The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by
the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework. In the case of most general purpose frameworks, that opinion is on whether the
financial statements are presented fairly, in all material respects, or give a true and fair view in accordance with the framework
Types of auditor
If we consider the following types of auditor we can get a clearer understanding of what they do and what they have in common
* registered (external) auditors – auditors who express an independent opinion on whether the annual financial statements of a
company, fairly present the financial position and results of the company’s operations. The external auditor is not an employee of
the company. The external auditor enhances the degree of confidence which users of the financial statements will have in the
information in those financial statements. Registered auditors offer their services to the public. They are described as being “in
public practice” and must be registered with the Independent
Regulatory Board for Auditors (IRBA).
* internal auditors – auditors who perform independent assignments on behalf of the board of directors of the company. These
assignments are varied but usually relate to the evaluation of the efficiency, economy and effectiveness of the company’s internal
control systems and business activities and to the evaluation of whether the company has identified and is responding to the
business risks faced by the company. In a sense, the internal audit function helps senior management to meet their responsibilities
in running the organisation by providing independent
information about the company’s departments, divisions or subsidiaries. The internal auditor enhances management’s degree of
confidence that the company’s systems are functioning as intended and that the risks are being assessed and addressed. The
internal auditor is an employee of the company, but must be independent of the department, division or subsidiary in which the
assignment is being carried out.
* government auditors – government auditors perform a role similar to that of the internal auditor – but within government
departments..
* forensic auditors – forensic auditors concentrate on investigating and gathering evidence where there has been alleged financial
mismanagement, theft or fraud. Forensic audits may be carried out in any government or business entity, but it should be obvious
to you that the forensic auditor needs to be independent of the entity under investigation. Where an independent and competent
forensic auditor has been involved, the degree of confidence which the court/investigating body has in the financial evidence, is
increased
* special purpose auditors – these are auditors who specialise in a particular field such as environmental auditors, who audit
compliance with environmental regulations, and VAT auditors who work for the South African Revenue Services and who audit
vendors’ VAT returns.
Equally important are the ethical principles which members of the auditing profession must abide by. As is discussed in depth in
chapter 2, the SAICA and IRBA Codes of Professional Conduct lay down the fundamental ethical principles that all chartered
accountants and registered auditors are required to observe as
integrity : being straightforward and honest, in all professional and business relationships
objectivity : not allowing bias, conflict of interest or undue influence of others to override professional or business judgements
(impartial, independent)
professional competence and due care : maintaining professional knowledge and skill at the required level and performing work
diligently in accordance with applicable technical and professional standards
confidentiality : respecting the confidentiality of client information
professional behaviour : complying with laws and regulations and avoiding action which discredits the profession.
WHY IS THERE A NEED FOR AUDITORS?
2.1 The split between ownership and management
,The need for modern day auditors, both external and internal, arose out of the natural development of owner-managed businesses
into entities which were owned by people who did not manage the business. The owners provided the finance and appointed
managers to run the business. The owners would require that the managers report to them at regular intervals on their stewardship
(management) of the owners’ money. Many of the providers of finance who, as stated, were not involved in managing the
business, had neither the time nor the expertise to determine whether what they were being told by their managers, was a fair
representation of the managers’ stewardship. The solution was to appoint an independent person to evaluate the reports of the
managers and to provide an opinion on their truth or fair presentation. The need for the external auditor was established and
entrenched.
2.2 Confidence in financial information
In order to maintain the confidence of those who invest in business, whether they are members of the general public or investment
companies, assurance is required that the financial information produced by business organisations is reliable and credible
2.3 Accountability
The “auditing” profession, and here we are not restricting our discussion to registered auditors in public practice, has blossomed
over the years with the emergence of internal auditing, government auditing, forensic auditing and environmental auditing, as
major forces in their own right. The dominant reason for this is that the world at large requires accountability. Directors must be
held accountable for the way in which they run their businesses, the government must be held accountable for the way it spends
taxpayers’ money, and companies whose activities affect
the environment must be held accountable for the way in which they adhere to environmental regulation and legislation
An assurance engagement is one in which the professional accountant “expresses a conclusion designed to enhance the degree of
confidence of the intended users, other than the responsible party, about the outcome of the evaluation or measurement of a
subject matter against the criteria”. Perhaps the easiest way to understand this rather tedious definition, is to break it down into its
elements and relate it to the audit or review of a set of financial statements.
3.2 The audit engagement
We can deduce from the chart that the audit of financial statements is an assurance engagement in which the auditor gathers
sufficient appropriate evidence to form an opinion on whether the directors, who are responsible for the financial statements, have
applied IFRS appropriately in presenting the financial position, financial performance, changes in equity, cash flows and
disclosure notes/(subject matter). The opinion formed is then reported by the auditor to the shareholders in the audit report.
It is important to note that
* for the auditor to form an opinion on fair presentation he must have suitable criteria in terms of which to judge fair presentation.
The auditor cannot just say that fair presentation has been achieved, fairness can only be judged in terms of a benchmark or
standard and this is where the accounting framework comes in. The most common
frameworks are IFRS and IFRS for SMEs.
* the auditor must perform the audit in the prescribed manner. How he goes about this is laid down in the International Standards
on Auditing (ISAs) with which the auditor must comply in all aspects of the audit i.e. planning, risk assessment, gathering
evidence and reporting.
* the audit engagement provides reasonable assurance.
3.3 The review engagement
We can also deduce from the chart that the review of financial statements is an assurance engagement and is very similar to an
audit engagement. In a review engagement the reviewer (who will very often be a registered auditor) gathers sufficient appropriate
evidence to form a conclusion on whether anything has come to his attention which causes him to believe that the financial
statements prepared by the directors are not prepared in accordance with IFRS for SMEs (or IFRS).
Again it is important to note that
,* the reviewer forms his conclusion in terms of defined criteria, in this case IFRS for SMEs. (Could also be IFRS.)
* the reviewer must perform the review in the prescribed manner. How he goes about it is laid down in ISRE 2400 – International
Standards on Review Engagements.
Although some of the concepts or procedures in the ISAs are relevant, the ISAs are auditing standards and are not applicable to a
review engagement.
* the review engagement provides only limited assurance.
3.4 Non-assurance engagements.
There are many types of engagement which accountants in public practice undertake, which are not assurance engagement. These
include taxation services and a wide range of advisory services relating to accounting, business performance, corporate finance,
etc. These services can be classified as non-assurance engagements.
4.1 Reasonable assurance
ISA 200 – Overall Objectives of the Independent Auditor, defines reasonable assurance as a high but not absolute level of
assurance. Reasonable assurance can only be given when the practitioner has gathered sufficient appropriate evidence to satisfy
himself that the risk that he expresses an inappropriate opinion on the subject matter is acceptably low. The nature and extent of
the audit procedures he conducts, must satisfy the auditor that the risk that he will express an opinion that the financial statements
are fairly presented when in fact they are not, is low.
* reasonable assurance – audit – positive expression.
A reasonable level of assurance is conveyed by the use of the phrase In our opinion the financial statements present fairly …….
4.2 Limited assurance
Limited assurance is a level of assurance which is lower than reasonable assurance but which is still meaningful to users
(ISRE 2400). It has also been described as moderate assurance. Limited assurance is given when the practitioner has gathered
enough evidence to satisfy himself that the risk that he expresses an inappropriate conclusion on the subject matter is greater than
for a reasonable assurance engagement, but still at an acceptably low level for the particular engagement.
* limited assurance – review – negative expression A limited level of assurance is conveyed by not using the phrase In our
opinion …… and replacing it with Nothing came to our attention which causes us to believe that
these financial statements do not present fairly…..
4.3 Absolute assurance
Having read the above discussion you may be wondering why the auditor cannot certify or confirm that the financial statements
are 100% correct. Why is the auditor restricted to providing reasonable assurance? By carrying out more procedures couldn’t he
actually confirm that the financial statements are correct? Essentially the reason that the auditor cannot certify (provide absolute
assurance) is that an audit has inherent limitations which prevent the auditor from certifying or confirming the 100% correctness
of a set of financial statements. ISA 200 provides the basis for the following explanation of the inherent limitations of an audit.
4.4 Limitations of an audit
, * the nature of financial reporting. In the preparation of financial statements, management must apply judgement in applying the
relevant reporting framework, and financial statements contain many account balances which are subjective, e.g. non current and
current assets are directly affected by estimates (subjective) of depreciation, impairment, inventory obsolescence and bad debts
respectively. It is impossible to know exactly which debtors will not pay, or which inventory will become obsolete.
* the nature of audit procedures. There are practical and legal limitations on the auditor’s ability to obtain audit evidence. There
is always the possibility that management may not provide complete information that is relevant to the preparation of the financial
statements, and accordingly the auditor cannot be certain that all relevant information has been received. Audit procedures are not
designed specifically to detect fraud, and by collusion or falsification of documentation, and other means of circumventing
controls carried out by management, fraudulent transactions may go undetected and the auditor may believe that evidence is valid
when it is not.
audit evidence is usually persuasive rather than conclusive. For example, an auditor is “persuaded” that an event or
transaction took place by the presence of documents or information provided by management, rather than by actually witnessing
the event.
* the use of testing. On a similar note the auditor cannot examine every single transaction which has taken place in the business
due to financial and time constraints, therefore it is necessary to “test” check i.e. perform procedures on only a sample of
transactions and balances. Once the auditor “test checks”, he cannot state that everything is 100% correct, only a reasoned opinion
based on the sample on which procedures were undertaken, can be given.
the inherent limitations of accounting and internal control systems. The auditor is obliged to place reliance on the systems
which the client has put in place to provide financial information; these systems have inherent limitations which may result in the
failure to detect errors or fraud
* timeliness of financial reporting and the balance between benefit and cost. To be of any value the audit opinion must be
reported within a reasonable time after the financial year-end, and the benefit derived from the audit must exceed the cost.
* other matters that affect the inherent limitations of an audit. There are frequently aspects of the audit or assertions in the
financial statements which are inherently difficult for the auditor to gather sufficient appropriate evidence and which compound
the limitations of the audit. For example in some situations it is virtually impossible
for the auditor to
determine the presence or effect of fraud conducted by senior management
satisfy himself that all related parties and related party transactions have been identified and correctly treated in the financial
statements
determine the level of non-compliance with laws and regulations which may have an impact on the financial statements
identify and evaluate future events which may have a bearing on the going concern ability of the company
The point is that these uncertainties contribute to the limitations of the audit process and in turn make it impossible for the
auditor to provide absolute assurance.
AUDITING POSTULATES
The word "postulate" is best explained by considering the following definitions from the Oxford Dictionary :
"thing(s) claimed as a basis for reasoning" and "postulates provide a basis for thinking about problems and arriving at solutions...a
starting point...a fundamental condition"
Perhaps to express it simply we can say that the auditing postulates are the very foundation on which the discipline is built.
Without a foundation, nothing of permanence can be built.
1. No necessary conflict of interest exists between the auditor and management / employees of the enterprise under audit (both
the client and the auditor have the same objective with regard to fair presentation).
Explanation
This postulate proposes that the auditor and the client’s management share a common desire to ensure that the financial statements
prepared by management, do achieve fair presentation. This postulate assumes that management will not want to manipulate the
financial statements to present a misleading account of the affairs of the enterprise, for example, to hide fraud or to present a more
favourable financial picture of the company to potential investors.
Discussion
This postulate implies that if management do not want to achieve fair presentation (and thus are willing to manipulate/falsify
information), it becomes impossible to perform a conventional (normal) audit
The postulate is critical if audits are to be economically and operationally feasible, and yet its relevance and applicability is
becoming increasingly questionable. In view of the ever rising evidence of financial mismanagement, theft and fraud in business
and government worldwide, is it realistic to presume that management do have the desire to report business information honestly
and fairly?
The auditor has traditionally been able to rely on management's integrity in the absence of contrary evidence. In the light of the
alarming increase in fraud in recent years, it has become increasingly important for the auditor to evaluate management integrity
with professional scepticism. Indeed, the adoption of professional scepticism by the auditor is one of the requirements placed on
the auditor in terms of ISA 200 – Overall objectives of the Independent Auditor and the Conduct of an audit in accordance with
International Standards on Auditing. It means that the auditor can no longer take what he or she is told by management as
necessarily being the truth. It means not being “led around by the nose” or blindly accepting what management or other
employees tell him, and it means that the auditor cannot accept, as a basis for the audit, that this postulate holds true. ISA 200
defines professional scepticism as “an attitude that includes a questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud, and a critical assessment of audit evidence.