Download - Audit Practices Manual_NoRestriction
-
8/10/2019 Audit Practices Manual_NoRestriction
1/344
THE INSTITUTE OF
CHARTERED ACCOUNTANTS
OF PAKISTAN
AUDIT PRACTICES MANUAL
FEBRUARY 2001
QUALITY CONTROL REVIEW COMMITTEE
FOREWORD
Comprehensiveness in performance and self-regulation are the hallmark of a chartered
accountant. It is because of these distinguishing characteristics that the public has looked up tothe profession for validating and assuring that the information in the published financial
statements is a true and fair view of the state of the affairs of the entity.
The compliance with various standards, corporate regulations, and technical releases of theInstitute automatically assures the excellence in performance. The Institute, to assist the
review partners, managers, and field staff in these efforts, has evolved an Auditing ractices!anual. "iven the multi-variety of the corporate entities, any manual cannot be prescriptive#
this manual also is only descriptive. The working papers etc. are also only sample forms and
are not standards of the Institute as such. There might be a situation where the members may
need to supplement, amend, or add to this manual according to the actual needs of theparticular entity under audit by them.
-
8/10/2019 Audit Practices Manual_NoRestriction
2/344
The Institute attaches great importance to this process of self-regulation. $ecessaryadministrative mechanism has been put in place in the Institute to assure that the manual is
followed and members% performance is therefore not less than the best.
In conclusion I would express my sincere appreciation for concerted efforts and long hours put
in for the preparation of this comprehensive Auditing ractices !anual by members of thesub-committee, including !r. Asad Ali &hah 'Chairman(, !r. Ather Ali. !r. )ussain *alani,
!r. &aad +aliya, !r. &hafi Ahmed, !r. &hareel utt, !r. !a/har
). )ameedi, !r. $adeem 0ousuf Adil and last but not the least to !r. Ahmed 1. atel,Chairman 2uality Control 3eview Committee, for his personal interest in completion of this
manual.
ir !ohammad A. +aliya, 4CA resident 56 7anuary 8995
PREFACE
The Institute of Chartered Accountants of akistan as member of the International 4ederation
of Accountants 'I4AC( has a professional obligation to implement the standards issued by the
4ederation of the International Accounting &tandards Committee 'IA&C(.
The reface to the International &tandards on Auditing 'I&A%s( issued by the I4AC states that
the obective of audit of financial statements is to enable the auditor to express an opinion
whether the financial statements are prepared, in all material respects, in accordance with an
identified reporting framework 'which would mean accounting standards applicable in
akistan(.
In order to arrive at a correct audit opinion in an efficient and effective manner, the audit is to
be conducted in accordance with the I&A%s and related assurance services and pronouncements
issued by the Council of the Institute.
The manual does not envisage all possible corporate entities or circumstances, for instance
special purpose entities such as banks, airlines, insurance companies, telecommunications and
other utilities etc. may need substantial modifications, even redesigning, to fully conform to
the reuisite reuirements of I&A%s etc.
The 2uality Control 3eview Committee of the Institute hopes that the manual shall be of greatfunctional utility to its practicing members.
The committee expects the practicing members would follow the !anual in letter and spirit.
The manual shall be updated to incorporate the latest reuirements of the I&A%s etc.
WORKING PAPERS
-
8/10/2019 Audit Practices Manual_NoRestriction
3/344
The working papers are not definitive but are only sample working papers that need to be
supplemented or amended or modified by the members in accordance with the reuirements of
the entity under audit.
ORGANIZATION OF THE MANUAL
Two volumes of the !anual are organi/ed as follows:
Volume 1
Chapter 5:1escribes briefly the salient features of the audit process, including the threephases of planning, execution and completion.
Chapter 8: "ives the contents of theAudit Planning File. Also included therein is
guidance on evaluation of accounting and internal control systems, theinternal control uestionnaires including a guide on the evaluation of general
controls relating to Computeri/ed Information &ystems. 4urther, model audit
programs for a manufacturing entity, duly correlated with possible auditassertions have also been included.
Volume 2
Chapter ;: "ives the contents of theAudit Execution File. This largely comprises of
the standard working paper schedules that are used to collect audit evidenceon the financial statement components, including lead schedules on such
components, referencing methodology and the possible wordings of the
conclusions.
Chapter
-
8/10/2019 Audit Practices Manual_NoRestriction
4/344
5.5 Audit rocess Chart 5-5
5.8 =verview of the Audit rocess 5-8 lanning hase 5-8 Bxecution hase
5-; Completion hase 5-8.8. Audit !ateriality 8-69
8.8.6 3eview of 4inancial erformance of the Client 8-68 &uggested 4ormat of4inancial erformance 3eview 8-6;
8.; 1etailed lanning
8.;.5 Computer Information &ystem 'CI&( Checklist 8-6@
8.;.8 Audit rograms 8-?; &le Audit rograms 8-?8.;.; Analytical 3eview rocedures 8-5
-
8/10/2019 Audit Practices Manual_NoRestriction
5/344
8.@ Audit lanning Checklist 8-5?6
Chapter 3
Audi E'e"uio% File
;.5 "eneral Instructions for 1ocumentation of Audit Bxecution 4ile ;-5;.8 Bxceptions and Control Geaknesses ;-8;.; Audit Gorking aper "uidelines ;-;
;.< &ignificant Components of alance &heet and E * Account F *ead &chedules with
Conclusions ;-@
Chapter 4
Audi Com(leio% ) Re(o!i%& File
-
8/10/2019 Audit Practices Manual_NoRestriction
6/344
.5 &ummary of &ome I&As
Audi P.$#e
Do"ume%$io%
1/2 OVER VIEW OF THE AUDIT PROCESS
1 The 4ramework on the International Auditing &tandards 'I&As( issued by theInternational 4ederation of Accountants states that the obective of an audit of financial
statements is to enable the auditor to express an opinion whether the financial
-
8/10/2019 Audit Practices Manual_NoRestriction
7/344
statements are prepared, in all material respects, in accordance with an identifiedreporting framework 'which would mean applicable accounting standards in akistan(.
In order to arrive at a correct audit opinion in an efficient and effective manner, the
audit is to be conducted in accordance with the I&As.
2 The audit is designed to provide reasonable assurance that the financial statements
taken as whole are free from material misstatement. 3easonable assurance is a conceptrelating to accumulation of sufficient and appropriate audit evidence on the basis of
which the auditor can conclude that there are no material misstatements in the financialstatements.
3 The Audit rocess, as described below, has been designed, based on the framework ofauditing suggested by the I&As, with a view to assist an auditor to form an auditopinion in the most efficient manner.
4 The audit process constitutes three phases of lanning, Bxecution and 3eview andCompletion. Bach of these phases are briefly discussed below. These phases are also
described in tabular form at the end of this Chapter to provide a uick comprehensionof the process to the reader.
5 PLANNING PHASE
@.5 The I&A F ;99 reuires that the audit should so plan his work so that the audit is
performed in an effective manner.
@.8 Bfficient planning helps in ensuring that appropriate attention is devoted to theimportant areas of the audit, potential problems are identified and the work is completed
expeditiously.
@.; The extent of planning will vary according to the nature and si/e of the entity beingaudited, the complexity of the audit and the auditor%s experience and knowledge of the
entity%s business.
@.< The planning phase comprises of the following activities:
1eveloping an =verall Audit lan
1etailed Audit lanning *eading to 1evelopment of Audit rogram
1ocumentation in the 4orm of an Audit lanning 4ile
Audit Administration E =ther !atters.0/0 OVERALL AUDIT PLAN
@. The overall Audit lan is a summari/ed strategy for the audit engagement, which
primarily consists of strategic decisions of expected scope and conduct of the audit
based on a preliminary understanding of the entity%s business, its management structure
and philosophy, accounting and internal control systems, audit risk and materiality and
the audit administration. The steps involved are described in the 4low Chart 8 below
-
8/10/2019 Audit Practices Manual_NoRestriction
8/344
0/ DETAILED AUDIT PLANNING
@.? ased on the audit approach developed in the =verall Audit lan, the auditor should
carry out detailed audit planning leading to the development of the audit programs of
each component of the financial statements containing nature, timing and extent of audit
procedures to be applied to them.
@.> These audit programs need to be reviewed at least by a ualified manager or partner to
ascertain whether the execution of selected audit procedures included therein shall lead
to obtaining sufficient and appropriate audit evidence for forming an audit opinion on
the financial statements.
@.59 An important aspect of detailed planning is the study and evaluation of the internal
control procedures to ascertain the extent to which the internal control systems can be
relied upon for the purposes of the audit. Ghere the accounting and internal control
systems are considered reasonably reliable 'that means when the control risk is assessed
as less than high( and a decision is made to place reliance on such systems and internalcontrol uestionnaires, flow charts or a combination thereof.
@.55 The internal control checklist prepared by the Institute of Chartered Accountants of
akistan# is included in Chapter 8, which can be used for documenting the important
features of the internal control. This checklist is not definitive and may need to be
supplemented, amended or modified according to the need of the audit reuirements of
the entity.
@.58 The overall audit plan, audit programs, time budgets, planning checklist and other
documentation encompassing the planning phase of the audit is to be filed as part of the
Audit lanning 4ile as shown in Chapter 8 of the !anual.
AUDIT ADMINISTRATIVE ) OTHER MATTERS
.5 Information regarding audit administration 'Chart-
-
8/10/2019 Audit Practices Manual_NoRestriction
9/344
proprietorship concern, it must be ensured that the proprietor carries out a thorough
review of all the working papers.
?.8 Care is to be exercised to ensure that disclosure and completion checklist are prepared
and completed and issues such as subseuent event%s review, related party transactions
and going concern aspect etc. are considered before audit opinions of the financialstatements is issued.
?.; 1etails of the steps involved in the completion phase are given in 4low Chart and
matters to be considered and the documentation to be completed are clarified in 3eviewand Completion 4ile in Chapter
-
8/10/2019 Audit Practices Manual_NoRestriction
10/344
ecause of the test nature and other inherent limitations of an audit, together with the inherentlimitations of any accounting and internal control system, there is an unavoidable risk that
even some material misstatements may remain undiscovered.
In addition to our report on the financial statements, we expect to provide you with a separate
letter concerning any material weaknesses in accounting and internal control systems whichcome to our notice.
Ge remind you that the responsibility for the preparation of financial statements includingadeuate disclosure is that of the management of the company. This includes the maintenance
of adeuate accounting records and internal controls, the selection and application of
accounting policies, and the safeguarding of the assets of the company. As part of our auditprocess, we will reuest from management written confirmation concerning representations
made to us in connection with the audit.
Ge look forward to full cooperation with your staff and we trust that they will make available
to us whatever records, documentation and other information are reuested in connection withour audit. =ur fees, which will be billed as work progresses, are based on the time reuired by
the individuals assigned to the engagement plus out-of-pocket expenses. Individual hourly
rates vary according to the degree of responsibility involved and the experience and skillreuired.
Ge wish to inform you that our working papers files for the audit of the financial statements
of your company would be subect to review by the Institute of Chartered Accountants ofakistan%s 2uality Control 3eview Committee without any further reference to you.
This letter will be effective for future years unless it is terminated, amended or superseded.
Dnless we hear from you to the contrary, we will assume your concurrence with the contentsof this letter.
0ours truly
4I3!%&
$A!B
2/2 OVERALL AUDIT PLAN
2/2/1 CLIENT PROFILE
$ame of client
-
8/10/2019 Audit Practices Manual_NoRestriction
11/344
$ature of
Client usiness
!aor *ocations:
=ther Information F
1 o anks
2 o *egal Advisor
3 o Tax Advisor etc.
2/2/2 UNDERSTANDING THE CLIENT6S 7USINESS
P!elimi%$!* 8%o9led&e o+ "lie%:# ;u#i%e##
A preliminary knowledge of the clientJs business is reuired in the client
acceptanceretention stage in order to determine whether to accept or reect a new
entity as a client or to retain or relinuish an existing client.
This knowledge is obtained through the performance of activities such as observation,
inspection, inuiry and analytical procedures such as ratio analysis and common si/eanalysis.
De$iled 8%o9led&e o+ "lie%:# ;u#i%e##
A detailed knowledge of the clientJs business is reuired in all audit processes except
-
8/10/2019 Audit Practices Manual_NoRestriction
12/344
client acceptanceretention stage. !ost of this knowledge should be acuired in the
audit planning stage and is reuired in order to determine the audit approach.
The knowledge may be acuired through the auditor performing such activities asinspection, inuiry and analytical procedures such as ratio analysis, and Computer
Assisted Audit Techniues 'CAAT(, such as test data, programmed code analysis and
speciali/ed audit software.
K%o9led&e o+ Clie% 7u#i%e## Co!e
7u#i%e## A"i
-
8/10/2019 Audit Practices Manual_NoRestriction
13/344
M$=o! Su((lie!#
M$=o! Com(eio!#
Rel$ed P$!ie# ,i+ $%*-
Si&%i+i"$% A""ou%i%& Poli"ie#
*ist down significant accounting policies 'or change in accounting policy, if any( adopted by
the Company relating to:
1 &taff retirement benefits2 4ixed assets3 3evenue recognition4 Taxation5 4oreign currency transaction
Ke* M$%$&eme% Pe!#o%%el
*ist down key management personnel of organi/ation, i.e.
Di!e"o!#
-
8/10/2019 Audit Practices Manual_NoRestriction
14/344
O.e! M$%$&eme% S$++
2/2/> FACTORS THAT MA? AFFECT CLIENT6S 7USINESS
Bconomic 4actors:
Industry Conditions:
&ocial Bnvironmental 4actors:
Technological 4actors:
2/2/@ CRITICAL AUDIT AREAS 5 SIGNIFICANT FINANCIAL
STATEMENT COMPONENTS
*ist down the critical audit areas and its impact on the financial statements relating to
-
8/10/2019 Audit Practices Manual_NoRestriction
15/344
the audit in consideration. It also includes consideration of previous years brought
forward issues.
!aor areas include:
$ew borrowings with extra-ordinary terms and conditions
1iscontinuation of maor suppliers
Acuisition of a significant asset
1iscontinuation of a maor customer
*oss of a significant market share
!aor claims and litigation against the client, etc.
2/2/0 RISK ASSESSMENTS ACCOUNTING AND
INTERNAL CONTROL S?STEM
1/ The International &tandard on Auditing A&- on the captioned subect provides
guidance on obtaining an understanding of the accounting system and internalcontrol systems and on the audit risk and its components. The standard states
that:
-
8/10/2019 Audit Practices Manual_NoRestriction
16/344
KThe auditor should obtain an understanding of the accounting and internal
control systems sufficient to plan the audit and develop an effective auditapproach. The auditor should use his professional judgment to assess audit
risk and to design audit procedures to ensure it is reduced to an acceptably
low level.
1 The following paragraphs contain guidance on matters relating to risk assessment andinternal control to help members in understanding these concepts based on the
guidance contained in A&- and other related guidance to enable them in developingan efficient and effective audit approach and in complying with the reuirements of
A&-.
2 De+i%iio%#
>/1 BAudi Ri#8 means the risk that an auditor gives an inappropriate audit
opinion when the financial statements are materially misstated. Audit risk hasthree components: inherent risk, control risk and detection risk.
>/2 BI%.e!e% !i#8 is the susceptibility of an account balance or class of
transactions to misstatements that could be material, individually or whenaggregated with misstatements in other account balances or classes, assuming
there are no related internal controls.
>/> BCo%!ol !i#8is the risk that a misstatement that could occur in an accountbalance or class of transactions and that could be material individually or when
aggregated with misstatements in other balances or classes, will not be
prevented or detected and corrected on a timely basis by the accounting andinternal control systems.
>/@ BDee"io% !i#8 is the risk that an auditor%s substantive procedures will not
detect a misstatement that exists in an account balance or class of transactionsthat could be material, individually or when aggregated with other balances and
classes.
>/0 BA""ou%i%& #*#emmeans the series of tasks and records of an entity bywhich transactions are processed as a means of maintaining financial records.
&uch systems identify, assemble, analy/e, calculate, classify, record, summari/e
and report transactions and events.
>/ BI%e!%$l Co%!ol S*#emL means all the policies and procedures 'internal
controls( adopted by the management of an entity to assist in achieving
management%s obective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management policies,the safeguarding of assets, the prevention and detection of fraud and error, the
accuracy and completeness of the accounting records, and timely preparation ofreliable financial information. The internal control system extends beyond those
matters which relate directly to the functions of the accounting system and
comprises of two components: a( the control environment and the control
procedures.
>/ BCo%!ol e%
-
8/10/2019 Audit Practices Manual_NoRestriction
17/344
and management regarding the internal control system and its importance in the entity.
The control environment has an effect on the effectiveness of the specific control
procedures. A strong control environment, for example, one with the tight budgetary
control and an effective internal audit function, can significantly complement specific
control procedures. )owever, a strong control environment does not, by itself, ensure
the effectiveness of the internal control system. 4actors reflected in the controlenvironment include:
The function of the board of directors and its committees. !anagement%sphilosophy and operating style. The entity%s organi/ational structure and methods ofassigning authority and
responsibility. !anagement%s controlsystem including the internal audit function,
personnel policies and procedures and
segregation of duties.
>/4 BCo%!ol P!o"edu!e#means those policies and procedures in addition to the controlenvironment which management has established to achieve the entity%s specific
obectives. &pecific Control obectives include:
3eporting, reviewing and approving reconciliation. Checking the arithmeticalaccuracy of records. Controlling applications and environment of computerinformation systems, for
example, by establishing controls over: Changes to computer programs.Access to data files.
!aintaining and reviewing control accounts and trial balances. Approving andcontrolling of documents. Comparing internal data with external sources ofinformation. Comparing the results of cash, security and inventory counts withaccounting records. *imiting direct physical access to assets and records.Comparing and analy/ing the financial results with budgeted amounts.
@/ In the audit of financial statements, we are only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the
financial statement assertions. The understanding of relevant aspects of the accounting
and internal control systems, together with inherent and control risk assessments will
help the auditor to:
1 a. Identify the type of potential material misstatements that could occur in the
financial statements#2 b. Consider factors that affect the risk of material misstatements# and3 c. 1esign appropriate audit procedures to minimi/e risk to an acceptable level.
0/ Therefore, while developing the audit approach, we should consider the preliminary
assessment of control risk 'in conunction with the assessment of inherent risk( todetermine the appropriate detection risk to accept for the financial statement
assertions. ased on such assessment, we should decide on the timing, nature and
-
8/10/2019 Audit Practices Manual_NoRestriction
18/344
extent of the substantive procedures for the financial statement assertions.
/ I%.e!e% Ri#8
/1 4or developing the overall audit plan, we should assess inherent risk at the financial
statement level. 4or developing audit programs, we should relate such assessment to
material account balances and class of transactions at the assertion level, or assumethat the inherent risk is high.
/2 The assessment of inherent risk reuires the use of professional udgment
considering the following factors:
/2/1 A .e +i%$%"i$l #$eme% le
-
8/10/2019 Audit Practices Manual_NoRestriction
19/344
/1 Transactions are executed in accordance with the management%s general and specificauthori/ations.
/2 All transactions and other events are promptly recorded in the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation of
reliable financial statements in accordance with acceptable accounting policies.
/> Access to assets and records is permitted only in accordance with management%s
authori/ation.
1 3ecorded assets are compared with the existing assets at reasonable intervals andappropriate action is taken regarding any differences.
2 U%de!#$%di%& .e $""ou%i%& $%d i%e!%$l "o%!ol #*#em#
4/1 Ge are reuired by A&- to obtain an appropriate understanding of the accounting and
internal controls system to enable us to design our substantive audit procedures aimed
at minimi/ing the detection risk to an acceptable level.
4/2 The process of understanding involves obtaining knowledge of the design of the
accounting and internal control systems, and their operation. Ge usually perform a
KGalk-throughL test that is, tracing a few transactions through the accounting system,
for understanding the accounting and internal control systems.
4/> revious periods audit experience, review of the previous years files containing
documentation of the accounting and internal control systems also enhances our
understanding of such systems.
4/@ The procedures, which may be used for obtaining such understanding include:
Inquiries of appropriate management, supervisory and otherpersonnel at various organizational levels within an entity,together with reference to documentation, such as proceduresmanuals, job descriptions and ow charts;
Inspection of records and reports produced by the accountingand internal control systems; and
bservation of the entity!s activities and operations, includingobservation of the organization of computer operations,management personnel and the nature of transactionprocessing"
/ Ge are reuired to obtain a level of understanding of the accounting
system that is sufficient to identification and understanding of:
1 a. !aor classes of transactions in the entity%s operations#2 b. )ow such transactions are initiated#3 c. &ignificant accounting records, supporting documents and accounts in the
financial statements# and
-
8/10/2019 Audit Practices Manual_NoRestriction
20/344
4 d. The accounting and financial reporting process, from the initiation ofsignificant transactions and events to their inclusion in the financial statements.
1/ I% !e#(e" o+ "o%!ol e%
-
8/10/2019 Audit Practices Manual_NoRestriction
21/344
such accounting and internal controls are suitably designed and operating effectively.
12/2 =bective of tests of controls is to obtain evidence about the effectiveness of:
The design of the accounting and internal control systems, that is, whether
they are suitably designed to prevent or detect and correct materialmisstatements# and =peration of the internal controls through out theperiod under audit.
12/> Tests of controls may include:
Inspection of documents supporting transactions and other events to gain auditevidence that internal controls have operated properly, for example, verifying that atransaction has been authori/ed.
Inuiries about, and observation of, internal controls which leave no audit trail, forexample, determining who actually performs each function and not merely who is
supposed to perform it.
3e-performance of internal controls, for example, reconciliation of bank accountsto ensure that they were correctly performed by the entity.
12/@ ased on the results of the tests of controls, we should evaluate whether the internal
controls are designed and operating as contemplated in the preliminary assessment of
control risk. If the results of test of controls highlight deviations, the preliminary
assessment of control risk may need to be revised. In such cases, there will be a need
to modify the timing, nature and extent of planned substantive procedures.
12/0 efore the conclusion of the audit, based on the results of substantive procedures and
other audit evidence obtained, we should consider whether the assessment of control
risk is confirmed.
1> Rel$io%#.i( ;e9ee% .e $##e##me% o+ I%.e!e% $%d Co%!ol Ri#8#
1 !anagement often reacts to inherent risks situations be designing accounting andinternal control systems to prevent or detect and correct misstatements and therefore,in many cases, inherent risk and control risk are highly interrelated. In such situations,
if the auditor attempts to assess the inherent and control risks separately, there is a
possibility of inappropriate risk assessment. As a result, audit risk may be more
appropriately determined in such situations by making a combined assessment.2 Dee"io% Ri#8
1@/1 The level of detection risk relates to the substantive procedures. =ur assessment of
control risk, together with the inherent risk assessment, will influence the nature,
timing and extent of substantive procedures to be performed to reduce the detection
risk, and therefore audit risk, to an acceptably low level. )owever, some detection risk
would always be present, even of an auditor were to examine 599M of the account
balance or class of transactions because, for example, most audit evidence is
persuasive rather than conclusive.
-
8/10/2019 Audit Practices Manual_NoRestriction
22/344
1@/2 Ge should consider the assessed levels of inherent and control risks in determining the
timing, nature and extent of substantive procedures reuired reducing audit risk to an
acceptably low level. In this regard, we should consider:
The nature of substantive procedures, for example, using tests directed toward
independent parties outside the entity rather than the tests directed toward partiesor documentation within the entity, or using tests of details for particular auditobective in addition to the analytical procedures#
The timing of substantive procedures, for example, performing them at period endrather than at an earlier date# and
The extent of substantive procedures, for example, using a larger sample si/e.
1@/> There is inverse relationship between detection risk and the combined level of inherent
and control risks. 4or example, when inherent and control risks are high, acceptable
detection risk needs to be low to reduce the audit risk to an acceptably low level. =n
the other hand, when inherent and control risks are low, we can accept higher detection
risk and still reduce audit risk to an acceptably low level. This inverse relationship isillustrated below. The shaded areas in the table relate to the detection risk.
Ou! A##e##me% o+ Co%!ol Ri#8
)igh !edium *ow
Ou! $##e##me% o+ )igh *owest *ower !edium
I%.e!e% Ri#8 !edium *ower !edium )igher
*ow !edium )igher )ighest
1@/@ The assessed levels of inherent and control risks cannot be sufficiently low to
eliminate the need for us to perform any substantive procedures. 3egardless of the
assessed levels of inherent and control risks, there would invariably be a need to
perform some substantive procedures for material account balances and class of
transactions.
1 The higher the assessment of inherent and control risk, the more audit evidence wouldbe reuired to be obtained from the performance of substantive procedures. Ghen bothinherent and control risks are assessed as high, we need to consider whether
substantive procedures can provide sufficient appropriate audit evidence to reduce
detection risk, and therefore audit risk, to an acceptably low level. Ghen it isdetermined that detection risk regarding a financial statement assertion for a material
account balance or class of transactions cannot be reduced to acceptably low level, we
should express a ualified opinion or a disclaimer of opinion.
2 Audi Ri#8 i% .e Sm$ll 7u#i%e##
10/1 Ge need to obtain the same level of assurance in order to express an unualified
opinion on the financial statements of both small and large entities. )owever, many
internal controls which would be relevant to large entities are not practical in the small
businesses. 4or example, in small business, accounting procedures may be performed
-
8/10/2019 Audit Practices Manual_NoRestriction
23/344
by few persons who may have both operating and custodial responsibilities, and
therefore segregation of duties may be missing or severely limited. Inadeuate
segregation of duties may, in some cases, offset by a strong management control
system in which ownermanager supervisory controls exist because of direct personal
knowledge of the entity and involvement in transactions. In circumstances where
segregation of duties is limited and audit evidence of supervisory controls is lacking,the audit evidence necessary to support the auditor%s opinion on the financial
statements may have to be obtained entirely through performance of substantive
procedures.
10/2 The following paragraphs provide more guidance for a better understanding of the twocomponents of internal control system described above, i.e., control environment and
control procedures.
1/ Co%!ol E%/1 !anagement is responsible for Nsetting the toneN for their organi/ation. !anagement
should foster a control environment that encourages:
The highest levels of integrity and personal and professional standards,
A leadership philosophy and operating style which promote internal controlthroughout the organi/ation, and,
An assignment of authority and responsibility.
1/@ Co%!ol E%
-
8/10/2019 Audit Practices Manual_NoRestriction
24/344
training, evaluations, counseling, promotions, compensation, and disciplinary actions.In the event that an employee does not comply with an organi/ationJs policies and
procedures or behavioral standards, an organi/ation must take appropriate disciplinary
action to maintain an effective control environment. T.e "o%!ol e%
-
8/10/2019 Audit Practices Manual_NoRestriction
25/344
1/1 Control procedures means the policies and procedures in addition to the control
environment, which the management has established to achieve the entity%s specific
control obectives.
1/2 Co%!ol (!o"edu!e# $!e $"io%# #u((o!ed ;* (oli"ie# $%d (!o"edu!e# .$ 9.e%
"$!!ied ou (!o(e!l* i% $ imel* m$%%e! m$%$&e o! !edu"e !i#8#/ T.ee++e"i
-
8/10/2019 Audit Practices Manual_NoRestriction
26/344
transactions within limited parameters. In addition, management specifies thoseactivities or transactions that need supervisory approval before they are performed or
executed by employees. A supervisor%s approval 'manual or electronic( implies that he
or she has verified and validated that the activity or transaction conforms to established
policies and procedures.
1/ Re"o%"ili$io% ,Dee"i
-
8/10/2019 Audit Practices Manual_NoRestriction
27/344
1/11 Co%!ol P!o"edu!e# JA((!o
-
8/10/2019 Audit Practices Manual_NoRestriction
28/344
".$!&ed o $ de($!me%:# $""ou%#/ To e%#u!e (!o(e! #e&!e&$io% o+
duie# .e (e!#o% 9.o $((!o
-
8/10/2019 Audit Practices Manual_NoRestriction
29/344
inventories should establish perpetual inventory control over these items by
recording purchases and issuances, eriodically, the items should be physically
counted by a person who is independent of the purchase authori/ation and asset
custody functions and the counts should be compared to balances per the
perpetual records. !issing items should be investigated, resolved, and analy/ed
for possible control deficiencies# perpetual records should be adusted tophysical counts if missing items are not located.
1/10 Co%!ol P!o"edu!e#JSe&!e&$io% O+ Duie# !Preventive and etective"
$o one person should...>Initiate transaction>Approve transaction>3ecordtransaction>3econcile balances>)andle assets>3eview
reports
At least two sets of eyes
1/10/1 &egregation of duties is critical to effective internal control# it reduces the risk
of both erroneous and inappropriate actions. I% &e%e!$l .e $((!o
-
8/10/2019 Audit Practices Manual_NoRestriction
30/344
TRANSACTION
T?PE
WHO INITIATES WHO
AUTHORIZES
WHO RECORDS WHO
RECONCILES
CONTROLS
,CUSTOD?-
Pu!".$#e o+ Good# Issues 3euisitionPe!#o% A
Approves .=.Invoice Pe!#o% 7
Accounting 3ecordsPe!#o% D
udget 3eportPe!#o% C
3eceives "oodsPe!#o% A o! C
Pu!".$#e o+ Se!
-
8/10/2019 Audit Practices Manual_NoRestriction
31/344
computer processing centers.
1/1/> 4inally, these controls ensure the adoption of disaster planning to guide the
successful recovery and continuity of networks and computer processing in the
event of a disaster.
1/14 Co%!ol P!o"edu!e#JA((li"$io% Co%!ol# ,Preventive And etective-
1/14/1 Applications are the computer programs and processes, including manual
processes, that enable us to conduct essential activities# buying products,
paying people, accounting for research costs, and forecasting and monitoring
budgets.
1/14/2 Application controls apply to computer application systems and include input
controls 'e.g., edit checks(, processing controls 'e.g.,record counts(, and output
controls 'e.g., error listings(, they are specific to individual applications.
Application Controls Include:
P!o&!$mmed P!o"edu!e# Wi.i% A((li"$io% So+9$!ea oInput Controls '1ata Bntry( Authori/ation Oalidation Brror $otification
and Correction
b o rocessing Controls
c o =utput Controls
1/14/> They consist of the mechanisms in place over each separate computer system
that ensures that authori/ed data is completely and accurately processed. They
are designed to prevent, detect, and correct errors and irregularities as
transactions flow through the business system. They ensure that thetransactions and programs are secured, the systems can resume processing after
some business interruption, all transactions are corrected and accounted for
when errors occur, and the system processes data in an efficient manner.
1/14/@ Electronic Data Interchange, oice !esponse,andE"pert #ystemsare types of
applications that may reuire certain controls in addition to general application
controls.
1/14/0 Ghen an organi/ation decides to purchase or to develop an application, its
personnel must ensure the application includes adeuate application controls:
'5( input controls, '8( processing controls, and ';( output controls.
1/14/ I%(u "o%!ol# e%#u!e .e "om(lee $%d $""u!$e !e"o!di%& o+ $u.o!ied
!$%#$"io%# ;* o%l* $u.o!ied u#e!# ide%i+* !e=e"ed #u#(e%ded $%d
du(li"$e iem# $%d e%#u!e !e#u;mi##io% o+ !e=e"ed $%d #u#(e%ded iem#/
E'$m(le# o+ i%(u "o%!ol# $!e e!!o! li#i% +ield ".e"8# limi ".e"8#
#el+J".e"8i%& di&i# seuence checks, validity checks, key verification,
matching, and completeness checks.
-
8/10/2019 Audit Practices Manual_NoRestriction
32/344
1/14/ rocessing controls ensure the complete and accurate processing of authori/ed
transactions. Bxamples of processing controls are run-to-run control totals,
posting checks, end-of-file procedures, concurrency controls, control files, and
audit trails.
1/14/4 =utput controls ensure that a complete and accurate audit trail of the results ofprocessing is reported to appropriate individuals for review. Bxamples of
output controls are listings of master file changes, error listings, distribution
registers, and reviews of output.
1/14/ If an organi/ation has applications that are critical to it%s success, then its
personnel must ensure that application controls reduce input, processing, and
output risks to reasonable levels.
1/14/1 A((li"$io% Co%!ol#:E%d U#e! Com(ui%&
1/14/1/1 Twenty years ago, an information system professional was needed to operate a
computer. Today many user departments% personnel can obtain and use
information on the computer themselves. &ome of the common applications
used by them are word processing, desktop publishing, spreadsheets, database
management systems, graphics programs, electronic mail, proect management,
scheduling software, and mainframe-based uery systems that are used to
generate reports. In addition to computer applications, the user departments use
other information systems applications such as voice mail and video
conferencing.
1/14/1/2 Advancing technology enables user departments to purchase or developinformation systems and applications, shifting certain general control
responsibilities from the centrali/ed information systems department to end-
user departments. This often happens in the move from the mainframe to a
client-server environment.
1 The end-user department becomes responsible for segregation of duties within thedepartmentJs information systems environment, backup and recovery procedures,
program development and documentation controls, hardware controls, and access
controls. If a department has end-user information systems that are critical to itssuccess, then department personnel must ensure that application E general controls
reduce information systems risks to reasonable levels.
2 I%e!%$l Co%!olJ i%e&!$ed +!$me9o!8
=ver the years the awareness and focus on internal control has been increasing
for achieving management%s obectives of efficiency, effectiveness and
economy. The Committee of &ponsoring =rgani/ations of the $ational
Commission on 4raudulent 4inancial 3eporting 'known as Treadway
Commission( of D&A 'comprising of five maor sponsoring institutions of
-
8/10/2019 Audit Practices Manual_NoRestriction
33/344
D&A( undertook a study to establish an integrated framework on internal
controls. This study, which was released in &eptember 5>>8 generally known
as C=&= study, provides a comprehensive framework, which organi/ations can
use for review and enhancing their internal control systems. This framework
can also be used by external auditors for the purpose of their study and
evaluation of internal control systems of their client organi/ations. JInternalControl -Integrated 4rameworkJ defines internal control as a method for
achieving reasonable assurance that obectives in areas related to the
effectiveness and efficiency of operations, reliability of financial reports, and
compliance with laws and regulations are met. The report also identifies the
five interrelated components of internal controls: the control environment, risk
assessment, control activities, information and communication, and monitoring.
1 The components of control environment and control activities 'control procedures( arelargely covered in the guidance contained in the A&-, which has been describedabove. The remaining three components, which have now been included as an integral
part of the internal control system, of risk assessment, information and communicationand monitoring are discussed below.
2 Ri#8 A##e##me%
1/1 Dee!mi%e Go$l# $%d O;=e"i
-
8/10/2019 Audit Practices Manual_NoRestriction
34/344
P$*!oll
P!o"e##i%&JCom(e%#$io%5 Wi..oldi%&
Compensation rates and payroll deductions should be
=perations accuratelyand promptly entered into the payroll system.
'=(.
Bach accounting period, prepare ournal entries for payroll, payroll
deductions, and related adustments.
4inancial '4(
P!o"e##i%&JAu.o!i$io%#
ersonnel management should properly and accurately maintain all
compensation documentation.
Compliance'C(
An employee master file that is accurate and complete should be maintained.
=, 4, C
1/1/@ A clear set of goals and obectives is fundamental to the success of an
organi/ation as well as the departments and functions within it. &pecifically, a
department or work unit should have '5( a mission statement, '8( written goals
and obectives for the department as a whole, and ';( written goals and
obectives for each significant activity in the department 'see diagram below(.
4urthermore, goals and obectives should be expressed in terms that allow
meaningful performance measurements.
1epartment 1epartment Activities to Activity *evel
!ission "oals and Achieve "oals "oals and
=bectives and =bectives =bectives
1/1/0 There are certain activities which are significant to all departments: budgeting,
purchasing goods and services, hiring employees, evaluating employees,
accounting for vacationsick leave, and safeguarding property and euipment.
Thus, all departments are expected to have appropriate goals and obectives,
policies and procedures, and internal controls for these activities.
1/2 Ide%i+* Ri#8# A+e! De+i%i%& Go$l#
1/2/1 3isk assessment is the identification and analysis of risks associated with theachievement of operations, financial reporting, and compliance goals and
obectives. This, in turn, forms a basis for determining how those risks should
-
8/10/2019 Audit Practices Manual_NoRestriction
35/344
be managed.
1/2/2 Re#(o%#i;ili*'To properly manage their operations, managers need to
determine the level of operations, financial and compliance risk they are
willing to assume. 3isk assessment is one of managementJs responsibilities and
enables management to act proactively in reducing unwanted surprises. 4ailure
to consciously manage these risks can result in a lack of confidence thatoperation, financial and compliance goals will be achieved.
1/2/> Ri#8 Ide%i+i"$io%. A risk is anything that could eopardi/e the achievement
of an obective. 4or each of the departmentJs obectives, risks should be
identified. !anagement could ask the following uestions to help to identify
risks:
Ghat could go wrongP )ow could we failP Ghat must go right for usto succeedP Ghere are we vulnerableP Ghat assets do we need to protectP 1o we have liuid assets or assets with alternative usesP )ow could
someone steal from the departmentP )ow could someone disrupt ouroperationsP )ow do we know whether we are achieving our obectivesP=n what information do we most relyP =n what do we spend the mostmoneyP )ow do we bill and collect our revenueP Ghat decisions reuirethe most udgmentP Ghat activities are most complexP Ghat activities areregulatedP Ghat is our greatest legal exposureP
1/2/@ It is important that risk identification be comprehensive-at overall organi/ation
level, department level and at the activity or process level-for operations,financial reporting, and compliance obectives-considering both external and
internal risk factors. Dsually, several risks can be identified for each obective.
1/2/0 The following table illustrates the concepts discussed above. $ote that the identifiedrisks relate to the goals and obectives previously determined.
Go$l# $%d O;=e"i
-
8/10/2019 Audit Practices Manual_NoRestriction
36/344
P$*!oll rovide service and supportto the entity%s employees.
P!o"e##i%&JCom(e%#$io%5
Wi..oldi%& Compensation rates
and payroll deductions should be
accurately and promptly enteredinto the payroll system. Bach
accounting period, prepare ournalentries for payroll, payroll
deductions, and related
adustments. P!o"e##i%&J
Au.o!i$io%# ersonnel
management should properly and
accurately maintain all
compensation documentationincluding filing of periodic returns
to the income tax departments. Anemployee master file that isaccurate and complete should be
maintained.=perations '=(.4inancial '4(
Compliance 'C(
=, 4, C
Transactions may not be processedor processed incorrectly. 4inancialstatements may be misstated due
to entry omissions, incorrect
coding, duplicate ournal entries,or improper cutoffs.
Bmploymenttax laws and
regulations may be violatedresulting in fines, penalties, or
litigation. Incorrect data in the
master file could result in incorrect
wage payments. ayrollwithholdings may be incorrect.
Awards, incentives, recognitions,
etc., may not be accuratelyreflected on the master file.
1/2/ elow are some types of transactions that may pose higher risks:
-
8/10/2019 Audit Practices Manual_NoRestriction
37/344
Hi&. Ri#8
*arge cash payments 'not routed through bank(
T!$%#$"io%
!aor acuisitions
T*(e#
Dnusually large transactions Accounting transactions that reuire
subective assessment &oftware *icensing Issues Intellectual roperty
Bstimation of provisions against inventory or other assets
1/2/ These are transaction types that deserve a conscious risk review. In evaluating
the potential impact of risk, both uantitative and ualitative costs need to be
addressed.
u$li$i/1After risks have been identified, a risk analysis should be performed to prioriti/e those
risks:
Assess the likelihood 'or freuency( of the risk occurring. Bstimate the potentialimpact if the risk were to occur# consider both uantitative and ualitative costs. 1etermine how the risk should be managed# decide what actions are necessary.
-
8/10/2019 Audit Practices Manual_NoRestriction
38/344
1/>/2 rioriti/ing helps focus management%s attention on managing significant 'i.e.,risks
with reasonable likelihood of occurrence and large potential impacts(.risks
1/@ Ri#8 A##e##me% Ti(#
5>.
-
8/10/2019 Audit Practices Manual_NoRestriction
39/344
21/2 Information and communication systems can be formal or informal. 4ormalinformation and communication systems--which range from sophisticated computer
technology to simple staff meetings-should provide input and feedback data relative
to operations, financial reporting, and compliance obectives# such systems are vitalto an organi/ationJs success. 7ust the same, informal conversations with customers,
suppliers, regulators, and employees often provide some of the most critical
information needed to identify risks and opportunities.
When assessing internal control over a significant activit !or "rocess#$the %e&'estions to as% a(o't infor)ation an* co))'nication are as follo+s,
1oes the organi/ation get the information it needs from internal andexternal sources-in a form and timeframe that is usefulP
1oes the organi/ation get information that alerts it to internal or externalrisks 'e.g., legislative, regulatory, and developments(P
1oes the organi/ation get information that measures its performance-information that tells management whether it is achieving its operations,
financial reporting, and compliance obectivesP 1oes the organi/ation identify, capture, process, and communicate the
information that others need 'e.g., information used by our customers or
other departments(-in a form and timeframe that is usefulP 1oes our organi/ation provide information to others that alerts them to
internal or external risksP
1oes our organi/ation communicate effectively--internally and externallyP
Information and communication are simple concepts.
$evertheless, communicating with people and getting information
to people in a form and timeframe that is useful to them is a
constant challenge.
22/ Mo%io!i%&
22/1Mo%io!i%& i# .e $##e##me% o+ i%e!%$l "o%!ol (e!+o!m$%"e o
-
8/10/2019 Audit Practices Manual_NoRestriction
40/344
Applicable laws and regulations are being complied.
22/2 Ghile internal control is a process, its effectiveness is an
assessment of the condition of the process at one or more points in
time.
22/> 7ust as control procedures help to ensure that actions to manage risks are
carried out, monitoring helps to ensure that control procedures and other
planned actions to effect internal control are carried out properly and in a
timely manner and that the end result is effective internal control. =ngoing
monitoring activities include various management and supervisory activities
that evaluate and improve the design, execution, and effectiveness of internal
control. &eparate evaluations, on the other hand, such as self-assessments and
internal audits, are periodic evaluations of internal control components
resulting in a formal report on internal control. 1epartment employees perform
self-assessments internal auditors who provide an independent appraisal of
internal control perform internal audits.
22/@ !anagementJs role in the internal control system is critical to its effectiveness.!anagers, like auditors, donJt have to look at every single piece of information
to determine that the controls are functioning and should focus their monitoring
activities in high-risk areas. The use of spot checks of transactions or basic
sampling techniues can provide a reasonable level of confidence that thecontrols are functioning.
DOCUMENTATION ) EVALUATION OF ACCOUNTING AND
INTERNAL CONTROL S?STEMS
()*ER)A+ C#)*R#+
rocedures and processes designed by management to provide
reasonable assurance that organi/ational obectives are met. Improve effectiveness management decision making E
efficiency of business process Increase reliability ofaccounting information Achieve appropriate compliance withrules and regulations
E+E,E)*- #F ()*ER)A+ C#)*R#+ --*E,
Control Bnvironment 3isk Assessment Control Activities
-
8/10/2019 Audit Practices Manual_NoRestriction
41/344
1 o erformance 3eview
2 o Information rocessing Controls
3 o hysical Controls
o &egregation =f 1uties Information AndCommunication !onitoring Activities
C#)*R#+ R(-/ A-E--,E)*
AD1IT 3I&+ Q I$)B3B$T 3I&+ x C=$T3=* 3I&+ x 1BTBCTI=$ 3I&+ Control risk must be assessed to determine appropriate degree of reliance on controls and
what level of detection risk will be necessary to achieve desired audit risk
If control risk is to be assessed at less than 599M then some level of testing must benecessary
#0*A()() A) )ER-*A)() #F ACC#)*() ()*ER)A+ C#)*R#+
--*E,-
Interviews 3eview =f Company 1ocuments =bservations Transactions RGalk-Through%
#C,E)*() *E ACC#)*() ()*ER)A+ C#)*R#+ --*E,-
Gritten $arrative 4lowcharts Control 2uestionnaire 1ecision Table Combination =f revious
+()/AE *# A(* *E-*()
Controls
Identify
&trengthsTest of Controls
-
8/10/2019 Audit Practices Manual_NoRestriction
42/344
3eliance Q 3educe &ubstantiveTest
Controls
Geaknesses
=ffsetting Controls =r &ubstantiveTests
REP#R*() #) ()*ER)A+ C#)*R#+
3eportable Conditions:
1 Bfficiency or Bffectiveness
!anagement *etter
1 8. Affecting the financial reporting or compliance with laws but risk coveredthrough substantive procedures
!anagement *etter
1 ;. Affecting financial reporting or compliance with laws E risk cannot be covered
through substantive tests
2ualification in Auditors% 3eport
INTERNAL CONTROL UESTIONNAIRE
CONTENTSI/ C#)*R#+ E)(R#),E)*
A. !anagement hilosophy and =perating &tyle
. =rgani/ation &tructure
C. ersonnel olicies and rocedures
1. !anagement Control !ethods
B. Internal Audit 4unction
II/ACC#)*() --*E,
-
8/10/2019 Audit Practices Manual_NoRestriction
43/344
A. "eneral Accounting
. reparation of 4inancial &tatements
III/REE)E CC+E
A. 3evenue and 3eceivables
. Cash 3eceipts
1. IV/EPE)(*RE- CC+E2. A. urchases and Accounts ayable3. . ayroll4. C. Cash 1isbursements
2 V/PR#C*(#) !C#)ER-(#)" CC+E
A. roduction Costs and Inventories
. roperty and Buipment
VI/ F()A)C() !*REA-R" CC+E
A. Investments
. Buity Capital
PAE)#.
8-
-
8/10/2019 Audit Practices Manual_NoRestriction
44/344
8-@> 8-@
8-6 8-?
I/ CONTROL
ENVIRONMENT
?ES NO N5A
A/ M$%$&eme% P.ilo#o(.* $%d O(e!$i%& S*le
2uestions-olicies and rocedures
1 1oes management have clear obectives in terms ofbudgets, profit and other financial and operating goalsP
2 Are such policies:
1 a. clearly writtenP2 b. actively communicated throughout the entityP3 c. actively monitoredP4 7/ O!&$%i$io% #!u"u!e
=bective
1efinitions of responsibilities and authority assigned to
specific individuals permit identification of whether
persons are acting within the scope of their authority.
2uestions-olicies and rocedures
1 Is the organisation of the entity clearly defined in terms of lines of authority andresponsibilityP
2 1oes the entity have a current organisation chart and related materials such as obdescriptions.3 Is there adeuate computer system documentationP
C/ Pe!#o%%el Poli"ie# $%d P!o"edu!e#
2uestions-olicies and rocedures
-
8/10/2019 Audit Practices Manual_NoRestriction
45/344
5. 1oes the entity:
1 a. Adeuately plan for staff needsP2 b. Bmploy sound hiring practices, including
background investigations, where appropriateP
?ES NO N5A
1 Are employees adeuately trained to meet their ob responsibilitiesP2 1oes the entity systematically evaluate the performance of employeesP3 Is good performance appropriately rewardedP
D/ M$%$&eme% Co%!ol Me.od#
2uestions-olicies and rocedures
1 Are there regular meetings of the board of directors 'or comparable bodies( to setpolicies and obective, review the entity%s performance and take appropriate action,
and are minutes of such meetings prepared and signed on a timely basisP
2 )as the entity established planning and reporting systems that set forth management%splans and the results of actual performanceP
3 1o the planning and reporting system in place:
1 a. Adeuately identify variances from planned performanceP2 b. Adeuately communicate variances to the appropriate management levelP
-
8/10/2019 Audit Practices Manual_NoRestriction
46/344
employees, and their training and experienceP
2 c. 1on the internal auditors document the internal control structure and performtests of control
3 d. 1o they perform substantive tests of the details of transactions and accountbalancesP
4 e. 1o they render written reports on their findings and conclusionsP5 f. Are their reports submitted to the board of directors or to a committee thereofP6 g. Are copies of reports made available to external auditorsP
Are copies of reports made available to external auditorsP
1 1oes management take adeuate and timely actions to correct conditions reported bythe internal audit function.
2 1oes the internal audit function follow up on corrective actions taken by managementP
II/ ACCOUNTING S?STEM
?ES NO N5A
A/ Ge%e!$l A""ou%i%&
=bectives
1 a. Accounting policies and procedures, including selection among alternativeaccounting principles are determined in accordance with management%s authori/ation.
2 b. Access to the accounting and financial records is limited to minimise
opportunities for errors and irregularities and to provide reasonable protection fromphysical ha/ards.
3 c. Accounting entries are initiated and approved in accordance withmanagement%s authorisation.
4 d. All accounting entries are appropriately accumulated, classified andsummarised in the accounts.
ue#io%JPoli"ie# $%d P!o"edu!e#
1 1oes the entity have adeuate written statements and explanations of its accountingpolicies and proceduresP
2 Are the entity%s accounting policies and procedures adeuately communicated toappropriate personnelP
3 Are there adeuate facilities for custody of the general ledger and related recordsP4 Are all ournal entries reviewed and approved by designated individuals at appropriate
levels in the organisationP
5 Are all ournal entries adeuately explained and supportedP6 1o all ournal entries include indication of approval in accordance with management%s
general or specific authorisationP
-
8/10/2019 Audit Practices Manual_NoRestriction
47/344
7 1o all ournal entries include adeuate identification of the accounts in which they areto be recordedP
?ES NO N5A
1 Are adeuate accounts and records maintained so that adustments and write-offs madeto account balances do not impair accountability for actual amountsP
2 Is approval of responsible official reuired to open new accountsP3 Are accounting records updated regularly and on timely basisP4 Are correction of entries prohibited except through procedures for ournal entries.
7/ P!e($!$io% o+ Fi%$%"i$l S$eme%#
=bectives
1 a. The general ledger and related records permit preparation of financial
statements in conformity with approved accounting standards.2 b. Individuals at appropriate levels in the organisation consider sufficient, reliable
information in making the estimates and udgments reuired for preparation of
financial statements including related disclosures and other externally reportedfinancial information.
3 c. 4inancial statements including related disclosures are prepared and released inaccordance with management%s authorisation.
ue#io%#JPoli"ie# $%d P!o"edu!e#
1 Are there adeuate instructions and procedures for statement preparationP
2 Are financial statements subected to overall review, including comparisons with theprior period and budgeted amounts, by appropriate levels of management before the
statements are approved for issuanceP
III/ REVENUE C?CLE
?ES NO N5A
A/ Re
-
8/10/2019 Audit Practices Manual_NoRestriction
48/344
ue#io%#JCo%!ol Poli"ie# $%d P!o"edu!e#
5. 1o policies and procedures for acceptance and approval of sales orders appear clearly
defined and adeuately communicated for:
1 a. &tandard goods and servicesP2 b. Dnusual delivery arrangementsP3 c. Bxport salesP4 d. &ales to related partiesP
1 Is responsibility clearly assigned for approval sales orders before shipment orperformanceP
2 Are sales orders approved in accordance with management%s general or specificauthorisation before shipment or other performance concerning:
1 a. CustomerP2 b. 1escription and uantitiesP3 c. riceP4 d. =ther terms of salesP5 e. Credit 'account balances limits(P
-
8/10/2019 Audit Practices Manual_NoRestriction
49/344
1 1o policies on granting of credit appear clearly defined and adeuatelycommunicatedP
2 Is there periodic review of credit limitsP3 1o persons who perform the credit function receive timely information about past due
accountsP
S.i(me%#
=bectives
1 a. "oods delivered and services provided are basedon orders which have been approved in accordance
with management%s authorisation.
2 b. 1eliveries of goods and rendering of servicesresult in preparation of accurateand timelybillings.
ue#io%JCo%!ol Poli"ie# $%d (!o"edu!e#
1 Are goods shipped or services rendered based on documented sales or work orderswhich include indication of approval in accordance with management%s authorisationP
2 Are shipping documents prepared for all shipmentsP
?ES NO N5A
;. Are shipping documents subected to:
1 a. re-numberingP2 b. Accounting for all shipping documents issuedP3 c. Timely communication to persons who physically perform the shipping
functionP
4 d. Timely communication to persons who perform the billing functionP5 e. Timely communication to persons who perform the inventory control functionP
1 Is access to finished goods and merchandise restricted so that withdrawals of inventoryare based only on properly approved sales orders
2 Are uantities of goods shipped independently verifiedP
3 Are shipping and performance documents reviewed and compared with billings on atimely basis to determine that all goods shipped or services rendered are billed and
accounted forP
7illi% $%d Re"o!d#
=bectives
-
8/10/2019 Audit Practices Manual_NoRestriction
50/344
1 a. &ales and such related transactions as commissions and sales taxes are based ondeliveries of goods or rendering of services and recorded at the correct amounts and in
the appropriate period and are properly classified in the accounts.
2 b. &ales related deductions and adustments are made in accordance withmanagement%s authorisation.
$uestions%&ontrol 'olicies and 'rocedures
5. Are sales invoices prepared for all shipments of goods or services rendered 'including
purchases which are shipped directly to customer(P
?ES NO N5A
8.Are billing and invoice preparation functions performed bypersons who are independent of the selling 'soliciting and
receiving orders from customers(, credit, and cash functionsP
;. Are all sales invoices:
a. b. c.
d. e. f.
re-numberedP Accounted for to determine all invoices
are recordedP !atched with properly approved sales
ordersP !atched with shipping documentsP Traced toauthorised current source information on prices and
terms 'for example, price list, schedules, catalogues, or
computer stored master filesP 3ecorded promptlyP
-
8/10/2019 Audit Practices Manual_NoRestriction
51/344
a. b. 3eviewed by a responsible employee who isindependent of the accounts receivable and cash
functionsP !ailed by a responsible employee who is
independent of the accounts receivable and cash
functionsP
6.Is an aging schedule or schedule of past due accounts
prepared monthly by someone independent of the billing andcash receipts functionsP
?.Is the accounts receivable subsidiary ledger reconciledmonthly to the general ledger control accountP
?ES NO N5A
1 1oes the credit manager review monthly ageing schedules or listings of past duecustomer accounts and investigate delinuent accounts and unusual items on a timelybasisP
2 Is there documentation of review and analysis of accounts receivable balances todetermine valuation allowances 'for doubtful accounts( and any specific balances to bewritten-offP
3 Are valuation allowances and write-offs approved by a responsible employeeP
7/ C$#. Re"ei(#
rocessing Collections =bectives
1 a. Access to cash receipts and cash receipts records, accounts receivable records,and billing and shipping records is controlled to prevent or detect, on a timely basis,
the taking of unrecorded cash receipts or the abstraction of recorded cash receipts.2 b. 1etails transaction and account balance records are reconciled, at reasonable
intervals, with applicable control accounts and bank statements for timely detection
and correction of errors.
ue#io%JCo%!ol Poli"ie# $%d P!o"edu!e#
1 Is the mail opened by a person's( whose duties do not involve any shipping, billing,accounts receivable detail, general ledger, invoice processing, payroll and cash
disbursement functionsP
2 Are receipts of currency controlled by cash registers andor pre-numbered cash receiptformsP
3 Are each day%s receipts 'by mail and over the counter( except for post-dated itemsdeposited intact dailyP
-
8/10/2019 Audit Practices Manual_NoRestriction
52/344
4 Are post-dated items segregated on daily detail listings of remittances to aid in controlof total items receivedP
5 Are all employees who handle receipts adeuately bondedP
?ES NO N5A
1 Are banks instructed not to cash cheues and other instruments drawn to the order ofthe companyP
2 1oes company policy prohibit the asking of any accommodation cheues for example,personal and payroll cheues( out of collectionsP
3 Are entries to the cash receipts ournal compared with
1 a. 1uplicated deposit slips authenticated by the bankP2 b. 1eposits per the bank statementsP
>. Are the comparisons described in item 5; above made by a person's( whose duties do
not include cash receipts and accounts receivable functionsP
Re"o!di%& Colle"io%#
=bectives
All cash receipts recorded are at the correct amount in the period in which received and areproperly classified and summarised.
2uestion-Control olicies and rocedures
1 Is information captured from remittances 'by mail and over the counter( adeuate foraccurate posting of credits to individual accounts receivable subsidiary records or toclassifications concerning such other sources as investment income, rents sales of
property or scrape and proceeds of financingP2 Are details of daily collections balanced with the total credits to be distributed to
appropriate general ledger accounts and to the total collections for the day before
posting to the subsidiary recordsP
3 1o postings of the general ledger control accounts and subsidiary records include thedate on which the remittance was receivedP
4 Are posting to the general ledger control accounts made by a person's( independent of:
1 a. hysical handling of collectionP2 b. osting accounts receivable subsidiary detailP
IV/ E3PENDITURE C?CLE
?ES NO N5A
A/ Pu!".$#e# $%d A""ou%# P$*$;le Pu!".$#e#
-
8/10/2019 Audit Practices Manual_NoRestriction
53/344
(bjectives
The types of goods, other asset and services to he obtained, the manner in which they are
obtained, the vendors from which they are obtained, the uantities to be obtained and the
prices and other terms are initiated and executed in accordance with managementJs general or
specific authori/ation.
Adustments to vendor accounts and account distributions are made in accordance with
managementJs general or specific authori/ation.
$uestions%&ontrol 'olicies and 'rocedures
1 Are all purchases based on reuisitions which have been approved in accordance withmanagement)s authori/ation P
2 Are written purchases orders *orother euivalent document( used for all commitmentsand do those orders include the vendor description, uantity, price, term and delivery
reuirements for the goods or services orderedP
3 Are all purchase orders, before issuance, approved by specific individuals or classes ofindividuals designated by managementP
4 Are all purchase orders pre-numberedP5 Is the purchases function independent of receiving, shipping, invoice processing and
cash functionsP
6 Are all purchase orders routinely accounted forP7 Is custody of unissued purchases order form adeuate to prevent their misuseP8 Are open purchase orders periodically reviewed and investigatedP
Re"ei
-
8/10/2019 Audit Practices Manual_NoRestriction
54/344
4 d. 1istribution of copies for timely matching withpurchase orders and vendorJsinvoices and ifapplicable, timely maintenance of perpetual inventoryrecordsP
@. Are receiving functions performed by designated
employees who are independent of the purchasing,
shipping, invoice processing and cash functionsPI%
-
8/10/2019 Audit Practices Manual_NoRestriction
55/344
. Are processed invoices and supporting documents
approved by designated employees before paymentP
6. Are approved debit memos used to notify vendors of
goods returned and other adustments of their accountsP
?. Are accumulation of processed invoice and follow-up of
unmatched purchase orders and receiving reports adeuateto result in a proper cut off for financial reporting
purposesP
>. Are vendors statements reviewed for overdue items and
reconciled with accounts payable detail
59. Are there adeuate controls to ensure recognition of
liabilities for goodsservices received but not invoicedP55. Are employee expense accounts:
a. repared in accordance with criteria set by
managementP
b. &ubmitted promptlyP
c. Adeuately supportedP
d. Approved before paymentP
58. Are approved debit memos used to notify vendors of
goods returned and other adustments of their accountsP
5;. Is accounts payable detail periodically reconciled with the
control accounts at reasonable intervalsP
?ES NO N5A
7/ P$*!oll
Au.o!i$io% o+ W$&e# S$l$!ie# $%d Dedu"io%# O;=e"i
-
8/10/2019 Audit Practices Manual_NoRestriction
56/344
P!e($!$io% $%d Re"o!di%&
#%&ective$
1 a. Compensation is made only to company employees at authori/ed rates and for
services rendered in accordance with managementJs authori/ation.2 b. "ross pay, deductions and net pay are correctly computed based on authori/ed
rates and services rendered and properly authori/ed deductions.
3 c. ayroll costs and related liabilities are correctly accumulated, classified, andsummari/ed in the accounts in the appropriate period.
7ue$tion$8Control Policie$ and Procedure$
5. 1o employees who perform the payroll processing function receive timely notificationof.
1 a. Gage and salary rates resulting from new hires, rate changes, changes in
position, and separationsP2 b. Changes in authori/ed deductionsP
?ES NO N5A
8. Is gross pay determined using authori/ed rates and:
1 a. Time or attendance records for employees paid bythe hour or by salaryP
2 b. iecework records for employees whose wages are
based on productionP
3 c. Adeuate detail records of sales for commissionsalesmenP
1 Are accruals for gratuity provided on the based of contractual agreements with theemployeesP
2 Are total production hours used for determination of gross pay reconciled withproduction statistics used for cost accounting purposesP
3 Are piece rate records reconciled with production recordsP
4 Are salesmen%s commission records reconciled with recorded salesP5 Are such data as hours worked, piecework and commission sales used to determine
gross pay compared at reasonable intervals with applicable production and salesrecords by responsible persons.
Di#;u!#eme% , P$*!oll-
#%&ective
-
8/10/2019 Audit Practices Manual_NoRestriction
57/344
$ot pay is disbursed to the appropriate employees when due.
7ue$tion$8Control Policie$ and Procedure$
1 Are payrolls approved in writing by responsible employees before issuance of payrollcheues or distribution of cash for net payP
2 Is net pay distributed, by persons who are independent of payroll preparation, time-keeping, and cheue preparation functionsP
3 4or payrolls paid by cheue:
1 a. Are cheues drawn on a separate imprest accountP2 b. Are deposits eual to the amount of net ayP
-
8/10/2019 Audit Practices Manual_NoRestriction
58/344
3 c. reparation of payrollsP4 d. Approval of payrolls+5 C/ C$#. Di#;u!#eme%#
A##i&%me% o+ Fu%"io%#
(bjective
4unctions are assigned so that no single. individual is in a position to both perpetrate and
conceal errors or irregularities in the normal course of his duties.
$uestions%&ontrol 'olicies and 'rocedures
5. Is the cash disbursements function performed by persons who are independent of the
following functions:
1 a. urchasingP
2 b. 3eceivingP3 c. Invoice processingP4 d. &hippingP
?ES NO N5A
P!o"e##i%& Di#;u!#eme%#
#%&ective$
1 a. 1isbursements are made only for expenditures incurred in accordance withmanagementJs authori/ation.
2 b. Adustments to cash. accounts are made only in accordance with managementJsauthori/ation.
3 c. 1isbursements are recorded at correct amounts in the appropriate period andare properly classified in the accounts.
4 d. Access to cash and cash disbursement records is restricted to minimi/eopportunities for irregular or erroneous disbursements.
7ue$tion$8Control Policie$ and Procedure$
1 Are all bank accounts authori/ed by the board of directorsP2 Are all cheue signers authori/ed by the board of directorsP3 Are bank promptly notified of any changes in authori/ed cheue signersP4 Are all disbursement and bank transfers based on vouchers and cheue reuests which
have been approved by responsible employees designated by managementP
5 Are all disbursements except from petty cash made by cheueP6 Are properly approved supporting documents presented with cheues and reviewed by
the cheue signer's( before signing the cheuesP
-
8/10/2019 Audit Practices Manual_NoRestriction
59/344
7 Are supporting documents for cheues properly canceled and cheue number enteredto avoid duplicate paymentP
8 Are cash funds on an imprest basis and
1 a. +ept in a safe placeP
2 b. 3easonable in amountP3 c. eriodically counted by someone other the custodianP
>. Are all disbursements from cash funds:
1 a. &upported by vouchers which are prepared in inkP2 b. Approved in accordance with managementJs authori/ationP3 c. Canceled to prevent reuseP4 d. &ubect to a predetermined maximum limit for any individual disbursementP
?ES NO N5A
59. Are reimbursements of cash funds:
1 a. &ubect to the same review and approval as processed invoicesP2 b. 3emitted by cheues drawn payable to the order of the custodian of the cash
fundP
1 Are all voided cheues retained and mutilatedP2 Are all cheues promptly recorded when issued and listed in detailP
7$%8 Re"o%"ili$io%#
(bjective
Comparison of detail records, control accounts, and bank statements are made at reasonable
intervals for detection and appropriate disposition of errors or irregularities.
7ue$tion$8Control Policie$ and Procedure$
1 Are the bank accounts reconciled monthly by an employee's( who is independent ofinvoice processing, cash disbursements, cash receipt, petty cash and general ledger
functionsP
2 Are old outstanding cheues investigatedP
V/ PRODUCTION
,CONVERSION-
C?CLE ?ES NON5A
-
8/10/2019 Audit Practices Manual_NoRestriction
60/344
A/ P!odu"io% Co## $%d I%
-
8/10/2019 Audit Practices Manual_NoRestriction
61/344
?ES NO N5A
1 Is labor effort 'lime, cost or both( reported promptly and recorded in sufficient detail tobe identified with applicable classification such as ob orders or allocation to units in
process.
2 Are transfers of completed units from production to custody of finished goodsinventory based on approved completion reports which authori/e such transferP
3 Are there adeuate procedures for reporting defective unit and scrap resulting from theproduction processP
4 Are perpetual inventory records maintained of both uantities and amounts.5 Are the perpetual records of inventory detail:
1 a. Controlled by general ledger accountsP2 b. ased on documentation of inventory movement and adustments which has
been approved in accordance with managementJs authori/ationP3 c. Adusted to periodic physical inventories taken annually or on a cycle basis at
least once a yearP4 d. 3econciled with the inventory control accounts at reasonable intervalsP
>. Are there adeuate procedures for identifying and reporting excess, slow-moving,
and obsolete inventoriesP
Re"o!di%& T!$%#+e!# o Cu#ome!# $%d O.e! I%
-
8/10/2019 Audit Practices Manual_NoRestriction
62/344
documents used to recogni/e revenue and the related receivableP
2 b. rovide a means 'such as pre-numbering or hatching( of accounting for allshipping documents and other release documents issuedP
A""umul$io% $%d Cl$##i+i"$io% o+ P!odu"io% $%d I%
-
8/10/2019 Audit Practices Manual_NoRestriction
63/344
conditionsP
'4or example, comparison of raw material costs with vendorsJ invoices, standard labor
rates with actual rates, standard material usage and machine hours with product
engineering changes, standard labor hours with time studies, etc.(
b. Are significant variances investigated and the resulting explanation brought tomanagementJs attention on timely basisP
I%
-
8/10/2019 Audit Practices Manual_NoRestriction
64/344
3 c. &ufficient segregation of duties so that errors ofomission or commission are prevented or detected
promptlyP
-
8/10/2019 Audit Practices Manual_NoRestriction
65/344
physical countsP
m. Investigation and disposition of differences between
physical counts and detailed inventory recordsP
. Are inventory instructions adeuately communicated to and
understood by persons who perform the physical countP6. Is inventory movement adeuately controlled during the
count so that items are not missed or double counted.
?. Are controls over purchases and receiving activity
sufficient to result in recording of liabilities for any iteminclude in inventory which have not been paid forP
>. Are controls over sales and shipping activity sufficient to
result in exclusion from the physical inventory of any
items which have been sold and billed but not yet
shippedP
59. Are inventory counts subect to adeuate verification such
as recounts by persons other than those who made theinitial counts or spot checks by others, such as internal
auditorsP
55. Are difference between physical counts and detailed
inventory records investigated in accordance with
managementJs authori/ation before the records are
adustedP
58. Is there documentation of review and analysis of the
physicalinventory to:
a. Conform with the lower of cost or market
principle,
b. Identify items which are excessive, slow-moving,
defective or obsoleteP
c. 1etermine the need for adustments or valuation
allowancesP
5;. Are adustments of the inventory detail records andcontrol accounts given prior approval in accordance with
managementJs authori/ationP
?ES NO N5A
7/ P!o(e!* $%d Eui(me%
I%ii$io% $%d E'e"uio% o+ P!o(e!* $%d Eui(me% T!$%#$"io%#
#%&ective
Additions and related accumulation of depreciation or amorti/ation, retirements, and
-
8/10/2019 Audit Practices Manual_NoRestriction
66/344
dispositions of property and euipment 'owned and leased( are made in accordance with
managementJs authori/ation.
7ue$tion$8Control Policie$ and Procedure$
1 Is advance approval in accordance with managementJs criteria reuired for all propertyand euipment transactionsP
2 Are reuests for additions, transfers, major maintenance and repair, retirement anddisposition of property and euipment.
1 a. Initiated by designated individuals in accordance with managementJsauthori/ationP
2 b. 4ormally documented, including an adeuate description of the proposal, itsreasons, and the estimated amount of the transactionsP
1 Are authori/ations to execute property and euipment or transactions adeuately
documentedP2 Are procedures adeuate for determining that component and services for property and
euipment are receivedP
3 Are procedures adeuate for determining that all dispositions of property andeuipment have been executed and proceeds, if any, received in accordance with
management%s authori/ationP
Re"o!di%& P!o(e!* $%d Eui(me% $%d !el$ed De(!e"i$io% $%d Amo!i$io%
#%&ective
Transactions involving property and euipment and related depreciation and or
amorti/ation are accurately recorded, accumulated, and classified in detail and incontrol accounts to:
1 '5( ermit preparation of statements in conformity with recogni/ed accountingprinciples or
2 '8( !aintain accountability for assets.
7ue$tions8Control Policie$ and Procedure$
5. Are detailed records maintained for each classes of property and euipment 'owned
and leased(P
?ES NO N5A
1 Are general ledger control accounts maintainedfor the appropriate classes of ownedand leased property and euipment and related depreciation and amorti/ationP
2 Are the detailed property and euipment records reconciled at reasonable intervalswith the control accounts and differences, if any, investigated and resolved in
accordance with management%s authori/ation P
3 Are depreciable and amorti/able lives reviewed at reasonable Intervals for adeuacy inrelation to use or obsolescence based on actual experienceP
-
8/10/2019 Audit Practices Manual_NoRestriction
67/344
S$+e&u$!di%& P!o(e!* $%d Eui(me%
#%&ective
roperty and euipment is reasonably safeguarded from loss.
7ue$tion$8Control Policie$ and Procedure$
1 Is property and euipment insured in accordance with managementJs authori/ationbased on appraisals made at reasonable intervalsP
2 Are items of property and euipment subect to reasonably adeuate physicalprotection techniuesP
3 Are items of property and euipment 'owned and leased( physically inspected atreasonable intervals and compared with the detailedproperty records+
1
-
8/10/2019 Audit Practices Manual_NoRestriction
68/344
7ue$tion$8Control Policie$ acid Procedure$
5 . Are adeuate general ledger control accounts
maintained for various investment classifications and
in the related incomeP
1 Are adeuate detailed investment records maintained currently including control of
related incomeP2 Are procedures adeuate to determine that investment income is properly accrued and
promptly collectedP
3 Are investments and related collateral reviewed and appraised or valued at market atreasonable intervals for comparison with cost valuations and-:
1 a. 3eporting of the findings to managementP2 b. 1etermination of need for any valuation
allowancesP
?ES NO N5A
@. A!e de$iled i%
-
8/10/2019 Audit Practices Manual_NoRestriction
69/344
Transactions and obligations concerning euity capital are promptly and accurately recorded
and classified in detailed recorded and control accounts.
$uestions%&ontrol 'olicies and 'rocedures
1 1oes the general ledger include appropriate control accounts for euity capitalP2 Are detailed share certificate records reconciled at reasonable intervals with the control
records and the general ledgerP
?ES NO N5A
P.*#i"$l S$+e&u$!d# $%d Cu#odi$l P!o"edu!e#
#%&ective$
1 a. Access to records, agreements, and such negotiable documents as sharecertificates concerning euity capital is permitted only in accordance withmanagementJs authori/ation
2 b. 3ecords, agreements, and negotiable documents are subected to reasonablyadeuate physical safeguards and custodial procedures.
7ue$tion$8Control Policie$ and Procedure$
1 Are unissued share certificates subect to reasonable physical safeguardsP2 Are unissued share certificates examined and all certificate numbers accounted for at
reasonable intervals by, a responsible officialP
2/2/ MATERIALIT?
There are two aspects to materiality -Pl$%%i%&