Audit is the exercise of verifying the transactions alongwith documents for certain specifications mandated by the person appointing the auditor.

In other words, auditor is appointed by a stakeholder in the organisation. Appointing person gives scope of work to the auditor. If appointment is under a Law / Statute, then, Law also specifies various areas to be considered by the auditor while conducting audit exercise and to be reported thereon.

Audit assures the appointing person that transactions and documents are complying with the given guidelines.

Importance of audit

    • Audit process is required to identify non-conformances created due to
        • Human minds are creative → unlike robots, the brain does not like routines, practices, procedures and discipline → financial inconsistencies due to slippages by manpower;
        • Attitude towards integrity, transparency and other values is based upon a person’s upbringing and past experience → inconsistent transactions due to incorrect attitude.
    • Suggesting corrective actions to remove non-conformances;
    • True reporting by the auditor brings actionable;
    • Unless the financial transactions and operations of an organisation properly diagnosed & audited → non-identification of weaknesses à no improvement can happen.

Who conducts the audit?

    • Audit can be conducted by
        • In-house Audit team; or
        • External auditor.

Before appointment of external auditor, the organisation must ensure following so that the person can deliver the results:

      • Sufficient audit experience;
      • Required qualifications to carry audit;
      • Infrastructure;
      • Trained staff in the field of audit.

Different types of audit

    • Statutory Audit
        • Audit required under a particular Statute;
        • Conducted by external auditors, generally qualified Chartered Accountants (CA)
        • The Auditor reports on various parameters specified by different Acts, Rules, etc. → Reporting on annual accounts → whether annual accounts give true & fair view of the state of affairs of the organisation? → if not, report the same;
        • Auditors need to consider and abide by guidelines given by professional regulatory body i.e. Institute of Chartered Accountants of India (ICAI) → purpose of guidelines → to improve the quality of audit and disclosures → building reliance of shareholders and other stakeholders on the annual accounts for taking decisions.
    • Limited purpose audit
        • Statute may require audit for limited purpose (e.g. Income-Tax Audit, VAT audit, Excise Audit, etc.);
        • Conducted by external auditor who can be a member of ICAI or other professional bodies;
        • Reporting on
            • Whether books of accounts properly maintained?
            • Whether organisation complied with a particular Statute and its guidelines and not all statutes?
            • Whether organisation has discharged its statutory liabilities properly?
    • Internal Audit
        • Audit required by management of the organisation to check regularly
            • Whether its operations are as per guidelines given by the management?
            •  Review of internal controls → whether any person taking advantage of processes and organisation thereby losing goods and money;
            • Whether all risks are taken care of and mitigated wherever possible?
        • Audit can be done by in-house team or external auditor;
        • Report of the auditor to the management.
    • Management Audit
        • Auditor appointed by the management;
        • Purpose of audit → very broad → to review the management decisions and their impact → management includes all managers who manage the people and are decision makers;
        • Generally conducted by external professionals.
    • Special Audit
        • Statutory authority may also require audit be re-done by another auditor to check the audit quality of original auditor → or checking compliances of the relevant Statute;
        • The authority may specify additional scope of work where the auditor needs to report.
    • Due Diligence
        • Conducted generally on behalf of an investor before taking investment decision;
        • Carried out by external professionals;
        • Purpose of due diligence is to arrive at correct business valuation of the investee by
            • Calculating the appropriate value of assets;
            • Diagnosing the accounts to identify hidden liabilities;
            • Identifying risks and its likely costs.
    • Audit by CAG (Comptroller & Auditor General of India)
        • CAG carries the audit of organisations where Govt. invests its money {e.g. Public Sector Undertakings (PSU), Statutory Authorities, Govt. departments, etc.};
        • CAG audits are conducted over and above normal statutory audits in PSU;
        • Submission of audit reports to State Assemblies for state PSUs and country Parliament for central Govt. departments and central PSUs.
    • Systems Audit including Software / ERP audit
        • Carried out by specialised professionals;
        • The purpose is to identify and plug weak internal controls and loop-holes.

Watchdog vs. Bloodhound

    • Auditing works start with questioning the existing decisions;
    • Who, what, when, why, where & how are the integral questions in this exercise;
    • Many-a-time, auditor is expected to be bloodhound and a detective finding out frauds from operations;
    • 100% checking of operations not feasible due to involvement of cost of audit exercise (i.e. cost of organisation staff resolving audit queries and not able to concentrate on core operations);
    • Difficulty and hesitation in taking decisions by manpower if they know that their each decision will be passing through close scrutiny by the auditor;
    • It is worth reading the interview with John Griffith-Jones (The ex-KPMG UK senior partner and chairman) on the subject
    • Auditor is a watchdog (checking whether overall operations give true & fair view of the state of affairs) and not bloodhound.

Deliverables (i.e. expectations from the Auditor / Audit department)

Checking at Organisational-end

      • Whether information given in annual accounts is sufficient and can be relied upon by the stakeholders before taking any decision – financial or non-financial?
      • Whether people who are entrusted with responsibilities are carrying the operations diligently?
      • Whether the transactions are backed by documents which explain them and sufficiently authorised by appropriate authority before carrying those transactions?
      • No mis-utilization of funds;
      • Whether all controls are in place?
      • Whether organisation has complied with all laws?

Qualities expected at Auditors-end

      • Independence
          • No financial interests in the organisation and business transactions directly or indirectly.
      • Integrity in reporting
          • Actual operations are largely same as reported by the auditor → no inconsistency in accounts;
      • Good communicator
          • Auditors’ report reaches to a large audience;
          • Unless Report and its contents are clear → no right conclusion can be drawn.
      • Transparency
          • No collusion with officials of organisation → no important facts hidden.
      • Knowledgeable
          • Updated with all information in the field to be audited;
          • Unless aware about the changes → inability to identify inconsistencies and reporting thereon.

Important developments in the Audit

    • Wide adoption of IFRS (International Financial Reporting Standards) by different countries for bringing uniformity in presentation of annual accounts alongwith disclosures and reporting thereon;
    • Usage of audit software to check the accounting data quality;
    • Availability of vast information about statutes and changes made therein on Internet or through emails, SMSs, etc. on regular basis to update the knowledge.

Traditional / Normal ways of working in Audit function

    • 100 % checking of transactions OR checking of high value transactions → for creating reliance on the financial data;
    • Less analysis of risks involved in the business operations

Conflicts (Inter-departmental) / Challenges with Audit function

    • Departments considering audit department as hindrance in their business operations → while audit team around → less concentration in operations; more time in resolving audit queries;
    • Auditors less organised in their documentation → high staff turnover at their end → new audit staff requiring the auditee organisation to spend a lot of time in explaining the business process again;
    • Business operations are increasingly multi-location. Challenges are:
        • Documentation not available at one place → difficult to see the entire transaction in cohesive manner;
        • Increasing usage of technology (ERP) → Inexperienced audit team to analyse the ERP;
        • Organisations want to spend less on audit → reduced checking by audit team → more risks in business operations remaining undetected.
    • Huge expectations by all stakeholders from auditors in terms of audit quality, presentation of accounts, disclosure and reporting → more changes in law requiring structural changes at the auditee organisation → not willing to change & spend on audit (+) non-cooperation to Auditors → affecting audit quality.

Some of the Process Implementation for better Audit function

  • Firm resolution by top management for carrying audit in a transparent manner;
  • Pro-active role of Audit department in building and strengthening the internal controls;
  • Creating Risk-register of entire organisation explaining various risks in different departments and their mitigation plan;
  • Annual audit planning in advance dividing entire audit into periodic audit of specific areas;
  • Building standard documents list explaining business processes and various policies for new person to adapt to the auditee organisation;
  • Observations by Audit team
      • Categorisation
          • High Priority with high-risk;
          • Medium Priority with medium-risk; and
          • Less Priority with less risk.
      • Defining the action plan for each observation starting from High-priority;
      • Defining the responsibility of the concerned;
      • Ensuring the resolution of observation in a time-bound manner;
      • Periodic review for whether the controls installed earlier are still in place.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s