Qwertyuiopasdfghjklzxcvbnmqwe

Mother Assignment
rtyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbfdffdfdnmqwertyuio
Audit Planning
Topics: audit planning, audit
pasdfghjklzxcvbnmqwertyuiopas
documentation, audit smapling

dfghjklzxcvbnmqwertyuiopasdfgh
GIFT University
Mr. Amir Shakeel

jklzxcvbnmqwertyuiopasdfghjklzx
Muhammad Saqib Jamil
08117079
MBA (B&F)

cvbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwert
yuiomqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyuiopas
dfghjklzxcvbnmrtyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
2Mother Assignment

1. Audit planning and Documentation

Audit planning:

the auditors formulate an overall audit strategy which is translated into a

detailed audit plan for audit staff to follow.

An effective and efficiency audit relies on proper planning procedure. The planning
process is covered in general terms by ISA 300 planning an audit of financial
statements which states that the auditor shall plan the audit so that the engagement is
performed in an effective manner.

Audits are planned to:

• Help auditor devote attention to important areas of audit.

• Help auditor identify and resolve potential problems on a timely basis.
• Help auditor properly organize and mange the audit so it is performed
effectively.
• Assist in the selection of appropriate team members and assignment of work
to them.
• Facilitate the direction, supervision and review of work.
• Assist in coordination of work done by auditors of components and experts.

Audit procedures should be discussed with the clients management, staff and audit
committee in order to co-ordinate audit work.

Audit strategy and the audit plan:

the audit strategy sets and audit plan shall be updated and changed as necessary
during the course of the more detailed plan.

The audit strategy

The audit strategy sets out the scope, timing and direction of the audit and guides the
development of the more detailed audit plan.

GIFT University
UMER IQBAL
3Mother Assignment

Matters to discuss in audit strategy

Characteristics of the engagement • Financial reporting framework

• Nature of business segments
• Availability of internal audit work
• Use of service organization
• Availability of client personnel and data

Reporting objectives, timing of the audit and
nature of communications
• Entity’s timetable for reporting.
• Organisation of meetings with
management and those charged with
governance.
• Expected communication with third parties.

Significant factors, preliminary engagement • Determination of materiality

activities, and knowledge gained on other • Results of previous audit.
engagements • Volume of transactions.
• Significant business development.

Nature, timing and/extent of resources • Selection of engagement team.

• Assignment of work to team members.
• Engagement budgeting.

The audit plan

The audit plan converts the audit strategy into a detailed plan and includes the nature,
timing ad extent of audit procedures to be performed by engagement team members in
order to obtain sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level.

The audit plan shall include the following:

• A description of the nature, timing and extent of planned risk assessment

procedures.

GIFT University
UMER IQBAL
4Mother Assignment

• A description of the nature, timing and extent of planned further audit

procedures at the assertion level.

• Other planned audit procedure required to be carried out for the engagement
to comply with ISA’s.

2. Audit Documentation
Audit documentation is the record of audit procedures performed, relevant audit
evidence obtained and conclusions reached. The term working papers and work paper
are also sometimes used.

Audit documentation is necessary for the following reasons:

• provide basis for conclusion
• Planned and perform according to ISA
• Assist engagement team to plan and perform.
• Enables the team to be accountable for its work.

Examples of working papers

• Analysis of transaction and balances
• Analysis of significant ratios and trends
• Copies of communications with other auditors, experts and third parties.
• Letters of representation received form the entity
• Copies of the financial statement and auditors reports.
• Notes of discussions and significant matters with management and others.
• Evidence that the work performed was supervised and reviewed.
• Identified and assessed risks of material misstatements.

:
Audit files
For recurring audits, working papers may be split between

GIFT University
UMER IQBAL
5Mother Assignment

Permanent files:
Containing information of continuing importance to the audit
• Engagement letters
• New client questionnaire
• The memorandum and articles
• Other legal documents such as prospectuses, leases, sales agreement
• Details of the history of client’s business
• Board minutes of continuing relevance
• Pervious year’s signed accounts, analytical review and management letters
• Accounting systems notes, previous years control questionnaires
• Current audit files:
• Financial statements
• Accounts checklists
• Management accounts details
• Reconciliations of management and financial accounts
• A summary of unadjusted errors
• Report to partner including details of significant events and errors

GIFT University
UMER IQBAL
6Mother Assignment

Audit Procedure
Introduction to Auditing Procedures

The audit of the Clerk of Courts is compromised of both a financial audit

and compliance audit.

I. Financial and Compliance Audit

A. Financial auditing basically consists of a systematic examination and evaluation of

the financial systems, transactions, and accounts of an organization, in order to
offer an opinion on the “fairness” or reliability of its financial statements.

B. The compliance aspect of auditing is to ensure that an organization is following

the laws and ordinances that govern the handling of its general finances, such as
those pertaining to tax levies, spending, investing, and borrowing. A compliance
audit can also focus primarily on regulations that apply to specified funds, such
as intergovernmental grants.

II. Conducting the Audit (In Line With Standards

A. The first step in conducting the audit begins with a definite audit plan. This
involves the audit team familiarizing themselves with the auditee’s operations
through review of the permanent file maintained at the district headquarters. Such
files include prior working papers, audit reports, newspaper clippings, etc. After
completing this review, the field supervisor plans the audit and prepares a
detailed set of instructions for the staff.

B. Study and Evaluation of Internal Control

1. Through the use of questionnaires, flow charts and narrative memorandums, the
audit process effectively evaluates and auditee’s existing internal controls. Internal
control is a system under which employee’s duties, records, and procedures are

GIFT University
UMER IQBAL
7Mother Assignment

designed to make it possible to exercise effective control over assets, liabilities,

revenues, and expenditures. The primary objectives for the auditee to establish
such a system is to (a) prevent fraud and waste; (b) ensure accuracy of the
accounting and other operating data; (c) promote adherence to stated policies; (d)
further the efficiency of operations; and (e) ensure conformance with applicable
laws.

3. Systems devised to achieve the above objectives are usually segregated into
two major areas:

A. Accounting Controls (Achieve first two objectives—the means of keeping track

of resources)

1. Segregation of duties
2. Procedural Control—Documentation and Internal Auditors
3. Physical Inventories
4. Accounting

B. Administrative Controls (Achieve remaining objectives—the means of using

resources)

1. Budgetary Process
2. Organizational Chart—Lines of Responsibility
3. Job Description
4. Staffing Levels and Competence
5. Written Procedure Policy
6. Minute Record

3. The examiner’s conclusions about the existing controls in use, determine

a. the kinds and extent of tests to be conducted

b. the potential for undetected abuse within accounting
system c. Whether management if diligently exercising its
responsibility

C. Validation – Test of Transactions

1. Established systems and procedures for internal control are statements of good
intentions; their achievements must be verified by systematic examination of records
and other evidence. There are two types of examinations conducted in a financial and
compliance audit: legal compliance tests and verification of financial records.
Compliance tests involve a review of records to see whether a specified body of laws
is being adhered to. Financial verification steps are devised to determine the accuracy
of the information on which the financial statements are based. For example, a
compliance test might consist of examining the budgeting practices to see whether
local officials have (a) authorized appropriations within the amount certified by the

GIFT University
UMER IQBAL
8Mother Assignment

budget commission in the "official certificate of estimated resources” and (b) restricted
expenditures plus outstanding encumbrances to amounts appropriated by the board
for such purpose, as required by Ohio law, while a financial verification step might
entail writing letters to vendors to confirm the balance of payables outstanding. If the
tests show serious exceptions, the amount of testing may be increased.

2. For the sake of time and efficiency the examiners will use sample testing
techniques as a means of validations. Such sampling techniques will vary depending
upon the internal control evaluation and results of prior tests. These techniques allow
the examiners to review a limited number of records as a representative to the whole.
In essence, the more testing required due to lack of internal control and lack of
accuracy in the accounting records takes additional audit time therefore increases the
cost of the audit.

3. There are certain validating procedures and auditing techniques that are
performed by State Examiners on every examination. The following methods or
techniques are not meant to be all inclusive, but will give the State Examiner the
basic techniques that will assist in complying with GAAS.

1. Determine the accuracy of arithmetical calculations by Recompilation. (Footing and

Crossfooting)

2. Verification of entries in booked of record by examining the original

documentation upon which they are based. (Vouching)

3. Reconciliation and account analysis.

4. Confirmation

5. Scanning and review.

6. Physical examination and count.

RECOMPUTATION

LPA’s maintain many columnar books of original entry that are totaled, carried
forward, balanced or posted to a ledger or financial statement of some kind.
Whenever there is an arithmetical computation, there is a possibility of an error. Thus,
the great number of calculations, postings, etc. performed by the auditee, represents to
the State examiner, the potential of a great number of mistakes which he must
address himself to if he is to satisfy himself that no material error exists.

This procedure is applied on a test basis. Depending on the system of internal

control, a determination must be made as to how many months out of the audit period
is to be footed. Also, it is not sufficient to accept the auditee’s adding machine tape
as evidence of the footings. Incorrect footings are one of the easiest means of

GIFT University
UMER IQBAL
9Mother Assignment

covering a shortage, or making the facts appear other than what actually exists. This
same rule applies to listings and totals by mechanical or computer accounting
equipment. Remember, until you have tested results, you are not entitled to rely on
their results. Types of recomputation verification can be classified as either absolute
or approximate. Absolute recomputation is required for all funds in the general
ledger. In other words, sometime during the examination, all fund balances and
general ledger balances must be proved. However, in testing inventory extensions it
is not necessary to prove to the penny. It is unlikely that all chance of error can be
eliminated anyway; all the State Examiner can do is satisfy himself that no material
error exists at arriving at the final figure.

CONFIRMING

To confirm means to obtain a written statement, usually from someone outside

the auditee’s operation, on some fact of importance to the State Examiner, and on
which that person is qualified to make a statement. The confirmation procedure
has wide usefulness, and is generally considered to be an extremely reliable
method of verification.

CONFIRMATION CONTROL

The importance of confirmation control cannot be overemphasized. If at any time

there is an opportunity for the confirmation to come under the control of anyone who
might falsify a reply, destroy a confirmation that indicated information not in
agreement with the books, or in any way manipulate the confirmation replies, the
procedure has failed. Remember, if the documentation provided by the confirmation
is to be reliable, no tampering with the results may be permitted.

Confirmations are obtained in reply to a request. Normally, the request for

confirmation of some fact should come from the auditee. Realistically, there is no
reason why anyone receiving a confirmation should reply to anyone other than the
auditee.
Therefore, it will be standard practice in the Bureau of Inspection to have the auditee
prepare and sign confirmation requests. This will make confirmation control very
difficult. Therefore, the State Examiner, in order to maintain adequate control must
take the following steps:

1. After preparation and signing of confirmation requests, they must be returned to the
State Examiner for final review and mailing. It is at this time that all confirmations are
to be accounted for.

2. The State Examiner, after he has assured himself as to the propriety of the
confirmation, must place them in the envelope, seal, and place them in the U.S. Post
Office receptacle. Under no condition should the auditee gain control for mailing, nor
should the requests be processed through the auditee’s mail procedure.

GIFT University
UMER IQBAL
10Mother Assignment

3. The envelopes in which the requests are mailed must contain the State Examiner’s
address as the return address so that he may learn of non-delivery. The return address
should be the district office or post office box for the Auditor of State.

If these precautions are not taken, then the State Examiner cannot rely on the reply.
All these precautions are applicable regardless of whether the confirmation is for bank
balances, accounts receivable, loans, or any other data that the State Examiner may
be seeking independent verifications.

RECONCILIATION

The technique of reconciliation is basic to all auditing but it is even more basic to
management accountability. Reconciliations, whether of bank accounts. Daily
receipts, expenditures or inventories should be a routine part of management’s
system of control and accountability for the purpose of preventing or detecting errors.
Remember the reconciliation process is not complete until all items are traced to their
proper disposition; in-transit transactions and recording of adjustment.

ACCOUNT ANALYSIS

Account analysis means to break down and summarize the details of an account in a
way that is meaningful for the intended purpose. There are two basic types of
account analysis. One is an analysis of the activity, and the other is an analysis of
the composition of the balance in which the major items or categories of items are
identified.
PHYSICAL INSPECTION

Physical inspection of the items represented in the accounts is a significant validation

procedure. Although often time consuming, an accurate identification of the items
being inspected is sometimes difficult, there is no better way to substantiate an account
balance. Also, physical inspection is an accountability procedure, and should be
employed by management with the State Examiner participating of observing.

Physical inspection of documents or assets is done by the State Examiner as an

auditor, not as an appraiser, handwriting analyst, lawyer, or other kind of expert. The
State Examiner is entitled to ask for reasonable assurance that the documents,
material or any other items being inspected is what it is represented to be, and he
should exercise common sense in evaluating that assurance.

3. The envelopes in which the requests are mailed must contain the State Examiner’s
address as the return address so that he may learn of non-delivery. The return address
should be the district office or post office box for the Auditor of State.

If these precautions are not taken, then the State Examiner cannot rely on the reply.

GIFT University
UMER IQBAL
11Mother Assignment

All these precautions are applicable regardless of whether the confirmation is for bank
balances, accounts receivable, loans, or any other data that the State Examiner may
be seeking independent verifications.

Audit Sampling

MANUAL AUDIT SAMPLING

Sampling is the application of an audit procedure to less than 100% of the items within
an account balance or class of transactions for the purpose of evaluating some
characteristic of all the items within the balance or class of transactions.

Much of the information included in this manual was taken from the Statement on
Auditing Standards No. 39 on Audit Sampling which provides guidance on the use of
sampling in an audit of financial statements. This information has been adapted to fit
the circumstances most often encountered in tax auditing.

HISTORY

The Department has used sampling in its audit procedures for many years. That
sampling, for the most part, has been block sampling. That is, taking a period of
time and testing 100% of the records during that time. Until 1990, the Department's
policy on sampling was to take 100% samples from three test months per year
selected for being the high, low and average months of the year. From 1990
forward the Department has adopted other systematic or random sampling
techniques.
Random sampling techniques are both convenient and accurate when performed
properly, for these reasons sampling is the rule rather than the exception in most
audits performed by the Department. The convenience and accuracy extends to
taxpayers as well. Audits based on sampling have been challenged. When
challenged we have allowed the taxpayer to present detailed information to refute the
results of the sample.

PURPOSE OF AUDIT SAMPLING

Sampling is performed because it is more efficient than testing 100% of a

population. In tax audits, if the taxpayer and the Department can agree on a
representative sample, it can save both parties time and money. By definition, any
procedure that does not examine 100% of the items in question is a sampling
procedure.

GIFT University
UMER IQBAL
12Mother Assignment

SAMPLING RISK

Overall tax audit risk is made up of the risk of inaccurate records and the risk of
misapplication of the tax law. Both of these risks are made up of two components as
well.
1. Risk that there are errors (inherent risk).
2. Risk that procedures will not find errors (audit risk).
Audit risk, in turn is made up of two components, the risk that a procedure is not
effective and sampling risk. Sampling risk is the probability that the sample results
are not representative of the entire population. In general, factors that may lessen
sampling risk include:

1. Taking larger size samples

2. Using random sample selection methods
3. Stratifying the sample
4. Properly defining the test objective
5. Properly defining a deviation
6. Exclusion of non-recurring, non-systematic errors.
7. Properly evaluating errors.
STATISTICAL VS. NON-STATISTICAL SAMPLING

The difference between statistical and non-statistical sampling is that statistical

sampling allows the user to measure the sampling risk associated with the procedure.
Statistical sampling applies the laws of probability to determine the percent likelihood
that the sample does not accurately reflect the population.
In essence, the laws of probability say that large, relatively homogeneous
populations have similar distributions and other features so that if a random sample
is taken, it will consistently reflect the population within certain limits. In order for the
sample to be a “statistical" sample, the results must be evaluated and two calculations
made. These calculations tell the user how likely it is that the sample results are
within a given range of the actual population.
For instance, a statistical sample would not only tell you that disallowed deductions
are estimated at $5,000, but that you have a 95% likelihood (confidence) of being
within $50 (precision) of the actual disallowed deductions.
A properly designed and applied non-statistical sample can provide results that are
accurate and effective, but will not measure the sampling risk.
Generally, the decision to apply a statistical or non-statistical sampling application to a
particular audit test is a matter of cost effectiveness. Statistical applications usually
require more training for auditors and more time to apply. The department utilizes non-
statistical random sampling procedures.
Many audit programs in both the public and private sector have developed
standard sampling approaches which use predetermined allowances for
acceptable sampling risk, expected and tolerable error. These approaches reduce
the time and effort required to determine the sample size and evaluate results. The
cost of these approaches is that they usually generate sample sizes somewhat larger
than necessary to allow a margin for variance. The New Mexico Taxation and

GIFT University
UMER IQBAL
13Mother Assignment

Revenue Department has elected to use fixed sample sizes of 250 and 500 items of
interest for variable sampling. The sample sizes apply to homogeneous and
non- homogeneous populations respectively. Stratification of a population can
reduce sample size in most cases. Provisions for sampling units based on time
periods is also provided.
In any sampling approach, the auditor must evaluate the population that is being
tested, must determine if any stratification should be done, must evaluate the cause
of any exceptions and must apply the results from the sample to the remaining
portion of the population.

DEFINE THE POPULATION-STEP 4

The auditor should determine if the population from which the sample is selected is
appropriate for the specific audit objective, because sample results can be projected
to only the population from which the sample was selected. If a change in the
business results in more than one distinct population, then each needs to be tested
separately. The auditor should also evaluate the reliability of the data presented as
the population. The data should be complete and should also tie to other records such
as CRS-1s, journals, summary reports, etc.
Analysis may reveal that the taxpayer changed a specific control procedure during the
period under audit. The auditor needs to decide whether to design one sample and
test both controls or do two separate samples. The auditor might also discover that
the non-taxable sales do not match the CRS-1 reports due to the exclusion of a
particular type of sale or due to the inclusion of non-New Mexico sales.
DECIDE WHAT PERIOD WILL BE COVERED BY THE TEST
Generally, a sample should be drawn from the entire period to which the test results
will be applied. However, there are many situations when this is not practical. In any
test where the auditor decides to limit the period from which the sample will be drawn,
the auditor should evaluate sample results, as well as the period outside the sample,
and determine the following:
1. What were the results of the sample and could they reasonably be
expected to apply to the period not sampled.
2. What is the nature of the remaining period, does it have similar characteristics to
the period tested?
3. How large is the remaining period? Ideally, the period from which the
sample is drawn should be as large as possible. Limiting the period to a
day out of each year or a week from the total audit period is not a sound
basis for extrapolating results to the period not sampled. The more the sample
is spread throughout the audit period, the more reliable the results will be.
4. What is the nature and amount of the transactions involved? The
more homogeneous the population and the greater the size, the more likely a
sample taken from only part of the period under audit will be representative.
4. What tests can be done of the remaining period to further substantiate the sample
results?

GIFT University
UMER IQBAL
14Mother Assignment

6. What other matters are relevant to the sample results? Have conditions
which might affect the results changed in the remaining period?
EVALUATING THE SAMPLING RESULTs

After completing the examination of the sampling units and summarizing the
deviations from prescribed control procedures, the auditor evaluates the results.
Whether the sample is statistical or non-statistical, the auditor uses judgment in
evaluating the results and reaching an overall conclusion.

INTERPRETING RESULTS
The auditor must determine how the outcome of the sample affects the test
conclusions and the overall audit approach. If the auditor is testing the reliability of a
certain record, the outcome of the attribute sample will either show deviations or no
deviations. It there are deviations, the auditor must expand the sample as
described under Step 6 for attribute sampling or reject the record as unreliable. This
in turn may affect the audit approach.

Analysis of errors in the sample

1. Before analyzing the errors detected in the sample, auditors first would determine
that an item in question is in fact an error. In designing the sample, auditors define
those conditions that constitute an error by reference to the audit objectives. For
example, in a substantive procedure relating to the recording of debtors, a misposting
between customer accounts does not affect the total debtors. Therefore, it may be
inappropriate to consider this an error in evaluating the sample results of this particular
procedure, even though it may have an effect on other areas of the audit such as the
assessment of doubtful accounts.

2. When the expected audit evidence regarding a specific sample item cannot be
obtained, auditors may be able to obtain sufficient appropriate audit evidence through
performing alternative procedures. For example, if a positive debtor confirmation has
been requested and no reply was received, auditors may be able to obtain sufficient
appropriate audit evidence that the debtor is valid by reviewing subsequent payments
from the customer. If auditors do not, or are unable to, perform satisfactory alternative
procedures or if the procedures performed do not enable auditors to obtain sufficient
appropriate audit evidence the item would be treated as an error.

3. Auditors would also consider the qualitative aspects of the errors. These include the
nature and cause of the error and the possible effect of the error on other phases of the
audit.

4. In analyzing the errors discovered, auditors may observe that many have a common
feature, for example, type of transaction, location, product line or period of time. In such
circumstances, auditors may decide to identify all items in the population which possess

GIFT University
UMER IQBAL
15Mother Assignment

the common feature, thereby producing a subpopulation, and extend audit procedures
in this area. Auditors would then perform a separate analysis based on the items
examined for each sub-population.

Testing Controls

Testing Design Effectiveness

1. The auditor should test the design effectiveness of controls by

determining whether the company's controls, if they are operated as
prescribed by persons possessing the necessary authority and competence
to perform the control effectively, satisfy the company's control objectives
and can effectively prevent or detect errors or fraud that could result in
material misstatements in the financial statements.
Note: A smaller, less complex company might achieve its control objectives
in a different manner from a larger, more complex organization. For
example, a smaller, less complex company might have fewer employees in
the accounting function, limiting opportunities to segregate duties and
leading the company to implement alternative controls to achieve its control
objectives. In such circumstances, the auditor should evaluate whether those
alternative controls are effective.

2. Procedures the auditor performs to test design effectiveness include a mix

of inquiry of appropriate personnel, observation of the company's operations,
and inspection of relevant documentation. Walkthroughs that include these
procedures ordinarily are sufficient to evaluate design effectiveness.

Testing Operating Effectiveness

1. The auditor should test the operating effectiveness of a control by

determining whether the control is operating as designed and whether the
person performing the control possesses the necessary authority and
competence to perform the control effectively.
Note: In some situations, particularly in smaller companies, a company might
use a third party to provide assistance with certain financial reporting
functions. When assessing the competence of personnel responsible for a
company's financial reporting and associated controls, the auditor may take

GIFT University
UMER IQBAL
16Mother Assignment

into account the combined competence of company personnel and other

parties that assist with functions related to financial reporting.

2. Procedures the auditor performs to test operating effectiveness include a

mix of inquiry of appropriate personnel, observation of the company's
operations, inspection of relevant documentation, and re-performance of the
control.

Relationship of Risk to the Evidence to be Obtained

1. For each control selected for testing, the evidence necessary to persuade
the auditor that the control is effective depends upon the risk associated
with the control.
The risk associated with a control consists of the risk that the control might
not be effective and, if not effective, the risk that a material weakness would
result. As the risk associated with the control being tested increases, the
evidence that the auditor should obtain also increases.
Note: Although the auditor must obtain evidence about the effectiveness of
controls for each relevant assertion, the auditor is not responsible for
obtaining sufficient evidence to support an opinion about the effectiveness of
each individual control. Rather, the auditor's objective is to express an
opinion on the company's internal control over financial reporting overall.
This allows the auditor to vary the evidence obtained regarding the
effectiveness of individual controls selected for testing based on the risk
associated with the individual control.

2. Factors that affect the risk associated with a control include –

• The nature and materiality of misstatements that the control is intended to
prevent or detect;
• The inherent risk associated with the related account(s) and assertion(s);
• Whether there have been changes in the volume or nature of transactions
that might adversely affect control design or operating effectiveness;
• Whether the account has a history of errors;
• The effectiveness of entity-level controls especially controls that monitor
other controls;

• The nature of the control and the frequency with which it operates;
The degree to which the control relies on the effectiveness of othercontrols
(e.g., the control environment or information technology general controls);

• The competence of the personnel who perform the control or monitor its
performance and whether there have been changes in key personnel who
perform the control or monitor its performance;

GIFT University
UMER IQBAL
17Mother Assignment

• Whether the control relies on performance by an individual or is automated

(i.e., an automated control would generally be expected to be lower risk if
relevant information technology general controls are effective); and
Note: A less complex company or business unit with simple business
processes and centralized accounting operations might have relatively
simple information systems that make greater use of off-the-shelf packaged
software without modification. In the areas in which off-the-shelf software is
used, the auditor's testing of information technology controls might focus on
the application controls built into the pre-packaged software that
management relies on to achieve its control objectives and the IT general
controls that are important to the effective operation of those application
controls.
• The complexity of the control and the significance of the judgments that
must be made in connection with its operation.
Note: Generally, a conclusion that a control is not operating effectively can
be supported by less evidence than is necessary to support a conclusion that
a control is operating effectively.

3. When the auditor identifies deviations from the company's controls, he or

she should determine the effect of the deviations on his or her assessment of
the risk associated with the control being tested and the evidence to be
obtained, as well as on the operating effectiveness of the control.
Note: Because effective internal control over financial reporting cannot, and
does not, provide absolute assurance of achieving the company's control
objectives, an individual control does not necessarily have to operate without
any deviation to be considered effective.

Audit evidence
Auditors must obtain sufficient, appropriate audit evidence. Evidence can be in the
form of tests of controls or substantive procedures.

1.1 The need for audit evidence

Remember that the objective of an audit of financial statements is to enable the auditor
to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an identified financial reporting framework. In this section,
we shall look at the audit evidence he has gathered, which enables the auditor to
express his opinion.

Audit evidence is the information auditors obtain in arriving at the conclusions on which
their report is based. Audit evidence includes all the information contained within the
accounting records underlying the financial statements, and other information gathered
by the auditors, such as confirmations from third parties. Auditors are not expected to
look at all the information that might exist. In order to reach a position in which they
can express a professional opinion, the auditors need to gather evidence from various

GIFT University
UMER IQBAL
18Mother Assignment

sources. There are two types of test which they will carry out: tests of controls and
substantive procedures. We look at these in detail in Chapters 9 and 11 respectively.

1.2 Sufficient, appropriate audit evidence

ISA 500 Audit evidence requires auditors to 'obtain sufficient, appropriate audit
evidence to be able to draw reasonable conclusions on which to base the audit
opinion'. 'Sufficiency' and 'appropriateness' are interrelated and apply to both tests of
controls and substantive procedures.

• Sufficiency is the measure of the quantity of audit evidence.

• Appropriateness is the measure of the quality or reliability of the audit evidence.

The reliability of audit evidence is influenced by its source and by its nature.
The quantity of audit evidence required is affected by the level of risk in the area
being audited. It is also affected by the quality of evidence obtained. If the evidence is
high quality, the auditor may need less than if it were poor quality. However, obtaining a
high quantity of poor quality evidence will not cancel out its poor quality. The following
generalizations may help in assessing the reliability of audit evidence.

GIFT University
UMER IQBAL