INDIVIDUAL Assignment of AUDITING PRINCIPLES

&PRACTIES I

Section: 2
Prepared by

NAME ID.NO
1.ዮሴፍ መኮንን_______________________UGE/18943/12

LECTURER:
Abduljabar.B
GOOD LUCK!!

FEB , 2023 G.C

Contents
Chapter 4: Internal Control..........................................................................................................................3
4.1. Meaning of Internal Control.............................................................................................................3
4.2. Internal Control and Internal Audit...................................................................................................4
 4.3. Components of Internal Control.......................................................................................................4
4.5. Limitation of Internal Control...........................................................................................................8
4.6. The Auditor's Consideration of internal control...............................................................................9
Chapter 5: Audit Evidence.........................................................................................................................10
5.1. The relationship of evidence to audit risk.......................................................................................10
5.2. Financial statement assertions.......................................................................................................11
5.3. Sufficient competent evidential matter..........................................................................................12
5.4. Types of audit evidence;.................................................................................................................14
5.5. Evidence about accounting estimates............................................................................................15

Chapter 4: Internal Control

Internal control is another important area of auditing. Internal control refers to a number of
checks and controls exercised in a business to ensure its efficient and economic working. Internal
control is an important tool of management. It assists the management in the performance of
its various functions. It means the built in cross-checks in the system supplemented with proper
supervision and internal audit carried out by the staff appointed by the organization. These
days business has been become more complex both in nature and size and the management
finds it difficult to get correct information about the various aspects of the business. Internal
control assures the management that the information supplied to it is reliable and accurate. The
Internal controls are exercised to ensure the accuracy and the reliability of accounting data and
other records, to identify weaker areas of operation and to improve them to increase
operational efficiency of the business, to safeguard its assets and to ensure orderly conduct of
business. In this unit you will learn the meaning and objectives of internal control, discuss about
basic elements of internal control system and limitation of internal control.

Objectives of the Chapter: after completing study on this chapter, students are able to:

1. Understand the meaning of internal control

2. . Understand objectives of Internal Control system.
3. Identify types of internal control
4. . Describe the control environment.
5. Understand Control Procedures
6. Describe the accounting control System.
7. Identify elements of Sound Internal Control System.
8. Explain limitation of Internal control

4.1. Meaning of Internal Control

Definition of internal control, as published by the accounting profession is in 1949 and
Statements on Auditing Standards (SAS) No. 1 (paragraph 320.09), states; Internal control
comprises the plan of organization and all of the coordinate methods and measures
adopted within a business to safeguard its assets, check the accuracy and reliability of its
accounting data, promote operational efficiency, and encourage adherence to prescribed
managerial policies.

An internal control structure of an organization bas four objectives; these are:

1. To safe-guard the assets and records of the organization

2. To ensure the accuracy and reliability of the accounting data and information.

3. To promote efficiency in all the organizations operations

. 4. To encourage adherence to managements prescribed policies and procedures.

In achieving these objectives, the internal control structure applies such controls as comparison
of actual measures against benchmark for instance, the actual cash on band and in the bank
should equal the amount deflected in the cash ledger account and signature on a check should
match the name of the person authorized to sign. For any type of transaction in a client‘s
system several types of recording errors (misstatement) can occur. Payroll transaction for
example, can be in error if the wrong number of hours was charged on the time card or gross
payroll was debited to the wrong account number in the payroll journal. Specifically, there are
seven detailed objectives that internal control structures most meet to prevent errors in the
journal and records:

1. Validity: recorded transactions are valid.

2. Authorization: Transactions are property authorized.

3. Completeness: Existing transactions are recorded.

4. Valuation: Transactions are properly valued.

5. Timing: transaction is recorded at the proper time.

6. Classification: Transactions are properly classified.

7. Posting & summarization: Transactions are properly included in the master files and

4.2. Internal Control and Internal Audit

The COSO defined Internal Control as ―a process, effected by an entity‘s board of directors,
management and other personnel, designed to provide ―reasonable assurance regarding the
achievement of objectives in the following categories: operations, reporting and compliance‖. A
part of the philosophy in this definition purports that the internal control can never be limited to
financial and accounting activities only since it covers all aspects of the organization and
encompasses all levels of employees, the executive management and the board of directors.

4.3. Components of Internal Control

Internal control system varies significantly from one organization to the other because of many
factors such as:

 The size of the entity

 The characteristics of the organization and ownership
 The nature of the business  Diversity and complexity of its operation
 Methods of processing data
 Legal and regulatory requirement

Control Environment The control environment is the collective effect of various over all factors
that establish, enhance, or mitigate the effectiveness of specific control policies and procedures.
In other words, it is the client‘s environment (internal as well as external) within which controls
exist or operate. The flow of hierarchy in the organization may be upward, downward or both.
It includes the attitude, awareness, and actions of the board of directors, management, owners,
and other parties in controlling the firm‘s overall situations. The following are factors that affect
the internal control environment. V. Management philosophy and operational style: managers
differ in both their philosophies towards financial reporting and their attitudes towards business
risk. VI. Organizational structure: a well-designed organizational structure provides a basis for
planning, directing, and controlling operations. A sound organizational structure of an entity
should separate responsibilities for authorization of transactions, record keeping of
transactions, custody of resulting assets, and execution of the operation. The responsibilities for
financial matters and operating problems should be given to two separate departments namely
finance and accounting departments respectively. While the finance

Risk Assessment A risk is anything that endangers the achievement of an objective. The risk
assessment process is used to identify, analyze, and manage the potential risks that could hinder
or prevent an agency from achieving its objectives. Risk increases during a time of change, for
example, turnover in personnel, rapid growth, or establishment of new services. Other potential
high risk factors include complex programs or activities, cash receipts, direct third party
beneficiaries, and prior problems. COSO‘s updated internal control framework identifies four
principles associated with risk assessment. These are;

 Management should define objectives and risk tolerances.

 Management should identify, analyze, and respond to risks related to achieving the
defined objectives. Management should consider the potential for fraud when
identifying, analyzing, and responding to risks.
 Management should identify, analyze, and respond to significant changes in the internal
control system

Control Activities In addition to the control environment and the accounting system,
management establishes other control over the entity‘s transactions and assets. Control
procedures that can be implemented by a firm may be categorized as procedures for:

1. . Proper authorization of transactions and activities

2. . Appropriate segregation of duties.
3. . Adequate documentation and recording of transactions and events
4. . Effective safeguards over access to and use of assets and records access controls
5. . Independent checks on performance and proper valuation of recorded amounts

1. Authorization of Transaction Authorization of transactions may be either general or specific.

General authorization occurs when management establishes criteria for acceptance of a certain
type of transaction such as quantity discounts. Specific authorization occurs when transactions
are authorized on an individual basis (e.g. sale of a major asset).

2. Segregation of Duties A functional concept of internal control is that no one department or

person should handle all aspects of a transaction from beginning to end. No one department or
individual should perform more than one of the functions of authorizing transactions, recording
transactions, and maintaining custody over assets.

3. Adequate Documentation

 A system of well-designed forms and documents is necessary to create records of the

activities of all departments like use of serial numbers for business documents or
preparing documents in different colors.
 Adequate safeguarding and numerical control should be maintained at all times for
unused pre numbered documents

4. Safeguarding of assets and records Physical access to assets and important records,
documents, and blank forms should be limited to authorized personnel. Limit access to assets
such as cash inventory and securities, cost documents and account receivable records, and blank
forms like a blank checks, blank sales invoices and shipping orders. Generally, direct physical
access to assets may controlled through the use of safes, locks, fences, guards, surveillance
cameras, and security codes and so on.

5. Independent checks on performance and proper valuation

 The accuracy of the work of various individuals in a company may be verified by

independent checks on performance and valuation such as clerical checks, computer
program controls, independent review report and reconciliations.
 An independent body should make periodic comparison of accounting records and the
physical assets on hand.
 Any discrepancies thus obtained, when investigated, will uncover weakness either in
procedures for safeguarding assets or in maintaining the related accounting records-
recorded accountability.
 Periodic comparisons may include counts of cash on hand, reconciliation of bank
statements, counts of securities, confirmation of accounts receivable and payables, and
other such comparison of operations.
 The frequency of such comparison is governed by the related costs and benefits. Yet,
periodic comparison and action to correct errors lowers the risk that material
misstatements remain the account.
The accounting system An accounting system consists of the methods and records established
to gather and report an entity‘s transactions and to maintain accountability for the related
assets and liabilities. An accounting system is maintained to attain the following objectives:

1. Identify and record all valid transactions

2. Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
3. Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
4. Determine the time period in which transactions occurred to permit recording of
transaction in proper accounting period
5. Present properly the transactions and related disclosures in the financial statements.

Monitoring

After internal controls are put in place, their effectiveness needs to be periodically monitored to
ensure that controls continue to be adequate and continue to function properly. Management
must also monitor previously identified problems to ensure that they are corrected. COSO‘s
updated internal control framework identifies two principles associated with monitoring: These
are;

 Management should establish monitoring activities to monitor the internal control

system and evaluate the results.

Management should ensure identified internal control deficiencies are remediated on a timely
basis. An internal control system usually contains elements forming the basis for an effective
system and contributes to accomplishing set objective of the institution. These elements can be
separately identified as:

Sound management characteristics: the management style and characteristics of managers‘

display have a significant effect on the internal control environment. Managers should
necessarily set an example as far as application and adherence to controls is concerned. If
managers, on the different levels, continuously attempt to override or ignore these, then it can
be expected that their subordinates do the same.

Efficient Organizational Structure: the organizational structure of the organization indicates

the responsibility and authority of various officials as well as the lines of communication to be
followed. If all officials clearly understood the structure and their responsibilities relative to
other officials, this would certainly contribute to applying and maintaining the system.
Acceptable Personnel Policies: since competent and trustworthy personnel will produce reliable
and accurate financial information and ensure internal controls are adhered to, it is important
that personnel policies and practices form a critical part of internal control environments. As
such, it is essential that policies be developed to the extent that personnel employed enhance
compliance with controls and do not undermine the system.

Written Procedure: written procedures in the form of procedure manuals, instructions, and
directives require developing for use by all staff. These written procedures are part of internal
control, and therefore their practical application is vital in ensuring uniform approaches to
tasks. This approach strengthens the system by setting minimum standards of conduct.

Effective Internal Audit Function: legislation requires the establishment of internal audit unit in
each organization. One function of an internal audit unit is monitoring the effectiveness of the
internal control system and reporting deficiencies to an audit committee and management. The
auditors belonging to such a unit should be independent of the institution being monitored and
should, therefore, report directly to the committee.

4.5. Limitation of Internal Control

Even if internal control can do much to protect against both errors and irregularities & assure
the reliability of accounting data, it has inherent limitation. What so ever its structure is.
Besides, the following situations increase the limitation of any internal control system.
Collusion: collusion can be defined as an agreement between two parties to defeat an internal
control system to carry out an improper act. For instance, you may assign a store keeper and a
guard to prevent assets from being taken for personal use, but what if these two persons
collude.

Management outride or manipulation and collusion: management may override procedures

designed to assure execution and recording of transaction in accordance with management
authorization. For example, the manager may authorize improper payment to him and threaten
employees under him to hide the theft.

Cost versus benefit: organization is faced with challenge to find the right cost-versus –benefit
balance for internal control. Excessive control can be too costly and counterproductive, as result
100% control might not be adapted. Temporary failure: there are two basic reasons under this
limitation:

1. Human error: due to carelessness, interruption, fatigue (tiredness), misunderstanding

institutions, etc.
2. Change: a new employer may hire and he/she makes mistake until they understand the
system. Mistake in judgment: this includes such as mistakes in recording transactions in wrong
accounting period, erroneous classification of transactions, in capitalizing expenditure

4.6. The Auditor's Consideration of internal control

The position of the auditor regarding internal control has been stated in the statement of
auditing practices issued by the Institute of Chartered Accountants of India which says "the duty
of safeguarding the assets of a company is primarily that of management and the auditor is
entitled to rely upon the safeguard and internal controls instituted by the management,
although he/she will take into account the deficiencies, he/she may note therein while drafting
his/her audit program". It clearly means that an

Auditor is concerned only with the evaluation of internal control to know its strength and
weaknesses. In case he/she finds that the internal control system is inadequate, he/she should
then plan to carry out detailed examination of those areas where the system is weak. It is
therefore necessary for the auditor to acquaint himself fully with the internal control in force
and their actual operation.
Chapter 5: Audit Evidence
International standards audit (ISA) requires the auditor to obtain sufficient appropriate audit
evidence by performing audit procedures to afford a reasonable basis for an opinion regarding
the financial statements under audit. Audit evidence refers to information or data that use or
collect by auditors as part their audit works to conclude their opinion on whether or not
financial statements are prepared in all material respect and in accordance with the applicable
financial frameworks. Before auditors could make the conclusion on the financial statements as
a whole or any part, they need to make sure that the evidence they obtain is sufficient enough
with appropriate quality to make the conclusion.

Objectives of the Chapter: After completing study on this chapter, student able to;

1. Discuss the relationship of evidence to audit risk,

2. Describe about financial statement assertions,

3. Identify features of sufficient competent evidential matter

4. Identify types of audit evidence

5. Understand evidence about accounting estimates.

5.1. The relationship of evidence to audit risk

The third standard of field work states sufficient and competent evidential matter is to be
obtained through inspection, observation, inquires and confirmation to afford reasonable basis
for an opinion regarding the financial statement under audit.‘‘ Audit evidence also referred to as
evidential matter refers to the necessary information that an auditor gathers in order to form a
credible opinion on the assertions by the client‘s management that are inherent in the financial
statement .

The following are some examples of audit evidences.

 In the client acceptance/retention stage, audit evidence will include information that
will enable the auditor to determine whether to accept or reject an entity as a client.
 In the audit planning stage, audit evidence includes information that will enable the
auditor to determine the audit approach such as information relating to the likely
effectiveness of particular internal control procedures.
 In the control testing stage, audit evidence includes information that will assist the
auditor in determining whether or not internal controls are effective in their operation,
such as information as to whether a particular control procedure is or is not supervised.
  In the substantive testing stage, audit evidence includes information as to whether a
particular account balance is complete, valid and accurate, such as evidence that the
asset actually exists.
 In the opinion formulation stage, audit evidence includes information relating to the
completeness, validity and accuracy of financial statements as a whole, such as
information relating to consistency of the financial statements with the auditor‘s
knowledge of the business
.

1. Audit procedures: audit procedure is the detailed instruction for the collection of a type of
audit evidence that is to be obtained at some time during the audit.

2. Sample size: once an audit procedure is selected, it is possible to vary the sample size from
one to all the items in the population being tested. The decision of how many items to test must
be made by the auditor for each audit procedure. The sample size for any given procedure is
likely to vary from audit to audit.

3. Items to select: after the sample size has been determined for an audit procedure, it is still
necessary to decide which items in the population to test. If the auditor decides, for example, to
select 200 checks from a population of 6,600 checks stubs for comparison with cash payments
journal, several different methods can be used to select the specific checks to be examined like
(a) a week and examine the first 200 checks, (b) select 200 checks from the largest amounts, (c)
select the checks randomly, or (4) select those checks that the auditor thinks are most likely to
be in error. Or a combination of these methods could be used.

4. Timing: an audit of financial statements usually covers a period such as a year, and an audit
is usually not completed until several weeks or months after the end of the fiscal period. The
timing of the audit procedures can therefore vary from early in the accounting period to long
after it has ended. In the audit of financial statements the client normally wants the audit
completed one to three months after the year end.

5.2. Financial statement assertions

The conformity of a client‘s financial statements to GAAP is judged according to five different
financial statement assertions: existence or occurrence, completeness, rights and obligations,
valuation or allocation, presentation, and disclosure.

Existence or Occurrence: existence relates to balance sheet accounts. Did the assets, liabilities,
and equity which appear on the balance sheet, equally exist on the balance sheet date?
Occurrence on the other hand, relates income statement accounts. Did the transactions giving
rise to the revenue and expenses actually occur during the period covered by the income
statement? Another way of expressing this assertion is to say ‗none of the accounts on the
balance sheet or income statements are overstated.‘ If accounts are overstated it is called an
error of commission. The existence or occurrence objective is most important with regard to
assets and revenues. Overstating those two types of accounts makes the client‘s results look
better. The client will have less benefit to overstate liabilities or expenses, except perhaps when
presenting financial statements to the tax authorities.

Completeness: completeness related to both balance sheet and income statement accounts.
Have all transactions for the year been recorded? Another way of expressing this assertion is to
say ‗none of the accounts in the balance sheet or income statements are understated.‘ If
accounts are understated, it is called an error of omission. The completeness objective is most
important with regard to liabilities or expenses. Understating those two types of accounts
makes the client‘s look better. The client will have less incentive to understate assets or
revenues, except perhaps when presenting financial statements to the tax authorities.

Rights and Obligations: this assertion says that the client has legal rights to all its assets and
legal obligations to all its liabilities. This assertion is especially important to assets physical
existence on the client‘s premises does not necessarily mean ownership. For example,
equipment may be leased to the business, or inventories may be consigned. Obligation may be
of greater concern in a small business where the owner may list some of his/her personal
liabilities as liabilities of the business.

Valuation or Allocation: valuation is more concern for balance sheet accounts. For example,
have the fixed assets, receivables, and inventories correctly valued based on GAAP? Allocation
has more to do with income statement accounts. Such as, have revenues and expenses been

Presentation and Disclosure: presentation has to do with classification of the accounts on the
financial statements. For instance, are inventories for sale presented as current assets? Are
bonds payable presented as long-term liabilities? Disclosure refers to the notes to the financial
statements. Have significant accounting policies been explained? Have contingent liabilities
been noted?

5.3. Sufficient competent evidential matter

The following are some of the requirements to be the audit evidence persuasive or convincing.

Sufficiency: sufficiency is the presence of enough factual and convincing evidence to support the
auditor‘s findings, conclusions, and recommendations. Determining the sufficiency of evidence
requires judgment; however, a prudent, informed person should be able to reach the same
conclusions as the auditor. When appropriate, statistical methods may be used to establish
efficiency. Though the sufficiency of audit evidence is determined by the auditor‘s professional
judgment, the following factors are the determinants of sufficiency of audit evidences.
 1. . Competence of audit evidence determines the quantity of audit evidence required for a
specific situation. That is, the more competent the audit evidence available the less the
quantity of evidence is required to support evidence.
2. Materiality also affects the amount of audit evidence needed to support auditor‘s
opinion. The more material the financial statements amount the greater the need for
evidential matter as its validity.

. The level of risk involved in audit engagement also determines the sufficiency of audit
evidence. In every engagement there is a certain level of audit risk that auditors may overlook
material misstatements which results in issuance of inappropriate opinion. Such risk varies from
one engagement to the others depending on varies factors such as the client‘s financial
condition, line of business and integrity of management. As the relative risk associated with a
particular engagement increases the auditor should gather more evidences to support their
opinion.

Competence: to be competent, evidence should be valid and reliable. In evaluating the

competence of evidence, the auditors should carefully consider whether reasons exist to doubt
its

Quality: Competence of evidence also related to its quality. Evidence is said to be competent if
it is both valid and relevant. There are a number of factors that affect the quality of evidence.
The following are the major ones.

A. The source of the audit evidence: evidences obtained from independent sources outside the
client are more reliable than evidences obtained from the client.

B. The strength of the client’s internal control: the quality and reliability of audit evidence
increases if the client has strong internal control.

C. The ability of the auditor to gather firsthand information: information obtained by auditors
through personal observation, computation or using other techniques increases the reliability of
evidences. Relevance: Relevance refers to the relationship of evidence to its use that is,
consistent with the audit objectives. The information used to prove or disprove an issue is
relevant if it has a logical, sensible relationship to that issue. Information that is irrelevant
should not be included as evidence to support audit findings and recommendation.

5.4. Types of audit evidence;

When conducting audits, the auditors gather a combination of many types of evidence. Audit
evidence is categorized as follows: physical, documentary, testimonial, and analytical.

1. Physical evidence: - physical evidence is obtained by direct inspection or observation

(a) activities of people,

(b) existences of property, or(c) events. Such evidence may be documented in the form of :

 Memoranda summarizing the matters inspected or observes

 Photographs
 Charts
 Maps,
 Actual samples
The existence of property and equipment such as automobiles, buildings, office
equipment, and factory machinery may be established by physical examination.
Similarly, the amount of cash on hand is verified by counting, and inventory counts are
observed. Physical examination or observation provides evidence as to the existence of
certain assets, but generally needs to be supplemented by other types of evidence to
determine the ownership proper valuation and condition of these assets.

2 Documentary evidence: the documents, forms, journals, or reports may originate within the
client organization or may come from an internal source. Examples are:

 Letters
 Contracts
 Charts Regulations
 Budget information
 Accounting records
 Management information performance & other supporting documents.

3. Testimonial evidence (inquiry):- testimonial evidence is obtained from others through

statements received in response to inquiry or through interviews. Statements important to the
audit should be corroborated when possible with additional evidence. Testimonial evidence also
needs to be evaluated from the stand point of whether the individual may be biased or only
have partial knowledge about the area.

4. Evidence from analytical procedures: analytical evidence is the result of analysis and
verification. Analytical procedures involve evaluation of financial statements information by a
study of relationships among financial and non-financial data. Example of analytical procedures
include comparison of revenue and expense amounts for the current year to those of prior
periods, to industry averages, to budgeted levels, and to relevant non-financial data. Such as
units of produced, hours, or direct labor. Some of the techniques used to produce analytical
evidence are comparisons; reasoning and separation of information into comparisons. In
addition to the above mentioned types of evidence, auditors may obtain evidence from
specialists such as geologists, engineers, attorneys, for performance of audit in areas that do
require highly specialized knowledge. Client representation letters (‗‘rep-letter‘‘) may also be
considered as audit evidence. Representation letter is a letter written representation
summarizing the most important oral discussions made during the audit engagement. Most of
such representations fall in to following broad categories:

 All accounting records and financial data

 The financial statements are complete and prepared in conformity with GAAP
 All items requiring disclosure (such as loss contingencies, illegal acts, and related party
transaction has properly disclosed).

5.5. Evidence about accounting estimates

Accounting estimates in historical financial statements measure the effects of past business
transactions or events, or the present status of an asset or liability. Examples of accounting
estimates include net realizable values of inventory and accounts receivable, property and
casualty insurance loss reserves, revenues from contracts accounted for by the percentage-o f
completion method, and pension and warranty expenses. Management is responsible for
making the accounting estimates included in the financial statements. Estimates are based on
subjective

as well as objective factors and, as a result, judgment is required to estimate an amount at the
date of the financial statements. Management's judgment is normally based on its knowledge
and experience about past and current events and its assumptions about conditions it expects to
exist and courses of action it expects to take.