts, and
4. Ensuring that no figures have been altered after checking.
ADVANTAGES
1. It is the simplest form of audit work.
2. Errors and frauds of simple nature can be very easily detected.
3. The books of accounts can be thoroughly checked.
4. It helps in checking castings and postings.
5. Arithmetical accuracy of all the transactions can be confirmed by this method.
6. It offers an opportunity to train the junior auditors.
DISADVANTAGES
Routine Checking has the following disadvantages:
- It is a mechanical and boring work
- It can detect only simple arithmetical errors and small frauds.
- It is time consuming and expensive.
- It is unnecessary in case of a large business using information technology.
MEANING
SA 530, ‘Adult Sampling’ means the application of audit procedures to less than 100% of the items within an account balance or class of transaction to enable the auditor toobtain and evaluate audit evidence about some characteristic of the item selected in order to form or assist in forming a conclusion concerning the population.
PURPOSE
When using sampling methods, the auditor should design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence.
FACTORS FOR DESIGNING AUDIT SAMPLE
When designing an audit sample, the auditor should consider (i) the specific audit objectives, (ii) the population from which the auditor wishes to sample, and (iii) the sample size.
1. Audit Objectives
The auditor would consider the specific audit objectives to be achieved and the audit procedures which are likely to best achieve those objectives.
2. Population
The population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor will need to determine that the population from which the sample is drawn is appropriate, complete and reliable.
3. Sample Size
The sample size can be determined by the application of a statistically based formula (statistical sampling) or through the exercise of professional judgment (test check).
The basic factors influencing the sample size are –
(i) Level of acceptable sampling risk : if the auditor is willing to accept lower level of risk, the sample size needs to be larger.
(ii) Tolerable errors : If the maximum error the auditor is willing to accept (the tolerable error) is smaller, the sample size need to be larger.
(iii) Expected errors : if auditors expects more errors to be present in the population, the sample size needs to be larger.
SAMPLING RISK
1. Meaning
Sampling risk arises from the possibility that the auditor’s conclusion, based on a sample, may be different from conclusion that would be reached if the entire population were subjected to the same audit procedure. The auditor is faced with sampling risk in (i) tests of control and (ii) Substantive procedures.
2. Sampling Risks in Test of Control
(i) Risk of Under Reliance: The risk that, although the sample result does not support the auditor’s assessment of control risk, the actual compliance rate would support such an assessment.
(ii) Risk of Over Reliance: The risk that, although the sample result support the auditor’s assessment of control risk, the actual compliance rate would not support such an assessment.
3. Sampling Risks in Substantive Procedures
(i) Risk of Incorrect Rejection: The risk that, although the sample result supports the conclusion that a recorded account balance or class of transactions is materially misstated, in fact it is not materially mis-stated.
(ii) Risk of Incorrect Acceptance: The risk that, although the sample results support the conclusion that recorded account balance or class of transactions is not materially mis-stated, in fact it is materially misstated.
4. Effects of Sampling Risks on Audit
(i) The risk of over reliance and the of incorrect acceptance affect audit effectiveness and are more likely to lead to an erroneous opinion on the financial statements than either the risk of under reliance or the risk of incorrect rejection.
(ii) The risk of under reliance and the risk of incorrect rejection affect audit efficiency as they would ordinarily lead to additional work being performed by the auditor, or the entity, which would establish that the initial conclusions were incorrect.
5. Sampling Risk and Sample Size
Sample size is affected by the level of sampling risk the auditor is willing to accept from the results of the sample. The lower the risk the auditor is willing to accept, the greater the sample size will need to be.
ADVANTAGES / NEED / IMPORTANCE OF SAMPLING
- Sampling helps to reduce cost of carrying out the audit work.
- Sampling helps to complete the checking and audit in time.
- Sampling helps to check the material items and avoids unnecessary 100% checking of all the items.
- Sampling helps the audit staff to focus on important items and avoid the boring job of a complete check of all small items.
- Sampling helps to judge if the accounts are true and fair. A complete check would be necessary only if the auditor had to check if the accounts were true and correct.
DISADVANTAGES OF SAMPLING
- The technique is not always fully understood so that false conclusions may be drawn from the results.
- Time spent in drawing the sample might better be used for actual auditing.
- Audit judgment takes second place to precise mathematics.
- It is inflexible.
- It is more useful if only one attribute is to be checked. Often several attributes of transactions or documents are tested at the same time. Statistics does not easily handle this.
MEANING
Vouching is an important procedure for obtaining audit evidence. Normally, entries in the books of account are made on the basis of documentary evidence such as bills, receipts, cheque counter-foils, pay-in-slips, pay roll and so on. Such documentary evidence is called a voucher. Vouching means the critical examination of such vouchers. Vouching is the inspection of documents supporting an entry in accounts. It is the act of examining vouchers to establish the authenticity (genuineness) of the transactions recorded.
AIMS, OBJECTIVES AND IMPORTANCE
Auditing is the critical examination of accounts to determine whether they are true and fair and free from errors and frauds. Vouching is said to be the essence of auditing. Vouching is the method of critically examining the documents which support the entries in the accounts. Vouching is important as it achieves the following aims or objectives-
TRUE AND FAIR
Vouching enables the auditor to ascertain whether the entries in the books are true and fair, which is the basic objectives of auditing.
Occurrence
Vouching helps the auditor to ascertain whether the transaction actually occurred.
Amount
Vouching helps the auditor to check whether the transaction is recorded for the right amount.
Relevant Entries
Vouching helps the auditor to ascertain whether the entries recorded in the books are relevant i.e. they relate to concern and to the current accounting year.
As per Standards
Vouching enables the auditor to verify whether an item is accounted as per the recognized accounting standards, policies and practices.
As per Law
Vouching ensures that the transaction complies with the provisions of Law e.g. The Companies Act, the Income-tax Act etc.
Disclosure
Vouching enables the auditor to ensure that an item is properly disclosed in the final accounts as required by Schedule III of the Companies Act, 2013.
ERRORS AND FRAUDS
Vouching helps an auditor to achieve the object also. Thus, vouching helps an auditor to detect errors in recording transaction e.g. Errors of commission, errors of omission or errors of principle etc. vouching ensures the arithmetical accuracy of books of accounts. Vouching also enables detection of frauds by manipulation of records.
POINTS TO BE CONSIDERED IN VOUCHING
- Checking the Voucher
- Checking the supporting documents and
- Checking the entry in the Books.
CHECKING OF VOUCHER
- Name of the concern
- Date of the Voucher
- Serial number of Voucher
- Heads of Account Debited and/ or Credited
- Description of transaction and Name of Parties Involved
- Amounts in Figures and Words
- Signature of Authorized Official
- Signature of Person Preparing Voucher
- Signature of Person Making Entry In a Day-book
- Signature of the payee
CHECKING SUPPORTING DOCUMENTS
- PERTAINS TO CLIENT
- PERTAINS TO Current Year
- 3 serial Number of Bill
- Details of transaction
- Quantity
- Amount
- Signature of Party
- Approval of Bill
CHECKING ENTRY IN BOOKS
- Client’s Books
- Date of Entry
- Serial number of voucher
- Heads of Account Debited and/or Credited
- Quantity
- Amount
Vouching of Receipts
In vouching, payments shown on cash book, an auditor should see that payment has been made wholly and exclusively for the business of the client and that it is properly authorized by the person who is competent to do so.
An auditor should keep in mind the following special points while vouching payments:-
- Name of the concern
- Date of the Voucher
- Serial number of Voucher
- Heads of Account Debited and/ or Credited
- Description of transaction and Name of Parties Involved
- Amounts in Figures and Words
- Signature of Authorized Official
- Signature of Person Preparing Voucher
- Signature of Person Making Entry In a Day-book
- Signature of the payee
Vouching of Payments
Cash Payment is defined as a form of liquid funds given by a consumer to a provider of goods or services as compensation for receiving those products. • In most domestic business transactions, a cash payment will typically be made in the currency of the country where the transaction takes place, either in paper currency, in coins or in an appropriate combination. • Terms used in Vouching of Payments – Cheque, Cash in hand, Wages, Vouchers, Voucher Numbers, Bank Reconciliation, Blank Cheques, Monthly accounts, Discounts, Payment authorities.In vouching, payments shown on cash book, an auditor should see that payment has been made wholly and exclusively for the business of the client and that it is properly authorized by the person who is competent to do so.
Spicer and Pegler have defined verification as “it implies an inquiry into the value, ownership and title, existence and possession and the presence of any charge on the assets”. Verification is a process by which an auditor satisfies himself about the accuracy of the assets and liabilities appearing in the Balance Sheet by inspection of the documentary evidence available. Verification means proving the truth, or confirmation of the assets and liabilities appearing in the Balance Sheet.
Thus, verification includes verifying :-
- The existence of the assets
- Legal ownership and possession of the assets
- Ascertaining that the asset is free from any charge, and
- Correct valuation
Of course it is not possible for the auditor to verify each and every asset. It was held in Kingston Cotton Mills case that “it is not part of an auditor’s duty to take stock. No one contend that it is. He must rely on other people for the details of stock in trade in hand”.
However, as per the decision given in Mc Kesson and Robins case (1939) the auditor must physically inspect some of the assets. Now the auditor has to report whether the balance sheet shows true and fair view of the state of affairs of the company. Hence, he is required to verify all the assets and liabilities appearing in the balance sheet. In case of failure, the auditor can be held liable for damages.
According to the statement of auditing practices’ issued by ICAI, “the auditor’s object in regard to assets generally is to satisfy that :-
- They exist.
- They belong to the client.
- They are in the possession of the client or the persons authorized by him.
- They are not subject to undisclosed encumbrances or lien.
- They are stated in the balance sheet at proper amounts in accordance with sound accounting principles, and
- They are recorded in the accounts.
POINTS TO BE CONSIDERED
While conducting verification following points should be considered by the auditor :-
- Existence: The auditor should confirm that all the assets of the company are physically existing on the date of balance sheet.
- Possession: The auditor has to verify that the assets are in the possession of the company on the date of balance sheet.
- Ownership: The auditor should confirm that the asset is legally owned by the company.
- Charge or lien: The auditor has to verify whether the asset is subject to any charge or lien.
- Record: The auditor should confirm that all the assets and liabilities are recorded in the books of account and there is no omission of asset or liability.
- Audit report: Under CARO the auditor has to report whether the management has conducted physical verification of fixed assets and stock and the difference, if any, between the physical inventory and the inventory as per the book.
- Event after balance sheet date: The auditor should find out whether any event after the date of balance sheet has affected any items of assets and liabilities.
SCOPE OF VERIFICATION
Verification includes information on the following:-
- That the assets were in existence on the date of the balance sheet
- That the assets had been acquired for the purpose of business only
- That the assets had been acquired under a proper authority
- That the right of ownership of the assets vested in the organization
- That the assets were free from any charge and
- That the assets were properly valued and disclosed in the balance sheet.
OBJECTS OF VERIFICATION
Following are the objects of verification of assets and liabilities
- To show correct valuation of assets and liabilities.
- To know whether the balance sheet exhibits a true and fair view of the state of affairs of the business
- To find out the ownership and title of the assets
- To find out whether assets were in existence
- To detect frauds and errors, if any
- To find out whether there is an adequate internal control regarding acquisition, utilisation and disposal of assets.
- To verify the arithmetic accuracy of the accounts
- To ensure that the assets have been recorded properly.
ADVANTAGES OF VERIFICATION
Advantages of verification are as under :-
- It avoids manipulation of accounts
- It guards against improper use of assets
- It ensures proper recording and valuation of assets
- It exhibits true and fair view of the state of affairs of the company.
TECHNIQUES OF VERIFICATION
- Inspection: It means physical inspection of the assets i.e. company cash in the cash box, physical inventory, inspection of shares certificates, documents etc.
- Observation: The auditor may observe or witness the inspection of assets done by others.
- Confirmation: It means obtaining written evidence from outside parties regarding existence of assets.
VERIFICATION OF ASSETS
The term ‘verification’ signifies the physical examination of certain class of assets and confirmation regarding certain transactions. Sometimes verification is confused with vouching but they differ from each other on the nature and depth of the examination involved. Vouching goes to prove the arithmetical accuracy and the genuineness of the transactions whereas verification goes to enquire into the value, ownership, existence and possession of assets and also to confirm whether they are free from any mortgage or charge. The fact of the presence of any entry regarding the acquisition of asset does not prove that the particular asset actually exists on the Balance Sheet date, rather it purports to prove that the asset ought to exist; on the other hand, verification through physical examination and confirmation proves whether a particular asset actually exists without having any charge on the date of the balance Sheet.
Verification of assets involves the following steps:
- Enquiry into the value placed on assets;
- Examination of the ownership and title deeds of assets;
- Physical inspection of the tangible assets; and
- Confirmations regarding the charge on assets;
- Ensuring that the assets are disclosed, classified and presented in accordance with recognized accounting policies and legal requirements.
The scope of verification is wide and consequently verification is an important part of the auditor’s duties. An auditor should put all his endeavor to satisfy himself whether a particular asset is shown in the Balance Sheet at proper value, whether the concern holds the title to the asset and the asset is in the sole possession of the concern and lastly whether the asset is free from any charge. If the auditor fails to perform his duty, he will be held liable.
Besides the legal importance, verification also plays an important role to guard against improper valuation of assets like stock-in-trade which may inflate or deflate the profit position of the concern. Improper valuation of assets may also conceal the actual position of the business as reflected in the Balance Sheet.
However, it is not possible on the part of the auditor to physically verify each and every asset because time may not permit him to do so, or he may not have sufficient technical knowledge of the assets concerned. It was decided in the case of “Kingston Cotton Mills: that it is not a part of an auditor’s duty to take stock. No one contends that it is. He must rely on other people for the details of the stock-in-trade.
Again, while going through the decision of Mc Kesson and Robins case in 1939, we find that the auditor should physically verify some of the assets. If possible, title documents like negotiable instruments, shares, debentures, securities, etc. are to be thoroughly examined on the last day of the accounting period. He should satisfy himself that the transactions, if any, having bearing on the Balance Sheet date and date of audit are bonfire and are supported with proper evidence. The auditor is also supposed to verify stock-in-trade with reference to the purchase book, the stock records, the gatekeeper’s book, etc. though law does not specially compel him to take stock-in-trade.
Meaning:
Valuation of assets means determining the fair value of the assets shown in the Balance Sheet on the basis of generally accepted accounting principles. The valuation of assets is very important because over-statement or under-statement of the value of assets in the Balance sheet not only distorts the true and fair view of the financial position but also gives wrong position of profitability.
The valuation of the assets is the primary duty of the officials of the company. The auditor is required to verify whether the value ascertained is fair one or not. For this, he may rely on the technical certificate issued by the experts in the field.
Valuation of assets means not only checking value of the assets owned by an organization as on Balance Sheet date, but also critical examination of the value of these assets (comparative analysis of different assets).
The auditor has also to see that the principle of valuation of assets is consistently adopted and is based on established principles of accountancy. For the purpose of convenience, those assets are classified as under to determine their value.
- Fixed Assets
- Current Assets or Floating Assets
- Wasting Assets
- Intangible Assets
- Fictitious Assets.
- Fixed Assets: Fixed Assets are usually valued at going concern value’ which means cost less depreciation. Cost here means purchase price of the assets plus all incidental manufacturing, buying and installation expenses incurred to bring the assets in use. Depreciation is the provision made for the reduction in the value of the assets on account of their usage, natural wear and tear and obsolescence etc. The depreciation provided should be fair, otherwise the value of fixed assets may not be fair. What is a fixed asset depends on the nature of the business organization.
- Current Assets or Floating Assets: These are usually converted into cash at the earliest opportunity in the process of business activity, e.g. Stocks, bills receivables, sundry debtors, etc. Based on conservatism principle, usually current asset are valued at original value (cost price) or market value (realizable value) whichever is lower. Because they are intended to be converted into cash at the earliest possible time, hence what value we may realize is important. This method is adopted to strengthen the financial position of a concern by indirectly providing for expected loss by way of fall in the market value of the assets. This principle is held by the conservatism convention of accounting, i.e. do not expect profits but provide for anticipated losses.
- Wasting Assets: Wasting Assets means those which lose their value gradually upon their use, e.g. a mine, a quarry etc. To value these assets firstly we should determine the usefulness of the assets in terms of units of production etc. and as per their actual use the value is to be reduced on proportionate basis. If in a particular period this type of asset is not used then the value may not diminish also. Thus, these assets are to be reduced on the basis of consumption. But sometimes it may be difficult to adopt this method, then the cost less depreciation’ principle may have to be applied.
- Intangible Assets: Usually intangible assets like goodwill, patent rights, know how, etc. are valued on cost basis. But if the same are acquired by a non-cash transaction, then the fair market value is to be taken as the value of intangible assets. Auditor should also see the period of time and till it is fully written off, they are shown as assets because they do not have any realizable value. They are to be valued at actual cost less amount written off as depreciation upto Balance Sheet date.
- Fictitious Assets: Certain lump sum expenses giving benefit for more than one year when incurred are written off over a period of time, and till it is fully written off, it is shown as an asset in the Balance Sheet e.g. Preliminary expenses, discount on issue of shares etc. These are all fictitious assets because they do not have any realizable value. They are to be valued at actual cost less amount written off upto the Balance Sheet date.
Methods of Valuation
The following are the various principles of valuation of assets
- Cost Price (Going Concern Value): Under this method actual cost of assets are reduced by the depreciation provided. Usually this method is applied to value fixed assets.
- Market Value: This refers to the market value of the asset i.e. the price at which the asset is being transacted in the market. This is applied to value the current assets only when this is lower than cost of the asset. Usually market value is adopted to value items having perishable nature.
- Scrap Value: Assets which are useless for the enterprise may be sold as scrap in the market. The value for which such assets can be disposed of as scrap, is called as scrap value of assets.
- Replacement Value: This represents the value at which the existing assets can be replaced. That means the price to be paid to acquire such type of assets in the market on the date of the balance Sheet.
- Realizable Value: The value that can be obtained if the asset is sold in the market i.e. anticipated selling price. Usually, expenses such as commission, brokerage etc. are deducted from it.
Distinction between verification and valuation:
- Meaning: verification establishes existence, ownership and acquisition of assets whereas valuation certifies correctness of the value of assets and liabilities.
- Time: Verification is done at the end of the year whereas valuation is done during the year.
- Personnel: Verification is done by auditor whereas valuation is done by the proprietor himself.
- Evidence: The title deeds, receipts of payments constitute documentary evidence for verification where as certificate given by the proprietor is the documentary evidence for valuation.
VERIFICATION OF LIABILITIES
Meaning: The verification of liabilities implies an enquiry into the nature, extent and existence of liabilities.
It involves ensuring the following:
- That all the liabilities have been clearly stated on the liability side of the Balance Sheet.
- That all the liabilities relate to the business itself.
- That they are correct and authorized.
- That they are shown in the Balance sheet at their actual figures.
It is an important duty of an auditor to verify the liabilities appearing in the Balance Sheet of the company. The object of verification of liabilities is to ascertain whether there is any improper inflation or deflation of values or improper creation of an imaginary liability in the books. This form of manipulation is done in most cases to inflate or deflate the profits of the concern and thus make the position of the business appear stronger than what actually is, to create a secret reserve. As a result of such manipulation, the Profit and Loss Account and the Balance Sheet prove to be incorrect and thus the Balance Sheet does not exhibit a true and fair view of the state of affairs of the concern. So, the auditor must take all possible steps to ensure that all liabilities are recorded properly in the books of accounts of the business. It is advisable that the auditor should, besides verifying the liabilities as shown in the Balance Sheet, get a certificate from the management that all liabilities of any nature have been included in the books of accounts and the contingent liabilities have been shown by way of a foot-note to the Balance Sheet or have been provided for.
An audit report is a written opinion of an auditor regarding an entity's financial statements. The report is written in a standard format, as mandated by generally accepted auditing standards (GAAS). GAAS requires or allows certain variations in the report, depending upon the circumstances of the audit work in which the auditor engages. The following report variations may be used:
- A clean opinion, if the financial statements are a fair representation of an entity's financial position, being free of material misstatements. This is also known as an unqualified opinion.
- A qualified opinion, if there were any scope limitations that were imposed upon the auditor's work.
- An adverse opinion, if the financial statements were materially misstated.
- A disclaimer of opinion, which can be triggered by several situations. For example, the auditor may not be independent, or there is a going concern issue with the auditee.
The typical audit report contains three paragraphs, which cover the following topics:
- The responsibilities of the auditor and the management of the entity.
- The scope of the audit.
- The auditor's opinion of the entity's financial statements.
An audit report is issued to the user of an entity's financial statements. The user may rely upon the report as evidence that a knowledgeable third party has investigated and rendered an opinion on the financial statements. An audit report that contains a clean opinion is required by many lenders before they will loan funds to a business. It is also necessary for a publicly-held entity to attach the relevant audit report to its financial statements before filing them with the Securities and Exchange Commission.
Contents of an Audit Report
The basic structure of an audit report as prescribed by the Standards on Auditing is as follows:
Heading | Brief of contents |
Title | Title should mention that it is an ‘Independent Auditor’s Report’. |
Addressee | Should mention clearly as to whom the report is being given to. |
Management’s Responsibility for Financial Statements | Mention that it is the Management’s responsibility to Prepare the Financial Statements of the company, Board of Directors |
Auditor’s Responsibility | Mention that responsibility of the Auditor is to express an unbiased opinion on the financial statements and issue an audit report. |
Opinion | Should mention the overall impression obtained from the audit of financial statements. |
Basis of the Opinion | State the basis on which the opinion as reported has been achieved. Facts of the basis should be mentioned. |
Other Reporting Responsibility | If any other reporting responsibility exists, the same should be mentioned. |
Signature of the Auditor | The engagement partner (auditor) shall sign the audit report. |
Place of Signature | The city in which audit report is signed. |
Date of Audit Report | Date on which the audit report is signed. |
Other headings being basic and self-explanatory in nature, we need to understand the about the opinion part precisely. This part forms the basic crux of an audit report.
Opinion in an Audit Report
Types of Report or Types of Auditors Opinion
There are primarily two kinds of opinions issued by an auditor in his / her audit report:
- Unmodified Opinion (also called Unqualified report)
- Modified Opinion (also called Qualified report)
1. Unmodified Opinion
- Issued for any audit where the auditor is satisfied that the financial statements present a true and fair view of the operations and transactions in an enterprise during the period.
- An audit report with an Unmodified Opinion is also known as a ‘Clean Report’. An Unmodified report develops confidence among users of Financial statements and annual reports of an enterprise.
- It provides an impression that the financial statements are reasonably free from any misstatements and results as appearing there are true and fair.
2. Modified Opinion
- Whenever the auditor has specific findings during his / her audit and concludes that an Unmodified Opinion cannot be issued due to the nature of findings, a Modified Opinion is issued in the audit report.
- There are two basic reasons due to which an auditor concludes on issuing a Modified Opinion:
- Based on the audit and evidence, finds out that the financial statements contain a certain degree of material misstatements.
- Unable to obtain sufficient and appropriate evidences to conclude that the financial statements are free from material misstatements.
- There are three kinds of modified opinions which are issued according to the findings and circumstances:
A. Qualified Opinion
B. Adverse Opinion
C. Disclaimer of Opinion
A. Qualified Opinion
A Qualified Opinion is given in a situation where:
The auditor concludes that misstatements are material but the impact is not so high that it would render the whole financial statements unacceptable; or
The auditor is unable to obtain sufficient or appropriate audit evidence but concludes that there are indications of misstatements in the financial statements (but the degree is not high).
Example of a Qualified Opinion paragraph in audit report:
In our opinion, except for the incomplete disclosure of the information referred to in the Basis for Qualified Opinion paragraph, the financial statements give the information required by the Companies Act, 2013, in the manner so required and give a true and fair view in conformity with the accounting principles generally accepted in India:
In case of the Balance Sheet, of the state of affairs of the company as at March 31, XXXX;
In case of Profit and Loss Account, of the profit/loss for the year ended on that date; and
In case of the Cash Flow Statement, of the cash flows for the year ended on that date.
B. Adverse Opinion
An Adverse opinion shall be issued by the auditor where he concludes that on the basis of evidence obtained and procedures performed, there are material misstatements in the financial statements and the impact of the same is high.
Example of a Qualified Opinion paragraph in audit report:
In our opinion, because of the omission of the information in the Basis for Adverse Opinion paragraph, the financial statements do not give the information required by the Companies Act, 2013, in the manner so required and also, do not give a true and fair view in conformity with the accounting principles generally accepted in India:
In case of the Balance Sheet, of the state of affairs of the company as at March 31, XXXX;
In case of Profit and Loss Account, of the profit/loss for the year ended on that date; and
In case of the Cash Flow Statement, of the cash flows for the year ended on that date.
C. Disclaimer of Opinion
A Disclaimer of Opinion is to be issued by an auditor in cases where the auditor concludes that he / she is not able to obtain sufficient and appropriate evidences. In such scenario, the auditor is not able to form an opinion and thus, disclaims form providing an opinion on the financial statements. The impact of material misstatements and degree of the same is high enough.
Example of a Draft Disclaimer of Opinion:
We were engaged to audit the financial statements of ABC Private Limited (“the entity”) which comprises the Balance Sheet as at March 31, XXXX, the statement of Profit and Loss, (the statement of changes in equity) and statement of Cash Flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies.
We do not express an opinion on the accompanying financial statements of the entity. Because of the significance of the matters described in the Basis for Disclaimer of Opinion section of our report, we have not been able to obtain sufficient and appropriate audit evidence to provide a basis for an audit opinion on these financial statements.
Emphasis of Matter paragraph in an Audit Report
In a situation where the auditor concludes that it is important to draw the attention of users of the financial statement to a particular reported item, he/she may include an Emphasis of Matter paragraph in his / her audit report. In this case, the auditor is not required to modify his / her opinion. The paragraph is added when the issue is not a key audit matter and only requires disclosure for a better understanding of the financial statements.
Example of circumstances where the auditor shall include Emphasis of Matter paragraph in audit report:
- To inform users of financial statements that the same has been prepared under a special purpose framework;
- The auditor discovers some facts after the date of an audit report and the auditor issues new or amended audit report.
- Uncertainty about the future outcome of an ongoing litigation.
- The term certificate refers to a written confirmation of the accuracy of the facts stated therein and does not involve any estimate or opinion.
- An Auditor’s certificate is a written confirmation of the accuracy of the facts relating to the accounts for a particular time or to a specific matter, which does not involve any estimate or opinion.
- An auditor’s certificate represents that he has verified certain precise figures and is in a position to vouchsafe their accuracy as per an examination of documents and books of accounts.
- Certification of the statutory report, certification of share transfer, certification of the value of imports and exports of a company, etc. are some of the examples of auditor’s certificate.
Form of Auditor’s Certificate
If the auditor is satisfied with the accuracy of the foregoing items, he should give his certificate in connection with the correctness of the prescribed items given in the statutory report.
The form of auditor’s certificate is as follows:
“We, the undersigned, being the auditors of the company hereby certify that so much of this report as related to the shares allotted, the cash received in respect of such shares and the receipts and payments of the company are correct.” Place and date Chartered Accountants |
Differences between Auditor’s Report and Certificate
Points | Auditor’s report | Auditor’s certificate |
1. Nature | It is an expression of opinion about the account. | It is a confirmation of correctness and accuracy about some matters. |
2. Basis of audit | The report is based on assumptions and estimations. | The certificate is based on actual figures and facts. |
3.Criticism | There may be criticism about the report. | There is no scope of criticism about the certificate. |
4. Scope | The scope of the report is large. | Its scope is limited. |
5. Scope of advice | In the scope there is a scope of giving constructive advice in the company. | No scope of constructive advice Exists in case of a certificate. |
6. Time of issue | After the end of each accounting, the year report is mandatory. | A certificate is not mandatory in every year. |
7. Liability of auditor | As a report is merely an opinion, if it is not correct, the auditor may not be held responsible. | In case of the wrong certificate, the auditor will be held responsible. |
AAS 1- Basic Principles Governing an Audit
The following is the text of the Auditing and Assurance Standard (AAS) 1*, “Basic Principles Governing an Audit”, issued by the Council of the Institute of Chartered Accountants of India. This Standard should be read in conjunction with the “Preface to the Statements on Standard Auditing Practices” issued by the Institute.
Introduction
- This Standard describes the basic principles which govern the auditor’s professional responsibilities and which should be complied with whenever an audit is carried out.
- An audit is the independent examination of financial information of any entity, whether profit oriented or not, and irrespective of its size or legal form, when such an examination is conducted with a view to expressing an opinion thereon.[2] In this Standard, the term “financial information” encompasses financial statements.
- Other Auditing and Assurance Standards to be issued by the Institute will elaborate on the principles set out herein to give guidance on auditing procedures and reporting practices.
- Compliance with the basic principles requires the application of auditing procedures and reporting practices appropriate to the particular circumstances.
Integrity, Objectivity and Independence
The auditor should be straightforward, honest and sincere in his approach to his professional work. He must be fair and must not allow prejudice or bias to override his objectivity. He should maintain an impartial attitude and both be and appear to be free of any interest which might be regarded, whatever its actual effect, as being incompatible with integrity and objectivity.
Confidentiality
The auditor should respect the confidentiality of information acquired in the course of his work and should not disclose any such information to a third party without specific authority or unless there is a legal or professional duty to disclose.
Skills and Competence
The audit should be performed and the report should be prepared with due professional care by persons who have adequate training, experience and competence in auditing.
The auditor requires specialized skills and competence which are acquired through a combination of general education, technical knowledge obtained through study and formal courses concluded by a qualifying examination recognized for this purpose and practical experience under proper supervision.
In addition, the auditor requires a continuing awareness of developments including pronouncements of ICAI on accounting and auditing matters, and relevant regulations and statutory requirements.
Work Performed by Others
When the auditor delegates work to assistants or uses work performed by other auditors and experts, he will continue to be responsible for forming and expressing his opinion on the financial information. However, he will be entitled to rely on work performed by others, provided he exercises adequate skill and care and is not aware of any reason to believe that he should not have so relied. In the case of any independent statutory appointment to perform the work on which the auditor has to rely in forming his opinion, such as in the case of the work of branch auditors appointed under the Companies Act, 1956, the auditor’s report should expressly state the fact of such reliance.
The auditor should carefully direct, supervise and review work delegated to assistants. The auditor should obtain reasonable assurance that work performed by other auditors or experts is adequate for his purpose.
Documentation
The auditor should document matters which are important in providing evidence that the audit was carried out in accordance with the basic principles.
Planning
The auditor should plan his work to enable him to conduct an effective audit in an efficient and timely manner. Plans should be based on knowledge of the client’s business.
Plans should be made to cover, among other things:
(a) acquiring knowledge of the client’s accounting system, policies and internal control procedures;
(b) establishing the expected degree of reliance to be placed on internal control;
(c) determining and programming the nature, timing, and extent of the audit procedures to be performed; and
(d) coordinating the work to be performed.
Plans should be further developed and revised as necessary during the course of the audit.
Audit Evidence
The auditor should obtain sufficient appropriate audit evidence through the performance of compliance and substantive procedures to enable him to draw reasonable conclusions therefrom on which to base his opinion on the financial information.
Compliance procedures are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect.
Substantive procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system.
They are of two types:
(i) tests of details of transactions and balances;
(ii) analysis of significant ratios and trends including the resulting enquiry of unusual fluctuations and items.
Accounting System and Internal Control
Management is responsible for maintaining an adequate accounting system incorporating various internal controls to the extent appropriate to the size and nature of the business. The auditor should reasonably assure himself that the accounting system is adequate and that all the accounting information which should be recorded has in fact been recorded. Internal controls normally contribute to such assurance.
The auditor should gain an understanding of the accounting system and related internal controls and should study and evaluate the operation of those internal controls upon which he wishes to rely in determining the nature, timing and extent of other audit procedures.
Where the auditor concludes that he can rely on certain internal controls, his substantive procedures would normally be less extensive than would otherwise be required and may also differ as to their nature and timing.
Audit Conclusions and Reporting
The auditor should review and assess the conclusions drawn from the audit evidence obtained and from his knowledge of business of the entity as the basis for the expression of his opinion on the financial information. This review and assessment involves forming an overall conclusion as to whether:
(a) the financial information has been prepared using acceptable accounting policies, which have been consistently applied;
(b) the financial information complies with relevant regulations and statutory requirements;
(c) there is adequate disclosure of all material matters relevant to the proper presentation of the financial information, subject to statutory requirements, where applicable.
The audit report should contain a clear written expression of opinion on the financial information and if the form or content of the report is laid down in or prescribed under any agreement or statute or regulation, the audit report should comply with such requirements. An unqualified opinion indicates the auditor’s satisfaction in all material respects with the matters dealt with or as may be laid down or prescribed under the relevant agreement or statute or regulation, as the case may be.
When a qualified opinion, adverse opinion or a disclaimer of opinion is to be given or reservation of opinion on any matter is to be made, the audit report should state the reasons therefor.
Effective Date
This Auditing and Assurance Standard became operative for all audits relating to accounting periods beginning on or after April 1, 1985.
AAS 2- Objective & Scope of the Audit of Financial Statements
Introduction
- This Standard describes the overall objective and scope of the audit of general purpose financial statements of an enterprise by an independent auditor.
- According to Para 3.3 of the Preface to the Statements of Accounting Standards2 issued by the Institute of Chartered Accountants of India, “the term ‘General Purpose Financial Statements’ includes balance sheet, statement of profit and loss and other statements and explanatory notes which form part thereof, issued for the use of shareholders/members, creditors, employees and public at large.”
- References to financial statements in this Standard should be construed to refer to general purpose financial statements.
Objective of an Audit
The objective of an audit of financial statements, prepared within a framework of recognised accounting policies and practices and relevant statutory requirements, if any, is to enable an auditor to express an opinion on such financial statements.
The auditor’s opinion helps determination of the true and fair view of the financial position and operating results of an enterprise. The user, however, should not assume that the auditor’s opinion is an assurance as to the future viability of the enterprise or the efficiency or effectiveness with which management has conducted the affairs of the enterprise.
Responsibility for the Financial Statements
While the auditor is responsible for forming and expressing his opinion on the financial statements, the responsibility for their preparation is that of the management of the enterprise. Management’s responsibilities include the maintenance of adequate accounting records and internal controls, the selection and application of accounting policies and the safeguarding of the assets of the enterprise. The audit of the financial statements does not relieve management of its responsibilities.
Scope of an Audit
The scope of an audit of financial statements will be determined by the Objective and Scope of the Audit of Financial Statements SA 200A, auditor having regard to the terms of the engagement, the requirements of relevant legislation and the pronouncements of the Institute.
The terms of engagement cannot, however, restrict the scope of an audit in relation to matters which are prescribed by legislation or by the pronouncements of the Institute.
The audit should be organized to cover adequately all aspects of the enterprise as far as they are relevant to the financial statements being audited. To form an opinion on the financial statements, the auditor should be reasonably satisfied as to whether the information contained in the underlying accounting records and other source data is reliable and sufficient as the basis for the preparation of the financial statements. In forming his opinion, the auditor should also decide whether the relevant information is properly disclosed in the financial statements subject to statutory requirements, where applicable.
The auditor assesses the reliability and sufficiency of the information contained in the underlying accounting records and other source data by:
(a) making a study and evaluation of accounting systems and internal controls on which he wishes to rely and testing those internal controls to determine the nature, extent and timing of other auditing procedures; and
(b) carrying out such other tests, enquiries and other verification procedures of accounting transactions and account balances as he considers appropriate in the particular circumstances.
The auditor determines whether the relevant information is properly disclosed in the financial statements by:
(a) Comparing the financial statements with the underlying accounting records and other source data to see whether they properly summaries the transactions and events recorded therein; and
(b) Considering the judgments that management has made in preparing the financial statements; accordingly, the auditor assesses the selection and consistent application of accounting policies, the manner in which the information has been classified, and the adequacy of disclosure.
The auditor’s work involves exercise of judgment, for example, in deciding the extent of audit procedures and in assessing the reasonableness of the judgments and estimates made by management in preparing the financial statements. Furthermore, much of the evidence available to the auditor can enable him to draw only reasonable conclusions there from. Because of these factors, absolute certainty in auditing is rarely attainable.
Handbook of Auditing Pronouncements-SA 200A
In forming his opinion on the financial statements, the auditor follows procedures designed to satisfy himself that the financial statements reflect a true and fair view of the financial position and operating results of the enterprise. The auditor recognizes that because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any system of internal control, there is an unavoidable risk that some material misstatement may remain undiscovered. While in many situations the discovery of a material misstatement by management may often arise during the conduct of the audit, such discovery is not the main objective of audit nor is the auditor’s programmed of work specifically designed for such discovery. The audit cannot, therefore, be relied upon to ensure the discovery of all frauds or errors but where the auditor has any indication that some fraud or error may have occurred which could result in material misstatement, the auditor should extend his procedures to confirm or dispel his suspicions.
The auditor is primarily concerned with items which either individually or as a group are material in relation to the affairs of an enterprise. However, it is difficult to lay down any definite standard by which materiality can be judged. Material items are those which might influence the decisions of the user of the financial statements3. It is a matter in which a decision is arrived at on the basis of the auditor’s professional experience and judgment.
The auditor is not expected to perform duties which fall outside the scope of his competence. For example, the professional skill required of an auditor does not include that of a technical expert for determining physical condition of certain assets. 13. Constraints on the scope of the audit of financial statements that impair the auditor’s ability to express an unqualified opinion on such financial statements should be set out in his report, and a qualified opinion or disclaimer of opinion should be expressed, as appropriate.
Effective Date
This Standard on Auditing becomes operative for all audits relating to accounting periods beginning on or after April 1, 1985.
AAS 3- Documentation
The following is the text of the Auditing and Assurance Standard (AAS) 3*, “Documentation”, issued by the Council of the Institute of Chartered Accountants of India. This Standard should be read in conjunction with the “Preface to the Statements on Standard Auditing Practices”, issued by the Institute.
Introduction
Auditing and Assurance Standard (AAS)1, “Basic Principles Governing an Audit” (Paragraph 11), states, “The auditor should document matters which are important in providing evidence that the audit was carried out in accordance with the basic principles.” The purpose of this Standard is to amplify the basic principle outlined above.
Documentation, for purposes of this Standard, refers to the working papers prepared or obtained by the auditor and retained by him, in connection with the performance of his audit.
Working papers:
- aid in the planning and performance of the audit;
- aid in the supervision and review of the audit work; and
- provide evidence of the audit work performed to support the auditor’s opinion.
Form and Contents
- Working papers should record the audit plan, the nature, timing and extent of auditing procedures performed, and the conclusions drawn from the evidence obtained.
- The form and content of working papers are affected by matters such as:
- The nature of the engagement.
- The form of the auditor’s report.
- The nature and complexity of the client’s business.
- The nature and condition of the client’s records and degree of reliance on internal controls.
- The needs in particular circumstances for direction, supervision and review of work performed
By assistants.
- Working papers should be designed and properly organized to meet the circumstances of each audit and the auditor’s needs in respect thereof. The standardization of working papers (for example, checklists, specimen letters, standard organization of working papers) improves the efficiency with which they are prepared and reviewed. It also facilitates the delegation of work while providing a means to control its quality.
- Working papers should be sufficiently complete and detailed for an auditor to obtain an overall understanding of the audit. The extent of documentation is a matter of professional judgment since it is neither necessary nor practical that every observation, consideration or conclusion is documented by the auditor in his working papers.
- All significant matters which require the exercise of judgment, together with the auditor’s conclusion thereon, should be included in the working papers.
- To improve audit efficiency, the auditor normally obtains and utilizes schedules, analyses and other working papers prepared by the client. In such circumstances, the auditor should satisfy himself that these working papers have been properly prepared. Examples of such working papers are detailed analyses of important revenue accounts, receivables, etc.
- In the case of recurring audits, some working paper files may be classified as permanent audit files, which are updated currently with information of continuing importance to succeeding audits, as distinct from current audit files, which contain information relating primarily to the audit of a single period.
- A permanent audit file normally includes:
- Information concerning the legal and organizational structure of the entity. In the case of a company, this includes the Memorandum and Articles of Association. In the case of a statutory corporation, this includes the Act and Regulations under which the corporation functions.
- Extracts or copies of important legal documents, agreements and minutes relevant to the audit.
- A record of the study and evaluation of the internal controls related to the accounting system. This might be in the form of narrative descriptions, questionnaires or flow charts, or some combination thereof.
- Copies of audited financial statements for previous years.
- Analysis of significant ratios and trends.
- Copies of management letters issued by the auditor, if any.
- Record of communication with the retiring auditor, if any, before acceptance of the appointment as auditor.
- Notes regarding significant accounting policies.
- Significant audit observations of earlier years.
- The current file normally includes:
- Correspondence relating to acceptance of annual reappointment.
- Extracts of important matters in the minutes of Board Meetings and General Meetings, as are relevant to the audit.
- Evidence of the planning process of the audit and audit programmed.
- Analysis of transactions and balances.
- A record of the nature, timing and extent of auditing procedures performed, and the results of such procedures.
- Evidence that the work performed by assistants was supervised and reviewed.
- Copies of communications with other auditors, experts and other third parties.
- Copies of letters or notes concerning audit matters communicated to or discussed with the client, including the terms of the engagement and material weaknesses in relevant internal controls.
- Letters of representation or confirmation received from the client.
- Conclusions reached by the auditor concerning significant aspects of the audit, including the manner in which exceptions and unusual matters, if any, disclosed by the auditor’s procedures were resolved or treated.
- Copies of the financial information being reported on and the related audit reports.
Ownership and Custody of Working Papers
Working papers are the property of the auditor. The auditor may, at his discretion, make portions of or extracts from his working papers available to his client.
The auditor should adopt reasonable procedures for custody and confidentiality of his working papers and should retain them for a period of time sufficient to meet the needs of his practice and satisfy any pertinent legal or professional requirements of record retention.
Effective Date
This Auditing and Assurance Standard becomes operative for all audits relating to accounting periods beginning on or after July 1, 1985.
AAS 4- Auditor’s Responsibility to Consider Fraud and Error in an Audit of Financial Statements
Introduction
The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on the auditor's responsibility to consider fraud and error in an audit of financial statements. While this AAS focuses on the auditor's responsibilities with respect to fraud and error, the primary responsibility for the prevention and detection of fraud and error rests with both those charged with governance and the management of an entity. In this Standard, the term 'financial information' encompasses 'financial statements'. In some circumstances, specific legislations and regulations may require the auditor to undertake procedures additional to those set out in this AAS.
When planning and performing audit procedures and evaluating and reporting the results thereof, the auditor should consider the risk of material misstatements in the financial statements resulting from fraud or error.
Fraud and Error and Their Characteristics
Misstatements in the financial statements can arise from fraud or error.
The term "error" refers to an unintentional misstatement in the financial statements, including the omission of an amount or a disclosure, such as:
- A mistake in gathering or processing data from which financial statements are prepared.
- An incorrect accounting estimate arising from oversight or misinterpretation of facts.
- A mistake in the application of accounting principles relating to measurement, recognition, classification, presentation, or disclosure.
The term "fraud" refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Although fraud is a broad legal concept, the auditor is concerned with fraudulent acts that cause a material misstatement in the financial statements. Misstatement of the financial statements may not be the objective of some frauds. Auditors do not make legal determinations of whether fraud has actually occurred. Fraud involving one or more members of management or those charged with governance is referred to as "management fraud"; fraud involving only employees of the entity is referred to as "employee fraud". In either case, there may be collusion with third parties outside the entity.
Two types of intentional misstatements are relevant to the auditor's consideration of fraud-misstatements resulting from
(a) Fraudulent financial reporting, and
(b) Misappropriation of assets & liabilities.
Fraudulent financial reporting involves intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may involve:
- Deception such as manipulation, falsification, or alteration of accounting records or supporting documents from which the financial statements are prepared.
- Misrepresentation in, or intentional omission from, the financial statements of events, transactions or other significant information.
- Intentional misapplication of accounting principles relating to measurement, recognition, classification, presentation, or disclosure.
Misappropriation of assets involves the theft of an entity's assets. Misappropriation of assets can be accomplished in a variety of ways (including embezzling receipts, stealing physical or intangible assets, or causing an entity to pay for goods and services not received); it is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing.
Fraud involves motivation to commit fraud and a perceived opportunity to do so. Individuals might be motivated to misappropriate assets, for example, because the individuals are living beyond their means. Fraudulent financial reporting may be committed because management is under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target particularly when the consequences to management of failing to meet financial goals can be significant. A perceived opportunity for fraudulent financial reporting or misappropriation of assets may exist when an individual believes internal control could be circumvented, for example, because the individual is in a position of trust or has knowledge of specific weaknesses in the internal control system.
The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult, if not impossible, for the auditor to determine intent, particularly in matters involving management judgment, such as accounting estimates and the appropriate application of accounting principles.
Responsibility of Those Charged With Governance and of Management
The primary responsibility for the prevention and detection of fraud and error rests with both those charged with the governance and the management of an entity. The respective responsibilities of those charged with governance and management may vary from entity to entity. Management, with the oversight of those charged with governance, needs to set the proper tone, create and maintain a culture of honesty and high ethics, and establish appropriate controls to prevent and detect fraud and error within the entity.
It is the responsibility of those charged with governance of an entity to ensure, through oversight of management, the integrity of an entity's accounting and financial reporting systems and that appropriate controls are in place, including those for monitoring risk, financial control and compliance with the laws and regulations.
It is the responsibility of the management of an entity to establish a control environment and maintain policies and procedures to assist in achieving the objective of ensuring, as far as possible, the orderly and efficient conduct of the entity's business. This responsibility includes implementing and ensuring the continued operation of accounting and internal control systems, which are designed to prevent and detect fraud and error. Such systems reduce but do not eliminate the risk of misstatements, whether caused by fraud or error. Accordingly, management assumes responsibility for any remaining risk.
Responsibilities of the Auditor
As described in AAS 2, "Objective and Scope of the Audit of Financial Statements", the objective of an audit of financial statements, prepared within a framework of recognised accounting policies and practices and relevant statutory requirements, if any, is to enable an auditor to express an opinion on such financial statements. An audit conducted in accordance with the auditing standards generally accepted in India is designed to provide reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. The fact that an audit is carried out may act as a deterrent, but the auditor is not and cannot be held responsible for the prevention of fraud and error.
Inherent Limitations of an Audit
An auditor cannot obtain absolute assurance that material misstatements in the financial statements will be detected. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with the auditing standards generally accepted in India. An audit does not guarantee that all material misstatements will be detected because of such factors as the use of judgment, the use of testing, the inherent limitations of internal control and the fact that much of the evidence available to the auditor is persuasive rather than conclusive in nature. For these reasons, the auditor is able to obtain only a reasonable assurance that material misstatements in the financial statements will be detected.
The auditor's opinion on the financial statements is based on the concept of obtaining reasonable assurance; hence, in an audit, the auditor does not guarantee that material misstatements, whether from fraud or error, will be detected. Therefore, the subsequent discovery of a material misstatement of the financial statements resulting from fraud or error does not, in and of itself, indicate:
(a) failure to obtain reasonable assurance,
(b) inadequate planning, performance or judgment,
(c) absence of professional competence and due care, or,
(d) failure to comply with auditing standards generally accepted in India.
This is particularly the case for certain kinds of intentional misstatements, since auditing procedures may be ineffective for detecting an intentional misstatement that is concealed through collusion between or among one or more individuals among management, those charged with governance, employees, or third parties, or involves falsified documentation. Whether the auditor has performed an audit in accordance with auditing standards generally accepted in India is determined by the adequacy of the audit procedures performed in the circumstances and the suitability of the auditor's report based on the result of these procedures.
Professional Skepticism
The auditor plans and performs an audit with an attitude of professional skepticism. Such an attitude is necessary for the auditor to identify and properly evaluate, for example:
- Matters that increase the risk of a material misstatement in the financial statements resulting from fraud or error (for instance, management's characteristics and influence over the control environment, industry conditions, and operating characteristics and financial stability).
- Circumstances that make the auditor suspect that the financial statements are materially misstated.
- Evidence obtained (including the auditor's knowledge from previous audits) that brings into question the reliability of management representations.
However, unless the audit reveals evidence to the contrary, the auditor is entitled to accept records and documents as genuine. Accordingly, an audit performed in accordance with auditing standards generally accepted in India rarely contemplate authentication of documentation, nor are auditors trained as, or expected to be, experts in such authentication.
Planning Discussions
In planning the audit, the auditor should discuss with other members of the audit team, the susceptibility of the entity to material misstatements in the financial statements resulting from fraud or error.
Such discussions would involve considering, for example, in the context of the particular entity, where errors may be more likely to occur or how fraud might be perpetrated. Based on these discussions, members of the audit team may gain a better understanding of the potential for material misstatements in the financial statements resulting from fraud or error in the specific areas of the audit assigned to them, and how the results of the audit procedures that they perform may affect other aspects of the audit. Decisions may also be made as to which members of the audit team will conduct certain inquiries or audit procedures, and how the results of those inquiries and procedures will be shared.
Inquiries of Management
When planning the audit, the auditor should make inquiries of management:
(a) to obtain an understanding of:
(i) management's assessment of the risk that the financial statements may be materially misstated as a result of fraud; and
(ii) the accounting and internal control systems management has put in place to address such risk;
(b) to obtain knowledge of management's understanding regarding the accounting and internal control systems in place to prevent and detect error;
(c) to determine whether management is aware of any known fraud that has affected the entity or suspected fraud that the entity is investigating; and
(d) to determine whether management has discovered any material errors.
The auditor supplements his own knowledge of the entity's business by making inquiries of management regarding management's own assessment of the risk of fraud and the systems in place to prevent and detect it. In addition, the auditor makes inquiries of management regarding the accounting and internal control systems in place to prevent and detect error. Since management is responsible for the entity's accounting and internal control systems and for the preparation of the financial statements, it is appropriate for the auditor to inquire of management how it is discharging these responsibilities. Matters that might be discussed as part of these inquiries include:
(a) whether there are particular subsidiary locations, business segments, types of transactions, account balances or financial statement categories where the possibility of error may be high, or where fraud risk factors may exist, and how they are being addressed by management;
(b) the work of the entity's internal audit function and whether internal audit has identified fraud or any serious weaknesses in the system of internal control; and
(c) how management communicates to employees its view on responsible business practices and ethical behaviour, such as through ethics policies or codes of conduct.
The nature, extent and frequency of management's assessment of such systems and risk vary from entity to entity. In some entities, management may make detailed assessments on an annual basis or as part of continuous monitoring. In other entities, management's assessment may be less formal and less frequent. The nature, extent and frequency of management's assessment are relevant to the auditor's understanding of the entity's control environment. For example, the fact that management has not made an assessment of the risk of fraud may be indicative of the lack of importance that management places on internal control.
It is also important that the auditor obtains an understanding of the design of the accounting and internal control systems within the entity. In designing such systems, management makes informed judgments on the nature and extent of the control procedures it chooses to implement and the nature and extent of the risks it chooses to assume. As a result of making these inquiries of management, the auditor may learn, for example, that management has consciously chosen to accept the risk associated with a lack of segregation of duties. Information from these inquiries may also be useful in identifying fraud risk factors that may affect the auditor's assessment of the risk that the financial statements may contain material misstatements caused by fraud.
It is also important for the auditor to inquire about management's knowledge of frauds that have affected the entity, suspected frauds that are being investigated, and material errors that have been discovered. Such inquiries might indicate possible weaknesses in control procedures if, for example, a number of errors have been found in certain areas. Alternatively, such inquiries might indicate that control procedures are operating effectively because anomalies are being identified and investigated promptly.
Although the auditor's inquiries of management may provide useful information concerning the risk of material misstatements in the financial statements resulting from employee fraud, such inquiries are unlikely to provide useful information regarding the risk of material misstatements in the financial statements resulting from management fraud. Accordingly, the auditor's follow-up of fraud risk factors, is of particular relevance in relation to management fraud.
Discussions with Those Charged with Governance
Those charged with governance of an entity have oversight responsibility for systems for monitoring risk, financial control and compliance with the law. In case of clients whose corporate governance practices are well developed and those charged with governance play an active role in oversight of how management has discharged its responsibilities, auditors are encouraged to seek the views of those charged with governance on the adequacy of accounting and internal control systems in place to prevent and detect fraud and error, the risk of fraud and error, and the competence and integrity of management. Such inquiries may, for example, provide insights regarding the susceptibility of the entity to management fraud. The auditor may have an opportunity to seek the views of those charged with governance during, for example, a meeting with the audit committee to discuss the general approach and overall scope of the audit and eliciting views of independent directors. This discussion may also provide those charged with governance with the opportunity to bring matters of concern to the auditor's attention.
Since the responsibilities of those charged with governance and management may vary by entity, it is important that the auditor understands the nature of these responsibilities within an entity to ensure that the inquiries and communications described above are directed to the appropriate individuals[2].
In addition, following the inquiries of management, the auditor considers whether there are any matters of governance interest to be discussed with those charged with governance of the entity[3]. Such matters may include for example:
- Concerns about the nature, extent and frequency of management's assessments of the accounting and control systems in place to prevent and detect fraud and error, and of the risk that the financial statements may be misstated.
- A failure by management to address appropriately material weaknesses in internal control identified during the prior period's audit.
- The auditor's evaluation of the entity's control environment, including questions regarding management’s competence and integrity.
- The effect of any matters, such as those above, on the general approach and overall scope of the audit, including additional procedures that the auditor may need to perform.
Audit Risk
AAS 6 (Revised), "Risk Assessments and Internal Control," paragraph 3, states that "audit risk" is the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. Such misstatements can result from either fraud or error. AAS 6 (Revised) identifies the three components of audit risk i.e., inherent risk, control risk and detection risk, and also provides guidance on how to assess these risks.
Inherent Risk and Control Risk
When assessing inherent risk and control risk in accordance with AAS 6 (Revised), “Risk Assessments and Internal Control”, the auditor should consider how the financial statements might be materially misstated as a result of fraud or error. In considering the risk of material misstatement resulting from fraud, the auditor should consider whether fraud risk factors are present that indicate the possibility of either fraudulent financial reporting or misappropriation of assets.
AAS 6 (Revised), “Risk Assessments and Internal Control”, describes the auditor's assessment of inherent risk and control risk, and how those assessments affect the nature, timing and extent of the audit procedures. In making those assessments, the auditor considers how the financial statements might be materially misstated as a result of fraud or error.
The fact that fraud is usually concealed can make it very difficult to detect. Nevertheless, using the auditor's knowledge of the business, the auditor may identify events or conditions that provide an opportunity, a motive or a means to commit fraud, or indicate that fraud may already have occurred. Such events or conditions are referred to as "fraud risk factors". For example, a document may be missing, a general ledger may be out of balance, or an analytical procedure may not make sense. However, these conditions may be the result of circumstances other than fraud. Therefore, fraud risk factors do not necessarily indicate the existence of fraud, however, they often have been present in circumstances where frauds have occurred. The presence of fraud risk factors may affect the auditor's assessment of inherent risk or control risk.
Fraud risk factors cannot easily be ranked in order of importance or combined into effective predictive models. The significance of fraud risk factors varies widely. Some of these factors will be present in entities where the specific conditions do not present a risk of material misstatement. Accordingly, the auditor exercises professional judgment when considering fraud risk factors individually or in combination and whether there are specific controls that mitigate the risk.
The auditor uses professional judgment when assessing the significance and relevance of fraud risk factors and determining the appropriate audit response.
The size, complexity, and ownership characteristics of the entity have a significant influence on the consideration of relevant fraud risk factors. For example, in the case of a large entity, the auditor ordinarily considers factors that generally constrain improper conduct by management, such as the effectiveness of those charged with governance, and the internal audit function. The auditor also considers what steps have been taken to enforce a formal code of conduct, and the effectiveness of the budgeting system. In the case of a small entity, some or all of these considerations may be inapplicable or less important. For example, a smaller entity might not have a written code of conduct but, instead, may have developed a culture that emphasizes the importance of integrity and ethical behaviour through oral communication and by management example. Domination of management by a single individual in a small entity does not generally, in and of itself, indicate a failure by management to display and communicate an appropriate attitude regarding internal control and the financial reporting process. Furthermore, fraud risk factors considered at a business segment operating level may provide different insights than the consideration thereof at an entity-wide level.
The presence of fraud risk factors may indicate that the auditor will be unable to assess control risk at less than high for certain financial statement assertions. On the other hand, the auditor may be able to identify internal controls designed to mitigate those fraud risk factors that the auditor can test to support a control risk assessment below high.
Detection Risk
Based on the auditor's assessment of inherent and control risks (including the results of any tests of controls), the auditor should design substantive procedures to reduce to an acceptably low level the risk that misstatements resulting from fraud and error that are material to the financial statements taken as a whole will not be detected. In designing the substantive procedures, the auditor should address the fraud risk factors that the auditor has identified as being present.
AAS 6 (Revised) “Risk Assessments and Internal Control”, explains that the auditor's control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk to an acceptably low level. In designing substantive procedures, the auditor addresses fraud risk factors that the auditor has identified as being present. The auditor's response to those factors is influenced by their nature and significance. In some cases, even though fraud risk factors have been identified as being present, the auditor's judgment may be that the audit procedures, including both tests of control, and substantive procedures, already planned, are sufficient to respond to the fraud risk factors.
In other circumstances, the auditor may conclude that there is a need to modify the nature, timing and extent of substantive procedures to address fraud risk factors present. In these circumstances, the auditor considers whether the assessment of the risk of material misstatement calls for an overall response, a response that is specific to a particular account balance, class of transactions or assertion, or both types of response. The auditor considers whether changing the nature of audit procedures, rather than the extent of them, may be more effective in responding to identified fraud risk factors.
Procedures when Circumstances Indicate a Possible Misstatement
When the auditor encounters circumstances that may indicate that there is a material misstatement in the financial statements resulting from fraud or error, the auditor should perform procedures to determine whether the financial statements are materially misstated.
During the course of the audit, the auditor may encounter circumstances that indicate that the financial statements may contain a material misstatement resulting from fraud or error.
When the auditor encounters such circumstances, the nature, timing and extent of the procedures to be performed depends on the auditor's judgment as to the type of fraud or error indicated, the likelihood of its occurrence, and the likelihood that a particular type of fraud or error could have a material effect on the financial statements. Ordinarily, the auditor is able to perform sufficient procedures to confirm or dispel a suspicion that the financial statements are materially misstated resulting from fraud or error. If not, the auditor considers the effect on the auditor's report.
The auditor cannot assume that an instance of fraud or error is an isolated occurrence and therefore, before the conclusion of the audit, the auditor considers whether the assessment of the components of audit risk made during the planning of the audit may need to be revised and whether the nature, timing and extent of the auditor's other procedures may need to be reconsidered. {See AAS 6 (Revised), "Risk Assessments and Internal Control," For example, the auditor would consider:
- The nature, timing and extent of substantive procedures.
- The assessment of the effectiveness of internal controls if control risk was assessed below high.
- The assignment of audit team members that may be appropriate in the circumstances.
Considering Whether an Identified Misstatement may be Indicative of Fraud
When the auditor identifies a misstatement, the auditor should consider whether such a misstatement may be indicative of fraud and if there is such an indication, the auditor should consider the implications of the misstatement in relation to other aspects of the audit, particularly the reliability of management representations.
If the auditor has determined that a misstatement is, or may be, the result of fraud, the auditor evaluates the implications, especially those dealing with the organizational position of the person or persons involved. For example, fraud involving misappropriations of cash from a small petty cash fund is ordinarily of little significance to the auditor in assessing the risk of material misstatement due to fraud. This is because both the manner of operating the fund and its size tend to establish a limit on the amount of potential loss, and the custodianship of such funds is ordinarily entrusted to an employee with a low level of authority. Conversely, when the matter involves management with a higher level of authority, even though the amount itself is not material to the financial statement, it may be indicative of a more pervasive problem. In such circumstances, the auditor reconsiders the reliability of evidence previously obtained since there may be doubts about the completeness and truthfulness of representations made and about the genuineness of accounting records and documentation. The auditor also considers the possibility of collusion involving employees, management or third parties when reconsidering the reliability of evidence. If management, particularly at the highest level, is involved in fraud, the auditor may not be able to obtain the evidence necessary to complete the audit and report on the financial statements.
Evaluation and Disposition of Misstatements, and the Effect on the Auditor's Report
When the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud or error, the auditor should consider the implications for the audit. AAS 13, "Audit Materiality," and AAS 28, “The Auditor’s Report on Financial Statements”, provide guidance on the evaluation and disposition of misstatements and the effect on the auditor's report. Where a significant fraud has occurred or the fraud is committed by those charged with governance, the auditor should consider the necessity for a disclosure of the fraud in the financial statements. If adequate disclosure is not made the auditor should consider the necessity for a suitable disclosure in his report.
Documentation
The auditor should document fraud risk factors identified as being present during the auditor's assessment process and document the auditor's response to any such factors. If during the performance of the audit, fraud risk factors are identified that cause the auditor to believe that additional audit procedures are necessary, the auditor should document the presence of such risk factors and the auditor's response to them.
The auditor must document matters which are important in providing evidence to support the audit opinion, and the working papers must include the auditor's reasoning on all significant matters which require the auditor's judgment, together with the auditor's conclusion thereon. Because of the importance of fraud risk factors in the assessment of the inherent or control risk of material misstatement, the auditor documents fraud risk factors identified and the response considered appropriate by the auditor. (Reference may also be had to AAS 3, “Documentation”).
Management Representations
The auditor should obtain written representations from management that:
(a) it acknowledges its responsibility for the implementation and operation of accounting and internal control systems that are designed to prevent and detect fraud and error;
(b) it believes the effects of those uncorrected financial statement misstatements aggregated by the auditor during the audit are immaterial, both individually and in the aggregate, to the financial statements taken as a whole. A summary of such items should be included in or attached to the written representation;
(c) it has disclosed to the auditor all significant facts relating to any frauds or suspected frauds known to management that may have affected the entity; and
(d) it has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud.
AAS 11, “Representations by Management” provides guidance on obtaining appropriate representations from management in the audit. In addition to acknowledging its responsibility for the financial statements, it is important that management acknowledges its responsibility for the accounting and internal control systems designed to prevent and detect fraud and error.
Because management is responsible for adjusting the financial statements to correct material misstatements, it is important that the auditor obtains written representation from management that any uncorrected misstatements resulting from either fraud or error are, in management's opinion, immaterial, both individually and in the aggregate. Such representations are not a substitute for obtaining sufficient appropriate audit evidence. In some circumstances, management may not believe that certain of the uncorrected financial statement misstatements aggregated by the auditor during the audit are misstatements. For that reason, management may want to add to their written representation words such as, "We do not agree that items …… and ….… constitute misstatements because [description of reasons]."
The auditor may designate an amount below which misstatements need not be accumulated because the auditor expects that the accumulation of such amounts clearly would not have a material effect on the financial statements. In so doing, the auditor considers the fact that the determination of materiality involves qualitative as well as quantitative considerations and that misstatements of a relatively small amount could nevertheless have a material effect on the financial statements. The summary of uncorrected misstatements included in or attached to the written representation need not include such misstatements.
Because of the nature of fraud and the difficulties encountered by auditors in detecting material misstatements in the financial statements resulting from fraud, it is important that the auditor obtains a written representation from management confirming that it has disclosed to the auditor all facts relating to any frauds or suspected frauds that it is aware of that may have affected the entity, and that management has disclosed to the auditor the results of management's assessment of the risk that the financial statements may be materially misstated as a result of fraud.
Communication
When the auditor identifies a misstatement resulting from fraud, or a suspected fraud, or error, the auditor should consider the auditor's responsibility to communicate that information to management, those charged with governance and, in some circumstances, when so required by the laws and regulations, to regulatory and enforcement authorities also.
Communication of a misstatement resulting from fraud, or a suspected fraud, or error to the appropriate level of management on a timely basis is important because it enables management to take necessary action. The determination of which level of management is the appropriate one is a matter of professional judgment and is affected by such factors as the nature, magnitude and frequency of the misstatement or suspected fraud. Ordinarily, the appropriate level of management is at least one level above the persons who appear to be involved with the misstatement or suspected fraud.
The determination of which matters are to be communicated by the auditor to those charged with governance is a matter of professional judgment and is also affected by any understanding between the parties as to which matters are to be communicated. Ordinarily, such matters include:
- Questions regarding management competence and integrity.
- Fraud involving management.
- Other frauds which result in a material misstatement of the financial statements.
- Material misstatements resulting from error.
- Misstatements that indicate material weaknesses in internal control, including the design or
- Operation of the entity's financial reporting process.
- Misstatements that may cause future financial statements to be materially misstated.
Communication of Misstatements Resulting From Error to Management and to Those Charged With Governance
If the auditor has identified a material misstatement resulting from error, the auditor should communicate the misstatement to the appropriate level of management on a timely basis, and consider the need to report it to those charged with governance.
The auditor should inform those charged with governance of those uncorrected misstatements aggregated by the auditor during the audit that were determined by management to be immaterial, both individually and in the aggregate, to the financial statements taken as a whole.
The uncorrected misstatements communicated to those charged with governance need not include the misstatements below a designated amount.
Communication of Misstatements Resulting From Fraud to Management and to Those Charged with Governance
If the auditor has:
(a) identified a fraud, whether or not it results in a material misstatement in the financial statements; or
(b) obtained evidence that indicates that fraud may exist (even if the potential effect on the financial statements would not be material);
the auditor should communicate these matters to the appropriate level of management on a timely basis, and consider the need to report such matters to those charged with governance.
When the auditor has obtained evidence that fraud exists or may exist, it is important that the matter is brought to the attention of an appropriate level of management. This is so even if the matter might be considered inconsequential (for example, a minor defalcation by an employee at a low level in the entity's organization). The determination of which level of management is the appropriate one is also affected in these circumstances by the likelihood of collusion or the involvement of a member of management.
If the auditor has determined that the misstatement is, or may be, the result of fraud, and either has determined that the effect could be material to the financial statements or has been unable to evaluate whether the effect is material, the auditor:
(a) discusses the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved, and with management at the highest level; and
(b) if appropriate, suggests that management consult legal counsel.
Communication of Material Weaknesses in Internal Control
The auditor should communicate to management any material weaknesses in internal control related to the prevention or detection of fraud and error, which have come to the auditor's attention as a result of the performance of the audit. The auditor should also be satisfied that those charged with governance have been informed of any material weaknesses in internal control related to the prevention and detection of fraud that either have been brought to the auditor's attention by management or have been identified by the auditor during the audit.
When the auditor has identified any material weaknesses in internal control related to the prevention or detection of fraud or error, the auditor communicates these material weaknesses in internal control to management. Because of the serious implications of material weaknesses in internal control related to the prevention and detection of fraud, it is also important that such deficiencies be brought to the attention of those charged with governance.
If the integrity or honesty of management or those charged with governance are doubted, the auditor ordinarily considers seeking legal advice to assist in the determination of the appropriate course of action.
Communication to Regulatory and Enforcement Authorities
The auditor's professional duty to maintain the confidentiality of client information ordinarily precludes reporting fraud and error to a party outside the client entity. However, the auditor's legal responsibilities may vary and in certain circumstances, statute, the law or courts of law may override the duty of confidentiality. For example, under the regulatory framework for Non-Banking Financial Companies, an obligation is cast upon the auditor to report to the Reserve Bank of India any adverse or unfavourable remarks in his report. In such circumstances, the auditor may consider seeking legal advice.
Auditor Unable to Complete the Engagement
If the auditor concludes that it is not possible to continue performing the audit as a result of a misstatement resulting from fraud or suspected fraud, the auditor should:
(a) consider the professional and legal responsibilities applicable in the circumstances, including whether there is a requirement for the auditor to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities;
(b) consider the possibility of withdrawing from the engagement; and
(c) if the auditor withdraws:
(i) discuss with the appropriate level of management and those charged with governance, the auditor's withdrawal from the engagement and the reasons for the withdrawal; and
(ii) consider whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditor's withdrawal from the engagement and the reasons for the withdrawal.
The auditor may encounter exceptional circumstances that bring into question the auditor's ability to continue performing the audit, for example, in circumstances where:
(a) the entity does not take the remedial action regarding fraud that the auditor considers necessary in the circumstances, even when the fraud is not material to the financial statements;
(b) the auditor's consideration of the risk of material misstatement resulting from fraud and the results of audit tests indicate a significant risk of material and pervasive fraud; or
(c) the auditor has significant concern about the competence or integrity of management or those charged with governance.
Because of the variety of the circumstances that may arise, it is not possible to describe definitively when withdrawal from an engagement is appropriate. Factors that affect the auditor's conclusion include the implications of the involvement of a member of management or of those charged with governance (which may affect the reliability of management representations) and the effects on the auditor of continuing association with the entity.
The auditor has professional and legal responsibilities in such circumstances and these responsibilities may vary in different circumstances. For example, the auditor may be entitled to, or required to, make a statement or report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities. Given the exceptional nature of the circumstances and the need to consider the legal requirements, the auditor considers seeking legal advice when deciding whether to withdraw from an engagement and in determining an appropriate course of action.
Communication with an Incoming Auditor
Clause 8 of Part I of the First Schedule to the Chartered Accountants Act, 1949 lays down that a Chartered Accountant in practice would be guilty of professional misconduct if he accepts a position as an auditor, previously held by another chartered accountant without first communicating to him in writing. On receipt of an inquiry from a incoming auditor, the existing auditor should advise whether there are any professional reasons why the incoming auditor should not accept the appointment. If the client denies the existing auditor permission to discuss its affairs with the incoming auditor or limits what the existing auditor may say, that fact should be disclosed to the incoming auditor.
The auditor may be contacted by an incoming auditor inquiring whether there are any professional reasons why the incoming auditor should not accept the appointment. The responsibilities of existing and incoming auditor are set out in the Code of Ethics, issued by the Institute of Chartered Accountants of India.
The extent to which an existing auditor can discuss the affairs of a client with an incoming auditor will depend on whether the existing auditor has obtained the client's permission to do so, and on the professional and legal responsibilities relating to such disclosure. Subject to any constraints arising from these responsibilities, the existing auditor advises the incoming auditor whether there are any professional reasons not to accept the appointment, providing details of the information and discussing freely with the incoming auditor all matters relevant to the appointment. If fraud or suspected fraud was a factor in the existing auditor's withdrawal from the engagement, it is important that the existing auditor take care to state only the facts (not his or her conclusions) relating to these matters.
Effective Date
This Auditing and Assurance Standard becomes operative for all audits relating to accounting periods commencing on or after 1st April 2003.
AAS 5- Audit Evidence
The following is the text of the Auditing and Assurance Standard (AAS) 5*, “Audit Evidence”, issued by the Council of the Institute of Chartered Accountants of India. This Standard should be read in conjunction with the “Preface to the Statements on Standard Auditing Practices”, issued by the Institute.
Introduction
1. Auditing and Assurance Standard (AAS) 1, “Basic Principles Governing an Audit”, states:
“The auditor should obtain sufficient appropriate audit evidence through the perform*ance of compliance and substantive procedures to enable him to draw reasonable conclusions therefrom on which to base his opinion on the financial information.
Compliance procedures are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect.
Substantive procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system.
They are of two types:
(i) tests of details of transactions and balances;
(ii) analysis of significant ratios and trends, including the resulting enquiry of unusual fluctuations and items.”
The purpose of this Standard is to amplify the basic principle outlined above. In this Standard, the term “financial information” encompasses financial statements.
Sufficient Appropriate Audit Evidence
Sufficiency and appropriateness are interrelated and apply to evidence obtained from both compliance and substantive procedures. Sufficiency refers to the quantum of audit evidence obtained; appropriateness relates to its relevance and reliability. Normally, the auditor finds it necessary to rely on evidence that is persuasive rather than conclusive. He may often seek evidence from different sources or of different nature to support the same assertion.
The auditor should evaluate whether he has obtained sufficient appropriate audit evidence before he draws his conclusions there from. The audit evidence should, in total, enable the auditor to form an opinion on the financial information. In forming such an opinion, the auditor may obtain audit evidence on a selective basis by way of judgmental or statistical sampling procedures. For example, the auditor may select only certain accounts receivable for confirmation purposes, or make a selection of personnel records for the purpose of testing that changes in payroll rates have been properly authorised.
The auditor’s judgment as to what is sufficient appropriate audit evidence is influenced by such factors as:
(a) The degree of risk of misstatement which may be affected by factors such as:
(i) the nature of the item;
(ii) the adequacy of internal control;
(iii) the nature or size of the business carried on by the entity;
(iv) situations which may exert an unusual influence on management;
(v) the financial position of the entity.
(b) The materiality of the item.
(c) The experience gained during previous audits.
(d) The results of auditing procedures, including fraud or error which may have been found.
(e) The type of information available.
(f) The trend indicated by accounting ratios and analysis.
Obtaining audit evidence from compliance procedures is intended to reasonably assure the auditor in respect of the following assertions:
Existence– that the internal control exists.
Effectiveness– that the internal control is operating effectively.
Continuity– that the internal control has so operated throughout the period of intended reliance.
Obtaining audit evidence from substantive procedures is intended to reasonably assure the auditor in respect of the following assertions:
Existence– that an asset or a liability exists at a given date.
Rights and Obligations– that an asset is a right of the entity and a liability is an obligation of the entity at a given date.
Occurrence– that a transaction or event took place which pertains to the entity during the relevant period.
Completeness– that there are no unrecorded assets, liabilities or transactions.
Valuation– that an asset or liability is recorded at an appropriate carrying value.
Measurement– that a transaction is recorded in the proper amount and revenue or expense is allocated to the proper period.
Presentation and Disclosure– an item is disclosed, classified, and described in accordance with recognized accounting policies and practices and relevant statutory requirements, if any.
The extent and nature of substantive procedures to be performed will vary with respect to each of the above assertions.
Obtaining evidence relevant to one of the above assertions will not compensate for failure to do so with respect to another matter concerning the same item, e.g., existence of inventory and its valuation.
The reliability of audit evidence depends on its source ‑ internal or external, and on its nature ‑ visual, documentary or oral. While the reliability of audit evidence is dependent on the circumstances under which it is obtained, the following generalizations may be useful in assessing the reliability of audit evidence:
- External evidence (e.g. Confirmation received from a third party) is usually more reliable than internal evidence.
- Internal evidence is more reliable when related internal control is satisfactory.
- Evidence in the form of documents and written representations is usually more reliable than oral representations.
- Evidence obtained by the auditor himself is more reliable than that obtained through the entity.
The auditor may gain increased assurance when audit evidence obtained from different sources or of different nature is consistent. In these circumstances, he may obtain a cumulative degree of assurance higher than that which he attaches to the individual items of evidence by themselves. Conversely, when audit evidence obtained from one source is inconsistent with that obtained from another, further procedures may have to be performed to resolve the inconsistency.
The auditor should be thorough in his efforts to obtain evidence and be objective in its evaluation.
When the auditor is in reasonable doubt as to any assertion of material significance, he would attempt to obtain sufficient appropriate evidence to remove such doubt. If he is unable to obtain sufficient appropriate evidence he should not express an unqualified opinion.
Obtaining Audit Evidence
The auditor obtains evidence in performing compliance and substantive procedures by one or more of the following methods:
- Inspection
- Observation
- Inquiry and confirmation
- Computation
- Analytical review
The timing of such procedures will be dependent, in part, upon the periods of time during which the audit evidence sought is available.
1. Inspection
Inspection consists of examining records, documents, or tangible assets. Inspection of records and documents provides evidence of varying degrees of reliability, depending on their nature and source and the effectiveness of internal controls over their processing. Four major categories of documentary evidence, which provide different degrees of reliability to the auditor, are:
- Documentary evidence originating from and held by third parties;
- Documentary evidence originating from third parties and held by the entity;
- Documentary evidence originating from the entity and held by third parties; and
- Documentary evidence originating from and held by the entity.
Inspection of tangible assets is one of the methods to obtain reliable evidence with respect to their existence but not necessarily as to their ownership or value.
2. Observation
Observation consists of witnessing a process or procedure being performed by others. For example, the auditor may observe the counting of inventories by client personnel or the performance of internal control procedures that leave no audit trail.
Inquiry and Confirmation
Inquiry consists of seeking appropriate information from knowledgeable persons inside or outside the entity. Inquiries may range from formal written inquiries addressed to third parties to informal oral inquiries addressed to persons inside the entity. Responses to inquiries may provide the auditor with information which he did not previously possess or may provide him with corroborative evidence.
Confirmation consists of the response to an inquiry to corroborate information contained in the accounting records. For example, the auditor requests confirmation of receivables by direct communication with debtors.
Computation
Computation consists of checking the arithmetical accuracy of source documents and accounting records or performing independent calculations.
Analytical Review
Analytical review consists of studying significant ratios and trends and investigating unusual fluctuations and items.
Effective Date
This Auditing and Assurance Standard becomes operative for all audits relating to accounting periods beginning on or after January 1, 1989.
AAS 28- The Auditor’s Report on Financial Statements
The following is the text of the Auditing and Assurance Standard (AAS) 28*, “The Auditor’s Report on Financial Statements” issued by the Council of the Institute of Chartered Accountants of India. This Standard should be read in conjunction with the “Preface to the Statements on Standard Auditing Practices” issued by the Institute.
Introduction
The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on the form and content of the auditor’s report issued as a result of an audit performed by an auditor of the financial statements of an entity. Much of the standards laid down by this AAS can be adapted to auditor’s reports on financial information other than financial statements.
The auditor should review and assess the conclusions drawn from the audit evidence obtained as the basis for the expression of an opinion on the financial statements.
This review and assessment involves considering whether the financial statements have been prepared in accordance with an acceptable financial reporting framework applicable to the entity under audit. It is also necessary to consider whether the financial statements comply with the relevant statutory requirements.
The auditor’s report should contain a clear written expression of opinion on the financial statements taken as a whole.
Basic Elements of the Auditor’s Report
5. The auditor’s report includes the following basic elements, ordinarily, in the following layout:
(a) Title;
(b) Addressee;
(c) Opening or introductory paragraph
(i) Identification of the financial statements audited;
(ii) a statement of the responsibility of the entity’s management and the responsibility of the auditor;
(d) Scope paragraph (describing the nature of an audit)
(i) a reference to the auditing standards generally accepted in India;
(ii) a description of the work performed by the auditor;
(e) Opinion paragraph containing
(i) a reference to the financial reporting framework used to prepare the financial statements; and
(ii) an expression of opinion on the financial statements;
(f) Date of the report;
(g) Place of signature; and
(h) Auditor’s signature.
A measure of uniformity in the form and content of the auditor’s report is desirable because it helps to promote the reader’s understanding of the auditor’s report and to identify unusual circumstances when they occur.
A statute governing the entity or a regulator may require the auditor to include certain matters in the audit report or prescribe the form in which the auditor should issue his report. In such a case, the auditor should incorporate in his audit report, the matters specified by the statute or regulator and/or report in the form prescribed by them in addition to the requirements of this AAS.
Title
The auditor’s report should have an appropriate title. It may be appropriate to use the term “Auditor’s Report” in the title to distinguish the auditor’s report from reports that might be issued by others, such as by the officers of the entity, the board of directors, or from the reports of others.
Addressee
The auditor’s report should be appropriately addressed as required by the circumstances of the engagement and applicable laws and regulations. Ordinarily, the auditor’s report is addressed to the authority appointing the auditor.
Opening or Introductory Paragraph
The auditor’s report should identify the financial statements[1] of the entity that have been audited, including the date of and period covered by the financial statements.
The report should include a statement that the financial statements are the responsibility of the entity’s management and a statement that the responsibility of the auditor is to express an opinion on the financial statements based on the audit.
Financial statements are the representations of management. The preparation of such statements requires management to make significant accounting estimates and judgments, as well as to determine the appropriate accounting principles and methods used in preparation of the financial statements. This determination will be made in the context of the financial reporting framework that management chooses, or is required to use. In contrast, the auditor’s responsibility is to audit these financial statements in order to express an opinion thereon.
An illustration of these matters in an opening (introductory) paragraph is:
“We have audited the attached Balance Sheet of ………. (Name of the entity) as at 31st March 2XXX and also the Profit and Loss Account for the year ended on that date annexed thereto. These financial statements are the responsibility of the entity’s management. Our responsibility is to express an opinion on these financial statements based on our audit.”
Scope Paragraph
The auditor’s report should describe the scope of the audit by stating that the audit was conducted in accordance with auditing standards generally accepted in India. The reader needs this as an assurance that the audit has been carried out in accordance with established standards.
“Scope” refers to the auditor’s ability to perform audit procedures deemed necessary in the circumstances. Auditing and Assurance Standard (AAS) 2, “Objective and Scope of the Audit of Financial Statements”, with regard to the determination of the “scope” states (paragraph 5):
“The scope of an audit of financial statements will be determined by the auditor having regard to the terms of the engagement, the requirements of relevant legislation and the pronouncements of the Institute. The terms of engagement cannot, however, restrict the scope of an audit in relation to matters which are prescribed by legislation or by the pronouncements of the Institute.”
The Auditing and Assurance Standards issued by the Institute of Chartered Accountants of India establish the auditing standards generally accepted in India.
The report should include a statement that the audit was planned and performed to obtain reasonable assurance whether the financial statements are free of material misstatement.
The auditor’s report should describe the audit as including:
(a) examining, on a test basis, evidence to support the amounts and disclosures in financial statements;
(b) assessing the accounting principles used in the preparation of the financial statements;
(c) assessing the significant estimates made by management in the preparation of the financial statements; and
(d) evaluating the overall financial statement presentation.
The report should include a statement by the auditor that the audit provides a reasonable basis for his opinion.
An illustration of these matters in a scope paragraph is:
“We conducted our audit in accordance with the auditing standards generally accepted in India. Those Standards require that we plan and perform the audit to obtain reasonable assurance whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.”
Opinion Paragraph
The opinion paragraph of the auditor’s report should clearly indicate the financial reporting framework used to prepare the financial statements and state the auditor’s opinion as to whether the financial statements give a true and fair view in accordance with that financial reporting framework and, where appropriate, whether the financial statements comply with the statutory requirements.
The term used to express the auditor’s opinion, “give a true and fair view”, indicates, amongst other things, that the auditor considers only those matters that are material to the financial statements.
Paragraph 3 of Framework of Statements on Standard Auditing Practices and Guidance Notes on Related Services, issued by the Institute of Chartered Accountants of India, discusses the financial reporting framework. The paragraph reads as under:
“Financial Reporting Framework
Financial statements are ordinarily prepared and presented annually and are directed towards the common information needs of a wide range of users. Many of those users rely on financial statements as their major source of information because they do not have the power to obtain additional information to meet their specific information needs. Thus, financial statements need to be prepared in accordance with one, or a combination of:
(a) relevant statutory requirements, e.g., the Companies Act, 2013, for companies;
(b) accounting standards issued by the Institute of Chartered Accountants of India; and
(c) other recognized accounting principles and practices, e.g., those recommended in the Guidance Notes issued by the Institute of Chartered Accountants of India.”
An illustration of these matters in an opinion paragraph is:
“In our opinion and to the best of our information and according to the explanations given to us, the financial statements give a true and fair view in conformity with the accounting principles generally accepted in India:
(a) in the case of the Balance Sheet, of the state of affairs of the ………… (name of the entity) as at 31st March 2XXX; and
(b) in the case of the Profit and Loss Account, of the profit/loss for the year ended on that date.”
In addition to an opinion on the true and fair view, the auditor’s report may need to include an opinion as to whether the financial statements comply with other requirements specified by relevant statutes or law. For example, in the case of companies incorporated under the Companies Act, 2013, the said Act requires that the auditor’s report should state in his audit report, whether in the auditor’s opinion and to the best of his information and according to the explanations given to the auditor, the financial statements give the information required by the Companies Act, 2013 in the manner so required.
Date of Report
The date of an auditor’s report on the financial statements is the date on which the auditor signs the report expressing an opinion on the financial statements. The date of report informs the reader that the auditor has considered the effect on the financial statements and on the report of the events and transactions of which the auditor became aware and that occurred up to that date.
Since the auditor’s responsibility is to report on the financial statements as prepared and presented by management, the auditor should not date the report earlier than the date on which the financial statements are signed or approved by management.
Place of Signature
The report should name specific location, which is ordinarily the city where the audit report is signed.
Auditor’s Signature
The report should be signed by the auditor in his personal name. Where the firm is appointed as the auditor, the report should be signed in the personal name of the auditor and in the name of the audit firm. The partner/proprietor signing the audit report should also mention the membership number assigned by the Institute of Chartered Accountants of India.
The Auditor’s Report
An unqualified opinion should be expressed when the auditor concludes that the financial statements give a true and fair view in accordance with the financial reporting framework used for the preparation and presentation of the financial statements. An unqualified opinion indicates, implicitly, that any changes in the accounting principles or in the method of their application, and the effects thereof, have been properly determined and disclosed in the financial statements. An unqualified opinion also indicates that:
(a) the financial statements have been prepared using the generally accepted accounting principles, which have been consistently applied;
(b) the financial statements comply with relevant statutory requirements and regulations; and
(c) there is adequate disclosure of all material matters relevant to the proper presentation of the financial information, subject to statutory requirements, where applicable.
The following is an illustration of a complete auditor’s report incorporating the basic elements set forth and illustrated above. This report illustrates the expression of an unqualified opinion.
“Auditor’s Report
(Appropriate Addressee)
We have audited the attached Balance Sheet of ..…... (Name of the entity) as at 31st March 2XXX and also the Profit and Loss Account for the year ended on that date annexed thereto[3]. These financial statements are the responsibility of the entity’s management. Our responsibility is to express an opinion on these financial statements based on our audit.
We conducted our audit in accordance with auditing standards generally accepted in India. Those Standards require that we plan and perform the audit to obtain reasonable assurance whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.
In our opinion and to the best of our information and according to the explanations given to us, the financial statements give a true and fair view in conformity with the accounting principles generally accepted in India[4]:
(a) in the case of the Balance Sheet, of the state of affairs of ……….. (Name of the entity) as at 31st March 2XXX; and
(b) in the case of the Profit and Loss Account, of the profit/loss for the year ended on that date.
For ABC and Co.,
Chartered Accountants
Auditor’s Signature
(Name of Member signing the Audit Report)
(Designation[5])
(Membership Number)
Place of Signature
Date
Modified Reports
An auditor’s report is considered to be modified when it includes:
(a) Matters That Do Not Affect the Auditor’s Opinion
Emphasis of matter
(b) Matters That Do Affect the Auditor’s Opinion
- Qualified opinion
- Disclaimer of opinion
- Adverse opinion
Uniformity in the form and content of each type of modified report will enhance the user’s understanding of such reports. Accordingly, this AAS includes suggested wordings to express an unqualified opinion as well as examples of modifying phrases for use when issuing modified reports.
Matters That Do Not Affect the Auditor’s Opinion
In certain circumstances, an auditor’s report may be modified by adding an emphasis of matter paragraph to highlight a matter affecting the financial statements which is included in a note to the financial statements that more extensively discusses the matter. The addition of such an emphasis of matter paragraph does not affect the auditor’s opinion. The paragraph would preferably be included preceding the opinion paragraph and would ordinarily refer to the fact that the auditor’s opinion is not qualified in this respect.
The auditor should modify the auditor’s report by adding a paragraph to highlight a material matter regarding a going concern problem where the going concern question is not resolved and adequate disclosures have been made in the financial statements.
The auditor should consider modifying the auditor’s report by adding a paragraph if there is a significant uncertainty (other than going concern problem), the resolution of which is dependent upon future events and which may affect the financial statements. An uncertainty is a matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the financial statements.
An illustration of an emphasis of matter paragraph for a significant uncertainty in an auditor’s report is as follows:
“Without qualifying our opinion, we draw attention to Note X of Schedule …… to the financial statements. The entity is the defendant in a lawsuit alleging infringement of certain patent rights and claiming royalties and punitive damages. The entity has filed a counter action, and preliminary hearings and discovery proceedings on both actions are in progress. The ultimate outcome of the matter cannot presently be determined, and no provision for any liability that may result has been made in the financial statements.
In our opinion ……….. (remaining words are the same as illustrated in the opinion above). “
(An illustration of an emphasis of matter paragraph relating to going concern is set out in AAS 16, “Going Concern.”)
The addition of a paragraph emphasising a going concern problem or significant uncertainty is ordinarily adequate to meet the auditor’s reporting responsibilities regarding such matters. However, in extreme cases, such as situations involving multiple uncertainties that are significant to the financial statements, the auditor may consider it appropriate to express a disclaimer of opinion instead of adding an emphasis of matter paragraph.
Matters that Do Affect the Auditor’s Opinion
An auditor may not be able to express an unqualified opinion when either of the following circumstances exists and, in the auditor’s judgment, the effect of the matter is or may be material to the financial statements:
(a) there is a limitation on the scope of the auditor’s work; or
(b) there is a disagreement with management regarding the acceptability of the accounting policies selected, the method of their application or the adequacy of financial statement disclosures.
The circumstances described in (a) could lead to a qualified opinion or a disclaimer of opinion. The circumstances described in (b) could lead to a qualified opinion or an adverse opinion.
A qualified opinion should be expressed when the auditor concludes that an unqualified opinion cannot be expressed but that the effect of any disagreement with management is not so material and pervasive as to require an adverse opinion, or limitation on scope is not so material and pervasive as to require a disclaimer of opinion. A qualified opinion should be expressed as being ‘subject to’ or ‘except for’ the effects of the matter to which the qualification relates.
A disclaimer of opinion should be expressed when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and is, accordingly, unable to express an opinion on the financial statements.
An adverse opinion should be expressed when the effect of a disagreement is so material and pervasive to the financial statements that the auditor concludes that a qualification of the report is not adequate to disclose the misleading or incomplete nature of the financial statements.
Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all the substantive reasons should be included in the report and, unless impracticable, a quantification of the possible effect(s), individually and in aggregate, on the financial statements should be mentioned in the auditor’s report. In circumstances where it is not practicable to quantify the effect of modifications made in the audit report accurately, the auditor may do so on the basis of estimates made by the management after carrying out such audit tests as are possible and clearly indicate the fact that the figures are based on management estimates. Ordinarily, this information would be set out in a separate paragraph preceding the opinion or disclaimer of opinion and may include a reference to a more extensive discussion, if any, in a note to the financial statements.
Circumstances That May Result in Other Than an Unqualified Opinion
Limitation on Scope
A limitation on the scope of the auditor’s work may sometimes be imposed by the entity, for example, when the terms of the engagement specify that the auditor will not carry out an audit procedure that the auditor believes is necessary. However, when the limitation in the terms of a proposed engagement is such that the auditor believes the need to express a disclaimer of opinion exists; the auditor should ordinarily not accept such a limited engagement as an audit engagement, unless required by statute. Also, a statutory auditor should not accept such an audit engagement when the limitation infringes on the auditor’s statutory duties.
A scope limitation may be imposed by circumstances, for example, when the timing of the auditor’s appointment is such that the auditor is unable to observe the counting of physical inventories. It may also arise when, in the opinion of the auditor, the entity’s accounting records are inadequate or when the auditor is unable to carry out an audit procedure believed to be desirable. In these circumstances, the auditor would attempt to carry out reasonable alternative procedures to obtain sufficient appropriate audit evidence to support an unqualified opinion.
When there is a limitation on the scope of the auditor’s work that requires expression of a qualified opinion or a disclaimer of opinion, the auditor’s report should describe the limitation and indicate the possible adjustments to the financial statements that might have been determined to be necessary had the limitation not existed.
Disagreement with Management
The auditor may disagree with management about matters such as the acceptability of accounting policies selected, the method of their application, or the adequacy of disclosures in the financial statements. If such disagreements are material to the financial statements, the auditor should express a qualified or an adverse opinion.
Effective Date
This Auditing and Assurance Standard becomes operative for all audits relating to accounting periods beginning on or after 1st April 2003.
AAS 29- Auditing in a Computer Information Systems Environment
The following is the text of the Auditing and Assurance Standard (AAS) 29*, “Auditing in a Computer Information Systems Environment” issued by the Council of the Institute of Chartered Accountants of India. This Standard should be read in conjunction with the “Preface to the Statements on Standard Auditing Practices” issued by the Institute.
Introduction
The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on procedures to be followed when an audit is conducted in a computer information systems (CIS) environment. For the purposes of this AAS, a CIS environment exists when one or more computer(s) of any type or size is (are) involved in the processing of financial information, including quantitative data, of significance to the audit, whether those computers are operated by the entity or by a third party.
The overall objective and scope of an audit does not change in a CIS environment. However, the use of a computer changes the processing, storage, retrieval and communication of financial information and may affect the accounting and internal control systems employed by the entity. Accordingly, a CIS environment may affect:
- The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and internal control system.
- The auditor’s evaluation of inherent risk and control risk through which the auditor assesses the audit risk.
- The auditor’s design and performance of tests of control and substantive procedures appropriate to meet the audit objective.
The auditor should consider the effect of a CIS environment on the audit. The auditor should evaluate, inter alia, the following factors to determine the effect of CIS environment on the audit:
(a) the extent to which the CIS environment is used to record, compile and analyse accounting information;
(b) the system of internal control in existence in the entity with regard to:
(i) flow of authorized, correct and complete data to the processing center;
(ii) processing, analysis and reporting tasks undertaken in the installation; and
(c) the impact of computer-based accounting system on the audit trail that could otherwise be expected to exist in an entirely manual system.
Skills and Competence
The auditor should have sufficient knowledge of the computer information systems to plan, direct, supervise, control and review the work performed. The sufficiency of knowledge would depend on the nature and extent of the CIS environment. The auditor should consider whether any specialized CIS skills are needed in the conduct of the audit. Specialized skills may be needed, inter alia, to –
- Obtain sufficient understanding of the effect of the CIS environment on accounting and internal control systems;
- Determine the effect of the CIS environment on the assessment of overall audit risk and of risk at the account balance and class of transactions level; and
- Design and perform appropriate tests of control and substantive procedures.
If specialised skills are needed, the auditor would seek the assistance of an expert possessing such skills, who may either be the auditor’s staff or an outside professional. If the use of such a professional is planned, the auditor should, in accordance with AAS 9, “Using the Work of an Expert”, obtain sufficient appropriate audit evidence that the work performed by the expert is adequate for the purposes of the audit.
Planning
In accordance with the Auditing and Assurance Standard (AAS) 6, “Risk Assessments and Internal Control”, the auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and to determine the nature, timing and extent of the audit procedures. Such an understanding would help the auditor to develop an effective audit approach.
In planning the portions of the audit which may be affected by the CIS environment, the auditor should obtain an understanding of the significance and complexity of the CIS activities and the availability of the data for use in the audit. This understanding would include such matters as:
(a) the computer information systems infrastructure [hardware, operating system(s), etc., and application software(s) used by the entity, including changes therein since last audit if any].
(b) the significance and complexity of computerized processing in each significant accounting application. Significance relates to materiality of the financial statement assertions affected by the computerized processing. An application may be considered to be complex when, for example:
- The volume of transactions is such that users would find it difficult to identify and correct errors in processing.
- The computer automatically generates material transactions or entries directly to another application.
- The computer performs complicated computations of financial information and/or automatically generates material transactions or entries that cannot be (or are not) validated independently.
- Transactions are exchanged electronically with other organizations [as in electronic data interchange (EDI) systems] without manual review for propriety or reasonableness.
(c) determination of the organizational structure of the client’s CIS activities and the extent of concentration or distribution of computer processing throughout the entity, particularly, as they may affect segregation of duties.
(d) determination of the availability of data. Source documents, computer files, and other evidential matter that may be required by the auditor may exist for only a short period or only in machine-readable form. Computer information systems may generate reports that might be useful in performing substantive tests (particularly analytical procedures). The potential for use of computer-assisted audit techniques may permit increased efficiency in the performance of audit procedures, or may enable the auditor to economically apply certain procedures to the entire population of accounts or transactions.
When the computer information systems are significant, the auditor should also obtain an understanding of the CIS environment and whether it may influence the assessment of inherent and control risks. The nature of the risks and the internal control characteristics in CIS environments include the following:
- Lack of transaction trails: Some computer information systems are designed so that a complete transaction trail that is useful for audit purposes might exist for only a short period of time or only in computer readable form. Where a complex application system performs a large number of processing steps, there may not be a complete trail. Accordingly, errors embedded in an application’s program logic may be difficult to detect on a timely basis by manual (user) procedures.
- Uniform processing of transactions: Computer processing uniformly processes like transactions with the same processing instructions. Thus, the clerical errors ordinarily associated with manual processing are virtually eliminated. Conversely, programming errors (or other systemic errors in hardware or software) will ordinarily result in all transactions being processed incorrectly.
- Lack of segregation of functions: Many control procedures that would ordinarily be performed by separate individuals in manual systems may become concentrated in a CIS environment. Thus, an individual who has access to computer programs, processing or data may be in a position to perform incompatible functions.
- Potential for errors and irregularities: The potential for human error in the development, maintenance and execution of computer information systems may be greater than in manual systems, partially because of the level of detail inherent in these activities. Also, the potential for individuals to gain unauthorized access to data or to alter data without visible evidence may be greater in CIS than in manual systems.
In addition, decreased human involvement in handling transactions processed by computer information systems can reduce the potential for observing errors and irregularities. Errors or irregularities occurring during the design or modification of application programs or systems software can remain undetected for long periods of time.
- Initiation or execution of transactions: Computer information systems may include the capability to initiate or cause the execution of certain types of transactions, automatically. The authorisation of these transactions or procedures may not be documented in the same way as that in a manual system, and management’s authorisation of these transactions may be implicit in its acceptance of the design of the computer information systems and subsequent modification.
- Dependence of other controls over computer processing: Computer processing may produce reports and other output that are used in performing manual control procedures. The effectiveness of these manual control procedures can be dependent on the effectiveness of controls over the completeness and accuracy of computer processing. In turn, the effectiveness and consistent operation of transaction processing controls in computer applications is often dependent on the effectiveness of general computer information systems controls.
- Potential for increased management supervision: Computer information systems can offer management a variety of analytical tools that may be used to review and supervise the operations of the entity. The availability of these analytical tools, if used, may serve to enhance the entire internal control structure.
- Potential for the use of computer-assisted audit techniques: The case of processing and analysing large quantities of data using computers may require the auditor to apply general or specialised computer audit techniques and tools in the execution of audit tests.
Both the risks and the controls introduced as a result of these characteristics of computer information systems have a potential impact on the auditor’s assessment of risk, and the nature, timing and extent of audit procedures.
While evaluating the reliability of the accounting and internal control systems, the auditor would consider whether these systems, inter alia:
(a) ensure that authorized, correct and complete data is made available for processing;
(b) provide for timely detection and correction of errors;
(c) ensure that in case of interruption in the working of the CIS environment due to power, mechanical or processing failures, the system restarts without distorting the completion of the entries and records;
(d) ensure the accuracy and completeness of output;
(e) provide adequate data security against fire and other calamities, wrong processing, frauds etc.;
(f) prevent unauthorized amendments to the programs; and
(g) provide for safe custody of source code of application software and data files.
Assessment of Risk
The auditor should make an assessment of inherent and control risks for material financial statement assertions, in accordance with AAS 6, “Risk Assessments and Internal Control”.
The inherent risks and control risks in a CIS environment may have both a pervasive effect and an account-specific effect on the likelihood of material misstatements, as follows:
- The risks may result from deficiencies in pervasive CIS activities such as program development and maintenance, system software support, operations, physical CIS security, and control over access to special-privilege utility programs. These deficiencies would tend to have a pervasive impact on all application systems that are processed on the computer.
- The risks may increase the potential for errors or fraudulent activities in specific applications, in specific databases or master files, or in specific processing activities. For example, errors are not uncommon in systems that perform complex logic or calculations, or that must deal with many different exception conditions. Systems that control cash disbursements or other liquid assets are susceptible to fraudulent actions by users or by CIS personnel.
As new CIS technologies emerge for data processing, they are frequently employed by clients to build increasingly complex computer systems that may include micro-to-mainframe links, distributed data bases, end-user processing, and business management systems that feed information directly into the accounting systems. Such systems increase the overall sophistication of computer information systems and the complexity of the specific applications that they affect. As a result, they may increase risk and require further consideration.
Audit Procedures
In accordance with AAS 6, “Risk Assessments and Internal Control”, the auditor should consider the CIS environment in designing audit procedures to reduce audit risk to an acceptably low level. He should make enquiries and particularly satisfy himself whether:
(a) adequate procedures exist to ensure that the data transmitted is correct and complete; and
(b) cross-verification of records, reconciliation statements and control systems between primary and subsidiary ledgers do exist and are operative and that accuracy of computer compiled records are not assumed.
The auditor’s specific audit objectives do not change whether accounting data is processed manually or by computer. However, the methods of applying audit procedures to gather evidence may be influenced by the methods of computer processing. The auditor can use manual audit procedures, or computer-assisted audit techniques, or a combination of both to obtain sufficient evidential matter. However, in some accounting systems that use a computer for processing significant applications, it may be difficult or impossible for the auditor to obtain certain data for inspection, inquiry, or confirmation without computer assistance.
Documentation
The auditor should document the audit plan, the nature, timing and extent of audit procedures performed and the conclusions drawn from the evidence obtained. In an audit in CIS environment, some of the audit evidence may be in the electronic form. The auditor should satisfy himself that such evidence is adequately and safely stored and is retrievable in its entirety as and when required.
Effective Date
This Auditing and Assurance Standard (AAS) become operative for all audits related to accounting periods beginning on or after 1st April, 2003.