Management Control Systems (2nd Edition)

Auditing : Overview

While inspecting and evaluating financial statements, auditors apply certain key concepts - audit materiality, audit evidence, audit risk, and the true and fair concept. Any information is considered as material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. Audit evidence is any kind of information used by the auditor to determine whether the financial statements being audited are in accordance with the established rules and regulations. Audit evidence comprises not only the basic accounting data but also all the supporting information available to the auditors, such as contracts and inspection records. The criteria to be fulfilled by the audit evidence are sufficiency of the audit evidence, and its appropriateness for forming a reasonable opinion. The concept of true and fair in the audit report deals with the opinion of the auditor as to whether the state of affairs and their results as confirmed by the auditor during the audit process are truly and fairly represented in the statements being audited.

The financial statement audits guarantee the relevance and reliability of the information and reduce the information risk caused by conflict of interest, consequence, complexity, and inaccessibility (remoteness) of information.

Traditionally, internal audits have been conducted to check whether the existing controls are effective and adequate, whether the financial reports and other records show the actual results of the organization, and whether its sub-units are following the policies and procedures laid down by the management. The modern approach to internal auditing expects internal auditors to go beyond checking the books of account and related records. They have to appraise the various operational functions of an organization and provide recommendations about them.

The internal audit is important considering the increasing size and complexity of organizational operations. Internal audits are undertaken to avoid discrepancies from creeping into an organization's systems, processes, and operations. Teams of specialists called internal auditors monitor, track, and report such discrepancies, or inefficiencies of personnel in the concerned departments. They may be assisted by auditing professionals from auditing or consulting firms.

Fraud auditing and forensic accounting deal with deterrence, detection, investigation, and reporting of fraud. Certified Fraud Examiners (CFEs) are people trained to detect, investigate, and deter fraud. The CFEs are people who are knowledgeable about four major areas - fraud investigation, legal standards regarding evidence of fraud, the patterns of fraudulent financial transactions, and knowledge of the criminal behavior associated with fraudulent activities. Forensic accounting deals with the court-related work undertaken by the accountants, taking into consideration the 'rules of evidence' and the prevailing legal system.

Management audit is defined as an examination of the conditions in an organization, and a diagnosis of its deficiencies, with recommendations for correcting them. It is basically constructive and objective in its approach. The main aim of conducting a management audit is to critically analyze and evaluate management performance. It helps the management to enhance the competitive position of the organization.

Management audits can be categorized into six types - complete management audits, compliance management audits, program management audits, functional management audits, efficiency audits, and propriety audits. Setting up a general program for management audit requires the management's approval and support. This support must be reflected clearly and categorically in the organization's highest policy statements. Apart from this, the management should allocate personnel, train them, and decide on the timing and frequency of audits. A social audit is a systematic attempt to identify, analyze, measure, evaluate, and monitor the effect of an organization's operations on society. Some of the approaches to social audit are - the inventory approach, the program management approach, the cost-benefit approach, and the social indicator approach.

Environmental audits are used to evaluate the organization on various parameters. These are – conformance with the occupational health and safety requirements; conformance with the emission standards and license requirements of the local, state, and national governments; generation, storage, and disposal of hazardous wastes; etc. There are two types of environmental audits - environmental compliance audit and environmental management audit. Environmental compliance audit is a self-check mechanism while environmental management audit is a self-evaluation mechanism.

The auditing process consists of various stages: staffing the audit team, creating an audit project plan, laying the groundwork, conducting the audit, analyzing audit results, sharing audit results, writing audit reports, dealing with resistance to audit recommendations, and building an ongoing audit program.

While conducting the audit, the auditors, have to assess the inherent and control risks before deciding on how to conduct the audit. They have to study and understand the operations of the entire organization and its internal control systems to assess this risk. Tests of controls have to be performed to check whether the internal controls are functioning appropriately and effectively. If the control risks are assessed to be high, the detection risk should be reduced by the extensive use of substantive procedures such as verification of documents, transactions, and account balances. The broad categories of audit procedures are: verification, observation, inquiry, and analysis. The techniques in verification are: count, compare, examine, inspecting tangible resources, recompute, reconcile, confirm, vouch, and trace.

In addition to financial aspects such as assuring the users on the quality of the financial statements and detecting/deterring frauds, auditing is also beneficial from the managerial perspective as it is a tool for continuous improvement. The various benefits of auditing include: to identify opportunities for improvement; to act as a reality check; to identify outdated strategies; to measure performance improvements; to strengthen management's ability to address concerns; enhance teamwork; and to change employee mindsets and increase acceptance to change. Some of the limitations of auditing are - it cannot by itself serve as a tool for resource allocation, motivation, or performance improvement; the quality of the audit will only be as good as the quality of the audit tool; financial statement audits do not make judgments on the soundness of the management or its ability to manage change in a profitable manner.

Chapter 6 : Overview