View
224
Download
0
Category
Preview:
Citation preview
8/6/2019 Audit Notes-ToPIC 7
1/30
TOPIC 7: INTERNAL AUDIT, COMPUTER AUDITING AND OTHER TYPES OF
AUDIT
INTERNAL AUDIT ISA 6107.1.1 Nature and Function/scope of Internal audit
According to theInstitute of internal auditors(www.iia.org.uk) internal audit is defined as :
http://www.iia.org.uk/http://www.iia.org.uk/http://www.iia.org.uk/8/6/2019 Audit Notes-ToPIC 7
2/30
An appraisal or monitoring activity established by management and the
directors, for the review of the accounting and internal control systems as a
service to the entity.
It functions by, amongst other things, examining, evaluating and reporting to
management and the directors on the adequacy and effectiveness of components
of the accounting and internal control systems.
7.1.2 Scope/ Objectives / Functions of internal Audit
The scope of Internal audit is set by management and varies widely. It could
include:
I. Reviewing and appraising the soundness, adequacy and application of
accounting, operating and internal control systems. It is the responsibility ofmanagement to establish adequate accounting and internal control systems.
This demands proper attention on a continuous basis. Internal auditing is
ordinarily assigned specific responsibility by management for reviewing
these systems, monitoring their operation and recommending improvements
thereto.
I. Examination of financial and operating information. This may include
review of the means used to identify, measure, classify and report such
information and specific inquiry into individual items including detailed
testing of transactions, balances and procedures.
I. Ascertaining the extent to which the company assets are accounted for
and safeguarded from losses of all kinds.
I. Reviewing and ascertaining the extent of compliance with established
internal policies, plans and procedures as well as with laws, regulations and
other external requirements.
I. Ascertaining the reliability of accounting and other data developed
within the organization.
I. Reviewing of the 3Es - economy, efficiency and effectiveness ofoperations of the company. Also known as value-for-money Audit
(Economy operations at lowest reasonable cost ie the measure of
resources consumed against planned consumption, Efficiency Relationship
between input resources and output ie the ratio of resource consumption to
benefits produced-the input:output ratio, Effectiveness achievement of
predetermined objectives ie the measure of actual performance against
planned performance in terms of outputs)
8/6/2019 Audit Notes-ToPIC 7
3/30
I. Appraising the quality of performance in carrying out assigned
responsibilities (Quality assurance appraisal of lecturers etc )
I. Carry out special investigations, e.g. fraud
7.1.3 Distinction Between External & Internal Auditors
7.1.3.1 Common interests of the two auditors:
Ensuring
a The organization has an effective system of internal control.
a That management obtains adequate management information.
a That assets are safeguarded.
a That the organization has an adequate accounting system (to minimum
Companies Act standard).
a Compliance with statutory and regulatory framework.
7.1.3.2 Differences between the two auditors:
a Scope Scope of external auditor is determined by statute; internal
auditors scope is set by management and specified in an internal audit
charter. The Internal audit charter is a formal document approved by the
Board of directors, that (a) establishes the internal audit departments
position within the organization; (b) authorizes the internal auditor to have
unlimited access to records, personnel and physical properties relevant to theperformance of audits; and (c) defines the scope of internal auditing activities.
a Approach and primary objective External auditors primary objective
is the formation of an opinion as to the truth and fairness of the accounts. The
internal audits objective is set by the charter and may cover EEE.
a Relationship to the company External auditors are independent of
the company and its management. Internal auditors are often employees of
the organization, although some times the internal audit function is
outsourced.
8/6/2019 Audit Notes-ToPIC 7
4/30
a Reporting responsibility and appointment External Auditor is
appointed by shareholders in an Annual General Meeting and is therefore
responsible and reports to the shareholders of the company (NB: the external
auditors report is addressed to shareholders). The Ex. Auditor could also be
appointed by management to fill a casual vacancy. The external auditor could
also have a responsibility to others and the government.
The internal auditor is appointed according to management policy via
formal interview process. Ideally the Internal auditor reports to the Board
of directors or to the audit committee of the Board.
a Qualifications (Who is qualified to be Ex. / Int. Auditor ?) External
auditors qualifications are determined by the Companys Act and the
Accountants Statute (1992) auditor must be a certified/chartered public
accountant. The internal auditors qualifications are prescribed by
management according to prevailing needs.
a Skills required External auditor must posses Accounting, finance
based and analytical skills. Internal Auditor requires broad-based,
interpersonal and analytical skills.
a Remuneration External auditors remuneration is agreed by auditor
and management and ratified later by shareholders in general meeting via the
formal approval of accounts. The Internal auditors remuneration is salary
based and fixed internally by management.
a Security or tenure The Companys Act protects the external auditor
from unjustified dismissal and provides certain rights in Law. The internal
auditor has rights of any individual employee only.
a Error and fraud For the external auditor detection of errors and frauds
is incidental, while to the internal auditor detection of errors and frauds is a
very important objective.
8/6/2019 Audit Notes-ToPIC 7
5/30
7.2 Can External Auditors Rely On The Work Of Internal Auditor?
Where the external auditors intends to use the work of internal auditors they are
guided by auditing standard ISA 610 : Considering the work of Internal auditing.
The external auditor will assess the following matters before relying on
the work of internal auditors
a Independence of the internal audit.
a Organizational status of the Internal audit department as evidenced by
their reporting and the number of positive actions taken consequent to an
internal audit recommendation.
a Scope & objectives (relevance, set by?) and quality of internal audit work
as evidenced by their files and documentation.
a Standard of professional care Is the internal audit work properlyplanned, supervised, reviewed and documented? The existence of adequate
audit manuals, work programs and working papers would be considered.
a Technical competence of the internal audit staff ie their qualifications,
experience etc the external may for example review the policies for hiring
and training the internal audit staff and their experience and professional
qualifications.
a Reporting standards The institute of internal auditors, an international
body has issued 5 general standards covering the work of internal auditors (i)
Independence (ii) Professional proficiency (iii) Scope of Work (iv) Performance
of audit work (v) Management of audit department. These standards are
supported by specific practice statements and guide lines which provide
practical guidance for the internal auditor.
a Resources available
8/6/2019 Audit Notes-ToPIC 7
6/30
After assessing the above matters, the extent of reliance depends on :
Materiality of area under review.
Level of associated audit risk
Level of judgment required
Sufficiency of complementary evidence
Whether internals have some specialist skill.
BUT
The external auditor must always remember that it is his opinion and his
reputation at stake. The external auditor has the sole responsibility for the audit
opinion expressed, and that responsibility is not reduced by any use made of
internal auditing. All judgments relating to the audit of the financial accounts are
those of the external auditor.
7.3 Internal Audit Reports
The audit report is an end product of an internal audit. The objectives of an
internal audit report are:
To recommend and influence change.
To provide an understanding and overview of control issues within an area
under review.
To ensure action is taken on audit findings and recommendations.To document the work carried out on the audit and any limitations of scope
(for example because of disputes).
To provide some form of independent assurance to management.
To provide independent advice, guidance and recommendations to
management particularly on risk (financial or otherwise) and corporate
governance practices.
The report is a marketing tool for the Internal Audit department. It
demonstrates to the organization the value added by the internal audit
function.
Users of Internal Audit Reports
There are a number of users of such reports. For each report it is important to be
aware of the users and what their specific objectives are likely to be. The reports
need to be targeted to the appropriate audience. The users of a report may
include the following.
Operational Management
Audit committees
8/6/2019 Audit Notes-ToPIC 7
7/30
Board of directors
Organization as a whole
Risk committees
Finance director
Chief executive Officer
External auditors
Regulatory bodies
There is likely to be a principle user to whom the report will be addressed. This will
usually be the Director/executive of the business or area under review. The audit
committee/ the full board of directors should however see and follow up all reports
produced by the Internal audit department.
7.3.2 Format and content of Internal Audit Reports
Prior to issuing of the final report, the internal auditor should discuss the report
with the management of the audit area to iron out any differences and obtain
explanations to some of the issues the external audit team may have come
across.
Internal Audit reports need to be appropriately structured with a logical flow of
information. The format of reports can vary significantly according to the
organization and approach of the department.
The typical report may be in the following format:
Cover of the report
Subject
Distribution list
Date of issue
Period covered by the report
Any rating/evaluationExecutive summary this could include
Overall summary of outcome from review
Introduction
Overview of scope
Key risks
Opinion
Key findings and recommendations
The major exposures identified during the review and their significance.
8/6/2019 Audit Notes-ToPIC 7
8/30
Detailed findings and agreed action
Findings
Risk exposureAgreed action
Responsibility
Deadline/time scaleAppendices
Explanations and further details
Appropriate analysis to back up the matters referred to in the main body ofthe report.
COMPUTERS IN AUDIT MANAGEMENT
7.4.1 The use of computers in audit management: Audit practiceadministration
At the firm level i.e within the audit firm, the role of computers is similar to the role
they play in an audit client that is , it is a management information and
accounting system.
Audit staff log-on chargeable time, which goes into the audit firms billing
system
The computer system will produce partnership accounts, schedules of work-in-
progress and general management information, used by the audit firm
management for decision-making purposes.
Preparation of audit reports and accounts
- word processing, standard letters,- word processing, standard letters, reports etc.reports etc.
7.4.2 The use of computers in audit management: Auditing applications
The computer (P/C) may be used by auditors in the following ways to assist in audit
work:
Flow charting clients system flow-charting computer packages exist to assist the
auditor in drawing flow charts.
Evaluation of audit Risk computer packages exist to assist the auditor in evaluation of
risk.
Preparation of audit programmes audit programmes can be typed into a word
processor, which will allow easy access and up dating. And determining sample
sizes.
Analytical procedures Spreadsheets can be used to generate key details of the
accounts e.g. key accounting ratios that will assist the auditor when carrying out
analytical procedures. Spreadsheets are also vital in data analysis.
Preparation of audit working papers computers are a key resource in the production
of schedules, summaries and other audit working papers.
Used in the application of CAATS Computer- assisted audit techniques, which are a
8/6/2019 Audit Notes-ToPIC 7
9/30
key audit tool in a computerized environment.
CONTROLS IN COMPUTERIZED ACCOUNTING SYSTEMS EDP (Electronic Data
Processing System)
The main objectives of a strong Internal Control System be it in a manual or computer-
based accounting environment are (i) to ensure the proper and accurate recording of all
transactions and (ii) to prevent mismanagement, error, fraud and general abuse.
In the past, major components of an internal control system have included such things as:
Separation of duties,
Delegation of authority and responsibility in a clear unambiguous manner,
Recruitment and training of skilled personnel,
A system of authorizations,Adequate documentations and records to provide an audit-trail,
Physical controls over assets and records,
Management supervision and independent checks on performance.
Certainly, the above components must exist in an EDP system; however, use of EDP affects
the implementation of these components in a number of ways (The International
Federation of Accountants IFAC practice statement IAPS - International auditing Practices
statement 1002: EDP EDP Environment-On-line computer systems) these include:
Absence of input documents data may be entered directly into the EDP
system without supporting documents. In some on-line transaction
systems, written evidence of data entry authorization (for example,
approval for order entry) may be replaced by other procedures, such as
authorization controls contained in computer programs (for example, credit
limit approval)
Lack of a visible transaction trail certain data may be maintained on
computer files only. In a manual environment, it is normally possible to
follow a transaction through the system by examining source documents,
books of account and reports. In an EDP environment, however, the
transaction trail may be partly in machine-readable form, or it may existonly for a limited period of time.
Lack of visible output certain transactions or results of processing may not be
printed. In manual environments and in some EDP environments, it is
normally possible to visually examine the results of processing. In other
EDP environments, the results of the processing may not be printed, or only
summary data may be printed. Thus, the lack of visible output may result
in the need to access data retained on computer files readable only by the
computer.
Accessibility of data and computer programs data and computer programs
8/6/2019 Audit Notes-ToPIC 7
10/30
can be accessed and altered by persons through the use of on-line
terminals. Therefore, in the absence of appropriate controls, there is an
increased potential for unauthorized access to, and alteration of, data and
computer programs by persons inside or outside the entity.
The above statements indicate that despite the advantages of computerized accounting
systems to an organization, certain characteristics inherent in these systems represent
problems or risks that can only be addressed by developing and implementing special
control mechanisms in the organizations internal control systems. These special controls in
an EDP system can be categorized under 3 areas.
Systems development controls
General controls
Application / Procedural and processing controls
7.5.1 System Development Controls (SDCs)7.5.1 System Development Controls (SDCs)
These are Controls over the entire development process of the computer system, from theThese are Controls over the entire development process of the computer system, from the
initial idea/proposal, designing, testing, and implementation through to acceptance of ainitial idea/proposal, designing, testing, and implementation through to acceptance of a
fully operational system.fully operational system.
In many respects system development controls are the most important - if they areIn many respects system development controls are the most important - if they are
inadequate the whole project is at risk. Any system errors may remain undetected for someinadequate the whole project is at risk. Any system errors may remain undetected for some
time and cause countless problems.time and cause countless problems.Standards must be prescribed for theStandards must be prescribed for the design, development, testing and implementation ofdesign, development, testing and implementation of
systems, programs and amendments.systems, programs and amendments.
SDC 1
There must be proper Consultation with the following groups before Computer systems are
developed.
(i)(i) ManagementManagement
(ii)(ii) Users / departments going to use the systemUsers / departments going to use the system
(iii)(iii) Operators of the systemOperators of the system(iv)(iv) Auditors - internal andAuditors - internal and externalexternal
SDC 2
8/6/2019 Audit Notes-ToPIC 7
11/30
There is a need to have clear documentation and Recorddocumentation and Record of the system so developedof the system so developed. A. A
detailed description of the computer programme must be compiled. This could take thedetailed description of the computer programme must be compiled. This could take the
form of:form of:
(i)(i) flowcharts of clerical and computer proceduresflowcharts of clerical and computer procedures(ii)(ii) specification of types and form of inputspecification of types and form of input
(iii) Form and content of master and other files(iii) Form and content of master and other files
(iv)(iv) processing detail and dealing with errorsprocessing detail and dealing with errors
(v)(v) form of output and its distributionform of output and its distribution
(vi)(vi) operational controls and maintenance of audit trailoperational controls and maintenance of audit trail
SDC 3
The system so developed must be fully tested to ensure that all programmes have been
prepared correctly before operating it on live data . Systems testing will take the following
form:
(i)(i) Test packsTest packs - using dummy data on the new system- using dummy data on the new system
(ii) Pilot running(ii) Pilot running running the new system fully with live data for a . limited period.running the new system fully with live data for a . limited period.
(iii)(iii) Parallel runningParallel running with the manual system until it is proved that the new systemwith the manual system until it is proved that the new system
can operate satisfactorily.can operate satisfactorily.
SDC 4 AcceptanceAcceptanceUsers, operators and management must accept the system developed.Users, operators and management must accept the system developed.
7.5. 2 General Controls7.5. 2 General Controls
These are controls over the environment in which computer-based accounting systems areThese are controls over the environment in which computer-based accounting systems are
developed, maintained and operated.developed, maintained and operated.
Purposes - to ensurePurposes - to ensure
(i)(i) the integrity of data and program files and ofthe integrity of data and program files and of
(ii)(ii) operationsoperations..
Basic controls include:Basic controls include:
Segregation of dutiesSegregation of duties requiring appropriate segregation of responsibilities andrequiring appropriate segregation of responsibilities and
duties.duties. In a computerized environment the following functions must be carried out by
separate officers/sections/departments: Development, Data preparation, Computer
Data entry, File Library maintenance, Control.
8/6/2019 Audit Notes-ToPIC 7
12/30
Controls over OperatorsControls over Operators operators to have designated and restricted areas ofoperators to have designated and restricted areas of
access within the computer programme by use of pass words.access within the computer programme by use of pass words.
No unauthorized change should be made to accounting programmes that processNo unauthorized change should be made to accounting programmes that process
data by using Pass words and maintaining a record of all changes effected on thedata by using Pass words and maintaining a record of all changes effected on the
system. Also a physical control can be instituted e.g preventing people from havingsystem. Also a physical control can be instituted e.g preventing people from having
access to the computer terminalsaccess to the computer terminals
Hardware controls and SecurityHardware controls and Security Having Fire Precautions and Stand-byHaving Fire Precautions and Stand-by
Arrangements ( Protective measures should be put in place to secure the equipmentArrangements ( Protective measures should be put in place to secure the equipment
and dataand data standby power source, UPS etc)standby power source, UPS etc)
Controls to ensure continuity - File back systems on site and off-site, data recoveryControls to ensure continuity - File back systems on site and off-site, data recovery
procedures, insurance cover etc)procedures, insurance cover etc)
7.5.3 Application / procedural and processing Controls
These consist of controls over completeness, accuracy and authorization of These consist of controls over completeness, accuracy and authorization of
input/processing and maintenance of master files.input/processing and maintenance of master files.
They relate to the transactions and data belonging to each computer basedThey relate to the transactions and data belonging to each computer based accountingaccounting
system and are therefore specific to that system (e.g. payroll, debtors etc.).system and are therefore specific to that system (e.g. payroll, debtors etc.).
(i) Input controls(i) Input controls
These are controls designed to ensure that the integrity of the data entered intoThese are controls designed to ensure that the integrity of the data entered into
the computer system is maintained. That is they ensure that transactions are properlythe computer system is maintained. That is they ensure that transactions are properly
authorized, they are accurately recorded and that they are complete.authorized, they are accurately recorded and that they are complete.
batch totalsbatch totals
comparison of files (e.g. order/invoice)comparison of files (e.g. order/invoice)
sequential numbering of documents-document countsequential numbering of documents-document count
control totalscontrol totals
(ii) Processing and out put controls (Accuracy and Validity controls)(ii) Processing and out put controls (Accuracy and Validity controls)
Processing controls are those controls designed to ensure that the appropriate
computer processes have been performed on the data entered into the computer. These
are exercised within the computer.
Output controls are designed so that the results ultimately reported as a
consequence of the inputting and processing of data are valid, accurate and complete.
8/6/2019 Audit Notes-ToPIC 7
13/30
batch processing (not for real time)batch processing (not for real time)
segregation (e.g. of responsibility for application, transaction & master files)segregation (e.g. of responsibility for application, transaction & master files)
control totalscontrol totals
manual authorization and checkingmanual authorization and checkingpro-forma documents (pre-coded if possible)pro-forma documents (pre-coded if possible)
field presence (e.g. must have customer account number)field presence (e.g. must have customer account number)
master file compatibility (does customer exist?)master file compatibility (does customer exist?)
range (e.g. wages within ushs100,000-500,000 per week)range (e.g. wages within ushs100,000-500,000 per week)
batch (e.g. total hours worked)batch (e.g. total hours worked)
sequence (e.g. all delivery notes accounted for)sequence (e.g. all delivery notes accounted for)
logic (e.g. gross, VAT, net calculation checked)logic (e.g. gross, VAT, net calculation checked)
access controlsaccess controls
back-up facilitiesback-up facilities
anti-virus protectionanti-virus protection
effective staff trainingeffective staff training
testing and evaluation of programstesting and evaluation of programs
controls over data input etc.controls over data input etc.
7.67.6 PLANNING A COMPUTER BASED AUDITPLANNING A COMPUTER BASED AUDIT
A computer based system will affect the timing and recording of audit work. The absenceA computer based system will affect the timing and recording of audit work. The absence
of input documents, or audit trail, or output, will necessitate the use of special audit toolsof input documents, or audit trail, or output, will necessitate the use of special audit tools
known as CAATs.known as CAATs.
Broadly there are two approaches which might be considered:Broadly there are two approaches which might be considered:
Audit round the computerAudit round the computer
Audit through the computerAudit through the computer
Audit round the computer:Audit round the computer:
This involves substantive testing of computer input and its reconciliation to output. TheThis involves substantive testing of computer input and its reconciliation to output. The
approach saves time and cost in the short-run, especially when coupled with analyticalapproach saves time and cost in the short-run, especially when coupled with analytical
review.review.
Audit through the computerAudit through the computer::
This is usually preferable although the auditor does require a higher knowledge of EDP. TheThis is usually preferable although the auditor does require a higher knowledge of EDP. The
auditor is required to make detailed contact with the computer hardware and software.auditor is required to make detailed contact with the computer hardware and software.
Auditing through the computer will require the auditor to make use ofAuditing through the computer will require the auditor to make use of computer assistedcomputer assisted
auditing techniques (CAATauditing techniques (CAATs).s).
8/6/2019 Audit Notes-ToPIC 7
14/30
Advantages of using CAATs:Advantages of using CAATs:
i.i. CAATs are the only effective way of testing complex systems especially whereCAATs are the only effective way of testing complex systems especially where
large volumes of transactions take place.large volumes of transactions take place.
i.i. The use of CAATs enables the auditor to test a much larger population quicklyThe use of CAATs enables the auditor to test a much larger population quicklyand accurately, and therefore increase the confidenceand accurately, and therefore increase the confidence the auditor has in histhe auditor has in his
opinion.opinion.
i.i. CAATs enable the auditor to test the accounting system and its records (i.e theCAATs enable the auditor to test the accounting system and its records (i.e the
tapes and disk files) rather than relying on testing printouts of what they believe to betapes and disk files) rather than relying on testing printouts of what they believe to be
a copy of those records. I.E. allows testing of live/actual systems.a copy of those records. I.E. allows testing of live/actual systems.
i.i. Once set up , CAATs are likely to be a cost effective way of obtaining auditOnce set up , CAATs are likely to be a cost effective way of obtaining audit
evidence provided that the enterprise does not regularly change its systems.evidence provided that the enterprise does not regularly change its systems.
COMPUTER ASSISTED AUDIT TECHNIQUESCOMPUTER ASSISTED AUDIT TECHNIQUESThere are two main categories of CAATs:There are two main categories of CAATs:
test datatest data
audit softwareaudit software
TEST DATA:TEST DATA:
This is used to test application controls. It consists of data selected by theThis is used to test application controls. It consists of data selected by the
auditor for processing through a clientauditor for processing through a clients system, where the auditor knowss system, where the auditor knows
what results are expected from that processing.what results are expected from that processing.
The data may either be specially developed by the auditor or selected from theThe data may either be specially developed by the auditor or selected from the
clientclients data. It must, however, be as representative as possible of thes data. It must, however, be as representative as possible of the
whole population of data, which it is chosen to represent.whole population of data, which it is chosen to represent.
Test data may be used during a normal run or during a special run set up forTest data may be used during a normal run or during a special run set up for
the purpose.the purpose.
Difficulties in using audit test dataCosts in ascertaining the relevant controls and in constructing test
data from scratch. It may be very difficult to identify all relevant
conditions.
Dangers of live testing - requires careful planning otherwise data
may be corrupted !
Dangers of testing during a special run - this creates an artificial
testing environment. Assurance is needed that normal programs
and files have been used.
Recording - the use of test data does not necessarily provide visible
evidence of audit work performed. Working papers should
therefore include details of the controls to be tested, an
explanation of how they are to be tested, details of the
transactions and files used, details of the predicted results, the
actual results and evidence of the predicted and actual results
having been compared.
8/6/2019 Audit Notes-ToPIC 7
15/30
AUDIT SOFTWARE:AUDIT SOFTWARE:
This is used to test both system (general) and application controls. It consists ofThis is used to test both system (general) and application controls. It consists of
purpose written software (there are packages on commercial sale).purpose written software (there are packages on commercial sale).
It may also be built into the design of systems in the form of embedded software ofIt may also be built into the design of systems in the form of embedded software of
System Control And Review Files (SCARF).System Control And Review Files (SCARF).
It is designed to enable the auditor to interrogate a clientIt is designed to enable the auditor to interrogate a clients files, to download thems files, to download them
and to manipulate them. If properly used it is a very powerful tool as it enables theand to manipulate them. If properly used it is a very powerful tool as it enables the
auditor to test the whole system for a full year.auditor to test the whole system for a full year.
Difficulties in using audit software
a. Costs There will be substantial set-up costs .
a. Changes to the clients system there will be a need to alter the softwarebecause of changes made by clients to their own systems. This can be very costly.
7.6.1 Challenges of E-commerce
Its a problem for auditors Loss of audit trail !, E-crime
Basic audit requirement is unchanged obtaining sufficient and relevant evidence ,
on which to base your opinion.
Controls must be developed for the new environment E. signatures.
7.7 AUDIT OF NOT-FOR-PROFIT ORGANIZATIONS
7.7.1 Charity - A charity is a common form of not-for-profit organization.
Charities may be constituted in a variety of ways. Some may be unincorporated
entities, some are incorporated under company legislation, and others are
constituted and registered under the NGO Statute, in Uganda.
In all cases the objectives of the charity will be set out in its governing document,
The constitution and its activities should accord with its objectives and any
relevant legislation e.g. the NGO statute.
A copy of the constitution should be kept on the auditors permanent file.
7.7.2 Financial statements of charities include:
Statement of Financial activities (SOFA) that will include:
Receipts and payments statement
Income and expenditure statement watch out for any revenue
generating activity of the charity on commercial lines e.g.
Poultry farm etc
8/6/2019 Audit Notes-ToPIC 7
16/30
Balance sheet showing the assets, liabilities and funds of the charity.
Cash flow statement and notes
Auditors report on the truth and fairness of the financial statements.
7.7.3 Audit problems of charities
Lack of segregation of duties and use of unqualified staff it is
unlikely that the charity will employ many people, if any.
The level of internal control may well be low and it may be
difficult for the auditor to require many detailed checks on
the actions of unpaid volunteers.
Window-dressing The charity may wish to present a
reasonably favorable picture in its annual report to
encourage further donations. Auditors must, however,
guard against the possible window-dressing of the financial
statements.
Donations - These may either be cash donations or donations
in kind. In many cases they may not be supported by
invoices/ equivalent documentation. Obtaining assurance
as to the completeness and accuracy of recorded donations
can therefore be difficult.
There is a difficulty of obtaining suitable evidence with regards
to income some donors prefer to be anonymous.
Grants to beneficiaries how do you ascertain that they were
the rightful beneficiaries?
7.7. 4 Audit Procedures for charitiesPlanning auditor should properly plan and control their work in the light of
the accounting and auditing requirements of the charity under review. At
the planning stage the auditor should consider:
The scope of the audit
The requirements of the NGO Board/compliance with the law.
Accounting policies used by the charity
Special circumstances of the sector within which the charity operates
Key audit areas
Detail in the financial statements on which auditors to report.
Inherent Risk Consider IR factors like complexity/extent of
regulation, significance of donations and cash receipts, lack of
predictable income, tax rules etc.
8/6/2019 Audit Notes-ToPIC 7
17/30
Control Risk Consider CR factors like - Time committed and degree of
involvement by trustees, skills of trustees, Independence of
trustees from each other, division of duties.
Examine details of the trust deed / constitution and any other legislation
affecting the operations of the charity.
Vouch / check all expenditure, and ensure it relates to the objects of the
charity and has been properly authorised.
Where separate funds (restricted funds) are kept for specific purposes or
depending on donors requirements, ensure that the regulations governing
these have been observed. Look out for commingling of funds.
Ascertain that there is a proper system of internal control in force to ensure
that there is no misappropriation of subscriptions and donations.
Collections from the public - These should be checked for validity and
completeness: (church baskets, mosque boxes, charity tins etc)
a. There should be strict numerical control over collection boxes,
which should be sealed to prevent unauthorized opening.
a. The boxes should be regularly collected, and dual counting and
recording of the contents should be made.
a. There should be dual control if possible over the opening of mail,
and all postal receipts should be immediately recorded and later
reconciled to the cashbooks.
a. There must be agreement of bank paying-slips to record of
receipts by an independent person.
a. Acknowledgements sent to all donors should be considered.
Legacies should be related to detailed correspondence files and outstanding
legacies receivable should be followed up (legacy = receivable from the
estate of a dead person by way of a will)
Government grants to the charity should be checked and the auditor should
confirm that the grant is used as per conditions on that grant.
Where a charity has branches, there must be regular reports from such
branches to the head office. Auditor should check that all branches are
included in the financial reports of the charity.
Grants to beneficiaries should be checked against correspondence and should
be authorized by management committee. They should be in line with the
objectives of the charity.
Auditors should check that:
8/6/2019 Audit Notes-ToPIC 7
18/30
a. Bankings are made promptly upon receipt
a. Bankings are checked to receipt records
a. Regular bank reconciliations are made
a. Returned cheques are examined for date, signature, payee,
endorsements etc
Audit of Balance sheet and other financial statements will follow similar
procedures as for profit organizations. Focus will be on confirming the
assertions Completeness, Ownership, Valuation, Existence, and
Disclosure etc. In particular watch out for:
Understatement /incompleteness in income
Overstatement of grants or assets
Misanalysis of misuse of funds
Misstatement and out right theft of assets like donated properties
Carry out analytical review Vs budgets.
7.7. 5 Auditors report.Will take the normal form of auditor report except it must refer
to the constitution and other legal requirements setting up
the charity.
Where the financial statements are prepared on a cash basis
other than accruals basis the auditors report musthighlight that fact.
Provided auditors satisfy themselves on the reasonableness of
the accounting systems and controls in operation, and there
is no reason to suspect that income has been omitted
(because of difficulties of obtaining suitable evidence with
regards to income), they may be able to issue unqualified
report.
8/6/2019 Audit Notes-ToPIC 7
19/30
FEATURES OF GOVERNMENT AUDIT
Government audit is a means of ensuring public accountability for the use of
funds by the Government and also acts as a tool for exercising financial
control.
7.8.1 INSTITUTIONAL FRAMEWORK FOR GOVERNMENT AUDIT.
The
accountability cycle
In a democratic society, accountability falls in the following stages:
i. Members of public elected by the public
i. MPS vote funds for various programmes
i. Government spends the so voted for funds
i. Government has the obligation to account for the
manner in which the funds so voted have been spent;
and
i. The Auditor general independently audits theannual appropriation accounts prepared by Government
and reports back to Parliament through the annual
report whether the funds so allocated to government
have been properly spent.
In Uganda Government audit is performed by the Auditor General.
Recognizing the importance of a proper institutional framework for
Government accounting and auditing, the Constitution of Uganda (1995) and
the Public Finance and Accountability Act, 2003 give a special status to the
Auditor General and contains provisions to safeguard his independence from
the Legislature and the Executive arm of the Government.
The PublicParliament (The
Legislature)
Auditor General
Government Cabinet
(The Executive)
8/6/2019 Audit Notes-ToPIC 7
20/30
7.8.2 MANDATE OF THE AUDITOR GENERAL : APPOINTMENT, POWERS,
DUTIES AND RESPONSIBILITIES OF THE AUDITOR GENERAL
The powers, duties and responsibilities of the Auditor General are found in:
i. The Constitution, 1995.
i. The Public Finance and Accountability Act, 2003. (PFA
Act)
i. Other Acts of parliament.
7.8.2.1 Appointment :
According to Article 163 of the Constitution the Auditor General is appointed
by the President with approval of the Parliament.
7.8.2.2.Duties and responsibilities
Article 163 of the 1995 constitution of the Republic of Uganda and section
33 of the PFA, Act 2003 outline the duties of the Auditor General which cab
be summarized as follows:
i. To examine, inquire into , audit and report on all the
public accounts of Uganda and all public offices including
courts, the central and local administrations, Universities
and public institutions of like nature and any other public
corporation or other bodies or Organisations established by
an Act of Parliament,
i. To audit and report on all expenditures from the
Consolidated fund (this fund is defined by the Constitution,
1995 in section 153) in this regard he has to ascertain
whether the moneys shown in the accounts as having been
disbursed were legally available for and applicable to the
service or purpose to which they have been applied or
charged and whether the expenditure conforms to the
authority given.
i. To audit and report on all receipts which are payable
into the consolidated fund.
i. To assess the adequacy of management control of
public moneys and state property,
i. To review that financial businesses have been
conducted with due regard to economy, efficiency and
effectiveness ( to conduct financial and value for money
8/6/2019 Audit Notes-ToPIC 7
21/30
audits in respect of any project involving public funds)
i. To satisfy him/herself that there is proper safe guard of
public money and state property.
i. To prepare and submit an annual audit report to
Parliament. And draw the attention of the Parliament to any
irregularities in the accounts audited and any other matter
which in his opinion ought to be brought to the attention of
the parliament.
i. Examination and reporting on confidential government
contracts to express an opinion on the adequacy of the
summaries of confidential contracts.
7.8.2.3 Powers of the Auditor General
The 1995 constitution and the PFA, Act 2003 give the Auditor General powers
which reaffirms his independence.
i. The auditor general shall not be subject to direction or
control of any other person or authority in the exercise of
their function [Article 163(6) of the constitution]. This power
emphasizes the concept of independence of the auditor
general.
i. He has the power to require a public officer, within 3
months, to give explanation or information on any query
raised by the auditor general;
i. Power to appoint any competently qualified person to
carry out the audit on his behalf,
i. Power to access all records, books of accounts,
vouchers, documents, cash, stamps, securities, stores or
other public property in the possession of any public officer.
i. Power to disallow any item of expenditure which is
contrally to the law.
i. May, by summons, require the appearance of any
person or the production of any relevant accounts, records
or other documents
i. Power to require a person to make an oath or
affirmation to answer truthfully all questions relating to an
audit or examination.
i. Power to recommend to the attorney general any cases
8/6/2019 Audit Notes-ToPIC 7
22/30
for prosecution
i. The power to surcharge :
the amount of any expenditure disallowed upon the person
responsible for incurring or authorizing the expenditure,
any sum which has not been duly brought into account upon the
person whom the sum ought to have been brought into account.
7.8.2.4 Status of the Auditor General
The following provisions of the 1995 constitution and the PFA, Act 2003 seek to
safe guard the status and independence of the Auditor general :
1). The Auditor general can only be removed from office by the President only for:
Inability to perform the functions of his or her office arising from
infirmity of body or mind;
Misbehavior or misconduct; or incompetence
2). According to article 163(2) of the constitution, a person cannot be appointed
as Auditor General, unless that person meets the following criteria:
Is a qualified accountant (therefore, subject to theprofessional code of conduct) of not less than 15 years
standing and
Is a person of high moral character and proven integrity.
3). His salary and conditions of services are guaranteed by the constitution as a
charge from the consolidated fund.
4). Reports to the Parliament and the constitution requires parliament to debate
his report within six month of submitting it to parliament, and to take action on his
recommendations. PAC Public accounts Committee etc
5) Is not subject to the direction of any person/party as to the manner in which
functions are carried out; powers are exercised; or priority given to a particular
matter.
6). The constitution requires the accounts of the office of the auditor general to be
audited and reported upon by another auditor appointed by Parliament.
7.8.2.5 Organization of the office of auditor general
Auditor General
Directors of audit
8/6/2019 Audit Notes-ToPIC 7
23/30
Directorate of Central government accounts
Directorate for Prastatals and statutory commissions
Directorate for local governments
Administration and Training.
Principal auditors
Senior Auditors
Auditor Degree holders
Examiner of Accounts diploma holders
7.8.3 NATURE OF GOVERNMENT AUDITS
Government audit encompasses two main elements:
1. Fiscal accountability Compliance or regularity auditing and financial
auditing involving the audit of expenditure, receipts and other elements of
financial statements of the Government;
1. Managerial accountability Value for money audit: audit of efficiency,
economy and effectiveness
7.8.3.1Fiscal Accountability
Ensuring fiscal accountability is a very significant aspect of Government
audit. This involves:
Audit of expenditure
Auditor general will examine whether or not the following essential
conditions for incurring Government expenditure have been satisfied:
That there is Provision of funds out of which the expenditure can be
met. This provision should have been authorised by competent
authority fixing the limits within which the expenditure can be
incurred. This scrutiny is known as audit of provision of
funds .The executive (cabinet) will seek this authority from the
Parliament (annual budget), local governments get the authority
from their councils. Therefore the power of provision of funds is
with the legislature.
That there is proper sanction covering the expenditure. The sanction
8/6/2019 Audit Notes-ToPIC 7
24/30
may be either specific to the expenditure (i.e special sanction) or it
may be a general sanction. It should have been accorded by
competent authority. This part of the audit is term audit of
sanctions . The auditor therefore should be conversant with the
sanctioning powers of various authorities.
That the expenditure incurred conforms to the relevant provisions of
the constitution or of the laws made there under and is in
accordance with the financial rules and regulations framed by the
authority. This part of the audit is called audit of regularity .
Under this the auditor has to examine the following: all payments
are according to the rules and orders regarding powers to sanction
and incur expenditure and regarding mode or presentation of
claims for expenditure; Claims are made in accordance with rules
and in the proper form; the prescribed preliminaries for incurring
expenditure are observed; the rates paid for work done or supplies
made are in accordance with any scale or schedule prescribed by
competent authority etc.
That the expenditure is incurred with due regard to broad and general
principles of financial propriety/correctness/fitness i.e audit of
propriety . The auditor has to examine whether in making the
expenditure, a reasonably high standard of financial morality,
sound financial administration and devotion to the financial
interests of the Government has been maintained. While there are
no hard and fast rules laid down regarding the standards of
financial propriety, the auditor should, while conducting this phase
of audit, look into the following matters:
the expenditure does not seem prima facie to be more
than what the occasion demands,
the authorities involved in the expenditure have made
the expenditure with same degree of caution as a
person of ordinary prudence would exercise in
respect of his own money,
the authorities involved in the expenditure have not
derived any direct or indirect advantage from the
transaction,
public money is not utilized for the benefit of a
particular person or section of community and the
8/6/2019 Audit Notes-ToPIC 7
25/30
benefits accrues to the public in general unless :
the amount involved is insignificant; or a claim for
the amount could be enforced in a court of law; or
the expenditure is in pursuance of a recognised
policy or custom.
Audit of Receipts
Government audit also covers receipts payable into the
consolidated fund of the central government and of each of the
local authorities. Government revenue can be classified as tax
revenue and non-tax revenue. Tax revenues are on account of
direct taxes and indirect taxes.
An audit of tax revenues involves an examination of the quasi-
judicial act of assessments made by the relevant authorities. Non-
tax revenue, on the other hand, is generally governed by a
contract, a tariff or general financial rules and regulations e.g traffic
offence fines, passport fees etc. The auditor has to satisfy himself
that the rules and procedures in case are designed in such a
manner that amounts due to Government are regularly recovered
and duly brought into the accounts.
The emphasis in audit of receipts is on examining the procedure
regarding the assessment, collection and refund of all revenue
receipts to determine whether it provides adequately for actually
secures:
The collection and utilization of data necessary
for the computation of the demands or
refunds under law;
The prompt raising of demands on tax payers in
the manner required by law;
The regular accounting of demands, collections
and refunds
The correct accounting and allocation of
collections and their credit to the consolidated
fund;
The existence of proper safeguards to ensure
that there is no willful omission or negligence
to levy or collect taxes, or to issue refunds,
8/6/2019 Audit Notes-ToPIC 7
26/30
The follow up of claims on taxpayers with due
diligence. The claims should not be
abandoned or reduced except with adequate
justification and proper authority;
Prompt detection and investigation of double
refunds, fraudulent or forged refund orders, or
other losses of revenue through fraud, default
or mistake.
Audit of debts and investments
The procedures described above also apply here. The first step in
the process of verification of these items is to ascertain how far the
final balances agree with the ledger balances; secondly ascertain
where necessary, whether the person or persons by whom the
balance is owed or to whom it is due, admit its correctness, and in
case of balances due, to what extent are they recoverable.
Borrowings: The Auditor should examine whether the borrowings
are within the limits fixed by the legislature from time to time and
whether conditions relating to the loans are duly observed. The
auditor should also examine whether the proceeds from the loans
are properly accounted for and are spent only on objects for which
the loans were originally raised. Sections 20 30 of PFA, Act 2003
gives regulations for Government borrowings.
Investments : The auditor has to examine whether the
investments made on account of any regularly constitutes sinking
fund or other fund administered by the Government are of such
nature as is authorised by the statutory provisions or by instrument
governing the fund. The auditor should also take up promptly with
the Government, cases of investments, which he considers to be
unauthorized, irregular or unsound.
Loans and advances: The auditor should review the reasons for
making the loan or advance as well as the conditions on which it is
made.
Audit of stores and stocks (The term stores in
Government accounting includes all articles and
materials purchased or other wise acquired for the
use of the government, and thus includes items like
8/6/2019 Audit Notes-ToPIC 7
27/30
plant, machinery, instruments, furniture,
equipments, fixtures,livestock, cars etc)
Audit of all articles and materials including plant, machinery,
furniture and equipment is carried out as follows:
The internal regulations and controls governing purchase,
receipts, issue, custody, sale, write-off and stock taking
procedures and reviews (see Public Procurement and
Disposal of Public assets Act, 2003 PPDPA, Act 2003)
Purchases are audited according to the rules prescribed for
audit of expenditure and in line with procurement
guidelines(tendering, shopping etc) under the PPDPA, Act
2003.
The system of accounting for stores is reviewed. The auditor has
to examine whether the balance in hand is within the
maximum prescribed limits and is not excess of reasonable
requirements.
The sanction for write-offs /disposals is scrutunised and is
accordance with the PPDPA, 2003. The auditor examines
whether necessary action has been taken to segregate and
dispose of unserviceable, surplus or obsolete stores in
accordance with the prescribed procedures under the PPDPA,
2003.
The auditor reviews the system of physical stocktaking. Where
he finds discrepancies in the stores accounts, the auditor
has a right to inspect the physical balances
Where a priced ledger is maintained the auditor has to review
the prices charged and examine the balances at hand.
7.8.3.2 Managerial accountability Value for money audit
Government audit also seek to evaluate economy, efficiency and
effectiveness of selected government activities.
Economy is concerned with minimizing the cost of resources acquired or
used, having regard to appropriate quality.
Efficiency refers to the relationship between the output of goods / services
or other results and the resources used to produce them. Thus the auditor
examines how far maximum output is achieved for a given input, or
minimum input used for a given output.
8/6/2019 Audit Notes-ToPIC 7
28/30
Effectiveness is the relationship between the intended results and the
actual results of projects, programmes or other activities. Thus the auditor
examines how successfully the outputs of goods /services or other results
achieve policy objectives, operational goals and other intended effects.
In practice, the boundaries between economy, efficiency and effectiveness
are rarely clear-cut. Therefore in carrying out a value for money audit, the
auditor looks at these aspects together particularly when considering the
closely linked aspects of economy and efficiency.
EXAMPLE: Value for money audit Programme for construction of a hospital
might cover an examination of any or all of the following aspects:
i. The tendering, contract and project control
procedures to establish how far the hospital and
associated facilities have been built to specification, on
time and at lowest achievable cost or within approved
cost limits.
i. Utilisation of wards, beds, operation theatres and
equipment; medical and administrative staff
allocations and mix; integration of services;
maintenance; management and resource allocation
systems; etc
i. Results achieved e.g in terms of reduction in
patient waiting lists, increase in operations
performed, improved diagnostic and treatment
services and, ultimately, the improvement in health
and quality of life, reduced mortality rates, etc.
7.8.4 THE AUDIT REPORT :
The auditor generals report enables the public to know with confidence
how public funds have been spent. He issues both a management letter
and the audit report, parliament (PAC)
The basic elements of the report are:
i. Title
i. Content
Audit assignment: The auditor should state that the financial
statements identified in the report have been audited; the
8/6/2019 Audit Notes-ToPIC 7
29/30
responsibility of the management and of the auditor on the
financial statements.
Objectives and scope of the audit.
Opinion paragraph qualified or unqualified, adverse, disclaimer of
opinion.
i. Signature
i. Date
7.8.5 DOES THE AUDITOR GENERAL REALLY HAVE FULL CONTROL OF HIS
POWERS TO EFFECTIVELY CARRY OUT THE MANDATE?
(to what extent does auditor general carry out independent review of
accounts ?) The following factors affect the ability of the auditor general
to act effectively
a) The auditor general is not totally independent. For the office of the
Auditor general to function effectively and efficiently it should have freedom from
control or undue influence by the executive, but the practice is that Government
does not allow the full range of its activities to be subject to an independent
analysis and evaluation Classified expenditure!
b) Policy issues are a no go area which auditors dare not question directly,
so how do you assess value for money
c). Staff of the office of the auditor general are recruited by the public
service commission. This makes it difficult for the Auditor general to establish
standards in terms of quality of professional qualification of personnel,
d). The staff still depends on the Ministry of Finance Planning and Economic
Development for budgetary and financial matters,
e). Staff remuneration, conditions of services and other required logistics still lie
outside the ambit of the office of the auditor general
f) The attitude of public officers in providing records to auditors. Auditors
encounter with some civil servants, military and other security fields have not
been very pleasant, because some of these official refuse to adhere to statutory
rights, which assure the auditors access to all records.
8/6/2019 Audit Notes-ToPIC 7
30/30
g) Lack of effective follow-up on Audit reports these reports are relegated to
parliamentary committees many of whose members do not even have the ability
to understand the queries raised by the auditor general later on following up the
recommendations!
h) Insufficient legal foundation the law is insufficient to ensure total
independence and proper mandate to the auditor general. Is there a case for an
independent GOVT AUDIT AUTHORITY ?
Recommended