Internal and External Audit

Internal and External Audit

Internal and external audit are two difference concepts, Internal audit is kind of management controlling function, where external audit is independent opinion over the accuracy of financial statements.

1.    Appointment & Removal

Internal auditor are appointed and removed by the management, where external auditor is appointed by shareholders or equity holders. External auditors are appointed in a shareholder meeting. Internal auditor can easily be removed by management, while external audit can be removed by shareholder with permission of regulator.

2.    Term of Office

Internal auditor term of office is determined by the management, and such term may vary organization to organization, while in case of external auditor, the term of office is not more than one financial year (However, auditor may be re appointed).

3.    Scope of Work

Internal audit scope of work is defined by the management and ordinarily comprise of checking the compliance of financial rules by the finance department, while external auditor scope is determined by external auditors themselves in accordance with the international auditing standards.

4.    Reporting

Internal audit report is addressed to management, where external audit report is addressed to shareholder. Internal audit report content varies organization to organization, where in case of external auditor a standard format and terminology are used.

5.    Independence

External auditor enjoys full independence during the performance of audit, where internal auditors are not fully independent of management. In fact internal auditor is reporting to management against management, and therefore internal auditors are not considered fully independent.

6.    Legal obligation

External audit is a legal obligation, where internal audit is optional. External audit is a legal obligation, because many stakeholders have stakes in corporate business and external audit helps these stakeholders to safeguard their interest.

7.    User of  Report

Internal audit report is only used by the management for taking appropriate control action for non compliance with rules, where external audit report is used by number of user for taking informed decisions.

Types of Financial Audits

Types of Financial Audits

Financial audit can be broadly categorized into External audit, internal audit, Government audit, & Tax audit.

1.    External Audit

External audit is conducted by the commercial auditor and these auditors are appointed by the equity holder or shareholder. External audit is conducted as per the requirement of international auditing standards. External auditor issue a report over the accuracy of financial statement.

2.    Internal Audit

Internal audit is conducted by the internal auditor. Internal audit is appointed by the management. Internal audit is conducted to check compliance of financial rules/policies by finance department during the processing of financial transactions. Internal Auditor submits report to management.

3.    Government Audit

Audit of various public departments is conducted by the government audit department. Government auditor checks, whether or not, the funds have been utilized as per Government prescribed rules. Government auditor submits report to legislative body.

4.    Tax Audit

Audit tax is performed by the tax department. Tax audit is conducted to calculate the tax payable by the company. Companies may try to understate their income to save tax; therefore tax audit is conducted to assess actual income of companies.

Audit Procedures for Opening Balance

 Audit Procedures for Opening Balance

Auditor is required perform the following audit procedures for opening balances

1.    Confirm previous year balance

Auditor shall confirm that opening balances are correctly brought forward from the previous year.

2.    Accounting Policies Consistency

Auditor shall also evaluate the opening balances reflect the consistency of policies being applied by the organization.

3.    Further evidence by current year procedure

Auditor shall evaluate that whether current year audit procedure confirms the existence and accuracy of the opening balances.

4.    Predecessor Auditor Working paper

Auditor may review the predecessor auditor working paper for accuracy of opening balances.

E-Commerce and Control Environment

E-Commerce and Control Environment

E-commerce strategy may affect the reliability of financial record of the organization, and also have security implication for the organization transaction processing. Therefore auditor understanding of impact of E-commerce over control environment is essential. Auditor is required to understand the following in the context of control environment.

1.    Top Management involvement

How top management is involved in the E-commerce strategy making and its role in overseeing the strategy implementation. Top management effective involvement will improve the control environment.

2.    E-Commerce impact on business activities

Auditor should evaluate the E-commerce impacts on the existing business activities. Auditor shall also consider, whether E-commerce is expanding the existing market, or bring the efficiency in the existing market.

3.    E-commerce impact on Financial Requirement

As E-commerce may affect the revenue structure and bring new earning opportunities for the organization. Therefore these activities will change the financial requirement of the organization.

4.    Management understand opportunities & Risks

E-commerce will bring new opportunities and risk for the organization. It is important that management do realized the new opportunities and risk dynamics and these dynamics are properly documented.

5.    Management resolve for best practices

Auditor should evaluate the management commitment and resolve toward best practices in the E-commerce. Best practices will improve the control environment within organization.

Audit Sampling Characteristics

Audit Sampling Characteristics

Audit sampling characteristics may be explained in terms of less than 100% , equal chance of selection, projection about population, sampling risk,

1.    Less than 100%

In Audit sampling less than 100% population is examined. Audit sampling is fundamental for audit.

2.    Equal Chance of Selection

In audit sampling, each item must have equal chance of selection. It means audit sampling should be free from any biased.

3.    Conclusion about Population

Audit sampling results are projected to draw conclusion about population. Auditor form conclusion based on the result or audit evidence gathered from sampling. It means audit sampling results are projected to population.

4.    Sampling Risk

Audit sampling to risk of drawing wrong conclusion, it means that audit draw a conclusion based on sampling, which does not represent population. For example sampling suggests misstatement exist, but in fact it does not.

Audit Control Risk

Audit Control Risk

Control risk means that misstatement in transaction will not be detected by the control. This risk relates to effectiveness of the control system. This risk can be lower by improving the control structure within organization.

Elimination of Control Risk

Control risk cannot be eliminated; however, it can be reduced to acceptable level by improving the internal control system. The control risks cannot be eliminated due to inherent limitation of control system.

Audit procedures for Compliance with Law

Audit procedures for Compliance with Law (Material effect)

Auditor will perform the audit procedure for compliance of laws & regulation has material effect on the financial statements.

1.    Management Response

Auditor will make an inquiry from the management regarding the compliance of laws and regulation which may have material effect on the financial statement.

2.    Communication with Legal counsel

Auditor may communicate with legal council to confirm compliance of laws and regulation, which may materially effect the financial statement.

3.    Professional Skepticism

Auditor shall exercise professional skepticism that during the audit. Circumstances may indicate the non compliance of laws. Those circumstances may come to the knowledge of auditor while performing other audit procedures.

4.    Written Representation from Management

Auditor shall take a written representation from the management that all cases of non compliance with laws which are relevant to the financial statement have been identified to the auditor.

.

Fraud Risk Assessment Audit Procedures

Fraud Risk Assessment Audit Procedures

The auditor will perform the following audit procedure for risk assessment of fraud.

1.    Risk Assessment of Management

The auditor will inquire from the management about their risk assessment of fraud and effective control for prevention of misstatements, because the fraud prevention is primary responsibility of the management. If management has not made any risk assessment, this is an indication that poor control may in the organization due to lack of interest on management in risk assessment.

2.    Inquiry from Management About Fraud

Management can provide a detail information about the possibility of risk due to the fraud , especially expected fraud where employee are involved, however, management inquiry does not provide information about management frauds.

3.    Inquiry from Employee & Others

Auditor can get information from the employees, internal auditor, legal counsel and others about the possibilities of misstatement due to fraud.

4.    Inquiry from those responsible for Governance

Governance is responsible for monitoring and overseeing the performance of management and therefore auditor can get useful information about the competency and integrity of the management by making the inquiry from those who are responsible for Governance. It would also help auditor to understand the role and extent of governance activities.

5.    Other information

Other information may also provide auditor useful information about the risk of material misstatement due to fraud. These other information includes client retention documentation, experience with the client, other engagement performed for client.

6.    Existence of Risk Factors

There may be incentive or pressure to commit the fraud, this incentive or pressure is known as Risk factor for fraud. Example of risk factor include , bank requirement for financing, salary increment based on the financial performance etc.

Auditor Responsibility for fraud detection

Fraud detection responsibility

Fraud detection and prevention responsibility lies on the management. Management will place appropriate control within organization for the prevention and detection of fraud.

Frauds are more difficult to detect

Frauds are more difficult to detect because of the following reasons.

1)    Frauds are well planned

2)    Management are involved in frauds

3)    Transaction are not recorded in the books of accounts

4)    Transaction are misinterpreted to auditor

Can auditor detect fraud?

Yeah, auditor can detect fraud, however, the auditor ability to detect fraud depends

·         Skills of perpetrator

·         Frequency of fraud attempt

·         Amount of fraud

·         Position of the person

Auditor Responsibility for fraud detection

Auditor is responsible that financial statement are free from misstatement as whole, therefore, though auditor is not responsible for detection of fraud , but , still there is some responsibility lies on the shoulder of auditor. Due to inherent limitation of audit, auditor cannot detect all the material misstatement due to fraud or error.

Auditor is responsible for maintaining professional skepticism for following factor

a)    Management can override controls

b)    Management can manipulate record

c)    Control over preparation and maintenance of record

d)    Reliability of record

Audit Detection Risk

 Audit Detection Risk

Auditor could not detect the misstatement in the financial statement by applying audit procedures. It relates to effectiveness and application of audit procedures.

Types of Detection Risks

The major types of detection risk is that

1.    Selection of inappropriate audit procedure

2.    Wrong application of audit procedure

3.    Wrong interpretation of audit results

Lowering Detection Risk

Detection risk may be lowered by adequate planning, assigning professionals, professional skepticism and effective supervisor & review.

Audit Risk Concept

Audit Risk Concept

Audit risk is that auditor expresses an inappropriate opinion on financial statement, where financial statements are misstated. It means that auditor could not detect the misstatement in the financial statement and therefore expressed an inappropriate opinion. Audit risk basically related to audit procedures.

Types of Audit Risk

There are two types of audit risk i.e. significant audit risk and insignificant audit risk. Significant risk is auditor express that financial statement is not materially misstated but in fact these are and vise versa.

Element of Audit Risk

Audit risk is basically a function of risk of misstatement and detection risk.

How audit risk is assessed?

Audit risk is assessed by the audit procedures applied throughout the audit and information obtained from those audit procedure.

Measurement of Audit Risk

The measurement of audit risk is not possible; rather it is assessed on the bases of professional judgment. For example one cannot say that there is 20% or 30% audit risk.

Elimination of Audit Risk

Audit risk cannot be eliminated due to inherent limitation of audit.  Inherent limitation arises from the following

a)    limitation of financial reporting

b)    limitation of audit procedures

c)    Deadlines

d)    Audit work is based on sampling

e)    Audit evidence is persuasive rather than conclusive.

Inherent limitation cannot be used as excuse for using less than persuasive audit evidence. Auditor must seek persuasive audit evidence for conclusion.

Lowering Audit Risk

Audit risk can be lowered by the appropriate planning & directing the audit effort to those areas which are more risky. Use more extensive testing for risky areas.

Risk of Material Misstatement

Risk of Material Misstatement

Risk of material misstatement in audit means that financial statement may not present the financial affair fairly and there may be some misstatement due to fraud or error.

Types of Material Misstatement Risks

There are two types of material misstatement risks i.e. financial statement level risk and assertion level risk. Financial statement level risk effect the financial statement as whole where the assertion level risk is associated to specific item of financial statements.

Material Misstatement Concept

Material Misstatement Concept

Misstatement or material misstatement is deviation from the financial reporting framework. Deviation may be in the form of disclosure, classification and presentation.

Reasons for Misstatement

There are two possible reasons for misstatement (deviation) i.e. fraud and error. Frauds are intentional for personal benefits while errors are unintentional.

1.    Misstatement Due to Error

Misstatement due to error means that there is no deliberate or intentional act which causes the misstatement. Error may include inaccurate processing of information, omission of recording the financial transactions, biased or inaccurate assumption for estimates.

2.    Misstatement Due to Fraud

Second reason for misstatement in financial stamen is fraud. The fraud is a deliberate attempt by an individual to manipulate the financial statement facts .Management of entity is responsible to take appropriate steps for prevention and detection of frauds.

Auditor Responsibilities for Misstatement

Auditor Responsibilities for Misstatement

1.    Obtain Audit Evidence

Auditor shall obtain reasonable assurance that financial statement are not martially misstatement, however, due to inherent limitation there are fair chances that some misstatement may not be detected by  the auditor.

2.    Accumulation of Misstatement

All misstatement identified by the auditor during the audit are accumulated for the purposes of evaluating the effect of misstatement.

3.    Request Management to correct

Auditor shall communicated all identified misstatement to the management and request them to correct those misstatement. In case management refuse to correct the misstatement then auditor shall evaluate its impact on financial statement as whole.

Audit procedures

Audit procedures

Audit procedures are different activities performed by the auditor for obtaining audit evidence during the course of audit.

Types of Audit Procedures

Audit procedure includes inspection, observation, and confirmation from third party, re calculation, re-performance, and analytical procedures.

Use of Audit Procedures

Audit procedure are used in following manner for obtaining the audit evidence

·         Risk assessment of material misstatement

·        Testing the effectiveness of control  (Test of Control)

·        Testing the transaction in details ( Test of details)