Audit and its Legal requirements
Audit is the process of evaluation of firms. There is chance of errors in bookkeeping and in the application of unfitting accounting policies in accounts. Financial audits are executed to check the reliability and validity of information. Auditing is a critical component of accounting. Audits are related to obtaining the information on financial record and financial systems. An audit gives the fair assurance of correctness of material on statements.
Audit is of two types internal and external. External auditor may be an independent firm or team, which publically traded company hire for audit, this independent audit firm conveys its impression on a company's financial statement, it declares that either firm is free of material misstatements; external auditors also give judgment over the strength of accounts' internal controls. On the other the hand, internal auditors are employees of the firms for the audit of the firm.
An audit helps the managers to capture the deficiencies in the accounting systems. Audited accounts are used by top management for decision making, as audit bestows credibleness to the accounts. It is too significant for potential and actual shareholders and investors. Employees, customers, and suppliers will also feel confident if the accounts of the firms are audited by an independent and qualified accounted fairly.
Accounts will be considered fair and true if they are free from material misstatements. An audit should necessarily comply with "generally accepted standards". Audit documentations are proof of the job done by the auditor, the auditor should compile effectively the audit working documents. Auditor to get evidence can also take help from different expert along with the client firm's environment.
Audit is a legal requirement of the public companies. Under the law all firms should have audited the annual accounts by an auditor (independent and qualified). The auditing ensures that accounts are free of deception, error, and fraud, bias, free of material misstatement and the firm has applied the basic financial disciplines. Audit report used for obtaining the finance and expansion of business.
As when firms go for financing to banks, they might demand audited accounts to take the lending decision and to check the financial health of the firms.
There are specific standards related to the auditing. (GAAS) "Generally Accepted Auditing Standards", proposed by the "Auditing Standards Board of American Institute of Certified Public Accountants", is the group of some standards providing the guidelines for a quality audit.
Proper audit planning assists the auditor to gain the enough evidence for the conditions, to maintain the costs of the audit at fair level, and to develop the understandings with the client firm.
ISA 300 is about the planning an audit of financial statements. According to that there should be a strategy for the audit; auditor should formulate an audit plan for the effective engagement. It emphasis on audit planning as it has the significant impact on the effectiveness of the audit; it is not a distinct from overall audit, it is a continuous process until the end of the audit. Planning should involve the key players to take benefits from their insights.
Auditor started the auditing process from the understanding of the client's environment, recognition of its transactions and accounts, designing materiality of planning, the auditor need to assess the places from where things can get wrong, getting understanding about the fundamental internal controls, formulation of an audit strategy, and then auditor go for the execution of audit.
The auditor should give sufficient amount of time to get information about the audit and inherent risks at the early stages of planning for the effective engagement, assessment of these risks are required parts of the planning process since it sets the quality and quantity of essential evidences to be needed.
The ISA 200, International Standard on auditing is about the overall responsibilities of an independent auditor during the auditing of financial statements. This ISA specified the main targets, requirements, objectives, and other informative stuff that is contrived to help the auditor to reach a reasonable confirm about the fairness of the information.
ISA 200 talks over the planning of auditor planning, require the auditor to show professional agnosticism and judgment during the auditing, and should alert while analyzing the information that could be the source of unreliability of documents. There should be an effective connection between the auditor and internal audit function during the process of audit that could help the auditor in the assessment and identification of misstatement of material risks.
This ISA requires the auditor to perform the audit in this way that an auditor should be able to identify and evaluate the risks related to misstatement of material in the financial statements, may be due to error or fraud, and if the misstatement of material exit then the auditor should try to get maximum evidence.
To reach a conclusion and opinion based on the evidences the auditor should comply all the requirements specified in all ISAs related with audit. For this purpose the auditor should have the comprehensive understanding of ISA and its full text. The auditor can mention the compliance of ISAs in the auditor's report after he has followed all the needed components of those.
The ISA 315 is about the responsibilities of the auditor regarding the assessment and identification of material misstatement risks in the financial statements. According to the ISA, this evaluation and identification require the understanding of the client firm's environment and its internal control. For the assessment of risks of misstatement of material at the assertion and financial statement levels, the auditor should try to adopt the appropriate risk assessment methodology. The auditor could do the assessment of risk by observation and inspection, by adopting the analytical procedures, by making inquiries of management, and by monitoring of controls.
The auditor could get information about the firm's environment by considering the capital structure, by considering the governance and ownership, and the types of investments that will help the auditor to know that how it is financing its assets, to help the auditor to understand its operations, transactions, and account balance.
Pertinent evidence related to audit could be get from the risk evaluation methods, by supporting inquiries by documents inspection or observation. On the other hand, the auditor could get information through employees and management inquiries, by understanding the ways of communications between management and employees, how firm look at the ethical and business practices. The auditor should get the information about the written code of conduct and its implementation in the control process.
The understanding of the internal control is important due to its relationship with financial reporting; on the other hand financial reporting has relevance with the audit. The intensities of the control functions jointly give suitable basis to other elements. The auditor should gain information regarding the main activities that the client firm adapts to supervise the internal control throughout the financial reporting. The auditor needs to understand the responsibilities of internal audit function of client firms, what is the structure of internal audit function, how it perform and its main activities, and how the management of the client firm reacted to the recommendations and findings concerning the internal control's weaknesses that are applicable to the audit. The auditor should gain understanding of client firm's information sources applied the monitoring activities.
The auditor could discuss with the team, engagement partner to identify the risk of misstatement of material. The auditor's previous experience of audit procedures related to assessment and identification of risks, in the same or other firm help in determining the changes.
The auditor should need to understand all the important factors having the impact on financial reporting process like regulatory framework, and relevant industry. The auditor should understand the overall environment of the client firm. The auditor should understand the client firm's accounting policies, and its strategies and objectives that are relevant to business risks and subsequently result in a misstatement of material. The auditor should understand the transaction system, the procedures related to the transactions by the use of manual and information technology, all supporting and relevant accounting records related to financial statements. Auditor need to understand the reporting process used to prepare the financial statements of the firm. The auditor could get important information from the ways firm communicate externally with regulatory authorities.
The ISA 330 is about the responsibilities of the auditor's plan and applicability of reactions to the misstatement of material risks that auditor assessed and identified in his audit of financial statements of the client firm. The identified risks of auditor have significant impact on the methodology of the audit, it link the auditor's further risk assessment and the methodology to be used.
The auditor should need to plan and execute more audit methods on the basis of assessed misstatement of material risks. The auditor should evaluate the assertion level material misstatement risk to reach any conclusion, is the misstatement of material risk due to any specific class of account, and transactions (inherent risk) or are due to the relevant controls (control risk).
For further inquiries auditor need to evaluate the control functions to get enough suitable audit evidence for the effectiveness of relevant controls. By doing so auditor will be able to know that the control has the operating effectiveness. It will also help the auditor to know that the controls are dependent of other control or not. If auditor found any risk he should try to understand why the firm's procedures were unable to detect that risk, he should evaluate the process for any deficiencies in the internal control. Different trials of controls will help the auditor to obtain a good reaction to the identified risk of misstatement of material for species assertion. If the auditor found the operations of control effective then he should go for substantive procedures.
After identification of the risk auditor and his team should show more professional skepticism by showing more expertise or they could use experts. They should render more sophisticated supervision in auditing, need to add more checks in the methodology of further audit, the amendment in timing or period and procedures.
Audit procedure nature is about to its aims, and is an important response to the identified risks; it may be of control test or related to the procedure and its type. There may be different types of audit that auditors could apply after the amendment of its procedures like it may be of analytical procedures, recalculation, inspection, inquiries, observations etc. The combination of substantive methods and control test is a good strategy.
Inherent risk at the financial statement level and at the account balance level and factors
The risks of misstatement of material at the level assertion have two parts; one is inherent risk and the second is the control risk. Inherent risk and control risk are the entity's risks. Auditors should find risks related to the client firms while auditing. Most important one is the inherent risk. In the audit inherent risk that is due to misstatement of information on the financial statements and account may be an error or fraud. The auditor should use all information obtained during the understanding of the environment of the client firm to identify risk, he should concentrate on the risk of misstatement of material in the accounts due to business risk. In this regard ISA 315 gives comprehensive guideline to auditor to adopt the analytical method, and auditors should consider these risk factors in the planning of the audit process, and auditor need more vigilance to get evidence and should need to engage more experienced team.
The risks of misstatement of material may be of two type; the first is at the main financial statement level refer to risks of misstatement of material that is related to the all financial statements and effect various assertions.; and the second is at the assertion level for account balance or transactions' class, is the risk at the level of assertion and it is identified to know the nature of the procedures to be applied, timing and period of audit of further audit to gain the enough audit evidence.
There are many factors that affect the inherent risk of the firm at the financial statement level. ISA 400 in this regard helps to identify the important factors, according to its: Integrity of client firm's management, because the unity of the management can lead to fake representation of information. The experience of the manager in the accounting and finance department is the important factor, the pressure on the staff of accounting department during the preparation of financial statements also lead to error. The nature of the business and the complexity in its operations is also a cause of error. Specific conditions in the industry of client firm may be considered while taking the risk assessment. The firm will face higher inherent if its inventory becomes disused rapidly. The rate of economic growth also has the important influence on the inherent risk of the businesses. Interest rates and the availability of financing sources also have the impact on the inherent risk. There may be problem of mistakes in the financial statement made in previous years.
At the account balance level, factors of the client firm and its environment that has an impact on the disclosures, transactions, and account balances have the impact on the inherent risk of the firm. ISA 400 in this regard highlight various factors: quality of accounting policies and systems, susceptibility to misstatement, transactions' complexity, unusual type of transactions the end of the financial year, assets susceptible to loss, the extent of judgment involved, and the specific transactions not related to traditional processing.
Sometime, there may be pressure on the accounting staff to magnify the sales to show profitability, the act of recording the later year revenue in the current year, there may be pressure on accounting staff to modify the cash, bad debt, and debtor accounts to overcome the problems of liquidity and working capital. There may be pressure to show expenses in the lower amount to show the profitability. The chance of misstatement may be higher in the firms where the manufacturing, purchases, in transactions the addition of direct as well as indirect entries is higher. Risk may also higher due to critical accruals and adjustments. Inherent risk is greater for few assertions and relevant categories of disclosures, transactions, and account balances. Inherent risk will be high when there is a valuation problem with transactions, involve complex calculation, or the account values are derived by the estimation. Inherent risk will be higher of the firm with more business risk. If any asset of the client firm is capable of fraud or theft, the account will be inherently risky; the example is of cash account. Some time inventory account also considered inventory account with higher inherent risk (Loughran, 2012).
Assessment of inherent risk and control risk
"Inherent risk and control risk" are associated with the client firm, its internal control, and its environment. Inherent risk is identified by the use of information, characteristics and nature of various disclosures and accounts by the application of appropriate risk assessment methods disclosed in ISA 315. On the other hand, the control risk is identified by the use of proof gained from tests of controls, the auditor could apply other methods as well to identify the control risk whenever he/she consider suitable.
Both inherent and control risks have significant impact on the auditor's decision regarding the overall process of auditing, audit strategy and substantive procedures.
The impact of assessment of the inherent and control risk on the development of the audit strategy:
Inherent risk is about the chance of misstatement of material in the financial statements may be due to error or fraud, on the other hand, the control risk is about the internal control of the client firm. While formulating the audit strategy, the auditor needs to consider these risks. Auditor need to develop the strategy by which he/ she could effectively gain appropriate evidences. The strategies should include the implementation of risk assessment procedures. Strategies should include the tests of the control functions of the client firm to get the evidence on the control risk. The strategies of trials of controls will help the auditor to obtain a good reaction to the identified risk of misstatement of material for species assertion. If the auditor found the operations of control effective then he should go for substantive procedures.
For the assessment of risks of misstatement of material at the assertion and financial statement levels, the auditor should include the appropriate risk assessment methodology in his strategy. The auditor could do the assessment of risk by observation and inspection, by adopting the analytical procedures, by making inquiries of management, and by monitoring of controls.
The auditor should develop the strategies that could help him to get information about the firm's environment by considering the capital structure, by considering the governance and ownership, and the types of investments that will help the auditor to know that how it is financing its assets, to help the auditor to understand its operations, transactions, and account balance.
The auditor by adopting the strategy of environment familiarization could get information through employees and management inquiries, by understanding the ways of communications between management and employees, how firm look at the ethical and business practices. The auditor should get the information about the written code of conduct and its implementation in the control process.
The impact of assessment of the inherent and control risk on the design of substantive procedures:
When auditor found error or fraud in the account in the form of inherent risk and control risk, the auditor adopts some procedures for further evaluation. In this auditor also do the detail tests, with another type of test together more evidence. When there is chance of inherent and control risk, to get more assurance, auditor adopts the strategy of substantive analytical procedures. Due to these risk auditors could use substantive procedures to catch the large volumes of transactions. Auditor modifies the nature, timing, and degree of audit depending upon the inherent and control risk. Audit procedure nature is about to its aims, and is an important response to the identified risks; it may be of control test or related to the procedure and its type. There may be different types of audit that auditors could apply after the amendment of its procedures like it may be of analytical procedures, recalculation, inspection, inquiries, observations etc. The combination of substantive methods and control test is a good strategy. The level or extent of inherent and control risk enable the auditor to use the extent or degree of substantive procedures.
Factors that affect the Auditors' decision as to the development of the audit strategy
According to the ISA 300, "audit strategy" depicts that how the audit is to be performed, for the more detailed plan, should describe the scope, direction, deployment of resources and timing of the audit. The auditor develops the efficient audit plan that is mainly based on audit strategy; consequently the "audit plan" describes the particular processes to be accomplished to carry out the strategy to finish the audit process. The auditor should change and update the overall audit strategy and on the other hand audit plan whenever seems essential throughout the audit. The auditor should manage the necessary documentation.
There are various factors that could impact the auditor decision regarding the development of appropriate audit strategy, and auditor need concentrate on those factors while formulating the audit strategy. Audit strategy is crucial in the audit proceedings because it helps to reduce the overall cost and time required for audit, the strategy of audit to be adopted by auditor mainly dependents on internal control system of the client company.
The maturity of the firm and its growth.
The risk factors in the client firm.
The overall environment of the client firm.
The reliance of the top management on the audit process.
The availability of the resources.
Laws and regulations regarding the auditing.
Client firm's policies and process of reporting.
Control environment of the client firm.
Auditing team and their expertise.
Importance of the audit activities of the client firm.
The type of the organization, type of audit, extent or degree of audit, period of the audit.
The nature of business and transactions of the client firm.
The law and regulations regarding the auditing in the environment on the client firm.
The audit auditor or team's previous experience with the organization.