The Elements of

Auditing
Compiled By:
Md. Mahedi Hasan FCA CPFA
Adjunct Faculty
Department of Accounting and Information
Systems
Bangladesh University of Professionals (BUP)
 Purpose: To
provide Definition: An
reasonable independent,

Audit assurance that

financial
objective
examination
statements are and evaluation
(Recap) free from
material
of the financial
statements of
misstatement an
due to fraud or organization.
error.
 Phases of an Audit
Planning Stage: Fieldwork Stage (Execution): Completion Stage:

• Understanding the Client’s • Testing Internal Controls: • Final Review:

Business: • Assessing the effectiveness of • Summarizing findings and
• Industry, environment, risks, internal controls over financial reviewing key areas.
and regulatory framework. reporting. • Audit Report Preparation:
• Setting Materiality: • Substantive Procedures: • Forming an opinion on whether
• Defining what is considered • Substantive testing: Verifying the financial statements give a
material (important) in the account balances and true and fair view.
context of the organization. transactions.
• Risk Assessment: • Analytical procedures:
• Identifying areas where the risk Comparing financial data with
of material misstatement is expected trends.
high.
• Audit Strategy and Plan:
• Detailing resources, timing, and
focus areas of the audit.
Introduction to Audit Procedures
Audit procedures form the backbone of the auditing process, enabling
auditors to collect the necessary evidence to form their opinions.

They vary depending on the type of organization, the specific audit

risks involved, and the areas of the financial statements being audited.

Auditors must carefully plan which procedures to use, based on their

initial risk assessment.
Types of Audit Procedures:

Risk Assessment Procedures: Help auditors identify areas Inquiries of management and staff.
of the financial statements that might contain material Analytical procedures to identify unusual trends.
misstatements. This includes: Observation and inspection of documents and activities.

Test of Details: Focus on individual transactions, balances, or

disclosures. Examples include:
Substantive Procedures: These test the financial ✓Vouching: Tracing recorded transactions back to supporting
documents to verify accuracy.
statement balances and disclosures directly. There are ✓Tracing: Tracking a transaction from its initiation to its inclusion in the
two primary types: financial statements to test completeness.
Analytical Procedures: Evaluate relationships between data, identifying
discrepancies or trends inconsistent with other evidence.

Tests of Controls: These are used when auditors rely on a

Reviewing how access controls prevent unauthorized transactions.
company’s internal controls to reduce substantive testing.
Inspecting documents to confirm the proper authorization of
If controls are strong, fewer substantive tests are transactions.
required. Common examples include:
 Evidential Matter and Its Relationship to Audit
Procedures

Evidential matter forms the It's critical to distinguish between The goal is to gather enough
foundation for an auditor’s opinion. sufficient and appropriate evidence that is of high quality to
evidence. form a basis for the audit opinion.
Quality and Reliability of Evidence:
External vs. Internal Evidence:

• Externally Generated Evidence (e.g., bank statements or customer confirmations): This is

generally more reliable because it comes from independent sources outside the entity being
audited.
• Internally Generated Evidence (e.g., internally prepared financial reports or management
representations): This can be less reliable, especially in the absence of strong internal
controls.

Direct vs. Indirect Evidence:

• Direct Evidence: Provides concrete proof of a financial transaction or balance. For example, a
physical inventory count provides direct evidence of inventory levels.
• Indirect Evidence: Offers supporting data but requires further corroboration. For example,
observing operational performance may indirectly support financial data.
Sufficiency and Appropriateness:

Appropriateness refers to the quality

and relevance of the evidence to the
Sufficiency refers to the quantity of
assertion being tested. High-quality
evidence. More evidence is required
evidence is both reliable (from
when the auditor assesses a higher
credible sources) and relevant
risk of material misstatement.
(directly relates to the assertion in
question).
 Assertions are the implicit or explicit

Financial claims made by management about

the accuracy of the financial
statements.

Statement Auditors design their procedures to

Assertions test these assertions. They are
generally categorized into five main
areas.
 Key Assertions:

Rights and Presentation and

Existence/Occurrence: Completeness: Valuation/Accuracy:
Obligations: Disclosure:

This assertion addresses Ensures that all relevant Focuses on whether the Addresses whether assets, Concerns whether the
whether the transactions transactions and balances entity has ownership rights to liabilities, equity, and financial statements are
recorded in the financial have been recorded in the the assets listed and whether transactions are recorded at properly classified, described,
statements actually occurred financial statements. the liabilities represent actual their proper values. and disclosed in accordance
and whether assets exist. Example: Have all liabilities obligations. Example: Is the company’s with applicable standards
Example: Does the recorded been recorded, or are some Example: Does the company investment in marketable (e.g., GAAP, IFRS).
inventory physically exist in obligations missing from the have legal ownership of the securities valued correctly Example: Are contingent
the warehouse? balance sheet? patents listed in the balance based on current market liabilities adequately
sheet? prices? disclosed in the notes to the
financial statements?
Audit Objectives

• Audit objectives are derived

from the financial statement
assertions and form the basis for
determining the scope of the
audit work.
• Each audit objective corresponds
to one or more assertions.
General vs. Specific Audit Objectives:
General Audit Objectives:
• Accuracy: Ensure that recorded figures are mathematically
These apply to all accounts and correct.
balances, aiming to ensure
• Completeness: Ensure that all transactions that should have
overall accuracy and
been recorded are included in the accounts.
completeness.

Specific Audit Objectives:

• Existence Objective: The goal is to confirm that all accounts
These are tailored to address
receivable reported actually exist and are owed to the
the particular risks and company.
assertions related to specific
• Valuation Objective: Test that receivables are recorded at
account balances or classes of
their correct values and are collectible.
transactions.
Relationship Between Financial Statement Assertions,
Audit Objectives, and Audit Procedures
Start with Assertions: Identify what management is asserting about the financial statements (e.g.,
inventory exists, liabilities are complete).

Set Audit Objectives: Develop objectives that define what needs to be tested to verify the assertions
(e.g., verify the existence of inventory through a physical count).

Design Audit Procedures: Select appropriate procedures that will gather sufficient and appropriate
evidence to support the audit objectives (e.g., test of details like observing an inventory count or
substantive analytical procedures like comparing inventory levels to historical data).
Types of Audit Evidence

Documentary
Physical Evidence: Confirmations: Analytical Evidence: Oral Evidence:
Evidence:
• Observing the • Reviewing • Sending direct • Analyzing • Information
physical count of contracts, invoices, inquiries to third relationships and obtained through
inventory or purchase orders, parties to confirm trends in financial interviews with
inspecting fixed and bank details of data to identify management or
assets. statements to verify transactions or areas of potential employees. Oral
• Example: Verifying transaction details. balances, such as concern. evidence is less
the existence of • Example: Reviewing accounts receivable • Example: reliable but can be
company vehicles a contract to confirmations or Comparing the ratio corroborated with
by inspecting them. confirm the terms bank confirmations. of cost of goods sold other forms of
of a long-term • Example: Sending a to revenue across evidence.
lease. confirmation multiple years to • Example: Discussing
request to a bank to identify unusual the reasons for
verify the cash fluctuations. inventory write-
balance at year-end. downs with the
inventory manager.
Audit Risk Model
The Audit Risk Model is a framework that auditors use to assess and
manage the risk of providing an inappropriate audit opinion.

It provides a structure for evaluating the different risks involved in an

audit, ensuring that the audit work is designed to focus on areas where
errors or fraud are most likely.

The audit risk model can be expressed as: Audit Risk (AR)=
Inherent Risk (IR)×Control Risk (CR)×Detection Risk (DR)
 Inherent The risk of material misstatement in the absence of controls. Factors
influencing inherent risk include complexity of transactions, volume of
Risk (IR): transactions, and industry volatility.

Example: In a high-tech company with rapidly changing products and

complex revenue recognition rules, inherent risk is high because new
product lines may have unique accounting requirements.

Control The risk that a client’s internal controls fail to prevent or detect material
misstatements.
Risk (CR):
Audit Risk … Example: If a retail company lacks a proper segregation of duties (e.g.,
the same employee handles cash receipts and records them), control
risk is high because errors or fraud could go undetected.

Detection The risk that the auditor’s procedures fail to detect material
misstatements. The auditor manages this risk by designing and
Risk (DR): performing effective audit procedures.

Example: If the auditor relies on outdated or inadequate sampling

techniques, detection risk is high as they may fail to detect anomalies in
a large volume of transactions.
 Scenario: A financial services company operates in a
highly regulated industry with complex transactions.

Example of • Inherent Risk: High, due to the complexity of

financial products.
Audit Risk • Control Risk: Medium, as the company has
internal controls in place but they are not
Model in always followed properly.
• Detection Risk: To keep overall audit risk low,
Action: the auditor performs more detailed
substantive testing (lower detection risk) to
counterbalance the high inherent risk.
 Risk Assessment
Risk assessment in audit involves identifying,
evaluating, and managing risks that may
Risk identification
affect an organization's financial reporting
and operational processes.

Key components: Risk evaluation

Risk management
Importance of Risk Assessment in Auditing

Helps auditors allocate resources to higher-risk areas.

Reduces the likelihood of material misstatements in financial reports.

Enhances the overall efficiency and effectiveness of the audit process.

Complies with auditing standards (e.g., ISA 315).

Key Steps in the Risk Assessment Process

1 2 3 4
Understanding the Identifying Risks of Evaluating Risks: Designing Audit
Client's Business and Material Misstatement • Consider the likelihood and Procedures to Address
Environment: (ROMM): impact of risks on financial Risks:
reporting.
• Industry, regulations, • Based on the auditor’s • Tailor audit procedures to
operations, objectives, understanding of the entity. mitigate identified risks.
strategies.
The Role of Professional Judgment in Risk Assessment

Subjective Nature: Auditors must Experience and Expertise: The

use professional judgment to assess auditor's knowledge influences
risks, considering the complexity their ability to identify, evaluate,
and nature of the client's business. and respond to risks effectively.
 Complex Business Models: Difficulty
in understanding and assessing risks
in complex or global operations.

Challenges in Risk Management Override of Controls:

Potential for senior management to
Assessment manipulate internal controls.

Evolving Regulatory Environment:

Changes in laws and standards that
may introduce new risks.
Risk Assessment in a Real-World Scenario
Industry: Manufacturing

Identified Risks: Supply chain disruptions, inventory obsolescence, regulatory

compliance.

Audit Response: Increased substantive testing, enhanced review of internal controls,

closer inspection of financial reporting around inventory and compliance.
 Materiality

Definition: Materiality in auditing

refers to the significance of an Objective: The auditor uses
omission or misstatement in materiality to assess whether the
financial information that could financial statements as a whole are
influence the economic decisions presented fairly, without material
of users based on those financial misstatements.
statements.
Key Concepts
Quantitative Materiality:
Qualitative Materiality: Certain
Amounts or values that are
types of misstatements or
considered significant. The
information are considered
threshold can vary depending on
material due to their nature, even
the size and nature of the
if the amounts are small.
business.

E.g., a misstatement E.g., fraud, related

of 5% of total revenue party transactions, or
might be material for non-compliance with
a large company. laws.
Determining Materiality

Materiality Levels: During an audit, materiality is considered at various levels:

• Overall Materiality: The overall amount considered material for the financial statements as a whole.
• Performance Materiality: Set lower than overall materiality to reduce the likelihood that undetected
misstatements aggregate to a material amount.
• Specific Materiality: A lower threshold set for individual balances or disclosures, particularly where items
are of specific interest (e.g., related party transactions).

Benchmarks for Determining Materiality: Common benchmarks include:

• A percentage of total revenue (often 0.5% to 1%).

• A percentage of gross profit.
• A percentage of equity or total assets (often 1% to 2%).
 Nature of the
misstatement: Is it
intentional (fraud) or
accidental (error)?

Qualitative Impact on trends: Does it

alter key financial ratios or
Considerations trends?

Effect on compliance: Could

it lead to breaches of
regulatory requirements or
loan covenants?
Challenges in
Assessing
Materiality Judgment-intensive: The process of setting
materiality involves considerable professional
Variability: Different auditors may set different
materiality thresholds for the same entity,
judgment, especially when considering qualitative depending on their risk assessment and audit
factors. approach.
Tests of Control
Example: The auditor asks the sales manager whether all sales
Inquiry: transactions are reviewed and approved before they are processed.

Example: The auditor observes the inventory counting process to

Observation: ensure that it is performed according to company policy.

Example: The auditor examines a sample of reconciliations

Inspection of Documents: prepared by the client’s accounting department to ensure that they
have been reviewed and approved by the finance manager.

Example: The auditor re-performs the process of reconciling the

Reperformance: cash balance on the bank statement to the company’s general
ledger to verify if the reconciliation process is done correctly.
Substantive Tests
1. Substantive Analytical Procedures:

• Example: An auditor compares the current year’s sales figures with the previous year's to detect
any unusual variances. If sales have significantly increased, the auditor may investigate further to
determine if the increase is justified.

2. Tests of Details:

• a) Tests of Transactions: An auditor tests a sample of sales transactions by tracing them from
source documents (e.g., sales orders) to accounting records to ensure that they were recorded
correctly.
• b) Tests of Account Balances: The auditor confirms the ending accounts receivable balance by
sending confirmation requests to a sample of customers to verify if the balance shown in the
company’s books matches the customers' records.
• c) Tests of Disclosures: An auditor verifies that the company has properly disclosed all its
contingent liabilities, such as ongoing lawsuits, in accordance with accounting standards.
 Example of Combining Tests

Scenario: An auditor is auditing a construction company’s year-end financials.

• Test of Control: The auditor inspects a sample of approved construction contracts to ensure they
were reviewed and authorized by management.

• Substantive Analytical Procedure: The auditor compares the total revenue recognized on long-
term construction contracts with prior years and investigates any significant variances.

• Test of Details: The auditor confirms a sample of outstanding receivables from large construction
projects by directly contacting the customers to verify the amounts owed.
 Structure of an Audit Report (ISA 700)

1 2 3 4 5 6 7

Title Addressee Opinion Section Basis for Opinion Key Audit Matters Management and Other Reporting
•Should clearly •The report is •Provides a clear •Explains the (ISA 701) Auditor Responsibilities
state it is an usually addressed expression of auditor's basis for •Communicates Responsibilities
•Includes any other
independent to the opinion on the opinion, significant audit •Outlines legal/regulatory
auditor's report. shareholders or whether the mentioning matters to responsibilities of requirements.
board of directors. financial compliance with stakeholders. management for
statements are ISAs. financial reporting
presented fairly. and auditor’s role.
 Unqualified Qualified
(Clean) Opinion Opinion
• Financial statements • Except for certain
give a true and fair issues, the
view. statements are

Types of Audit presented fairly.

Opinions Adverse Opinion Disclaimer of

• The financial Opinion
statements do not • The auditor is
present a true and unable to express
fair view. an opinion due to
significant
limitations.
Key Audit Matters (ISA 701)

Purpose: Highlight areas of higher assessed risk and significant

judgments.

Valuation of assets
Examples: Revenue recognition
Complex transactions
 Definition:
Going concern refers to the assumption that
the entity will continue its operations for the
foreseeable future.

Reporting on Going
Concern (ISA 570)
Auditor's Responsibility:
Evaluate management’s assessment of the
entity’s ability to continue as a going concern
and report if there are any concerns.
 Emphasis of Matter
attention to a particular issue that is
fundamental to users' understanding
of the financial statements.
Emphasis of Matter and
Other Matters (ISA 706)
Other Matters
Information that is relevant to
understanding the audit or auditor’s
responsibilities.
Materiality in the Audit Process

During the audit, materiality guides how

auditors design their audit procedures,
select samples for testing, and evaluate the
results. Evaluate Detected Misstatements: The
auditor reviews any misstatements
discovered during the audit and assesses
whether they are material individually or
when aggregated with others. If the
aggregate misstatements exceed the
materiality threshold, the auditor will require
adjustments to the financial statements.
At the conclusion of the audit, the auditor
uses materiality to:

Final Assessment: The auditor compares the

financial statements to the materiality level to
determine if the remaining uncorrected
misstatements (after adjustments) could still
affect the users' decisions. If not, the financial
statements are considered fairly presented.
 Working papers are the records
and documents created during the
course of an audit, investigation, or
preparation of financial
statements.

Working Papers They serve as the foundation for

conclusions made by professionals,
especially auditors.

Two Types: Permanent and Current

Working Papers
 Support for Audit Opinion:
Working papers provide evidence for the conclusions and
opinions expressed in the audit report.

Compliance and Accountability:

They help demonstrate compliance with auditing standards and
regulations.

Functions of Documentation for Future Use:

Provide a record for future audits or reviews, making it easier for

Working Papers
subsequent auditors to understand the audit process and
reasoning.

Facilitate Review by Third Parties:

External reviewers can evaluate the quality of the work
performed.

Basis for Discussions:

Used in discussions with clients, team members, and regulatory
bodies.
 Contents of Working Papers

CLIENT INFORMATION: AUDIT OBJECTIVES AND SUMMARY OF FINDINGS: SUPPORTING CONCLUSION:

INCLUDES DETAILS LIKE CLIENT PROCEDURES: KEY OBSERVATIONS, ISSUES DOCUMENTATION: THE AUDITOR’S CONCLUSIONS
NAME, PERIOD UNDER AUDIT, THE AUDIT GOALS AND THE IDENTIFIED, AND RESULTS OF COPIES OF CONTRACTS, ON THE EVIDENCE REVIEWED.
AND BACKGROUND STEPS TAKEN TO ACHIEVE TESTING. CONFIRMATIONS, AND OTHER
INFORMATION. THOSE GOALS. SUPPORTING DOCUMENTS.
 Completeness:
All steps of the audit process must be documented.

Accuracy:
The documentation must accurately reflect what was done and
what evidence was gathered.

Requirements of Clarity:
Information should be clear and concise for easy review by third
Working Papers parties.

Timeliness:
Working papers must be prepared and completed promptly
during the audit process.

Confidentiality:
Working papers should be stored securely and treated as
confidential information.
Legal Aspects of Working Papers
Ownership:
Working papers are the property of the auditing firm, not the client. However, clients may access certain parts if
agreed upon.

Retention Period:
Working papers should be retained for a specific period, often ranging from 5 to 7 years, depending on regulatory
requirements.
Confidentiality Obligations:
Auditors are bound by professional ethics to maintain the confidentiality of
their clients' information.
Subpoena and Legal Exposure:
Legal Protection: In legal proceedings, working papers can be subpoenaed and reviewed by
courts or regulatory agencies.
Audit Deficiency Lawsuits:
In cases of audit failure or malpractice, working papers can become critical
evidence.
Professional Standards:
Auditors are expected to follow guidelines set forth by regulatory bodies like the International Auditing and
Assurance Standards Board (IAASB).
Mechanics of Working Paper Preparation

Document Each Step: Use Checklists and Templates: Cross-Referencing: Review and Approval: Automation Tools:
Record all procedures Standardize the format of Ensure that working papers are Senior auditors or audit Software tools like CaseWare
performed and the rationale working papers to ensure linked to relevant parts of the managers must review and and AuditBoard are commonly
behind key decisions. consistency and completeness. audit file and final audit report. approve all working papers used to streamline the process
before finalization. and reduce errors.