Auditing And Assurance Assignment
Submitted By : Muhammad Fahad
Submitted To : Ma’am Uzma
Summary of Chapter 8
The chapter discusses the impact of controls on the audit process. It
emphasizes the auditor's role in assessing and testing internal control
systems to determine their reliability. The chapter highlights that the
level of control risk influences the audit strategy, with low control risk
allowing more reliance on internal controls and reducing the need for
detailed substantive procedures. Conversely, high control risk prompts
increased substantive testing and a broader audit scope.The limitations
of internal controls are acknowledged due to factors like human error,
ineffective controls, collusion, management override, and subjective
management judgment. Consequently, the auditor is required to
perform substantive testing on material balances.
The chapter introduces five components of an internal control system
according to ISA 315:

Control environment: Focuses on governance, management, and key
elements influencing internal control.

Risk assessment process: Involves determining business risks and
managing threats to achieve objectives.

Information system: Encompasses processes for financial reporting,
including IT and manual systems.

Control activities: Policies and procedures ensuring management
directives are carried out.

Monitoring of controls: Involves the client's ongoing assessment of
control effectiveness.
The methods for ascertaining and documenting client systems are
explained, including enquiries, observations, tracing transactions, and
documentation through narrative notes, flowcharts, questionnaires, and
evaluations.
Testing the system involves obtaining evidence that controls are
implemented and effective. Methods include observation, inspection of
documents, and computer-assisted audit techniques. Valid tests of
controls are designed to ensure that controls have been performed
effectively, recognizing that errors may not occur due to controls.
Communicating Control Deficiencies:
ISA 265 mandates auditors to communicate deficiencies to management
and significant deficiencies to those charged with governance.
Deficiencies occur when controls are unable to prevent, detect, or
correct misstatements in a timely manner.

Examples of factors to consider in determining significance include
likelihood of misstatements, susceptibility to loss or fraud, and
financial statement amounts exposed to deficiencies.
The auditor communicates deficiencies in a management letter,
specifying the deficiency, its consequence, and providing a
recommendation.
Reports should clarify that they are not exhaustive, for the company's
use only, and no disclosure to third parties without the auditor's written
agreement.
Sales, Purchase, Payroll, Inventory, and Cash Systems:
Detailed objectives and controls for each business cycle, outlining stages,
objectives, and specific controls.
Testing methods for controls include observation, inspection of
documents, and computer-assisted audit techniques.
For inventory, controls include maintaining appropriate levels, restricting
access, ensuring proper storage conditions, and conducting regular
counts.
In the cash system, controls cover petty cash imprest systems,
authorization for cash withdrawals, secure storage of cash and cheques,
bank transfers, and regular banking.
Testing the System:
Describes the test of control, involving obtaining evidence that controls
are implemented and effective.
Methods include observation, inspection of documents, and computerassisted audit techniques.
Emphasizes the need for valid tests to ensure controls are performed
effectively, recognizing that lack of errors doesn't guarantee control
effectiveness.
Overall, the summary provides insights into the importance of
communicating deficiencies, specific controls in various business cycles,
and the testing process for auditing controls.
Summary Of Chapter 9
The Need for Internal Audit:
Internal audit is an independent, objective assurance and consulting
activity designed to add value and improve an organization’s operations.
Companies must establish a strong system of internal control and
regularly evaluate its effectiveness.
The need for internal audit depends on factors like the scale and
diversity of activities, complexity of operations, number of employees,
cost/benefit considerations, and senior management's desire for
assurance.
Difference Between Internal and External Auditors:
External auditors express an opinion on financial statements for
shareholders, while internal auditors focus on improving internal
controls and report to management or those charged with governance.
External audit reports are publicly available, while internal audit reports
are not and are usually seen only by management or governance.
External audit scope is limited to verifying financial statements, while
internal audit has a wide scope dependent on management's
requirements.
External auditors are appointed and removed by shareholders, while
internal auditors are appointed by the audit committee or board of
directors.
Role of Internal Audit Function:
Key activities include assessing corporate governance, evaluating risk
identification and management, testing internal controls, ensuring
reliability of financial and operating information, assessing
economy/efficiency/effectiveness, assessing compliance with laws, and
providing fraud prevention recommendations.
Additional roles may involve fraud investigations, IT systems reviews,
mystery shopper visits, contract audits, asset verification, and direct
assistance to external auditors.
Qualities of an Effective Internal Audit Function:
Must be sufficiently resourced with qualified staff, well-organized,
independent, led by a chief internal auditor appointed by the audit
committee, have no operational responsibilities, and have a work plan
agreed by the audit committee.
Limitations of Internal Audit:
Internal auditors may be employees and hesitant to raise issues,
familiarity threats may arise, and achieving complete objectivity is
challenging.
Strategies to enhance independence include separate reporting
channels, independent reviews of internal audit work, and outsourcing
to a third party.
Outsourcing the Internal Audit Function:
Outsourcing can offer advantages like independence, access to
specialized skills, flexibility, cost-effectiveness, and reduced
management time.
Disadvantages include lack of intimate knowledge of the organization,
potential reduced effectiveness, contractual constraints, high fees,
ethical threats, and potential pressure on independence.
Internal Audit Assignments:
Internal auditors perform various assignments, including value for
money assessments, operational audits, IT systems audits, and financial
audits.
Value for money assessments focus on economy, efficiency, and
effectiveness, often using performance indicators.
Operational audits streamline processes for efficiency, IT systems audits
evaluate value and effectiveness, and financial audits ensure the
reliability of financial information.
Reporting:
Internal audit reports do not have a formal structure and are for internal
use, with the format typically agreed with the audit committee or board
of directors.
Reports include terms of reference, an executive summary, the body of
the report detailing work performed and results, and appendices for
additional relevant information.