Auditing

Executive summary
Auditing has developed over many years, but it was not until the late nineteenth century with the formation of joint stock companies, the predecessors to present day limited liability companies that auditing became widely accepted in the Bangladesh to get true picture of the company to public. Individual firms of accountants have refined their approach to auditing from time to time. So in the assignment it is important to know about the auditing properly on the assignment I have learned some factors that an independent auditor follow proper judgment of the firm, material misstatements, management control, risk assessment, internal control of an auditor, monitoring , audit program, audit opinion etc. all those issues are the core component of the Auditing. So a independent auditor should follow issues in order to maintain good picture of the firm to the public.

1

Introduction
Audit was originally confined to ascertaining whether the accounting party had properly accounted for all receipts and payments on behalf of his principal, and was in fact merely a cash audit. Modern audit not only examine cash transactions, but also verify the purport to which the cash transactions relate. Audit is, therefore, an examination of accounting records undertaken with a view to establishing whether they correctly and completely reflect the transactions to which they purpose to relate. The Auditing describes the internal & external audit processes. It covers the planning, conducting and reporting of the results. The objective of an audit is to find improvement in project management, delivery and quality assurance processes. The primary function of audit is to verify the accuracy and completeness of accounts to secure that all revenue and receipts collected are brought to account under the proper head, that all expenditure and disbursements are authorized, vouched and correctly classified and the final account represents a complete and a true statement of the financial transactions it purports to exhibit. It is the function of audit to verify that financial rules and orders satisfy the provisions of Law and or otherwise free audit objections and the rules & orders are properly applied.

Now we have some basic idea what audit is in the paper I have tried to focus on internal audit, effective planning of an auditor (how auditor plane effectively). I have also learned how to write a audit opinion and I have learned how risk identified in auditing and how to overcome those risk.

2

Question 1 ³How

can you make an effective planning of Audit´.

Discuss in detail in support of your opinion?
When we talk about audit itself is a big term. Because an auditor have to go through huge information for a particular company so for that reason an independent auditor need an planning for the successful auditing. So after the auditors finish the done the arrangement understand the audit clients business and industry, and obtain the unaudited financial statement, certain planning tools can be used as an effective audit planning.

Audit Planning
Preliminary risk assessment

Preliminary materiality decisions

Preliminary analytical procedure

Understand internal control

Audit programs

3

Also auditors follow some terms for effective planning  Perform procedures regarding the continuance of the client relationship and the specific audit engagement  Evaluate compliance with ethical requirements, including independence  Establish an understanding of the terms of the engagement

Now I will describe by the table accordingly.

y Preliminary risk assessment
The auditor uses knowledge gained from the strategic understanding of the client business and industry to assess client business risk, the risk that client will fail to achieve its objectives. It is management responsibility to identify the business risks facing the company and respond accordingly to those risks. The auditor¶s main concern is the risk of material misstatement in the financial statements due to client business risk. It is important to note that not all business risks will turn into risks leading to material misstatement in the financial statements.

y Preliminary materiality decisions
When planning an audit, auditors should think about ³Planning Materiality´ as the largest amount of uncorrected Taka misstatements that could exist published financial statements. Though they could still fairly present the comoanys financial and results of operations in conformity with GAAP. This explains materiality judgments and the concept of tolerable misstatements.

y Preliminary analytical procedure
Analytical procedures applied at the planning stage can assist the auditor in gaining an understanding of the client¶s business and in assessing client business risk. International standard on auditing (ISA) 520 states, ³The auditor should apply analytical procedures at the planning and overall review stages of the audit.´ ISA 520 Analytical Procedures
4

states that analytical procedures include the consideration of comparisons of the entity s financial information with, for example:  Comparable information for prior periods  Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an estimate for depreciation  Similar industry information, such as comparison of the entity s ratio of sales to receivables with industry averages or with other entities of comparable size in the same industry. Application of analytical procedures may indicate aspects of the business of which the auditor was unaware. In order to gain a better understanding of the client¶s business and industry, the auditor will calculate typical ratios and compare the company ratios to those of the industry. Analytical procedures identify significant deviation from predicted amounts, which show the auditor where to increase procedures to obtain corroborative evidence. Preliminary analytical procedure is another important aspect of audit planning

y Understand internal control
Before auditing the firm an auditor needs to know the internal control porcess. How management controls the internal control process. So by the book definition ³Internal control is the process, effected by an entity's Board of Trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
 Reliability of financial reporting,  Effectiveness and efficiency of operations, and  Compliance with applicable laws and regulations.´

So for the proper planning an independent auditor should follow those issues on the other hand internal control of an audit has some components that an auditor need to know for the internal control of the firm. Because Internal Control components are desired goals or conditions for a specific event cycle which, if achieved, minimize the potential that waste, loss, unauthorized use or misappropriation will occur. They are conditions which
5

we want the system of internal control to satisfy. For a internal control components to be effective, compliance with it must be measurable and observable. So there are five components of internal control

Internal Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

So the essence of the effectively controlled organization lies in the attitude of its management. If top management believes that control is important, others in the organization will sense that and respond by consciently observing the control established. on the other hand it is clear to members of the organization that control is not an important concern to top management and it is given lip service rather than meaningful support, it is almost certain that management¶s control objective will not be effectively achieved.

y Audit programs
Last but not the least the audit program is ordinarily maintained in a separate file to improve the coordination integration of all parts of the audit, although some firms also include a copy of the audit program for each audit section with that sections working papers. As the audit progresses, each auditor initials the program for the audit procedure performed and indicated the date of completion. The inclusion in the working papers of a well designed audit program completed in a conscientious manner is evidence of a high quality audit.

6

So in the last of the audit plan we have learned the overall audit strategy includes consideration of planned audit responses to specific risks through the development of the audit plan. The overall audit strategy also helps the auditor determine the resources required for the engagement, including engagement staffing. Therefore, at a minimum the following matters should be included in the overall audit strategy:  Relevant characteristics of the audit engagement, such as the reporting framework used in order to set the scope of the engagement.  Key dates for reporting and other communications  Setting of materiality  Preliminary risk assessment and whether internal controls are to be tested  Consideration of resources available and how they are to be used

would you write your opinion in an audit report? Prepare a Dummy audit report?
An audit reports other than the standard unqualified audit report usually are called qualified reports because they contain an opinion paragraph that does not give the positive assurance they rather give reasonable assurance that everything in the financial statements is in conformity with GAAP. The qualified, adverse, and disclaimer reports contain different opinion message about the degree of responsibility the auditor is taking. Before going to the audit opinion we should know The accounts of listed companies are almost always given an unqualified opinion on the audit report. Potential problems will be identified and dealt with ahead of the release of the financial statements. Even an unqualified audit opinion is an opinion, not a guarantee. Auditors check the accounts, but they usually rely on the management of the company to some extent: an auditor can be fooled by extensive falsifying of the accounts, especially if it is systematically organised by the management.

Question 2 How

7

INDEPENDENT AUDITOR¶S REPORT

Board of Directors, Stockholders, Owners, and/or Management of Mutual Trust Bank Limited MTB Centre, 26 Gulshan Avenue Plot 5, Block SE(D), Gulshan 1, Dhaka 1212 We have audited the accompanying Balance Sheet of the Mutual Trust Bank Limited as of December __, ____ And the related Profit and Loss Account, the statement of Cash Flows and Changes in Equity for the year then ended. The preparation of the financial statements is the responsibility of the bank¶s management. Our responsibility is to express an opinion on these financial statements based on our audit.

Excepts as discussed in the following paragraphs, we conducted our audit in accordance with Bangladesh Standards on Auditing (BSA). Those Standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting - the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.

In our opinion, except for the effect on the financial statements of the matter referred to in the preceding Paragraphs, the financial statements, prepared in accordance with Bangladesh Accounting Standards except BAS 19, give a true and fair view of the state of the company¶s affairs as of December __, ____ and of the results of its Operations and it¶s cash flows for the year then ended and comply with the applicable sections of Bank Company Act 1991, the rules and regulations issued by the Bangladesh Bank, the Companies Act 1994, the Securities and Exchange Rules 1987 and other applicable laws and regulations. We also report that:
8

1. We have obtained all the information and explanations which to the best of our knowledge and Belief were necessary for the purposes of our audit and made due verification thereof; 2. In our opinion, proper books of account as required by law have been kept by the bank so far as it appeared from our examination of those books and proper returns adequate for the purposes of our audit have been received from branches not visited by us. 3. The company¶s balance sheet and profit and loss account dealt with by the report are in agreement with the books of account and returns, 4. The expenditure incurred was for the purposes of the company¶s business; 5. The financial position of the bank at December 31, 2007 and the profit for the year then ended have been properly reflected in the financial statements; the financial statements have been prepared in accordance with the generally accepted accounting principles; 6. The financial statements have been drawn up in conformity with the Bank Company Act 1991 and in accordance with the accounting rules and regulations issued by the Bangladesh Bank; 7. Adequate provisions have been made for advances which are in our opinion, doubtful of recovery. 8. The financial statements conform to the prescribed standards set in the accounting regulations issued by the Bangladesh Bank after consultation with the professional accounting bodies of Bangladesh. 9. the records and statements submitted by the branches have been properly maintained and consolidated in the financial statements; 10. The information and explanations required by us have been received and found satisfactory.

HOWLADAR YUNUS & CO Chartered Accountants.

Dhaka, Bangladesh Dated: April __, ____

9

Question 3

How auditor can review and reliance on Internal Control

System?
Internal control evaluation and control risk assessment is a very important part of the work in every audit of financial statements. Generally accepted auditing standards (GAAS) emphasizes internal control in the second field work standard: ³a sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to e preformed´ (SAS 1, AU 150; AU 319).so Broadly defined, internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: o Effectiveness and efficiency of operations. o Reliability of financial reporting. o Compliance with applicable laws and regulations. Effective internal control is perhaps the most important deterrent to fraud. Strong internal control can prevent or detect most types of fraud, waste and abuse. During our assessment of the current system of internal control, not only were we concerned with the controls in place but just as importantly whether those controls were operating as prescribed. As we identified fraud exposures and controls in a given area, we created procedures to test for compliance.

1. Objectives of internal control
  Transactions are executed in accordance with management's general or specific authorization All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with the applicable accounting standards, other recognized accounting policies and practices and relevant statutory requirements, if any, and to maintain accountability for assets    Assets and records are safeguarded from unauthorized access, use or disposition Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken with regard to any differences Systems and procedures are effective in design and operation
10



Risks are mitigated to a reasonable extent

2. Purpose and Types of Internal Controls
Internal controls are a system consisting of specific policies and procedures designed to provide management with reasonable assurance that the goals and objectives it believes important to the entity will be met. "Internal Control System" means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. The internal audit function constitutes a separate component of internal control with the objective of determining Whether other internal controls are well designed and properly operated. o Internal control system consists of interrelated components as follows: o Control (or Operating) environment. o Risk assessment. o Control objective setting. o Event identification.. o Control activities. o Information and communication. o Monitoring. o Risk response.

3. Internal Control Process
Internal control consists of five interrelated components as follows: Internal Control Process Control (or Operating) environment

Risk assessment

Control activities

Information and communication

Monitoring

11

1) Control Environment
The control environment is the control consciousness of an organization; it is the atmosphere in which people conduct their activities and carry out their control responsibilities. An effective control environment is an environment where competent people understand their responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what is right and doing it the right way. They are committed to following an organization's policies and procedures and its ethical and behavioral standards.The control environment encompasses technical competence and ethical commitment; it is an intangible factor that is essential to effective internal control.

2) Risk Assessment
I. Determine Goals and Objectives The central theme of internal control is (1) to identify risks to the achievement of an organization's objectives and (2) to do what is necessary to manage those risks. Thus, setting goals and objectives is a precondition to internal controls. At the highest levels, goals and objectives should be presented in a strategic plan that includes a mission statement and broadly defined strategic initiatives. At the department level, goals and objectives should support the organization's strategic plan II. Identify Risks after Determining Goals

Risk assessment is the identification and analysis of risks associated with the achievement of operations, financial reporting, and compliance goals and objectives. This, in turn, forms a basis for determining how those risks should be managed.

3) Control Activities
Control activities are actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks.

4) Information and Communication
Information and communication are essential to effecting control; information about an organization's plans, control environment, risks, control activities,
12

and performance must be communicated up, down, and across an organization. Reliable and relevant information from both internal and external sources must be identified, captured, processed, and communicated to the people who need it--in a form and timeframe that is useful. Information systems produce reports containing operational, financial, and compliancerelated information that makes it possible to run and control an organization.

5) Monitoring
Monitoring is the assessment of internal control performance over time; it is accomplished by ongoing monitoring activities and by separate evaluations of internal control such as self-assessments, peer reviews, and internal audits. Internal control Is effective if management and interested stakeholders have reasonable assurance that:  They understand the extent to which operations objectives are being achieved.  Published financial statements are being prepared reliably.  Applicable laws and regulations are being compiled.  Though it has always been part of normal audit procedure to test the internal control system, but since there is no rule relating to that, the eternal auditor may adopt the most minimal sample for the test. The scope of such test has now increased since the auditors are required to report on their findings following a complete review of the system of internal control. So by following those steps an auditor can review and rely on internal control system.

13

Question 4:

What type of Risks are identified and analyzed by the control department? What actions are taken by

internal

management to manage the risks?
The auditor should critically review all the areas of high risk in order to ensure that the planned procedures adequately cover such areas and that competent staff have been assigned to these areas. High risk areas may relate to the nature of the items, such as cash for a retail establishment with numerous collection points and outdoor disbursement locations. Risk may also relate to a high probability of error. Although some level of risk will have to be accepted, in practice, a firm will need to quantify its acceptable level of audit risk. At the planning stage, the auditor should assess the risk of material errors or misstatements in the following areas: o In the financial statements as a whole; and o In each of the component items in the financial statemens, such as Cash, Stocks, Debtors, Creditors and (in the balance sheet) and Sales, Expenses and Purchases (in the profit and loss account).

Determination of Audit Risk
A firm¶s audit risk is derived from an assessment of the following elements: A. Inherent risk: This derives from the characteristics of the client¶s products or services it deals in. It derives from the type of industry in which the client operates and will vary according to the accounts item being examined.an internal auditor should kept in mind (i) The company¶s performance and profitability; (ii) The nature of the business, its services and the susceptibility of its products or services to market forces; (iii) The financial stability of the company at present time and in the foreseeable future; (iv) The incidence of related party and unusual transactions; (v) The susceptibility of the company¶s assets to fraud and misappropriation; (vi) The auditors previous experience with the company as regards the records reliability and the explanations given by the management;

14

(vii) Circumstances that may exert undue influence upon the company¶s management. For example, the pressure to meet budgeted profits; and (viii) The likelihood that error could have a material effect upon the financial statements. B. Control risk: This is the risk that the internal control system may not prevent or detect material misstatements or errors. Also in the control risk some factors should remember in mind. (i)The strength, quality and effectiveness of its management (ii) Whether the company has an effective internal audit department; (iii) The internal controls of the company and the competenceof the accounting personnel; (iv) The degree of supervision exercised by the management of the company; and (v) The nature of the accounting methods in operation. For example manual or computerized records C. Detection risk: This is the risk that the auditors substantive audit tests and procedures and his review of the financial statements will not detect material misstatements or errors. Some factors should remember in detection risk. (i) Recruitment procedures of the audit firm; (ii) Use of latest audit techniques and procedures; (iii) The qualifications, experience and competence of the engagement team; and (iv) The method and timing of the audit review procedure

Benefits of Audit Risk Assessment
The benefits of audit risk assessment are: (a) It saves audit cost and fees; (b) It ensures that the audit work is completed expeditiously and economically; (c) It removes all avoidable pitfalls in the audit procedure; (d) It reduces the possibility of under or over auditing; (e) It results in a more effective and efficient audit work; (f) It focuses the auditors attention on factors which are more likely to result in misstatement; and (g) It facilitates the use of sampling and the attendant benefits derived there from.

15

Limitations of Audit Risk Assessment
The limitations of audit risk assessment include the following: (a) Subjective values have to be placed on inherent and control risk (b) It may result in a mechanical approach which leads to a loss of auditor¶s judgment (c) The auditor may spend more time on the mechanic of the process and assessment at the expense of time spent obtaining audit evidence (d) The assignments of risk levels are often not suitably specific which puts into question the validity of any conclusions reached.

Risk Management
The process of risk management involves: y y understanding organizational objectives; identifying the risks associated with achieving or not achieving them and assessing the likelihood and potential impact of particular risks; y y developing programmes to address the identified risks; and monitoring and evaluating the risks and the arrangements in place to address them.

Risk may affect many areas of activity, such as strategy, operations, finance, technology and environment. In terms of specifics it may include, for example, loss of key staff, substantial reductions in financial and other resources, severe disruptions to the flow of information and communications, fires or other physical disasters, leading to interruptions of business and/or loss of records. More generally, risk also encompasses issues such as fraud, waste, abuse and mismanagement.

16

Now I will show Fundamentals of Good Risk Management and Internal Control

Keeping It simple Emphasis On changing Behavior Reliable business Information response

Risk Awareness Fundamental controls

GOOD RISK MANAGEMENT AND INTERNAL CONTROL

Consultation Throughout The company

Early warning Mechanisms and Quick response

Awareness of business objectives

Continual application Of control

Documentation of the audit as evidence of work done is equally important by compiling good quality audit working papers. Aside from gathering evidence within the client¶s operating environment, the auditor may also look for evidence elsewhere by making contacts with experts. Audit risk assessment is an important aspect of audit; the result will determine the nature, extent and timing of the auditor¶s substantive audit test programme. Where the assessment shows that the risk is high, the auditor is expected to pay particular attention to the transaction caption and design detailed level of substantive test programme. In carrying out the assessment, the auditor is Expected to take into consideration the client¶s operating environment and the controls in operation.

17

Conclusion

18