STAGE 3: Ascertain The System
 Ascertain the system of underlying records and accounting
control by using internal control questionnaries. An
example of internal control questionnaire for credit
sales is shown in Illustration 4 and an example of the
documentation
of
control
procedures
for
accounts
receivable is shown in Illustration 5.
 Record the work in the auditors’ working papers.
Evaluation Accounting and Internal Control System
A useful definition of internal control is “All the control methods a company uses to
prevent, detect, and correct errors and frauds that might get into financial statements.”
Control risk is the probability that a company’s control structure will fail to detect
material misstatements, provided any enter the accounting system. Since internal
controls are the responsibility of management, auditors task is to assess and assign an
evaluation to the control risk. The auditor will ascertain accounting system and internal
control.
The management of the company requires complete and accurate accounting. In the
company:
 all the transactions and other accounting information should be recorded.
 errors or irregularities in processing accounting information should become
apparent.
 assets and liabilities must be recorded in the accounting system exist and are
recorded at the correct amounts.
If the auditor wishes to place reliance on any internal controls, he should ascertain and
evaluate those controls and perform tests on their operation.
The management is responsible for internal control.
It is a responsibility of management to decide the extend of the internal control system
which will depend on the nature, size and volume of the transactions the degree of control
which members of management are able to exercise personally, the geographical
distribution of the company and many other factors.
Management is responsible for establishing and maintaining components of the entity’s
internal control. External auditors are responsible for evaluating existing internal controls
and assessing the related control risk. They are not responsible for designing effective
internal controls for audit clients. External auditors basis for knowing about reportable
conditions and material weaknesses is found in their familiarity with seven typical errors,
frauds, and misstatements that can occur in any account balance or class of transactions.
The seven general categories of internal control errors, frauds and misstatements are;

Invalid transactions are recorded.

Valid transactions are omitted from the accounts.

Unauthorized transactions are executed and recorded.

Transaction amounts are inaccurate.

Transactions are classified in the wrong accounts.

Transactions accounting and posting is incorrect.

Transactions are recorded in the wrong period.
Internal Control in Small and Midsized Entities
Internal control theory is generally related to large businesses. In small businesses, some
allowances must be made for size, the number of people employed, and the control
attitude of managers and owners.
Internal Control Evaluation
The Auditor will learn from the test results, how well or how poorly management
exercises internal control over the company. This control extends over the reliability of
the information provided by the accounting records, and is also concerned with the
reliability of control over the assets of the enterprise. Internal control is a process,
affected by an entity’s board of directors, management and other personnel, designed to
provide reasonable assurance regarding the achievement of objectives in the following
three categories:
 Reliability of financial reporting
 Compliance with applicable laws and regulations
 Effectiveness and efficiency of operations
Internal control is a dynamic function (process) operating every day within a company’s
framework (structure).
Internal control is operated by people. A company may have many policy manuals,
procedures, forms, computer-controlled information, and accounting, and other features
of control, but people make the system work at every level of company management.
People establish the objectives, put control mechanisms in place, and operate them.
Internal control provides reasonable assurance, not absolute assurance, that category
control objectives will be achieved. Since people operate the controls, breakdowns can
occur. Human error, management override, and improper collusion among people whoa
are supposed to act independently can cause failure to achieve objectives. Internal control
can help prevent and detect these people caused failures, but it can’t guarantee that they
will never happen. In auditing standards, the concept of reasonable assurance recognizes
that costs of controls should not exceed the benefits that are expected from the controls.
Hence, a company can decide that certain controls are too costly in light of the risk of
loss that may occur.
Internal control is designed to achieve objectives in three categories. In the operations
category, some examples of objectives are: good business reputation, return on
investment, market share, new product introduction and safeguarding assets in the
context of their effective and efficient use. The operations control objectives cover
business strategy and tactics. In the financial reporting category, the objectives are:
reliable published financial reports (e.g. annual financial statements, interim financial
reports), and safeguarding assets from unauthorized use (e.g. theft, damage, unauthorized
purchase). In the compliance category, the broad objective is compliance with laws and
regulations that affect the company.
Internal Control Components
Internal control consists of five interrelated components:
Management’s control environment
Management’s risk assessment
Management’s control activities
Management’s monitoring
Management information and communication systems that link all the
components.
These components should be a guide for managements of organizations (directors,
officers, employees). Hence, management is used to describe all the components. Also
these components provide the focus for auditors’ attention.
The control components are relevant for each of the control objectives categories. The
auditors’ task is to evaluate internal control based on evidence that these five components
are:

properly designed and specified,

placed in operation,

functioning effectively.
Thus, the five components are prerequisite criteria for effective internal control.
Finally, if the auditor finds from his tests, management internal control is good he will
plan a limited number of tests. If internal control is weak, the auditor will plan many
more tests on transaction. Auditors have compliance tests for internal control and
business systems, and substantive tests for the accuracy of the balances and transactions.
STAGE 4: Test the System
 Confirm that the
compliance tests.
system
works
as
recorded
 Record the work in the auditors’ working papers.
by
doing
Conduct of the audit
Compliance tests
The auditor will need to test the detailed transactions in the accounting records for their
completeness, accuracy and validity.
The auditor will learn from the test results how well or how poorly management exercises
internal control over the enterprise. If the auditor finds from his "compliance tests" that
management's internal control is good, he will plan a limited number of substantive tests
(detailed tests of the accounting records). If the internal control is weak, the auditor will
plan many more tests (extended substantive tests) on transactions in the accounting
records.
Compliance tests are defined as those tests, which seek to provide audit evidence that
internal control procedures are being applied as prescribed. It refers to the determination
of whether the transactions and events conform to laws and regulations. The audit is
concerned with a search for audit evidence, which will give the auditor a level of
confidence that the accounting records and the information in the financial statements,
based on those records, are true and fair.
These are tests, as we have learned, which seek to provide audit evidence that internal
control procedures are being prescribed. These tests are carried out before deciding on
how much substantive testing need to be done.
Sampling
Statistical sampling applies statistical techniques to the number of items to be used during
the audit.
A sample is drawn randomly from the population under examination, after the internal
control system is reviewed for strength. Auditor should apply the following principles:
a. Define the objectives of the audit test
b. Define the population, e.g. sales invoices
c. Determine his or her level of confidence that the sample represents the
characteristics of the population.
Where the system of internal control is strong and the auditor is more certain about the
reliability of internal control, the auditor may only require a higher level of confidence
e.g. 95 %. There is now only 5 % risk that the sample might not represent the population
characteristics. Thus, a smaller sample must be selected for testing.
d. During the evaluation of sampling, the level of error must be around the
upper error limits. For example, the error might be 3 %. If the acceptable upper error
limits were 5 %, the error limit of the company would represent the population.
e. While checking debts as an example, all large balances may be selected
for sending out to debts for confirmation, like above 250 million TL.
The advantages of statistical sampling are:

The sample chosen for testing is objectively selected.

Audit objectives have to be clarified in the planning stage of the audit, which
creates greater efficiency.

Time and money are saved with a smaller number of tests being made.

The results of the tests can be expressed in precise mathematical terms.

Objectivity replaces subjectivity in deciding what months and items to test, so
bias should be avoided.

The auditor will know the risk of selecting a particular confidence level.
The disadvantage of using statistical sampling includes the possibility that staff
unfamiliar may wrongly explain the tests with the mathematical concepts underlying
sampling. The population from which the sample is drawn must be homogeneous (all of
the same kind); if it is not, the sample will have no basis. As we have learned before,
there may be an incorrect rejection of a sample as being incorrect when in fact the
population is correct. There may be an incorrect acceptance of a sample as correct when
the population from which it is taken is incorrect.
Non-sampling risks arise from poor quality control over the audit leading to poor
auditing. This is characterized by lack of a proper procedure, inadequate supervision and
conclusions incorrectly drawn on audit work done. Sample selection may be incorrect.
Planning sampling tests
(i) setting the audit objectives;
(ii) defining the population and the sampling unit;
(iii) defining the error or deviation;
(iv) arriving at the sample size;
(v) determining the selection method used to obtain a sample;
(vi) recording details of the item selected for sampling;
(vii) carrying out the tests for determining errors or deviations;
(viii) recording errors or deviations and noting their causes;
(ix) planning what action to take.
STAGE 5: Evaluation of the System
 Plan the main tests such as walk-through tests and write
to management about weaknesses.
 If internal control is weak, auditor will report to the
management and auditor team will plan more tests in the
area of weakness.
 If internal control of the client firm is strong, the
auditor team will plan limited tests.
 Record the work in the auditors’ working papers.
SECOND INTERIM AUDIT
STAGE 6: Detailed tests
 Make substantive
balances.
tests
of
detailed
transactions
and
 Test whether the transactions entered into the accounting
records from basic source documents (invoices, checks,
receipts, delivery notes, payroll, etc.) are authorized,
complete, valid and accurate by auditing the 3 stages of
accounting (input, processing and output).
 Record the work in the auditors’ working papers.
Substantive tests
Substantive tests are tests of transactions entered in the accounting records from basic
source documents such as checks, receipts, delivery notes and invoices. The auditor will
seek to ensure that the entries into the accounting records from source documents are
completely and accurately entered and are valid transactions. The auditor will then
substantively test the balances from the accounting records, which are made up from the
resulting transaction, into the balance sheet and profit and loss account to ensure the
balances are complete, accurate and valid. An audit program for tests of controls is shown
in Illustration 2.
When inspecting source documents such as a purchase invoice, the auditor would check
whether:
i. the document is renumbered,
ii. the date of the document falls into accounting period under review
iii. the document is authorized by a senior official
iv. the amount on the document is correctly arrived at (e.g. quantity x
price) and is added up correctly.
v. the document is addressed to the client
vi. trade discounts have been correctly calculated
vii. value-added tax has been correctly provided
viii. the goods have been properly requested, ordered and delivered
The auditor will check the source documents into the ledgers (accounting records) and
will test additions and balances brought down and carried forward in the ledger.
Auditors use special symbols during testing. Some of the symbols are shown below: X: a
transfer tick placed against a balance carried forward and the corresponding balance
brought forward in the books
Y: yes, has been checked, reviewed
N: no, has not been checked, not reviewed
Substantive-purpose procedures include:
I. Analytical procedures
II. Test (audit) of details of transactions and balances.
Analytical procedures involve overall comparisons of account balance with prior
balances, financial relationships, nonfinancial information, budgeted and forecasted
balances, and balances derived form estimates calculated by auditors. Analytical
procedures are usually not applied on a sample basis. An example of an audit program for
preliminary analytical procedures is shown in Illustration 1.
On the other hand, account balance audit sampling is used in the test of details of
transactions and balances.
The auditor may rely on appropriate evidence obtained by substantive testing to form his
audit opinion, provided that the evidence is sufficient, relevant and reliable.
Sampling Risk
Substantive-purpose procedures are performed to produce the evidence necessary to
enable an auditor to decide whether an account balance is or is not fairly presented. Thus,
auditors run the sampling risks of making one of two decision errors:
 Incorrect Acceptance: The risk of incorrect acceptance is considered the more
important of the two decision error risks. When an auditor decides an account
book balance is materially accurate (hence, needs no adjustment or change), the
audit work on that account is considered finished, the decision is documented in
the working papers, and the audit team proceeds to work on other accounts. When
the account is, in fact, materially misstated, an unqualified opinion on the
financial statements may well be unwarranted. Incorrect acceptance damages the
effectiveness of the audit.
 Incorrect Rejection: When an auditor decides an account balance, is materially
misstated, some more audit work on that account is performed to determine the
amount of an adjustment to recommend. The risk, however, is that the book
balance really is a materially accurate representation of the actual value. At this
point, the event of incorrect rejection is about to be realized, and the audit
manager may be inclined to recommend an adjustment that is not needed.
Incorrect rejection thus affects the efficiency of an audit by causing unnecessary
work.
Materiality and Tolerable Misstatement
Audit sampling for substantive audit of particular account balances adds another wrinkle.
Auditors also must decide on an amount of tolerable misstatement, which is a judgment
of the maximum monetary misstatement that may exist in an account balance or class of
transactions without causing the financial statements to be materially misstated.
Auditing the 3 stages of accounting
The 3 stages of accounting can be manual or computerized.
Input
The auditor will check the source document to ensure it is a valid transaction. The source
document must meet the following criteria:
a. The document must be authorized by a senior person
b. The document must be accurate in amount.
c. The document must be one of a renumbered series of documents not duplicated and
must be sealed by Minister of Finance or notary public if necessary.
Processing
Each item of input must be completely and accurately processed into the accounting
records (Ledger, Daily book, Cash book, Inventory book and Check book).
Output
The auditor will check the balances from ledger and other accounting records to the trial
balance and into the financial statements. The auditor will verify the balances in the
financial statements.
The auditor will test the transaction, as represented by source documents, from these
documents into the accounting records and used to make up the financial statements.
The purpose of the tests is to prove that the balances in the financial statements are:
a. Presented in financial statements in accordance with the requirements of Auditing
standards.
b. Recorded completely, accurately and are valid.
c. Owned by the Company.
d. Valued in accordance with the audit standards.
e. Existing as real assets and liabilities, income and expenditure.
STAGE 7: Comparison
 Compare
the
balances
from
the
tested
underlying
accounting records to the financial state statements.
 Record the work in the auditors’ working papers.
STAGE 8: Verification (Final Audit)
 The final begins
statements.
with
verification
of
the
financial
STAGE 9: Report (Final Audit continues through reporting)
 Review the profit and loss accounts.
 Review the financial
requirements.
statements
with
legal
and
other
 Review the financial statements as a whole for truth and
fairness and report to the shareholders.