Auditing Summary – Semester 1
Introduction to Auditing
What is an audit?
- A systematic process to gather and evaluate evidence & information to objectively, to
evaluate the assertions (made by management) in the FS, to determine the correlation
with predetermined criteria (qualitative and quantitative) and to communicate results to
stakeholders in writing.
What is the purpose of an audit?
- To express an opinion on the FS that they are free of material misstatements and that
they fairly represent all material aspects in the financial position and performance of the
entity in accordance with IFRS and the Companies Act.
- What isn’t the purpose of an audit?
Identifying every error
Detecting fraud
Guaranteeing future success of the company
Inherent limitation of an Audit -> Reasonable Assurance:
- Nature of Financial Reporting
Estimates and judgments are used.
- Nature of Audit Procedures
Time and Cost Limitations
Management may not provide all information.
Management can hide fraud.
- Timeliness of Reporting
Cost and benefit of taking longer to audit must be balanced.
- Reliability VS Cost
Use of sampling because everything cannot be tested.
Types of auditors?
- External – Independent Auditor
- Internal – Employed by company
- Attorney General (Public Auditors) – Auditor General, SARS
- Special-Purpose (Forensic Auditor) – For provisions like a contractual agreement
5 Postulates (“assumptions”) auditors make about a company.
- Financial Statements is verifiable.
- Financial Statements are free from irregularities.
- What held in the past will hold in the future?
- Consistent application of principles leads to fair representation.
- No conflict of interest
External VS Internal
- External Auditors
Express and independent opinion on whether the financial statements fairly
represent the Financial Position and performance of a company.
Not employed by company
- Internal Auditors
Perform independent assignments for management.
Enhances management’s confidence that internal controls are working properly.
Employed by company.
, Internal Control (IC)
Definition of Internal Control
- A process, designed and initiated by management, to provide reasonable assurance
about the achievement of the company’s objectives in terms of:
Reliability of Financial Reporting
Effectiveness and efficiency of Operations
Compliance with Laws and Regulations
(Note: The auditor does not design, or Implement IC’s It is done by management throughout the year)
Inherent Limitations of Internal Control
- Cost VS Benefit
It is expensive to segregate all duties. Trade-off: only segregate some crucial
incompatible duties
- Internal Controls can become obsolete or inadequate as business changes.
- Collusion by Employees to circumvent internal controls and commit fraud.
- Collusion by Management to override internal controls and commit fraud.
- Human error
- Directed at routine, repetitive transactions rather than the exceptions.
Auditors Duty
- How to gain adequate knowledge of business, including system of internal control:
Prior experience or knowledge
Discussions or enquiries with staff
Reading the manuals
Inspecting documents and previous records
Observe (E.g. Cameras or operations)
Walk through tests (E.g. From inventory to point of sale)
- How to document knowledge of internal control system utilizing following documents
System Description
Internal Control Questionnaire (You know what perfect system should look like)
Yes: Sound Internal Controls
No: Weakness in Internal Controls (Potential Risk)
Consider Compensating Controls
System Flow Charts
Standardise Symbols
Flow of Documents
Sequence of Events
Duties of Staff and Departments
5 Components of internal control (COSO Model) (CRIMC)
- Control Environment
Entity’s governance and management functions and attitudes, awareness, and
actions of those responsible for governance
- Risk Assessment Process
Entity’s process for identifying risks relevant to the financial reporting objectives and
how they are addressed.
- Information System
Procedures and records established by entity to initiate, execute, record, process,
and report transactions, events, and conditions and to maintain accountability (E.g.,
Pastel)
, Initiate - Transactions (Decision and Approval)
Execute - Implementation of the Decision
Record - Reflect transaction on Source Documents.
Process - Accounting Records (E.g. Cash book, ledgers, and journals)
Reporting - Reflect on Financial Statements
- Control Activities
Activities ensuring all transactions started and end up reflected correctly in Financial
Statements (E.g. Policies and Procedures)
- Monitoring of Controls
Process to assess effectiveness of internal controls over time.
Segregation of Duties Records and Documents
A Transaction should not be handled by only one Document Design
employee from beginning to end. - Easy identification of different types of forms (Colour
Reduces probability that an employee can commit or Size)
error/fraud and hide it. - Pre-printed and Pre-numbered (enables sequence
Incompatible Functions are: checking)
- Initiation of transaction - Logical design & layout
- Authorisation of transaction - Space for signatures and initials
- Executions of transaction - Multi-copied source documents (Different Divisions)
- Recording of transaction Stationary Control
- Control/Safeguarding of asset involved (if applicable) - Safeguarded
- Register
- Cancelation after use
Control Access (Security) Independent Review (Double Review)
Logical (Not NB) & Physical Security 2nd Independent person checking the other person’s
Access Control to Assets (E.g. Locks, Safes, Guards, work.
Etc.) Sign or Initial (Evidence that a check was performed
Access Control to Documents/Records (E.g. Stationary and pinpoint the responsibility)
Register)
Authorisation Monitoring (Reconciliation)
In terms of Company Policy (NB these words) Reconciliation between Actual VS Recorded Assets
- Specific authorisation levels given the types of - Comparing (E.g. Physical stock counts with inventory)
transactions or value thereof. Reconciliation between two sets of recorded
- After reviewing supporting documents information
Evidence of Authorisation Required - Comparing (E.g. Bank Account to Bank Statements)
- Sign (as evidence that authorisation was given and to - Comparing (E.g. Sub-ledger to General Ledger)
pinpoint responsibility)
Control Activities (SCRRAM)
Control Activities (SCRRAM) Control Objectives (VAC)
Segregation of Duties <- Do this. Validity
Control Access / Security Accuracy
Independent Review Completeness
Records and Documents To ensure that this
Authorisation is achieved - >
Monitoring
, Control Objectives (VAC)
Validity Completeness Accuracy
Transactions are authorised in Keyword = “ALL RECORDED” Right account
terms of company policy. No Omissions Right amount
Events occurred. Pre-Numbered documents are Right document
Documents exist. in order, and all are present. Right product
Transaction is legitimate (in Timely recorded
other words were not made
to fictitious people)
Possible Exam Questions
- Give:
Weaknesses (State what is not there)
Consequences (Usually fraud or error, resulting in material misstatement)
Recommendations (Give the correct controls that you identified as missing. If a
document is missing, give all the controls around that document, namely the perfect
cycle. Quite a lot of marks!)
- Give a perfect cycle. Leave out the controls that the company is already doing right.
- Identify the control activities relating to some given controls (SCRRAM)
E.g., “The manager locks the petty cash box in a safe” = Access Control
- Formulate control objectives (Start with ‘to ensure that…’)
E.g., “Formulate the control objectives for the validity of credit sales.”
Answer: To ensure that
All debtors are approved and authorised in terms of company policy.
Credit sales actually occurred.
Invoices are generated for credit sales.
Credit sales are legitimate (specifically only sales to approved debtors)
Perfect Cycles of Internal Control
- Exam technique: Generic Template that applies to almost every document.
[Document Name] should be pre-numbered and pre-printed.
Prepared by [Clerk/Storeman] and signed to assign responsibility.
[Number of copies]
For client, as evidence off occurrence
For accounting department, for recording If in doubt, there is usually
For same department, for evidence of occurrence 4 copies. Say Why each
For next department, to agree documents. copy is needed.
Reviewed by [Sales/Purchases/Warehouse] Manager for details:
Reperform Calculations
Check date.
Check quantity and price.
Agree to previous documents.
Reviewer signs to authorise in terms of company policy (e.g., approving a debtor)
Reviewer checks number sequence and follows up outstanding items (Say this for every
single document)
Blank documents must be safe guarded.
+ The Additional Controls Specific to each cycle
Perfect Cycles:
- Sales and Receipts
- Purchases and Payments
Introduction to Auditing
What is an audit?
- A systematic process to gather and evaluate evidence & information to objectively, to
evaluate the assertions (made by management) in the FS, to determine the correlation
with predetermined criteria (qualitative and quantitative) and to communicate results to
stakeholders in writing.
What is the purpose of an audit?
- To express an opinion on the FS that they are free of material misstatements and that
they fairly represent all material aspects in the financial position and performance of the
entity in accordance with IFRS and the Companies Act.
- What isn’t the purpose of an audit?
Identifying every error
Detecting fraud
Guaranteeing future success of the company
Inherent limitation of an Audit -> Reasonable Assurance:
- Nature of Financial Reporting
Estimates and judgments are used.
- Nature of Audit Procedures
Time and Cost Limitations
Management may not provide all information.
Management can hide fraud.
- Timeliness of Reporting
Cost and benefit of taking longer to audit must be balanced.
- Reliability VS Cost
Use of sampling because everything cannot be tested.
Types of auditors?
- External – Independent Auditor
- Internal – Employed by company
- Attorney General (Public Auditors) – Auditor General, SARS
- Special-Purpose (Forensic Auditor) – For provisions like a contractual agreement
5 Postulates (“assumptions”) auditors make about a company.
- Financial Statements is verifiable.
- Financial Statements are free from irregularities.
- What held in the past will hold in the future?
- Consistent application of principles leads to fair representation.
- No conflict of interest
External VS Internal
- External Auditors
Express and independent opinion on whether the financial statements fairly
represent the Financial Position and performance of a company.
Not employed by company
- Internal Auditors
Perform independent assignments for management.
Enhances management’s confidence that internal controls are working properly.
Employed by company.
, Internal Control (IC)
Definition of Internal Control
- A process, designed and initiated by management, to provide reasonable assurance
about the achievement of the company’s objectives in terms of:
Reliability of Financial Reporting
Effectiveness and efficiency of Operations
Compliance with Laws and Regulations
(Note: The auditor does not design, or Implement IC’s It is done by management throughout the year)
Inherent Limitations of Internal Control
- Cost VS Benefit
It is expensive to segregate all duties. Trade-off: only segregate some crucial
incompatible duties
- Internal Controls can become obsolete or inadequate as business changes.
- Collusion by Employees to circumvent internal controls and commit fraud.
- Collusion by Management to override internal controls and commit fraud.
- Human error
- Directed at routine, repetitive transactions rather than the exceptions.
Auditors Duty
- How to gain adequate knowledge of business, including system of internal control:
Prior experience or knowledge
Discussions or enquiries with staff
Reading the manuals
Inspecting documents and previous records
Observe (E.g. Cameras or operations)
Walk through tests (E.g. From inventory to point of sale)
- How to document knowledge of internal control system utilizing following documents
System Description
Internal Control Questionnaire (You know what perfect system should look like)
Yes: Sound Internal Controls
No: Weakness in Internal Controls (Potential Risk)
Consider Compensating Controls
System Flow Charts
Standardise Symbols
Flow of Documents
Sequence of Events
Duties of Staff and Departments
5 Components of internal control (COSO Model) (CRIMC)
- Control Environment
Entity’s governance and management functions and attitudes, awareness, and
actions of those responsible for governance
- Risk Assessment Process
Entity’s process for identifying risks relevant to the financial reporting objectives and
how they are addressed.
- Information System
Procedures and records established by entity to initiate, execute, record, process,
and report transactions, events, and conditions and to maintain accountability (E.g.,
Pastel)
, Initiate - Transactions (Decision and Approval)
Execute - Implementation of the Decision
Record - Reflect transaction on Source Documents.
Process - Accounting Records (E.g. Cash book, ledgers, and journals)
Reporting - Reflect on Financial Statements
- Control Activities
Activities ensuring all transactions started and end up reflected correctly in Financial
Statements (E.g. Policies and Procedures)
- Monitoring of Controls
Process to assess effectiveness of internal controls over time.
Segregation of Duties Records and Documents
A Transaction should not be handled by only one Document Design
employee from beginning to end. - Easy identification of different types of forms (Colour
Reduces probability that an employee can commit or Size)
error/fraud and hide it. - Pre-printed and Pre-numbered (enables sequence
Incompatible Functions are: checking)
- Initiation of transaction - Logical design & layout
- Authorisation of transaction - Space for signatures and initials
- Executions of transaction - Multi-copied source documents (Different Divisions)
- Recording of transaction Stationary Control
- Control/Safeguarding of asset involved (if applicable) - Safeguarded
- Register
- Cancelation after use
Control Access (Security) Independent Review (Double Review)
Logical (Not NB) & Physical Security 2nd Independent person checking the other person’s
Access Control to Assets (E.g. Locks, Safes, Guards, work.
Etc.) Sign or Initial (Evidence that a check was performed
Access Control to Documents/Records (E.g. Stationary and pinpoint the responsibility)
Register)
Authorisation Monitoring (Reconciliation)
In terms of Company Policy (NB these words) Reconciliation between Actual VS Recorded Assets
- Specific authorisation levels given the types of - Comparing (E.g. Physical stock counts with inventory)
transactions or value thereof. Reconciliation between two sets of recorded
- After reviewing supporting documents information
Evidence of Authorisation Required - Comparing (E.g. Bank Account to Bank Statements)
- Sign (as evidence that authorisation was given and to - Comparing (E.g. Sub-ledger to General Ledger)
pinpoint responsibility)
Control Activities (SCRRAM)
Control Activities (SCRRAM) Control Objectives (VAC)
Segregation of Duties <- Do this. Validity
Control Access / Security Accuracy
Independent Review Completeness
Records and Documents To ensure that this
Authorisation is achieved - >
Monitoring
, Control Objectives (VAC)
Validity Completeness Accuracy
Transactions are authorised in Keyword = “ALL RECORDED” Right account
terms of company policy. No Omissions Right amount
Events occurred. Pre-Numbered documents are Right document
Documents exist. in order, and all are present. Right product
Transaction is legitimate (in Timely recorded
other words were not made
to fictitious people)
Possible Exam Questions
- Give:
Weaknesses (State what is not there)
Consequences (Usually fraud or error, resulting in material misstatement)
Recommendations (Give the correct controls that you identified as missing. If a
document is missing, give all the controls around that document, namely the perfect
cycle. Quite a lot of marks!)
- Give a perfect cycle. Leave out the controls that the company is already doing right.
- Identify the control activities relating to some given controls (SCRRAM)
E.g., “The manager locks the petty cash box in a safe” = Access Control
- Formulate control objectives (Start with ‘to ensure that…’)
E.g., “Formulate the control objectives for the validity of credit sales.”
Answer: To ensure that
All debtors are approved and authorised in terms of company policy.
Credit sales actually occurred.
Invoices are generated for credit sales.
Credit sales are legitimate (specifically only sales to approved debtors)
Perfect Cycles of Internal Control
- Exam technique: Generic Template that applies to almost every document.
[Document Name] should be pre-numbered and pre-printed.
Prepared by [Clerk/Storeman] and signed to assign responsibility.
[Number of copies]
For client, as evidence off occurrence
For accounting department, for recording If in doubt, there is usually
For same department, for evidence of occurrence 4 copies. Say Why each
For next department, to agree documents. copy is needed.
Reviewed by [Sales/Purchases/Warehouse] Manager for details:
Reperform Calculations
Check date.
Check quantity and price.
Agree to previous documents.
Reviewer signs to authorise in terms of company policy (e.g., approving a debtor)
Reviewer checks number sequence and follows up outstanding items (Say this for every
single document)
Blank documents must be safe guarded.
+ The Additional Controls Specific to each cycle
Perfect Cycles:
- Sales and Receipts
- Purchases and Payments
