BACHELOR OF COMMERCE: ACCOUNTING

(BCOMACC)

MODULE GUIDE

AUDITING 2

Copyright © 2014

REGENT Business School

All rights reserved; no part of this book may be reproduced in any form or by any means,
including photocopying machines, without the written permission of the publisher
Auditing 2 BCOMACC

TABLE OF CONTENTS

CHAPTER PAGE
Introduction to module 2

Chapter 1 - Introduction to Auditing 3

Chapter 2 - Responsibilities, functions and qualities of an Auditor 12

Chapter 3 - Professional Conduct 23

Chapter 4 - Statutory Requirements 36

Chapter 5 - Audit Evidence 55

Chapter 6 – An overview of the audit process 65

Chapter 7 - Important Elements of the Audit Process 76

Chapter 8 - A framework for internal control and internal control evaluation 105

Chapter 9 - A framework for Substantive Procedures 116

Bibliography 122

REGENT Business School Page 1

Auditing 2 BCOMACC

INTRODUCTION TO MODULE

On completion of this module the student will be able to:

 Examine and understand the nature and objective of an audit.

 Analyse the qualities, duties and responsibilities of an auditor.
 Examine and understand the various types of auditing legislation.
 Compare and contrast the various basic types of internal audit controls.
 Compare and contrast audit theories and their implications.
 Categorise audit evidence into levels of reliability.
 Examine and understand the importance of audit documentation and evidence

Prescribed Readings:

Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th
Edition, Durban; LexisNexis.

Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition;
10th Edition, Durban; LexisNexis

Recommended Readings:

Crous, C., Lamprecht, P., Eilifsen, A., Messier, Jr.F.W., Glover, S.M., & Prawitt, D.W.
(2012), Auditing and Assurance Services, 4th South African Edition, Berkshire,
McGraw-Hill

REGENT Business School Page 2

Auditing 2 BCOMACC

CHAPTER 1
INTRODUCTION TO AUDITING

REGENT Business School Page 3

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the different types of auditors

 Understanding the objective of auditing financial statements
 Understanding the need for auditors
 Compare and contrast assurance and non assurance engagements
 Compare and contrast statutory and non statutory audits
 Understanding the public interest score
 The ethical/fundamental principles of professional accountants and auditors

READINGS

Prescribed Readings:

Chapter 1
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 4

Auditing 2 BCOMACC

1.1 What is auditing?

We all have some idea of what an auditor is, without really understanding what an auditor does.
Auditors seem to be involved in numerous different activities and there seem to be numerous
different kinds of auditors.

Auditors of all types give assurance over organisations financial records and statements.
Assurance can be defined as when a practitioner expresses an independent conclusion
designed to enhance the degree of confidence of the intended user.

Think Point:
Audit Concept and how it relates to our everyday life.
When go to shops to do shopping for groceries and we
confirm if the point of sale attendant have not captured an
item twice. Hence trying to confirm the correctness of the
invoice we have been given with items we purchased.

1.2 Different types of auditors

1.2.1 Registered external auditors

An external auditor is not an employee of the company; they are auditors who express an
independent opinion on the annual financial statements of the company.

1.2.2 Internal auditors

An internal auditor is an employee of the company but is independent from the division in which
the audit is being carried out. An internal auditor performs independent audits on behalf of the
board of directors to evaluate the efficiency of internal controls and identify and addressing risks
faced by the company. An internal auditor could also be an external company that provides
internal services.

1.2.3 Forensic auditors

A forensic auditor is an independent auditor and not an employee of the company. Forensic
auditors concentrate on investigating and gathering evidence where there has been alleged
financial mismanagement, theft or fraud.

REGENT Business School Page 5

Auditing 2 BCOMACC

1.2.4 Special purpose auditors

These are auditors who specialize in a particular field. They are independent and not an
employee of the company.

It is important to understand that this module deals primarily with registered auditors, the
external audit function and the assurance given by this type of auditor.

1.3 Why is there a need for auditors?

The shareholders of entities require assurance that the financial statements prepared by such
entities contain reliable information. An audit does not only ensure the fair presentation of
financial information audited, but also plays an important role to protect the interest of the
members, creditors and investors.

An audit increases the credibility of the financial statements, it provides the following benefits:
 To investors or potential investors – They will be interested in its profitability as
measured by the return on their investment in equity. They will also wish to establish the
financial stability of the company in order to assess the risk attached to their investment.
Audited financial statements help investors make solid investment decisions.
 To creditors – audited information helps creditors make decisions on providing trade
credit.
 Management - Management is concerned with every aspect of the company as their
mandate is to maximize the wealth of the shareholders and ensure continued operation.
They must ensure that the company is operating efficiently and effectively. Their
particular focus will be on profitability, risk and day to day running of the business.
During and after the audit management will have an idea of how to improve efficiency
and also helps in business decisions.

REGENT Business School Page 6

Auditing 2 BCOMACC

1.4 Why audit financial statements?

The main objective is to provide assurance to the users of the financial statements. An auditor
can provide two levels of assurance:

1. Reasonable assurance which arises out of an audit engagement and

2. Limited assurance which arises out of a review engagement.

For many years, in order to achieve reliable financial information, the Companies Act of the time
required that all companies, large or small, public or private, have their financial statements
externally audited. The business world and society runs on financial information and depends
on that information being accurate, fair and credible. Therefore it is in the public interest that
there is a process to achieve this.

The new corporate legislation (Companies Act 2008) no longer requires all companies to be
audited but rather depend on the level of public interest in the entity. As a result the Companies
Act 2008, stipulate all companies and close corporations calculate their public interest score for
each financial year.

An entity’s public interest score will be sum of:

 Number of points equal to the number of employees during the financial year.
 One point for every R1 million of turnover.
 One point for every R1 million of 3rd party liabilities at year end.
 One point for every individual who directly or indirectly has a beneficial interest in any of
the company’s shares.

Public interest score is broken down into three strata that is,

1. 350 points and above

2. 100 to 349 points
3. Less than 100 points

In addition to the public interest score, the other factor that must be considered is whether the
financial statements were internally compiled or externally compiled by an independent
accounting professional.

REGENT Business School Page 7

Auditing 2 BCOMACC

As discussed earlier auditors provide two type of assurance: reasonable assurance or limited
assurance. The higher the public interest scores the higher the assurance and therefore
reasonable assurance can be obtained. Similarly companies with low public interest scores and
who have their financial statements externally compiled should be reviewed by the auditor
providing the users with limited assurance.

The following chart summarises the public interest score:

Close Corporations and

Public Interest Score Company Owner Managed
Companies
Less than 100 Review No assurance is required
Audit if financial statements Audit if financial statements
100 to 349 internally compiled. internally compiled.
Review if financial statements No assurance required if
externally compiled. externally compiled.
350 and above Audit Audit

It may seem strange that close corporations and owner managed companies which have their
financial statements externally compiled and have points falling in the range 100 to 349, do not
require their financial statements to be audited or reviewed, this is because the external
compilation of the financial statements adds the necessary level of credibility to that financial
information.

In addition to audits and review engagement requirements arising out of public interest scores,
the Companies Act 2008 and regulations, makes it obligatory for certain other companies to
have their annual financial statements audited, regardless of their public interest score. These
are:

1) Public companies and state owned companies

2) A company which holds assets (exceeding R5 million) in the ordinary course of its
primary activities in a fiduciary capacity for persons not related to the company.

It is important to note that according to the Companies Act 2008, Close Corporations will not be
formed in the future; the above applies to existing Close Corporations.

REGENT Business School Page 8

Auditing 2 BCOMACC

1.5 Assurance and Non Assurance Engagements

1.5.1 Assurance Engagements

An assurance engagement is one which the professional accountant expresses a conclusion

designed to enhance the degree of confidence of intended users. The following are elements of
an assurance engagement:

1) 3 party relationship (accountant, responsible party, user)

2) Subject matter (financials)
3) Suitable criteria (International Financial Reporting Standards)
4) Sufficient appropriate evidence
5) Written assurance report (audit report)

1.5.2 Non Assurance Engagement

Engagements which do not meet the definition of an assurance engagement and do not contain
the elements of an assurance agreement e.g. tax return.

1.6. Statutory and Non Statutory Audits

1.6.1 Statutory Audit

These represent audits mandated by the Companies Act of 2008. As explained these are:
1) Public companies and state owned companies
2) A company which holds assets (exceeding R5 million) in the ordinary course of its
primary activities in a fiduciary capacity for persons not related to the company.
3) Companies or Close Corporations exceeding 350 points.

1.6.2 Non Statutory Audit

These represent audits requested by the client although this is not statutory required, e.g., the
companies, close corporations or owner managed entities whose public interest score is below
350 points and needs a review or compilation.

REGENT Business School Page 9

Auditing 2 BCOMACC

1.7. The Accounting Profession

Professional status is not attained by attaching the label “professional” to a body of practioners.
It is achieved when there is public acceptance that such a body of practioners is worthy of
recognition as a profession. Professionalism is acquired through specialized knowledge, skills
and intellectual abilities gained through formal education process and practical training process.

Equally important are the ethical principles which professional accountants/auditors must abide
by. These fundamental principles are:

1) Objectivity
2) Integrity
3) Professional competence and due care
4) Confidentiality
5) Professional behaviour

There are a number of accounting bodies in South Africa namely:

1) South African Institute of Chartered Accountants (SAICA)

2) Association of Chartered Certified Accountants (ACCA)
3) Chartered Institute of Management Accounting (CIMA)
4) South African Institute of Professional Accountants (SAIPA)
5) Independent regulatory Board for auditors (IRBA)
6) Institute of Internal Auditors (IIA)

The dominant bodies at this stage are South African institute of chartered accountants.

REGENT Business School Page 10

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

Recently, having commenced your auditing studies and you were chatting to a friend about the
subject. At one point he said “you know, auditing must be a good career, but there seem to be
many different types of auditors. I have read about internal auditors, forensic auditors and
environmental auditors. I also see firms which call themselves accountants and auditors. What
do all these types of auditors do?”

You are required to respond to your friend’s question.

QUESTION 2

An auditor of any kind, internal or external, must not only be skilled in the techniques and
disciplines of the profession e.g. financial accounting and auditing, but also have certain
attributes.

You are required to discuss the more important attributes that an auditor should possess.

QUESTION 3

The Companies Act 2008 requires that public companies are audited by an external firm of
auditors each year. Most public companies employ a number of chartered accountants; have
strong internal audit departments and efficient internal controls which translate into high
standards of corporate governance. It therefore seems to be a waste of time and money to
require such companies to be audited annually.

You are required to discuss the above statement indicating whether or not you agree with it.

REGENT Business School Page 11

Auditing 2 BCOMACC

CHAPTER 2
RESPONSIBILITIES, FUNCTIONS AND QUALITIES OF
AN AUDITOR

REGENT Business School Page 12

Auditing 2 BCOMACC

Learning Outcomes:

 Examining what audit really means.

 Analyse the qualities, duties and responsibilities of an auditor.
 Understanding the general principles of an audit.
 Understanding International Standards on Auditing (ISA).
 Compare and contrast the responsibilities for financial statements between the auditor
and management.
 Understanding the involvement of risk and materiality in an audit.
 Understanding audit postulates.
 Explanation of audit and other related services.

READINGS

Prescribed Readings:
Chapter 1
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 1
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 13

Auditing 2 BCOMACC

2.1 Understanding Auditing Practice

The act or process of performing an audit is referred to as auditing. Auditing is a historic process
that is dated back to 4000 BC when businesses instituted a system of checks and
counterchecks of their record keeping systems. The practice of auditing involves the collection
of evidences that are aimed at adding creditability to a statement or information. Auditing
consists of set practical conceptual tools that help an audit firm or auditor to investigate,
evaluate and organise evidence about the assertions of another entity known as the auditee. It
is also a practice that helps to evaluate the relevance and reliability of the systems and
processes used for recording the usage of information within an organisation.

2.2. Objectives of an audit

An auditor expresses an independent opinion as to whether or not the financial statements are
fairly presented, in all material aspects. The auditor’s opinion:

1) Enhances the credibility of the financial statements

2) Does not guarantee the future viability of the entity
3) Does not guarantee the efficiency or effectiveness with which management has
conducted the affairs of the entity.

As mentioned in chapter 1, the auditor does not confirm absolute correctness of financial
information but gives reasonable assurance that the financial statements are free of material
misstatements, not that they are 100% correct. The International Standards on Auditing (ISA)
defines reasonable assurance as high but not absolute level of assurance for the following
reasons:
1) The nature of financial reporting – the financial statements account balances are
subjective. There are balances that are based on estimates e.g., depreciation, inventory
obsolescence, bad debts and impairment.
2) The nature of audit procedures – fraudulent transactions may go undetected because
management may not provide all relevant information for the preparation of financial
statements.
3) Audit evidence is persuasive rather than conclusive – auditors must rely on documents
provided by management rather than actually witnessing the event. The document could
be false.

REGENT Business School Page 14

Auditing 2 BCOMACC

4) The use of testing – audits are usually based on samples.

5) Inherent limitations of accounts and internal control system. The auditor is obliged to
place reliance on the clients system.
6) Timeliness of financial reporting – audit opinion must be reported within a reasonable
time after the financial year end; these may lead to some compromise in the audit.

2.3 Duties and responsibilities of an auditor

2.3.1 Outlined below are the duties and responsibilities of an auditor:

 To conduct the audit with an attitude of professional scepticism in that the financial
statements may be materially misstated.
 To apply professional judgement in the planning and performing of audit procedures and
the evaluation of the audit evidence.
 To obtain sufficient appropriate audit evidence to support his/her opinion.
 To be aware of and comply with the legislation and regulations applicable to the audit
engagement.
 To comply with the Auditing Profession Act.
 To comply with International Standards on Auditing while conducting audits.
 To comply with the code of professional conduct.
 To report an audit opinion.
 To conduct an audit with due professional care and competence.
 To maintain an independent attitude.
 To report reportable irregularities.
 To detect and report material fraud and error.
 To detect material contraventions of laws and regulations by the client.

2.3.2 An auditor expresses an opinion on financial statements after performing following

procedures:

 Collect objective evidence, analyse the evidence and compare it with specified
requirements.
 Highlight discrepancies, errors or frauds so as to facilitate the initiation of corrective
measures by the entity being audited.

REGENT Business School Page 15

Auditing 2 BCOMACC

 Evaluate and confirm if the entity being audited is in compliance with policies, laws, and
regulations and also their established goals and objectives.
 Evaluate and confirm the accuracy and reliability of information and reports.
 Evaluate and confirm efficient and effective use of resources.

Think Point:
Outline the requirements to be an auditor or a financial accountant.
Can a book keeper or a student who has graduated with an accounting
diploma/BCOM general with an accounting major, be an auditor?

2.4 General principles of an audit

The auditor should comply with the code of professional conduct of SAICA and IRBA. The
ethical principles underlying the auditor’s professional responsibilities are:

1) Independence
2) Integrity
3) Objectively
4) Professional competence an due care
5) Confidentiality
6) Professional behaviour

Audits must be performed in accordance with the statements of the ISA. These contain basic
principles and essential procedures together with related guidance.

The auditor must plan and perform the audit with an attitude of professional skepticism that
circumstances may exist that could cause the financial statements to be materially misstated.
Professional skepticism means an auditor should make critical assessments with a questioning
mind, be alert to the audit evidence and the validity thereof.

REGENT Business School Page 16

Auditing 2 BCOMACC

2.5 Scope of an Audit

The required audit procedures which are deemed necessary to perform an audit in accordance
with International Standards on Auditing (ISA) are determined with reference to:

1) Statements of the ISA

2) IRBA
3) Legislations and Regulations
4) Terms of an engagement and reporting requirements.

The auditor must comply with each ISA relevant to the audit.

2.5.1 International Standards on Auditing (ISA)

International Standards on Auditing (ISA) are professional standards that deal with the audit of
statements of entities in all sectors and all sizes of the economy and also with that independent
auditor’s responsibilities when conducting an audit. An auditor is expected to have a good
understanding of the entire ISA’s text, its objectives and its application and other explanatory
material so as to apply them properly.

List of ISA’s:
 ISA 200, Overall objectives of the Independent Auditor and the Conduct of an Audit in
Accordance with International Standards on Auditing.
 ISA 210, Agreeing the Terms of the Audit Engagements.
 ISA 220, Quality Control for an Audit of Financial Statements.
 ISA 230, Audit Documentation.
 ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements.
 ISA 250, Consideration of Laws and Regulations in an Audit of Financial Statements.
 ISA 260, Communication with those Charged with Governance.
 ISA 265, Communicating Deficiencies in Internal Control to those Charged with
Governance and Management.
 ISA 300, Planning an Audit of Financial Statements.
 ISA 315, Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment.
 ISA 320, Materiality in Planning and Performing an Audit.

REGENT Business School Page 17

Auditing 2 BCOMACC

 ISA 330, The Auditor’s Responses to Assessed Risk.

 ISA 402, Audit Considerations relating to an Entity using a Service Organisation.
 ISA 450, Evaluation of Misstatement identified during the Audit.
 ISA 500, Audit Evidence.
 ISA 501, Audit Evidence Specific Considerations for Selected Items.
 ISA 505, External Confirmations.
 ISA 510, Initial Audit Engagement – opening balances.
 ISA 520, Analytical Procedures.
 ISA 530, Audit Sampling.
 ISA 540, Auditing Accounting Estimates, including Fair Value Accounting Estimates and
Related Disclosures.
 ISA 550, Related Parties.
 ISA 560, Subsequent Events.
 ISA 570, Going Concern.
 ISA 580, Written Representations.
 ISA 600, Special Consideration Audits of Group Financial Statements.
 ISA 610, using the work of Internal Auditor’s.
 ISA 620, using the Work of Expert Auditor’s.
 ISA 700, forming an opinion a Reporting on Financial Statements.
 ISA 705, Modifications to the Opinion in the independent Auditor’s Report.
 ISA 706, Emphasis of matter paragraphs and other matters in the Independent Auditor’s
Report.
 ISA 710, Comparative Information.
 ISA 720, The Auditor’s Responsibilities Relating to Other Information.
 ISA 800, Special Consideration Audits of Financial Statements prepared in accordance
with special purpose frameworks.
 ISA 810, Engagements to report on Summary Financial Statements.

REGENT Business School Page 18

Auditing 2 BCOMACC

2.6 Responsibility for the Financial Statements

1) Auditor - The auditor is responsible for forming and expressing an opinion on the
financial statements.

2) Management – management is responsible for the preparation and fair presentation of

the financial statements in accordance to the applicable financial reporting framework.
Performing an audit does not relieve management from this obligation.

Financial statements refer to the structured representation of financial information derived from
the accounting records. The financial reporting framework refers to the format of reporting. This
framework determines the content and the form of financial statements. The financial framework
used is the International Financial Reporting Standards.

Management’s responsibility also includes designing, implementing and maintaining internal

controls relevant to the preparation and presentation of the financial statements that are free
from material misstatement, due to fraud and error. Management is also is responsible for
selecting and applying appropriate accounting policies and making reasonable accounting
estimates.

2.7 Risk and Materiality

The auditor should plan and perform the audit to reduce the risk of material misstatement to an
acceptably low level. The auditor performs audit procedures (risk assessment procedures) to
obtain information to assess the risk at material misstatement and then perform further audit
procedures (test of controls and substantive procedures) based on the assessment of risk at the
assertion level.

2.8 Auditing Postulates

Postulate can be best explained as providing a basis for thinking about problems and arriving at
solutions. The authors, Mautz and Sharat suggest the following postulates in their book ‘The
“Philosophy of Auditing”.

 No necessary conflict of interest exists between the auditor and management/employees

of the entity under audit.

REGENT Business School Page 19

Auditing 2 BCOMACC

 An auditor must act exclusively as an auditor in order to offer an independent and

objective opinion on the fair presentation of financial statements.
 The professional status of the independent auditor imposes commensurate professional
obligations.
 Financial data is verifiable.
 Internal controls reduce the probability of errors and irregularities.
 Application of accounting standards resulting in a fair presentation.
 That which held true in the past will hold true in the future (historical data).
 The financial statements submitted to the auditor for verification are free of collusive and
other unusual irregularities.

2.9 Explanation of Audit and Other Related Services

The term auditor is used for reference to both audits and related services but not compilations.

Nature of Service AUDIT REVIEW AGREED COMPILATION

UPON
PROCEDURES

REASONABLE LIMITED NO OPINION NO OPINION

Level of assurance ASSURANCE ASSURANCE

POSITIVE LIMITED FACTUAL FINANCIAL

ASSURANCE ASSURANCE FINDINGS OF INFORMATION
Report provided ON ON PROCEDURES COMPILED
ASSERTIONS ASSERTIONS

Figure 2.1

REGENT Business School Page 20

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

You applied for a job as an auditor and you got a phone call for the job interview. On getting to
the interview panel, you were asked, what are the duties and responsibilities of an auditor?

Required:

Answer the above question asked by the interviewer?

QUESTION 2

Consider the following statements:

1) Assertions form the basis of the financial statements.

2) An auditor must act exclusively as an auditor in order to be able to offer an independent
and objective opinion on the fair presentation of financial information.
3) An unqualified opinion is in effect a certification of the accuracy of the financial
statements.
4) An audit should only be conducted by an audit team which has the necessary technical
competence.
5) Financial data is verifiable.
6) Internal controls reduce the probability of errors.
7) To be appointed as an auditor for a statutory audit the auditor must be registered with a
regulatory body.
8) In the absence of any contrary evidence, that which held true in the past will hold true in
the future.
9) For the external audit function to be effective, co-operation with the client’s
directors/management is essential.
10) The professional status of the independent auditor imposes commensurate professional
obligations.

REGENT Business School Page 21

Auditing 2 BCOMACC

Required:

2.1. Explain the term postulate in the context of auditing.

2.2 Indicate and discuss which of the above statements are regarded as postulates of
auditing.
2.3 For each statement you did not identify as a postulate, state whether the statement is
true or false in the context of auditing.

REGENT Business School Page 22

Auditing 2 BCOMACC

CHAPTER 3
THE CODE OF PROFESSIONAL CONDUCT

REGENT Business School Page 23

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the professional code of conduct.

 Examining the five fundamental principles of the code.
 Analysing each part of the code.
 Identifying the types of threats a professional/chartered accountant will encounter.
 Identifying the safeguards to be applied to the threats.
 Understanding the rules for improper conduct.

READINGS

Prescribed Readings:

Chapter 2
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 24

Auditing 2 BCOMACC

3.1. Structure of the code

The code is broken down into 3 parts, and each part into sections.

 PART A – General application of the code.

 PART B – Chartered accountants in public practice
 PART C – Chartered accountants in business

3.2 PART A – GENERAL APPLICATION OF THE CODE

To be able to understand and apply this approach the chartered/professional accountant must
understand:

 The fundamental principles.

 The types of threats.
 The safeguards which may be applied.

3.2.1 Fundamental Principles

The code establishes 5 fundamental principles, with which chartered/professional accountants

must comply:

1. Integrity
a. Chartered/professional accountants must be straight forward, honest, fair and
truthful in their professional and business relationships.
b. Chartered/professional accountants must not be in association with information
they believe is false, misleading or recklessly provided.

2. Objectivity
a. Chartered/professional accountants should not compromise their professional or
business judgement because of bias, conflict of interest or undue influence of
others.

REGENT Business School Page 25

Auditing 2 BCOMACC

3. Professional competence and due care

a. Chartered/professional accountants are required to maintain professional
knowledge and skill at a level which ensures that clients or employers received
competent professional advice.
b. They are required to act diligently in accordance with applicable technical and
professional standards when providing professional services.
c. To maintain professional competence accountants must remain abreast of
relevant technical, professional and business developments.

4. Confidentiality
a. Chartered/professional accountants should not disclose or use confidential
information acquired as a result of a professional or business relationship to their
own personal advantage or advantages of third parties.
b. If the relationship between chartered/professional accountants and the client
ends, the duty of confidentiality still remains.
c. Disclosure of confidential information is permitted by law (providing evidence in a
legal proceeding) and if it’s authorised by the client. It is also permitted to comply
with IRBA quality review/ practice review or to respond to a query by IRBA or
SAICA and to comply with ethical requirements.
d. On disclosure of confidential information the accountant should consider whether
the interests of all parties could be unjustly harmed or whether if all information
disclosed is relevant and complete, as incomplete information could be damaging
to parties concerned.

5. Professional Behaviour
The fundamental principle requires that chartered/professional accountants comply with
relevant laws and regulations and avoid any action that may bring discredit to the
profession.

REGENT Business School Page 26

Auditing 2 BCOMACC

3.2.2 Threats

It is necessary to consider the circumstances which can threaten compliance with the
fundamental principles. The code categorises them as follows:

1) Self interest threat - threat that a financial or other interest will influence the accountants
judgement.

Examples of self interest threats:

a) The accountant has shares in the company under audit.
b) The firm is dependent for survival on the fees from one specific client.
c) A trainee, auditor or accountant of the audit team will join the client as an employee.
d) The client is placing pressure on the audit firm to reduce fees.

2) Self review threat – a threat that the accountant will not appropriately evaluate results.

Examples of self review threats:

a) The accountant that prepared the accounting records is also appointed as the auditor.
b) The firm issuing an assurance report is actually the firm that has designed or
implemented the system.

3) Advocacy Threat - threat arises when the accountant promotes a clients position.

Examples of advocacy threats:

a) The accountant values the client’s shares and also leads the negotiations of the sale.

4) Familiarity threat – threat may arise because of a close relationship between the client
and the auditor/accountant.

Examples of familiarity threats:

a) The auditor fails to report fraud because the perpetrator is a close friend.

5) Intimidation threat – threat which may occur by actual or perceived threat.

Examples of intimidation threats:

a) A firm is being threatened with dismissal from an engagement.

REGENT Business School Page 27

Auditing 2 BCOMACC

3.2.3 Safeguards

Unless the threat is insignificant the accountant must reduce the threat to an acceptable level.
There are no hard and fast rules to determine if a threat is insignificant. The decision will be a
matter of professional judgment which must take into account the public interest.

There are two categories of safeguards:

1) Safeguards created by the profession, legislation or regulation

a) Companies Act 2008 states that an auditor will not be in charge of a client for more
than 5 years
b) Educational and technical training is required for the admission into the profession.
c) Existence of external reviews e.g. practice reviews for small firms and quality reviews
for the larger firms.

2) Safeguards in the work environment

a) Policies and procedures implemented and monitored in an audit firm.
b) Disciplinary mechanisms to promote compliance of the laws and regulations.
c) Rotating senior assurance team members.
d) Leadership in a firm which stresses on the importance of compliance.

3.3 PART B – CHARTERED ACCOUNTANT IN PUBLIC PRACTICE

This part of the code relates to accountants in public practice, the accountant provides services
in assurance engagements and non assurance engagements. Accountant in public practice are
obliged, as explained, earlier to identify and react to situations which may threaten the
fundamental principles.

REGENT Business School Page 28

Auditing 2 BCOMACC

The following sections must also be complied with:

3.3.1 Section 210 – Professional appointment

a) Client Acceptance/ Engagement Acceptance

Responsibility – required determining whether accepting a new client will threaten compliance of
the fundamental principles.

Threats – the new client is involved in unethical business practices or if there is any self interest
threats.

Safeguard – The auditor must comply with ISA 220 Quality control. All firms must have in place
quality control measures which addresses the acceptance of new clients.

3.3.2 Section 220 – Conflicts of Interest

Responsibility – an accountant in public practice must identify and evaluate situations where
interest of the firm may be in conflict with the interests of a client.

Threats – where the accountant/auditor has two clients who in direct competition with each
other, a threat of confidentiality may arise.

Safeguards – Use difference audit teams. Remove yourself from the audit if a conflict of interest
may exist. Confidentiality agreements must be signed by all employees and partners of the
firms.

3.3.3 Section 230 – Second Opinions

Responsibility - an auditor may be faced with a situation where he or she is asked to provide
second opinions for clients who are actually not an existing client.

Threats – when a client is seeking a second opinion a threat may exist where the client is
implicating the auditor of discrediting the opinion of the 1st provider.

Safeguard – Obtain the clients permission to contact the provider of the 1st opinion. Having the
entire matter handled by senior personnel and ensuring all communication is in writing.

REGENT Business School Page 29

Auditing 2 BCOMACC

3.3.4 Section 240 - Fees

Responsibility – the auditor must be remunerated fairly but must also not overcharge.

Threat – to secure an engagement the firm may quote a fee that is low and will not be able to
perform the engagement in accordance with applicable standards.

Safeguard – alerting the client in writing that the total time budgeted to be spent on the
assignment may vary if problems arise resulting in a fee change.

3.3.5 Section 250 - Marketing Professional Services

Responsibility - the accountant may attempt to gain additional work through marketing his or
her services but has a responsibility to do so in a manner which does not discredit the
profession in any way e.g. advertise in bad taste.

Threat – markets services in a manner which is dishonest, misleading, in bad taste and critical
of other firms.

Safeguards – a quality control procedure which requires that all proposed advertising be
screened by a suitable board.

3.3.6 Section 260 – Gifts and Hospitality

Responsibility - An accountant in public practice may only receive gifts from a client if the gift is
insignificant and will not alter the relationship between the client and accountant.

Threats – when a gift is received by the accountant and it alters the relationship between the
client and the accountant.

Safety – a policy that staff and partners must not accept gifts from clients. The acceptance of
gifts must be approved by the quality control committee.

3.3.7 Section 270 – Custody of client assets

Responsibility - An accountant in public practice may take custody of client’s assets unless the
asset protected was acquired from illegal sources and are separately identifiable.

Threats – the accountant may be accused of misuse of the asset or the accountant can actually
misuse the asset.

REGENT Business School Page 30

Auditing 2 BCOMACC

Safety – client’s assets must be kept separate from firm assets. Prior to accepting the asset the
firm must agree in writing as to what purposes the asset can be put.

For each section outlined above, determine

which fundamental principle must be applied.

3.3.8 Objectivity

Objectivity must be applied to all engagements but to differing degrees. The overriding
requirement is that professional accountants do not compromise their professional judgment
because of bias, conflict of interest or the undue influence of others.

3.3.9 Independence

 Independence of mind
The state of mind that permits the provision of an opinion without being affected by
influences that compromise professional judgement, allowing an individual to act with
integrity, objectivity and professional scepticism.

 Independence in appearance
The avoidance of facts and circumstances that are so significant an informed 3rd party,
having knowledge of all relevant information, would reasonably conclude a firm’s
integrity or ability to apply objectivity or professional scepticism, had been compromised.

 State of mind and appearance

As can be seen from the above, independence is about an independent state of mind
and the appearance of independence. Both are very important. The member should not
only be independent but should also be seen to be independent.

REGENT Business School Page 31

Auditing 2 BCOMACC

3.4 PART C – CHARTERED ACCOUNTANTS IN BUSINESS

3.4.1 Section 310 – Potential Conflicts

Responsibility – a professional accountant in business has a professional obligation to comply

with the fundamental principles.

Threat – a professional accountant in business may be under pressure to act in contrary to the
law and regulation, the professional standards, facilitate unethical or illegal earnings strategies
and to mislead or lie to other parties concerned.

Safety – in considering safeguards it must be assumed the professional accountant is an

unwilling party to the unethical behavior. The accountant must seek advice from the board
members of SAICA or there should be a committee within the organization where such issues
can be addressed and resolved.

3.4.2 Section 320 – Preparation and reporting information

Responsibility – a professional accountant in business who is responsible to present financial

information has a responsibility to present information fairly, honestly and in accordance with the
relevant standards.

Threats – a professional accountant in business may be under pressure by internal and external
parties to present misleading financial information.

Safety – this threat can only be addressed by the professional accountant.

3.4.3 Section 330 – Acting with sufficient expertise

Responsibility – a professional accountant must only take responsibility to undertake tasks for
which he/she has the training and expertise.

Threat – the professional accountant may fail to act with professional competence and due care.

Safety – audit must be done in teams with a senior present. Sufficient time must be allocated to
an audit if junior audit clerks are appointed.

REGENT Business School Page 32

Auditing 2 BCOMACC

3.4.4 Section 340 – Financial Interest

Responsibility – a professional accountant in business has a professional obligation to comply

with the fundamental principles when the firm has a financial interest in the organization.

Threat – the professional accountant or a close friend/family member holds financial interest in
the organization, is eligible for profit related bonus, holds share options or engages in insider
trading.

Safety – the accountant must disclose any direct or indirect financial interest in the organization
prior to the engagement.

3.4.5 Section 350 – Inducements

Responsibility – the professional may be offered gifts or bribes, but he/she must comply with all
fundamental principles.

Threat – the professional accountant may accept such offers.

Safety – the accountant must disclose any inducements offered.

For each section outlined above, determine

which fundamental principle must be applied.

3.5 RULES REGARDING IMPROPER CONDUCT (IRBA)

IRBA has a set of rules regarding improper conduct and a registered auditor found guilty of
improper conduct, may be sentenced to:

 A caution or reprimand
 A fine
 A suspension of the right to practice for a specified period
 Cancellation of registration and removal of the members name from the register of
registered auditors.

REGENT Business School Page 33

 Auditing 2 BCOMACC

SUMMARY: THE CODE OF PROFESSIONAL CONDUCT

COPC

PART A PART B PART C

SECTION 100 - SECTION 200 - SECTION 300 -
150 291 350

General application of
the code - applies to Applies to CA's in Applies to CA's in
CA's and RA's. public practice business (CA's in
commerce and
(CA's in audit firms
conducting industry)
assurance and non
assurance
engagements)

Figure 3.1

REGENT Business School Page 34

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

You are an audit partner at UJ Inc., a small audit firm based in Sandton. One of your biggest
clients is Joburg (Pty) Ltd, for whom you’ve been doing bookkeeping and compiling financial
statements for the past 5 years. Joburg (Pty) Ltd recently got rid of their auditors for reasons
that the MD says that are “not really important”, so he has now approached you be the new
auditors. The MD says he knows you so well and trusts you with the audit of the company and
he also commented that it will be easy as you know everything that’s going on. The MD
promised to pay you twice as much if you take on Joburg (Pty) Ltd as a client.
This means that the revenue of UJ Inc will be made up of majority of the income from Joburg
(Pty) Ltd. The only thing the MD required from you is an audited set of financial statements and
you must adjust the assets so that Joburg (Pty) Ltd has a higher net asset value. “I know you
won’t be as stubborn and stupid as our last auditor at least you know better than to jeopardise
losing such a big fee - since we’re effectively two clients in one”, he says with a chuckle and
pat on the back.

Required:
Based on SAICA code of professional conduct, identify threats to compliance with the
fundamental principles and discuss the possible safeguards which could reduce the threats to
an acceptable level.

REGENT Business School Page 35

Auditing 2 BCOMACC

CHAPTER 4
STATUTORY REQUIREMENTS

REGENT Business School Page 36

Auditing 2 BCOMACC

Learning Outcomes:

 Understand the notice of memorandum and memorandum of incorporation

 Establishing how to incorporate a company
 Establishing how to register a company
 Understanding the purpose and objective of the MOI
 Understand what 'representation by proxy' means.
 Understand how shareholders exercise their voting rights.
 Understand the difference between special resolution and ordinary resolution
 Know how auditors are appointed
 Understand auditor rotation
 Establishing who qualifies to be auditor of a company
 Understanding the Auditing Profession Act

READINGS

Prescribed Readings:
Chapter 2
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 3
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 37

Auditing 2 BCOMACC

This chapter will provide a basic understanding of the sections in the Companies Act and the
Auditing Profession Act. It will be dealt with in detail in 3rd year auditing.

4.1 Introduction to the Companies Act

All South African businesses are now governed by the Companies Act No 71 of 2008. It is
administered by the Companies and Intellectual Properties Commission. The purpose of
the act, which is more fully set out in Section 7 of Chapter 1 – Part B of the Companies Act
No. 71 of 2008, is to:

 Promote compliance with the Bill of Rights as provided for in the Constitution in the
application of company law;
 Encourage transparency and high standards of corporate governance
 Provide for the balancing of rights and obligation of shareholders and directors

4.2 Notice of Incorporation and the Memorandum of Incorporation

When incorporating a company the Notice of Incorporation as well as the copy of the
Company’s MOI must be filed with the Commission. In addition the prescribed
registration fee must be paid.

The Notice of Incorporation is defined in Section 1 as “the notice to be filed in terms of Section
13 (1), by which the incorporators of a company inform the Commission of the incorporation of
that company for the purposes of having it registered”. It serves as a notification to the
Commission of the incorporation of the company.

It is therefore the way in which promoters of a company let the Commission know about the
company being formed and the fact that they wish to register the company. In Section 1 of
the Act, the MOI is defined, inter alia, as:

“the document as amended from time to time that sets out rights, duties and
responsibilities of shareholders, directors and others within and in relation to a company
and other matters as contemplated in Section 15”.

REGENT Business School Page 38

Auditing 2 BCOMACC

The MOI is the founding document of a company. It is a document that sets out the
relationship between the company and its shareholders; the company and the directors; the
company and other parties within a company; and the company and third parties. As you will
see below, provisions in the MOI may be amended from time to time.

4.2 Steps to be taken for the incorporation of a company

For the formation of a profit company, one or more persons may incorporate same.

For the formation of a nonprofit company, three or more persons are required.

Each of these people is required to complete and sign a standard form of Memorandum of
Incorporation, as provided for by the Act. However the use of the standard form is optional.

Since the Act allows for flexibility, the MOI may be in the form provided for in the Act or it may
be in a form unique to the company.

As mentioned above, the Notice of Incorporation, a copy of the companies MOI together with
the prescribed fee must be paid.

4.3 Role of the commissioner in the incorporation of a company

Once the Notice of Incorporation, a copy of the MOI and the prescribed fee has been filed
with the Commission, the Commission may either accept or reject the Notice of
Incorporation.

The Notice of Incorporation may be rejected by the Commission if it has not been completed
in full in terms of section 13(4)(a) or if it has not been properly completed also in terms of
Section 13(4)(a).

The Commission must reject the Notice of Incorporation in the following

circumstances:

 If the initial number of directors is fewer than the prescribed minimum number as
required by Section 13(4) (b);
 Where as a result of a director’s disqualification, the initial number of directors becomes
fewer than the prescribed minimum number as required by Section 13(4) (b)

REGENT Business School Page 39

Auditing 2 BCOMACC

In terms of Section 66(2), a private company must have at least one director and a nonprofit
company a minimum of three directors. If the Commission finds that one of the directors does
not qualify to be a director, this will reduce the number of directors.

If the reduction leads to the number of directors being fewer than the prescribed number,
the Commission has no choice but to reject the Notice of Incorporation.

The flexibility of the Act is also evident in the role of the Commission when it comes to the
incorporation of a company. Where there is a deviation from the design or content of the
prescribed form, the deviation will only invalidate the actions of the person if it affects the
substance of the Notice of Incorporation negatively and materially (Section 6(8)(b)(i)). Deviation
will also invalidate the actions of the person if such deviation would reasonably mislead a
person who is reading the Notice of Incorporation (Section 6(8) (b) (ii)).

4.4 Registration of a company

Registration of a company is regulated by Section 14 of the Act.

Incorporation has been filed; the Commission assigns a unique number to the corporation;

Enters the prescribed information of the company in the Companies Register; Issues and
delivers a registration certificate to the company, if all the other requirements have been
complied with.

The date stated on the registration certificate is the date on which the company acquires
legal personality. If the promoters have stipulated a specific date on the Notice of
Incorporation, the date on the registration certificate will be the later date and the final date
on which the certificate is issued by the Commission.

4.5 Memorandum of Incorporation – section 15

The Memorandum of Incorporation (MOI) is a single constitutive document that sets out the
rights and obligations of the shareholders visa-versa the company, shareholders inter se,
directors and the company as well as the relationship between the directors and the
shareholders.

REGENT Business School Page 40

Auditing 2 BCOMACC

The Memorandum of Incorporation must contain unalterable provisions and may contain
alterable provisions. Alterable provisions, such as Rules of the Board and Shareholder
Agreements, are those that companies may voluntarily elect to be applicable to themselves
whereas unalterable provisions, for example directors duties, must be complied with by all
companies, irrespective of type and category.

Board Rules are not mandatory. This is completely discretionary. However, if companies
should elect to have Board Rules, provisions for this must be made in the MOI, and this
becomes binding between the company and each shareholder. These Rules must not be in
conflict with the Companies Act or the Memorandum of Incorporation otherwise they will be
null and void to the extent of their inconsistency (Section 15(1) (b)). Furthermore, Board
Rules will bind companies only if ratified by ordinary resolution at the meeting of the Board of
Directors.

Shareholder Agreements must also not be in conflict with the Companies Act. Any conflict or
inconsistency will render it void to the extent of its inconsistency (Section15 (1) (a)). This
simply means that only those provisions that may be found inconsistent with the
Companies Act would constitute a nullity but the rest will be binding.

The MOI should contain:

 Objects and powers of the company;

 Any restrictions or limitations on the powers of the company;
 Composition and functioning of the board of directors (including alternate directors and
frequency of meetings)
 The board committees;
 Powers of the board and powers of the shareholders;
 Shareholders meetings and shareholders rights;
 Personal Liability and indemnification of directors; Amendment of MOI;
 Company secretaries and other officers;
 Disposal of shares by shareholders;
 Conversion of shares into different classes;

REGENT Business School Page 41

Auditing 2 BCOMACC

Section 15(2) (b) provides that the MOI of a company may contain special conditions applicable
to the company and requirements in addition to those stipulated in the Act, for the amendment
of such conditions. Section 15(2) (c) also allows the MOI to prohibit the amendment of any
particular provision in the MOI.

If the MOI of a company contains any of the provisions allowed by Section 15(2) (b) and (c),
the name of the company must be followed by the expression “(RF)”. This is an abbreviation for
the words “ring fencing” and is intended to warn outsiders dealing with the company that there
are special conditions contained in the MOI which they should check. The Notice of
Incorporation filed by the company must also contain a statement drawing attention to each
such provision and where it is located in the MOI (Section 13(3)).

4.6 Pre incorporation contracts – section 21

A pre-incorporation contract is a contract purported to be made by or on behalf of a company

which has not been formed. The question is who exactly is liable under these contracts. Is
the company liable or is it the individual who incurs liability.

At common law, a number of rules were established. The first one is that until the company
is formed it has no legal existence. A company comes into being from the date it is registered.
Therefore, prior to this, a pre-incorporation contract cannot be enforced by or against the
company, for it is not possible to contract with a non- existent person.

While pre-incorporation agreements can continue to be concluded it is no longer required

that such agreements be disclosed in the MOI. Persons concluding pre- incorporation
agreements on behalf of a company to be incorporated will be held jointly and severally liable
with the company for compliance with such agreements should the proposed company either
not be incorporated or should the company, once it has been duly incorporated, reject the
agreements in question. The company, once incorporated, will be deemed to have ratified any
pre-incorporation agreement within three months after its incorporation unless, however,
the board resolves otherwise.

Section 1 of the Act describes a pre-incorporation contract as “a written agreement entered

into before the incorporation of a company by a person who purports to act in the name of, or on
behalf of, the proposed company, with the intention or understanding that the proposed
company will be incorporated, and will thereafter be bound by the agreement”.

REGENT Business School Page 42

Auditing 2 BCOMACC

4.6 Notice of Meetings: Section 62

The Companies Act uses the term “shareholder” in respect of a profit company. The term
“member” of a company is reserved for non-profit companies that do not have shareholders.
This creates a definite difference in meaning between a member and a “shareholder” is defined
in Section 57(1) of the Act as a person who is entitled to exercise any voting rights in relation
to a company, irrespective of the form, title or nature of the securities to which those voting
rights are attached.

The company must deliver a notice of each shareholders meeting in the prescribed manner
and form to all of the shareholders of the company as of the record date for the meeting, at
least 15 days before the meeting in the case of a public company and 10 days in any other
case. Where a company gives less notice as required by sub- section 1, then the Act
requires that every person entitled to exercise voting rights must be present. The contents of
the notice are set out in Section 62(3).

4.7 Representation and Appointment of Proxy: Section 58

At any time a shareholder may, in respect of any class of shares held by that
shareholder, appoint any individual, including an individual who is not a shareholder of the
company, as a proxy to participate in, and speak and vote at a meeting of that class of
shareholders on behalf of the shareholder, provided that the shareholder may appoint more
than one proxy to exercise voting rights attached to different shares of that class of shares
held by that shareholder. In order for the appointment of the proxy to be valid, it must comply
with the following requirements:

 It must be in writing and signed by the shareholder.

 It must be valid for one year.
 It may be for a specific period of time. It may be for two or more persons
concurrently exercising voting rights for different shares.
 A proxy may delegate to another person authority to act on behalf of the
shareholder.
 A copy of the proxy appointment form must be delivered to the company before the
shareholders meeting.

REGENT Business School Page 43

Auditing 2 BCOMACC

 A shareholder is not compelled to make an irrevocable proxy appointment.

 A shareholder may alter proxy by cancelling it in writing, appointing another proxy and
delivering a copy of the revocation to the proxy and the company.
 A proxy is entitled to exercise or abstain from exercising any voting right of the
shareholder, without direction, except if the MOI or the instrument appointing the
proxy directs otherwise.

4.8 Demand to Convene Shareholders’ Meeting: Section 61

The board or any other person specified in the company’s MOI or rules may call a meeting of
shareholders at any time. Meetings of the company may take place under the following
circumstances:

The act specifies that the board or the MOI to refer a matter to shareholder for a decision on
fundamental transactions;

 To fill a vacancy on the board in terms of Section 70(3);

 When required by the company’s MOI;
 Whenever an AGM of the company is required;
 When one or more written and signed demands for a meeting are delivered to a
company, such demand must set out the purpose of the meeting and the aggregate of
the demands, and it must be signed by the holders of at least 10% of the shares,
entitled to be voted in respect of the matter that is proposed for consideration at
the meeting.

4.9 Annual General Meeting: Section 61

In terms of the Act, only public companies have a statutory obligation to convene annual
general meetings. Section 61(8) stipulates that at least the following matters must be
transacted at the Annual General Meeting:

 The election of directors to the extent required by the Act or the company’s MOI.
 An appointment of an auditor for the following financial year
 An appointment of an audit committee
 The presentation of the directors

REGENT Business School Page 44

Auditing 2 BCOMACC

 The presentation of annual financial statements for the immediately preceding financial
year.
 The presentation of an audit committee report

4.10 Quorum: Section 64

The quorum for all meetings will be made up of the holders of least 25% of all the voting
rights, that are present at the meeting and they must be entitled to exercise those rights in
respect of at least one matter to be decided upon. Such matter to be decided upon at the
meeting may not even be considered unless sufficient persons are present to exercise an
aggregate of at least 25% of all entitled voting rights, when the matter is called on the agenda.

Regardless of the vote’s quorum, if a company has more than two shareholders, a meeting
may not commence unless at least three shareholders are present and the requirements of
the vote’s quorum or the MOI, if different, are also met.

4.11 Exercise of Voting Rights: Section 57

The Act defines a shareholder of a company as "the holder of a share issued by a company
and who is entered as such in the certificated or uncertificated securities register as the case
may be, subject to Section 57(1)". In terms of section 57(1) of the Act, a shareholder, in
addition to the meaning contained in section 1, also includes "a person who is entitled
to exercise any voting rights in relation to a company, irrespective of the form, title or
nature of the securities to which those voting rights are attached".

Section 57(1) of the Act contemplates that any person who is entitled to exercise a voting right
in relation to a company's business and/or affairs contemplated in the Chapter 2, Part F
(Sections 57 to 78) of the Act, which regulates various governance requirements of a
company, will be entitled to invoke the oppression remedy should such shareholder be
prevented from exercising any of its rights.

REGENT Business School Page 45

Auditing 2 BCOMACC

A shareholder contemplated by Section 57(1) of the Act has the right, inter alia, to receive
notices of shareholders meetings; to attend shareholders meetings; to vote at shareholders
meetings; and to appoint a proxy for shareholders meetings. Such a shareholder, depending on
the nature of the voting right it has, will be able to exercise its right to vote in relation to matters
referred to in Section 65(11) of the Act; namely to approve the issue of shares or securities;
to ratify company or directors' actions; to grant financial assistance.

4.12 Shareholders Resolutions: Section 65

Resolution of shareholders will either be an ordinary resolution or a special resolution. The

board may propose any resolution to be considered by shareholders.

It will also determine whether that resolution will be considered at a meeting, by vote or written
consent in terms of Section 60. Any two shareholders of a company may propose a resolution
concerning any matter in respect of which they are entitled to exercise voting rights. Before
commencement of a meeting, if a shareholder or director feel that the form of the resolution is
not compliant with subsection (4), then they may apply to court for an order restraining the
company to vote on that resolution until the requirements are complied with or until the
resolution is amended to comply with subsection (4).

Special resolution is one that is adopted by holders of at least 75% of voting rights
exercised on the resolution, unless the company’s MOI prescribes a lower percentage of voting
rights to approve the special resolutions concerning one or more particular matters, provided
that there must at all times be a margin of at least 10 percentage points between the
requirements for approval of an ordinary resolution and a special resolution.

Ordinary resolution is a resolution supported by holders of at least a majority of 51% of voting

rights exercised on that resolution, unless the company’s MOI prescribes a higher
percentage of voting rights to approve the ordinary resolutions, or one or more higher
percentage of voting rights to approve ordinary resolutions concerning specific matters, provided
that there must at all times be a margin of at least 10 percentage points between the
requirements for approval of an ordinary resolution and a special resolution on any matter.
The minimum percentage of 51% will however still apply in the removal of a director.

REGENT Business School Page 46

Auditing 2 BCOMACC

4.13 Different types of Directors

Different types of directors have been recognized by both the King Code and the
Companies Act. Remember that the King Codes are not law. They do not have the force of
law and are therefore not enforceable, except for provisions that have been included in an Act or
have been made compulsory in another way, say, by being included in the listing requirements
of the JSE Ltd for companies wanting to list on the stock exchange. They are guidelines to
indicate the principles that a company should adhere to for purposes of good governance.

The King Code differentiates between the following three types of directors:

 Executive directors
 Non-executive directors
 Independent directors

You should note however, that the court in Howard v Herrigel 1991(2) SA 660 (A) held that
it is unhelpful or even misleading to classify company directors as executive or non-
executive for the purposes of determining their duties to the company or when any specific
or affirmative action is required of them. Once a person accepts an appointment as a director,
he or she is obliged to display the utmost good faith towards the company irrespective of
whether such a person is an executive or non-executive director.

The Companies Act recognizes the following types of directors:

 An ex officio director
 A Memorandum of Incorporation-appointed director
 An alternate director
 An elected director
 A temporary director who is appointed in order to fill a vacancy

REGENT Business School Page 47

Auditing 2 BCOMACC

4.13 Removal of Directors: Section 71

Despite anything to the contrary in the company’s MOI, rules or agreement between a
company and a director or between any shareholders and a director, a director found to be
ineligible or disqualified, incapacitated, or negligent or derelict, as the case may be, may be
removed by an ordinary resolution adopted at a shareholders meeting, by the persons
entitled to exercise voting rights in an election of that director, provided that director has
been given notice of the meeting and has been given a reasonable opportunity to prepare and
present a response, in person or through a representative to the meeting, before the resolution
is put to vote.

4.14 Financial Year of Company: Section 27

The financial year of a company, refers to its‟annual accounting period. This period may
vary, depending on a company’s needs. The Act requires a company’s financial year to be set
out in its‟notice of incorporation. However, the board of directors may change its‟ financial
year end at any time, by filing a notice in terms of Regulation 4 of the Companies Regulation,
2011.

4.15 Accounting Records: Section 28

In terms of this section, a company is required to keep accurate and complete

accounting records in one of the official languages of the Republic, in the prescribed manner
and form. See also Section 24. The Act states that it will be an offence for a company, who
intends to deceive or mislead a person, to fail to keep accurate or complete accounting records;
or to fake or misrepresent accounting records of a company. In terms of Section 28 (4), the
Commission may issue a compliance notice, as contemplated in Section 171, to a company if it
fails to comply with the requirements of this section, irrespective whether that failure constitutes
an offence in terms of subsection (3). The type of accounting records which a company must
maintain depends on factors such as the type of company, its purpose and the nature and
extent of its activities.

REGENT Business School Page 48

Auditing 2 BCOMACC

4.16 Financial Statements: Section 29

In terms of this section, a company providing financial statements to any person, for any
reason, must comply with the requirements of Section 29(1) of the Act. These statements will
include annual financial statements and may not be false or misleading in any material
respect or incomplete in any form. If it takes the form of a summary, then the summary must
comply with the prescribed requirements. Non compliance thereof will be construed as an
offence. Refer to Section 29(6), which states that subject to Section 214(2), it is an offence to
prepare or be party to the preparation, approval, dissemination or publication of any financial
statement, including those statements referred to in Section 30, having full knowledge that
those statements, do not comply with the requirements set out in Section 29(1); or that they are
materially false or misleading. Refer also to Section 214(1)(d), which calls for greater
accountability from those who prepare financial statements, which is crucial for improved
transparency. Read Regulation 27 together with Section 29(4), where it states that the
Minister may, after consulting with the Financial Reporting Standards Council (FRSC), make
regulations prescribing the financial reporting standards or the form and content requirements
for summaries.

4.17 Annual Financial Statements: Section 30

This Act introduced the concept of an independent review as an alternative form of auditing a
company’s financial statements. Private companies may now engage with an independent
reviewer, who must be a registered member of a professional accounting body, who in turn
must be a member of the International Federation of Accountants (IFAC). In terms of Section
30(2) (a), only public companies are obliged to be audited. However, all companies are
required to prepare annual financial statements, but regulations will determine the financial
reporting standards to be followed. If AFS are required to be audited, they must contain
extensive information about any remuneration received by a director or prescribed officer as
set out in the Act.

Section 30(7) states that a Minister may make regulations including different
requirements for different categories of companies, as stipulated therein.

REGENT Business School Page 49

Auditing 2 BCOMACC

In terms of Section 44 of the Auditing Profession Act 26 of 2005, it is an auditor’s duty to

examine a company’s financial statements and accounting records and to express an opinion
on the truth and fairness, in all material respects, of the statements and the
accountant’s adherence to financial reporting standards. Section 1 of the Auditing Profession
Act 26 of 2005, states that an “audit” means the examination of, “in accordance with
prescribed or applicable accounting standards, (a) financial statements with the objective of
expressing an opinion as to their fairness or compliance with an identified financial reporting
framework and any applicable statutory requirements; or (b) financial and other information,
prepared in accordance with suitable criteria, with the objective of expressing an opinion on
the financial and other information”.

4.18 Appointment of Auditor: Section 90

Each year, at its annual general meeting, a public company or state-owned company must
appoint an auditor. If a company other than a public company or state-owned company is
required to be audited in terms of the Regulations or in terms of its MOI, such company should
appoint an auditor at the annual general meeting at which the requirement to be audited first
applies.

To be appointed as an auditor of a company, a person or firm:

 must be a registered auditor

 must not be prohibited from being a director of a company
 must be acceptable to the company’s audit committee as being independent of the
company
 must not be:

a director or prescribed officer of the company; an employee or consultant of the company who
was or has been engaged for more than one year in the maintenance of any of the company’s
financial records or the preparation of any of its financial statements;

A director, officer or employee of a person appointed as company secretary;

A person who, alone or with a partner or employees, habitually or regularly performs the duties
of accountant or bookkeeper, or performs related secretarial work, for the company

REGENT Business School Page 50

Auditing 2 BCOMACC

A person who, at any time during the five financial years immediately preceding the date of
appointment, was a person contemplated above;

4.19 Resignation of Auditors and Vacancies: Section 91

An auditor may resign from the office with effect from the date a notice of resignation is filed, in
which event the board of that company, subject to the approval of the audit committee if
applicable, must appoint a new auditor within 40 business days, or if there was more than one,
at any time, but while any such vacancy continues, the remaining auditor may act as auditor
for the company.

An auditor that is removed from office by the company has the right to require the company
to include a statement from that auditor in the annual financial statements setting out the
auditor’s contention as to the circumstances that resulted in that removal. The Auditing
Profession Act precludes the removal of an auditor while a reportable irregularity remains
unresolved. A company must maintain a record of its auditors, including the name, date of
appointment and any changes in such particulars as and when they occur.

4.20 Rotation of Auditors: Section 92

The same individual may not serve as the auditor or designated auditor of a company for more
than five consecutive financial years. If an individual has served as the auditor or
designated auditor of a company for two or more consecutive financial years and then
ceases to be the auditor or designated auditor, the individual may not be appointed again until
after the expiry of at least two further financial years.

REGENT Business School Page 51

Auditing 2 BCOMACC

4.21 Auditing Professional Act 26 of 2005 designed to:

 provide for establishment of IRBA

 provide for education, training and professional development of registered auditors
 provide for the accreditation of professional bodies
 provide for the registration of auditors
 regulate the conduct of registered auditors and
 to repeal the Public Accountants and Auditors Act

The summary of each chapter is listed below:

Chapter 1 –Interpretation and objects of the Act

 Protect the public by regulating audits performed by registered auditors

 Provide for the establishment of IRBA
 Improve the development and maintenance of internationally comparable ethical
standards and auditing standards for auditors
 Set out measures to advance the implementation of appropriate standards of
competence and good ethics in the auditing profession
 Provide for procedures for disciplinary action in respect of improper conduct.

Chapter 2 –Independent Regulatory Board for Auditors

Part 1 – establishes the IRBA as a juristic person and orders that it must exercise its functions
in accordance with the Auditing Professional Act and any other law. Also states that IRBA is
subject to the Constitution.

Part 2 – spells out the function of the IRBA, including accreditation and registration, education,
member fees etc.

Part 3 – gives IRBA general powers and its powers to make rules. General Powers give
IRBA power to appoint staff, enter into agreements. Power to make rules allows IRBA execute
responsibilities in terms of Act.

Part 4 – lays out the governance requirements of the Regulatory Board.

REGENT Business School Page 52

Auditing 2 BCOMACC

Part 5 – lays out government requirements of the Regulatory Board, such as matters of
appointment of members of the Board, their terms of office, disqualification from membership,
meeting and the role of the CEO. Also deals with committees of the Regulatory Board and
states must establish:

 Committee for auditor ethics

 Committee for auditing standards
 Education, training and professional development committee inspection committee
 Investigating committee disciplinary committee.

Part 6 – deals with funding and financial management of the Board and covers collection of
fees, annual budget and strategic plan and preparation of financial statements.

Part 7 – deals with national government oversight and executive authority – Minister of
Finance is the executive authority for IRBA and IRBA is accountable to the Minister.

Chapter 3 –Accreditation and Registration

Part 1 – deals with accreditation of professional bodies. Individual can only register with
IRBA if it satisfies the prescribed education, training, competency and professional
development requirements which the IRBA outsources to accredited professional bodies (only
SAICA at the moment) and if individual satisfies SAICA’s requirements then can be registered
with the IRBA.

SAICA offers two specialism routes – either auditing or financial management. Only individuals
who have followed the auditing specialism can register with the IRBA (i.e. must have served
their training contracts in public practice (TIPP) and written and passed the Professional
Practice Examination.

Part 2 – deals with the registration of individuals and firms as registered auditors and with:

 Section 37 – registration of individuals as registered auditors

 Section 38 – registration of firms as registered auditors

REGENT Business School Page 53

Auditing 2 BCOMACC

End of Chapter Exercise

QUESTION 1

1.1. Advise Mr. Thabo, a shareholder of Maxi (Pty) Ltd, on who he wishes to appoint as his
proxy, a person who is not a shareholder.

1.2 The AGM of a company is attended by Mr. Arthur who holds 5% of the voting rights,
Mrs. Martha who holds 5% and Mr. Pathos who holds 20% of the voting rights in the
company. Do you think the requirements of the Companies Act are met in relation to a
quorum which would allow the meeting to start?

1.3. What decisions require a special resolution?

1.4. How do shareholders exercise their voting rights?

1.5. Distinguish between ordinary and special resolutions.

REGENT Business School Page 54

Auditing 2 BCOMACC

CHAPTER 5
AUDIT EVIDENCE

REGENT Business School Page 55

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the concept of auditing.

 Examining what sufficient appropriate audit evidence means in context of auditing.
 Categorise audit evidence into levels of reliability.
 Understanding auditing procedures to obtain audit evidence.
 Understanding the different methods of obtaining audit evidence.
 Examining the factors that influence an auditor to obtain sufficient appropriate audit
evidence.
 Understanding financial statements assertions.
 Understanding the relationship between financial statement assertions and audit
evidence.
 Determining how to document audit evidence.

READINGS

Prescribed Readings:
Chapter 7
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 5
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 56

Auditing 2 BCOMACC

5.1 The concept of Audit Evidence

Audit evidence is absolutely fundamental to the audit function. As explained in Chapter 2, the
auditor has a duty to gather evidence to support his or her opinion on whether the assertions
embodied in the financial statements are fairly presented. ISA 500 Audit Evidence, states that
“the auditor should obtain sufficient, appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion”. The key to this standard is the phrase
“sufficient appropriate evidence”.

5.2 Sufficient Appropriate Evidence

5.2.1 Sufficient Evidence

The sufficiency of audit evidence relates to the quantity of audit evidence gathered. The auditor
must evaluate whether enough evidence has been obtained to support an opinion. The question
of sufficiency is further complicated by the fact that evidence about an assertion is not gathered
by performing a single procedure, but by performing a number of procedures each of which
contribute some evidence. Evidence is cumulative in nature.
Quantity of evidence does not mean auditor will examine every single transaction but rather
perform procedures on samples of populations.

5.2.2 Appropriate Evidence

The appropriateness of audit evidence relates to the quality of audit evidence, further broken
down into reliability and relevance.

1) Reliability - relates to the source and nature of the audit evidence. Some evidence is
simply more reliable than other evidence. The hierarchy of reliability for audit evidence
can be expressed as follows:
 Evidence developed by an auditor is the most reliable source, inspection of fixed
assets by an auditor for existence.
 Evidence provided by 3rd party to the auditor is reasonably reliable evidence.
 Evidence provided by 3rd party but which was passed through the client is less
reliable evidence.
 Evidence provided by the client is the least reliable as it lacks independence.

REGENT Business School Page 57

Auditing 2 BCOMACC

 Written evidence is considered more reliable as opposed to oral evidence.

 Evidence provided by original documents are more reliable than photocopies or
facsimiles.

2) Relevance – means its relevance to the assertion which is being audited. It is very
important that the auditor understands exactly to which assertion the evidence being
gathered, relates. It this is not understood, incorrect conclusions may be drawn.

5.3 Audit procedures for obtaining audit evidence

Audit evidence to draw reasonable conclusions on which to base the auditors’ opinion is
obtained by performing:
 Risk assessments procedures,
 Test of controls and
 Substantive procedures which includes tests of detail and substantive analytical
procedures.

5.3.1 Risk assessment procedures

These are procedures performed to obtain an understanding of an entity and its environment,
including the internal controls. The risk assessment procedures will identify risks at:
1) Financial statement level – affecting the entity as a whole, and
2) Assertion level – for each significant class of transaction and account.

5.3.2 Test of Control

These are procedures that the auditor performs to obtain audit evidence regarding the internal
controls, specifically:
1) The suitability of the design of the accounting and internal control system to prevent,
detect and correct material misstatement, and
2) The existence and effective operation of the systems throughout the period of reliance.

REGENT Business School Page 58

Auditing 2 BCOMACC

5.3.3 Substantive procedures

These are procedures that the auditor performs to obtain audit evidence to detect material
misstatements in the financial statements. They consist of:
1) Tests of detail of transactions, balances and disclosure, and
2) Substantive analytical procedures

5.4 Methods of obtaining audit evidence

 Inspection of documents or records.

 Observation of processes.
 Making inquiries from knowledgeable parties both internal and external.
 Confirmations directly from 3rd parties.
 Recalculations of documents or records manually or electronically.
 Re-performance by auditor’s independent execution of procedures.
 Analytical procedures.

5.5 Factors influencing an auditor to obtain sufficient appropriate evidence

 The assessment of inherent risk and control risk at the client – if a high level of risk
exists relating to particular assertion, more evidence from most reliable source is
required.
 The materiality of the item being examined – a material figure in the financial statements
is more likely to contain material misstatement.
 Experience gained during previous audits – the auditor has knowledge on problem areas
due to prior years.
 Results of audit procedures already performed – year end procedures performed such
as debtors circularisation which was successful reduces additional tests to be performed
and vice versa.
 Source and reliability – if the most reliable information is not obtained, more evidence
must be gathered.

REGENT Business School Page 59

Auditing 2 BCOMACC

5.6 Audit evidence and the differences between reasonable and limited assurance

Reasonable Assurance Engagements Limited Assurance

Engagements
Objective Reduction in assurance engagement risk Reduction in the assurance
to an acceptably low level in the engagement risk to a level that
circumstances of the engagement as the is acceptable in the
basis for a positive form of expression of circumstance of the
the practioners conclusion engagement.

Sufficient appropriate evidence obtained Sufficient appropriate evidence

Evidence as part of a systematic engagement is obtained as part of a
gathering process including : systematic engagement process
procedures  obtaining understanding of the that includes obtaining an
engagement circumstances understanding of the subject
 assessing the risks matter and other engagement

 responding to the assessed risks circumstances, but in which

 performing further procedures procedures are deliberately

using combination of : limited relative to a reasonable

 inspection assurance engagement

 observation
 confirmation
 recalculation
 re-performance
 analytical procedures
 inquiry
Using substantive procedures and test
of controls.
 evaluating the evidence obtained
Assurance Description of the engagement Description of the engagement
report
circumstances and a positive form of circumstances and a negative
expression of the conclusion. form of expression of the
conclusion.

REGENT Business School Page 60

Auditing 2 BCOMACC

5.7 Financial Statements Assertions

The financial statements are nothing more than an embodiment, in a prescribed format, of the
assertions concerning financial position and results of operations of the company.

1) Assertions of classes of transactions and events for the period:

 Occurrence
 Completeness
 Accuracy
 Cut off
 Classification

2) Assertions of account balances at period end:

 Existence
 Rights and obligations
 Completeness
 Valuation and allocation

3) Assertions of presentation and disclosure

 Occurrence and rights and obligations
 Completeness
 Classification and understandability
 Accuracy and valuation

REGENT Business School Page 61

Auditing 2 BCOMACC

From above some assertions apply to all categories whilst others apply to either two categories
or a single category. The following diagram illustrates the breakdown:

ASSERTION TRANSACTION ACCOUNT PRESENTATION

AND EVENTS BALANCES AND DISCLOSURE
Occurrence  
Completeness   
Accuracy  
Cut off 
Classification (and  
Understandability) 

Existence 
Rights and obligations  
Valuation and allocation  

The auditor’s duty is to gather sufficient appropriate evidence to support the assertion being
audited. It will be necessary for the auditor to identify the assertions for which evidence should
be gathered and then to design an audit approach which will provide enough relevant and
reliable audit evidence to base an opinion.

5.8 Documentation

5.8.1 Documentation should provide:

 A sufficient and appropriate record of the basis for the audit report.
 Evidence that the audit was conducted in accordance with the standards.

REGENT Business School Page 62

Auditing 2 BCOMACC

5.8.2 Audit working papers should contain:

 Name of the client

 Year end
 Date
 Section e.g. Trade debtors
 Prepared by and reviewed by
 Contain conclusions of the preparer of the working paper
 include adequate legends / keys to symbols on the work paper
 Display adequate cross referencing to other work papers

Heading of work papers example

Client : XY Traders
Financial year end : 31 May 2014
Date : 15 June 2014
Section of Audit : Petty Cash
Prepared by: P.S
Reviewed by : A.S Date : 18 June 2014

5.8.3 Objectives of documentation

Documenting audit evidence assists with:

 Planning the audit,

 Performing the audit,
 Facilitates direction, supervision and review,
 Provides audit team accountability,
 Facilitates control reviews,
 Record of matters,
 Significant items significantly dealt with and
 Determining any departures from the ISA’s.

REGENT Business School Page 63

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

The notes to the financial statements of Traditions Ltd, a large listed company, reveal an audit
fee of approximately R21 million for the previous year’s audit. Your junior trainee has exclaimed,
“We seem to have had to gather sufficient appropriate evidence just to express reasonable
assurance. At best our unqualified audit report will take up about a page of the financial
statements, and our audit fees for this year will run into millions of rands! How can such a short
report be worth it?”

Required:

1.1 Explain the term sufficient appropriate evidence.

1.2 Discuss the term reasonable assurance. In your discussion explain why the auditor
cannot certify the financial statements as being 100% correct.

REGENT Business School Page 64

Auditing 2 BCOMACC

CHAPTER 6

AN OVERVIEW OF THE AUDIT PROCESS

REGENT Business School Page 65

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the complete audit process.

 Outlining the advantages of planning.
 Establishing an overall audit strategy.
 Determining the nature, timing and extent of audit work.
 Understanding assessed risks at financial statements level and assertion level.

READINGS

Prescribed Readings:
Chapter 5
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 6
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 66

Auditing 2 BCOMACC

STAGES OF THE AUDIT PROCESS

Stage 1 Preliminary engagement activities:

1.1 Performing procedures to determine if the audit firm wants to establish new client or
continue with existing client relationship.
1.2 Establish if client can be appropriately helped with audit.
1.3 Evaluate if firm can comply with the ethical requirements relating to the engagement.
1.4 Establish understanding of the terms of the engagement.
1.5 The terms of the engagement must be formalised into an engagement letter spelling
out the aspects and terms of engagement. The letter should include:
1.5.1 Objective of the service being performed.
1.5.2 Management’s responsibility for the financial statements (preparation of
financials, maintenance of accounting records and internal control and selecting
accounting policies and safeguarding assets).
1.5.3 Scope of the review – outline of what is to be done and reference to the
applicable legislation and regulations.
1.5.4 Pronouncement that auditor must adhere to ISA’s.
1.5.5 Form of any reports or other communication of results of the engagement
1.5.6 The inherent limitations of the audit / internal controls mean that there will be
unavoidable risk that some material misstatement may be undetected.
1.5.7 Confirmation of the auditor’s independence – auditor will decide what tests are
necessary and explaining that needs to get access to whatever documentations
and information that is needed for the auditor.
1.5.8 Responsibility of management to prevent irregularities and illegal acts and
explanation of auditor’s duties, auditor’s expectation of receiving written
confirmation of oral representations
1.5.9 Indication that significant weaknesses and illegal acts will be brought to
management’s attention.
1.5.10 Involvement of other parties in the audit (other auditors / predecessor auditor,
experts, internal audit) name of designated auditor / firm or the name of the
individual registered auditor responsible for the audit arrangements regarding
planning and performance of the audit (e.g. meetings, stock count dates)
deadlines.

REGENT Business School Page 67

Auditing 2 BCOMACC

Stage 2 Planning:

2. Establishing the overall audit strategy

An audit strategy sets the scope, timing and direction of the audit and guides the
development of the audit plan. The engagement team must:

2.1 Determine the characteristics of the engagement that define its scope:
2.1.1 Is it a statutory audit?
2.1.2 Is the entity a listed entity?
2.1.3 Financial reporting standards on which the financials information has been prepared
2.1.4 Expected audit coverage (e.g. divisions, storage, locations etc).
2.1.5 Involvement of other auditors (internal) and availability of their work and the extent of
reliance placed on the work performed.
2.1.6 Effect of IT on audit procedures (availability of data and use of computer-assisted audit
techniques).

2.2 Determine reporting objectives of the engagement to determine the timing of the audit:
2.2.1 Deadline of the audit.
2.2.2 Companies timetable for reporting (e.g. interim and year-end deadlines)
2.2.3 Schedule of meetings with management and those charged with governance to
discuss nature, extent and timing of audit work.
2.2.4 Expected type and timing of reports to be issued.
2.2.5 Communication with other auditors / experts / internal auditor regarding expected types
and timing of reports to be issued as result of their work on the audit.
2.2.6 Size, complexity and number of locations of the client (timing of visits).
2.2.7 Extent and complexity of computerization at client.

2.3 Consider important factors that will determine the focus or direction of the audit:
2.3.1 Materiality levels, risk factors, material account headings).
2.3.2 Presence of significant risks.
2.3.3 Determination of materiality levels.

REGENT Business School Page 68

Auditing 2 BCOMACC

2.3.4 Impact of the assessed risk of material misstatement on direction,

supervision and review evidence of management’s commitment to the
design and operation of sound internal control volume of transactions (if
high then more efficient to rely on internal controls).

2.4 Consider any aspects that may affect the audit plan such as:
2.4.1 Description of nature, timing and extent of planned risk assessment procedures sufficient
to assess the risks of material misstatement.
2.4.2 Description of nature, timing and extent of planned further audit procedures at the
assertion level for each material class of transactions, account balance and disclosure.
2.4.3 Any other procedures to comply with ISA’s.

2.5 Ascertain the resources necessary to perform the engagement:

2.5.1 Resources to be allocated to specific audit areas – e.g. level of staff experience required.
2.5.2 Use of experts amount of resources to be allocated – e.g. number of staff and extent of
review procedures timing of the allocation – e.g. at interim stage
2.5.3 How the resources are to be managed, directed and supervised – e.g. meetings,
evaluations, quality control reviews.
2.5.4 Determine which items is material.

2.6.1 Developing an audit plan – audit team will need to :

Obtain understanding of the entity and its environment including internal control.
Assess the risk of material misstatement.
Determine materiality guidelines.

Advantages of planning
 Appropriate attention is devoted to important areas of audit (e.g. significant risks are
identified and addressed).
 Competent audit team (and experts) is assembled and appropriately assigned.
 Potential problems are identified and resolved on a timely basis.
 Appropriate direct and indirect supervision of the audit team and proper review of their
work is facilitated.
 Work is completed on time.

REGENT Business School Page 69

Auditing 2 BCOMACC

Stage 3 Putting plan into action:

3.1. Responding to assessed risk at financial statement level – e.g. assigning more
experienced staff. To reduce audit risk auditor should determine overall response to
assessed risk at financial statement level and then design and perform further audit
procedures to respond to assessed risk relating to assertions (at transaction / balance
level). Overall responses can be:
3.1.1. Emphasizing professional scepticism to team members (if integrity of client’s
management is suspected).
3.1.2. Assign staff with special skills or assign more experienced staff.
3.1.3. Provide more supervision.
3.1.4. Incorporate additional elements of unpredictability (e.g. surprise visits to client).
3.1.5. Make general changes to the nature, timing and extent of audit procedures (basically
do things that the client may not expect).

3.2. Responding to assessed risk at assertion level – e.g. tests of controls and
substantive tests to gather sufficient appropriate evidence to reduce the risk to an
acceptable level. Procedures must be carried out to address the risk of material
misstatement pertaining to the assertions to various account headings and classes of
transaction which are backbone of financial statements (e.g. valuation of stock, plant
and equipment, existence of debtors, completeness of sales). Auditor must respond to
the risks by getting the nature, timing and extent of tests of controls and substantive
tests correct so as to reduce audit risks to an acceptable level using tools :
3.2.1. Inspection
3.2.2. Observation
3.2.3. Inquiry and confirmation
3.2.4. Recalculation
3.2.5. Analytical procedures (analyzing significant ratios and trends including resulting
investigation of fluctuations and relationships that are inconsistent with other relevant
information or which deviate from predicted amounts – e.g. preparing current ratio to the
prior year ratio and explanation for the difference).
3.2.6. Re-performance

REGENT Business School Page 70

Auditing 2 BCOMACC

3.3. General observations relating to nature, timing and extent of testing.

3.3.1. Nature of audit procedure relates to its purpose, tests of controls can only be carried out
where the system is “worthy” of being tested (i.e. if system is not effective because of
weaknesses in its design or implantation then no point in testing it).
3.3.2. Single test of control procedur e is never sufficient – e.g. observation of one correct
procedure doesn’t mean that it is done correctly throughout the period.
3.3.3. If auditor wants to get evidence of the effective functioning of controls over a period of
time then tests of controls have to be conducted at various times during the period.
3.3.4. Some factors can reduce the risk that controls are not working effectively over time :
 Strong ongoing control environment
 Extensive monitoring of controls that have taken place during the period strong general
controls (specially in computerised systems)
 Minimal changes in the business
3.3.5. Irrespective of the assessed risk of material misstatement auditor must design and
perform substantive tests for each material class of transaction, account balance
and disclosure, tests of controls alone cannot provide sufficient appropriate evidence.
3.3.6. Where significant risks are identified auditor must perform substantive tests which
specifically address the risk – tests must include tests of detail and cannot be purely
analytical procedures.
3.3.7. Auditor’s substantive procedures must include following for financial statement closing
process :
 Agreeing or reconciling the financials with underlying accounting records.
 Examining material journal entries and other adjustments made during the course of
preparing the financials, timing of test frequently dictated by key dates at the client
and the objective of the test e.g. tight audit deadline may result in comprehensive
interim audit supplemented by “roll forward” tests.
 Attendance at stock count determined by the date client does year-end stock count
subsequent events can only be audited in post-balance sheet period.
 Availability of IT staff can affect the timing of using CAAT’s.

REGENT Business School Page 71

Auditing 2 BCOMACC

3.3.8. Greater risk of material misstatement will result in more testing :

 Where internal controls prove to be ineffective the extent of substantive testing will
increase extent of testing usually expressed in terms of sample size (determined by
professional judgement or sampling plans).
 Use of CAAT’s will enable auditor to test far more extensively because of power,
versatility and speed of computers and audit software.
 Effective audit plan is a combination of tests of control and substantive tests as well as
mix of the types of tests – i.e. inspection, analytical review etc.

Stage 4 conclusions:

4.1 Evaluating and concluding the audit evidence gathered

4.2 Formulating the audit report.

REGENT Business School Page 72

Auditing 2 BCOMACC

SUMMARY : COMPLETE AUDIT PROCESS

 Decide if want to establish or continue a

Preliminary Engagement Activities relationship with the client.
 Assess the firm’s competence and
availability of resources.
 Consider the ethical requirements (e.g.
independence).
 Formulate terms of the engagement.

Planning (overall audit strategy and  Understand the entity including the
plan internal controls.
 Assess the risk of material misstatements
in the financial statements.
 Determine materiality.
 Establish the overall audit strategy
 Develop the audit plan.

conduct tests of controls and other ISA

Put the plan into action procedures (substantive) to respond to :
 Risks at financial statement level (overall
response).
 Risks at assertion level.
 Significant risks.

Conclude  Evaluate audit evidence.

 Report accordingly.

REGENT Business School Page 73

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

You were registered with SAICA and IRBA last year and opened your own audit firm earlier this
year. Shortly after opening your audit firm you appointed five audit staff members who passed
the National Senior Certificate examination at the end of last year. These staff members plan to
register with UNISA to do BCOMPT degree next year.

For the first months of your firm’s existence, monthly accounting assignments for clients
generated the firm’s income. In July you were contacted by the managing director of Outdoors
(Pty) Ltd who offered you the audit engagement of the company for the financial year that had
just ended on 30 June, on condition that you issue your auditor’s report by 31 August. He told
you that the company was started in the previous year, has 30 shareholders and offers a wide
range of outdoor adventures to school and business groups. You accepted the appointment and
issued an engagement letter in which you stated that the auditor’s report would be issued by 31
August.

Shortly after you accepted the audit engagement you were involved in a severe car accident
that saw you hospitalized for six weeks. In the third week in hospital you had your staff call in
and held a meeting with them from your hospital bed. You instructed them to ensure that all the
audit firm’s clients remain content with the service they receive as you had no medical
insurance and needed the fee income to pay for your medical expenses. You instructed your
staff to work overtime as needed and allocated two of them to the audit of Outdoors (Pty) Ltd
and the other three to the monthly accounting assignments. You advised the two staff members
responsible for the audit of Outdoors (Pty) Ltd to use an example audit programme that you
received when you attended the previous year’s SAICA audit update as the basis for the audit.

You were discharged from hospital on 28 August and went straight to your audit firm’s offices.
You immediately called a meeting with the two staff members who conducted the audit of
Outdoors (Pty) Ltd. At the meeting they provided you with the signed off audit programme and
you held brief discussions with them to establish exactly what work they had done.

REGENT Business School Page 74

Auditing 2 BCOMACC

After the meeting you asked your firm’s administrative assistant to type an auditor’s report
based on the example of an unmodified report contained in ISA 700. The next day you signed
the auditor’s report based on the example of an unmodified report contained in ISA700 and had
it delivered to Outdoors (Pty) Ltd.

Required:

a) List the requirements related to the conduct of an audit in accordance with the ISA that
appear not to have been met on the audit of OUTDOOR (Pty) Ltd.
b) For each of the requirements identified in (a), give a full explanation of its relevance to
the conduct of an audit.

REGENT Business School Page 75

Auditing 2 BCOMACC

CHAPTER 7

IMPORTANT ELEMENTS OF THE AUDIT PROCESS

REGENT Business School Page 76

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding audit risk and materiality.

 Be exposed to audit risk and its components.
 Compare and contrast between planning materiality and final materiality.
 Understanding fraud and error and fraud risk factors.
 Identifying responses to fraud.
 Identifying opportunities, pressure and attitudes that lead to fraud.
 Establishing responsibility of the auditor and management in response to fraud.

READINGS

Prescribed Readings:
Chapter 6 & 8
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 7
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 77

Auditing 2 BCOMACC

7.1 Audit Risk

Auditor must comply with relevant ethical requirements relating to audit engagements. Audit
must be conducted in accordance with International Standards on Auditing, but will also have to
comply with other professional, legal or regulatory requirements – ISA’s do not override local
laws and regulations.

Auditor should also plan and perform an audit with an attitude of professional skepticism
realising that there may be circumstances resulting in the financial statements being materially
misstated.

Auditor conducting an audit in accordance with ISA’s has reasonable assurance that the
financial statements taken as a whole are free from material misstatement (due to fraud or
error). Reasonable assurance allows the auditor to conclude that there are no material
misstatements in the financial statements taken as a whole. Management is responsible for
identifying risks to the business however the auditor is only concerned with risks that may affect
the financial statements.

Audit risk is the risk that an auditor may express an inappropriate audit opinion when the
financial statements are materially misstated (risk of material misstatement).

7.2 Components of Audit Risk

To understand audit risk we need to understand its components. There are three components of
audit risks and in addition we must consider the relationship between audit risk and its
components.

7.2.1 Inherent Risk

Inherent risk is the susceptibility of an assertion to a misstatement that could be material (either
alone or in total with other misstatements) assuming that there are no related controls. Greater
in some assertions and related classes of transactions, account balances and disclosure (e.g.
complex calculations are more likely to be misstated then simple calculations, and accounts
estimates subject to significant measurement uncertainly pose greater risks then accounts that
have relatively routine factual data.) External circumstances giving rise to business risks can
also influence inherent risk (e.g. technological developments can made a product obsolete

REGENT Business School Page 78

Auditing 2 BCOMACC

therefore causing inventory to be susceptible to overstatement). Factors in the entity and its
environment can also influence the inherent risk related to a specific assertion (e.g. lack of
sufficient working capital to continue operations or declining industry characterised by a large
number of business failures.)

7.2.2 Control Risk

Control risk is the risk that misstatement could occur in an assertion that could be material,
either individually or in total with other misstatements, and will not be prevented or detected and
corrected by the entity’s internal control system.

Some risk will always exist because of the inherent limitations of internal control – and control
risk is a function of the effectiveness of the design and operation of internal control in achieving
the entity’s objectives relevant to the preparation of the financials. The inherent limitations in
internal control must be considered:

 Management’s requirement that the cost of the internal control doesn’t exceed the
expected benefits to be derived (cost / benefit).
 Most internal controls are directed at routine transactions rather than non-routine
transactions.
 Potential for human error due to carelessness, distraction, mistakes of
judgement and misunderstanding instructions.
 Possibility of circumvention of internal controls through collusion of a member of
management or employees with parties either inside or outside the company.
 Possibility that person responsible for the internal control will abuse that responsibility
(e.g. management overriding a control).
 Possibility that procedures may become inadequate due to changes in conditions and
compliance with control procedures may deteriorate.

7.2.3 Detection Risk

Detection risk is the risk that the auditor will not detect misstatement of the financial statements.
The auditor performs audit procedures to assess the risk of material misstatement and seeks to
limit detection risk by performing further audit procedures based on that assessment. The risk is
a function of the effectiveness of an audit procedure and its application by the auditor and can
never be reduced to zero because the auditor never examines the full class of transactions,

REGENT Business School Page 79

Auditing 2 BCOMACC

account balances or disclosure or other factors (e.g. auditor may select an inappropriate audit
procedure, misapply an appropriate audit procedure or misinterpret the audit results.) It can
normally be addressed through adequate planning, proper assignment of personnel of the
engagement team, application of professional skepticism and supervision and review of the
audit work performed.

The risk relates to the nature, timing and extent of the auditor’s procedures that are determined
by the auditor to reduce audit risk to an acceptably low level. for given level of audit risk - the
acceptable level of detection risk bears an inverse relationship with the risk of material
misstatement at the assertion level, so the greater the risk of material misstatement that the
auditor believes exists, the less the detection risk that can be accepted and the less risk of
material misstatement the auditor believes exists, the greater the detection risk that can be
accepted. The auditor must consider risk of material misstatements on two levels:

 Risk at financial statement level

Risk which affects the financial statements as a whole and which filters down into the account
balances and totals of the financials. Risks of this nature normally relate to client’s control
environment and not necessarily identifiable with specific assertions at transaction, account
balance or disclosure level e.g. if management lacks integrity then audit as a whole is more
risky as management may attempt to manipulate the account balances and totals and
therefore this will affect the financials.

Auditor’s response at financial statement level will be of a general nature and will include:

 Assigning staff with appropriate experience and skills

 Providing more supervision
 Emphasizing (with engagement team) the need for professional scepticism
 Incorporating additional elements of unpredictability (e.g. surprise visits to a client)
 Make changes in the way the audit has been conducted in the past

REGENT Business School Page 80

Auditing 2 BCOMACC

Situations or conditions that may affect risk at financial statement level:

 Integrity of management
 Management experience and knowledge (e.g. inexperience of management can effect
preparation of financials)
 Unusual pressures on management (e.g. circumstances that may cause management to
misstate financials such as entity doesn’t have sufficient capital)
 Nature of entity’s business (e.g. :potential for technological obsolescence of its products
and services, complexity of its capital structure, significance of related parties, number of
locations and geographical spread of its production facilities.)
 Factors affecting the industry in which entity operates (e.g. economic and
competitive conditions identified by financial trends and ratios, changes in technology
and consumer demand)

 Risk at assertion level

The auditor will have to respond to risk by introducing specific detailed procedures into the audit
plan.

Situations or conditions that may affect risk at assertion level:

 Susceptibility of accounts to misstatement (e.g. accounts that involve a high degree of

estimation)
 Complexity of underlying transactions making up the account balance or class of
transaction balances (e.g. sale and leaseback / contract accounting)
 Degree of judgement involved in determining account balances
 Susceptibility of assets to loss or misappropriation (e.g. cash or other assets that
are highly moveable – completeness of cash from cash sales)
 Completion of unusual and complex transactions, especially at or near year end (i.e. are
they real or are they an attempt to manipulate the financials)
 Transactions not subjected to routine processing

Once auditor has decided that there may be a risk then they must assess how this risk may
affect the assertions that are part of the financials. (Note: auditor will also address the risk at
financial statement level as well e.g. by assigning an experienced member of the audit team
to the higher risk area). It is vital to understand the client and client’s environment, including the

REGENT Business School Page 81

Auditing 2 BCOMACC

internal controls, to be able to identify the numerous factors that affect risk. Also vital is the
ability to evaluate which assertions are affected and how they are affected.

7.3 Audit Materiality

Auditor needs to consider the possibility that small errors could have a material effect on the
financials e.g. an error in a month end procedure could be repeated 12 times in financials and
have potential to be a material misstatement. Audit’s assessment of materiality and audit risk
can be different at the time of initially planning the engagement to the time of evaluating the
results of audit procedures. Could be because of:

 Change in circumstances,
 Change in auditor’s knowledge as a result of performing audit procedures,
 Having actual figures (in planning prior to end of year the auditor anticipates the results
of operations and the financial position – if actual results are substantially different then
assessment of materiality and audit risk may have to change,
 Auditor setting the acceptable materiality level at the lower level during planning then he
intends to use to evaluate the results of the audit so that likelihood of undiscovered
misstatements is reduced and auditor has margin of safety when evaluating the effect of
misstatements during the audit.

When evaluating the financials (i.e. are they prepared in all material respects in accordance with
an applicable financial reporting framework) auditor must assess if the aggregate of uncorrected
misstatements that have been identified during the audit is material.

Aggregate of incorrect misstatements comprises:

 Specific misstatements identified by the auditor including net effect of uncorrected

misstates identified during the audit of previous periods.
 Auditor’s best estimate of other misstatements that cannot be specifically identified
(projected errors).

If auditor concludes that the total of uncorrected misstatements is material then auditor needs
to consider reducing the audit risk by extending audit procedures or requesting that
management adjusts the financial statements.

REGENT Business School Page 82

Auditing 2 BCOMACC

If aggregate of uncorrected misstatements that has been identified by auditor is close to

materiality level then auditor needs to consider if it is likely that the undetected misstatements
plus the total uncorrected misstatements could exceed the materiality level. If it is likely that it
does then the auditor must consider reducing audit risk by performing additional audit
procedures or by requesting that management adjust the financial statements by the identified
misstates.

7.3.1 Reasons why it is important for the auditor to consider materiality:

 To plan audit procedures so that possible errors can be detected where those errors
could be material (individually or in total) for the financial information under audit,
 To determine the extent of the audit procedures – limited or no further audit
procedures will be carried out if the item is not considered to be material after
evaluation,
 To assess the audit difference at the end of the audit – auditor should request that
management adjust the financial information if material errors have occurred in order to
ensure fair presentation in the financials,
 Contribute to audit efficiency and cost effectiveness,
 To help with the formulation of an opinion regarding the reasonableness of the financial
statements.

Purpose of making a preliminary assessment of materiality during the planning of an audit to:

 Enable auditor to plan audit evidence in such a way that he will examine sufficient audit
evidence to detect possible errors which could (individually or in total) be material for the
financial information under audit.
 Enable the auditor to choose audit procedures which could collectively reduce the
audit risk to an acceptably low level
 Help the auditor in the case of accounting balances and transactions classes to
decide which items should be investigated and if sampling and analytical procedures
should be applied.

REGENT Business School Page 83

Auditing 2 BCOMACC

7.3.2 Nature of materiality

Materiality is very subjective – largely decided by professional judgment and so different

auditors will have different decisions when setting up a materiality level (level of acceptable
misstatement) at planning stage or deciding if a particular matter is material to fair presentation
at the evaluating stage.

Materiality is relative, not absolute – what is material will vary from user to user and from
client to client and what might be material to small company won’t be material to large
company. Need to establish bases against which materially can be measured so some
auditing firms set a planning materiality level which can use percentages of account headings
as a starting point or rule of thumb.

Most important point is that most misstatements affect the income statement and the balance
sheet but can be material to one and not the other. So better to use the net income before tax
as a basis to measure the materiality of the misstatement as it is “truer” figure and so materiality
will be more relevant to the company.

Note: ISA 320 doesn’t set any percentages to be used for setting materiality levels so auditor
needs to use his professional judgment.

Materiality is both quantitative and qualitative:

 Quantitatively material amount is one that exceeds the amount which the auditor has
determined is material (so that is the amount of misstatement what would influence the
decisions of a user).
 Qualitatively material amount is one which is regarded as material when judged
against a factor other than an amount – so if an important disclosure is omitted from the
financials and the omission would influence a user. Both the quantitative and qualitative
aspect of materiality should be considered by the auditor as something might be
material in respect of one and not the other.

REGENT Business School Page 84

Auditing 2 BCOMACC

7.3.3 Planning materiality and final materiality

Auditor should consider materiality at:

 Planning stage when determining nature, timing and extent of testing (planning
materiality)
 At final stage in audit process when evaluating the effects of misstatement (final
materiality) (so used first as guideline in planning the audit and then as a guideline in
evaluating unresolved matters at the end of the audit).

7.3.4 Planning materiality

Dealt with differently by different audit firms – can either use a Rand amount based on
guideline percentages or can work with set formulas, or can just use concept to focus audit in a
general way to get an idea of what is important.

7.3.5 Using planning materiality in a general way

Basically the auditor will identify account headings or classes of transactions that appear
important in relation to the other accounts. One’s that have the largest amounts will use
majority of audit resources (time and expertise) to assess the risk of misstatement and then
carrying out the audit procedures on these account headings. This is basic audit strategy and
audit plan in general way.

7.3.6 Setting planning materiality levels

The auditor must quantify the amount of misstatement which can be in the financial
statements without it affecting fair presentation. (What amount of misstatement is
acceptable?). Once the acceptable level is known, the auditor will be able to consider the
amount of misstatement that is acceptable within an account heading or class of transaction.
The planning materiality will influence the fair presentation of the financials which will have a
direct effect on the extent of the testing and the nature and timing of audit testing. Also

REGENT Business School Page 85

Auditing 2 BCOMACC

remember that what might not be material against a large account like stock or property, plant
and equipment may be high against net profit before tax.

An inverse relationship exists between materiality and audit risk. So lower the materiality level
the higher the audit risk, and more amount of testing. Higher materiality level the less audit risk
but less amount of testing that has to be done.

Materiality Level Extent of Testing Audit Risk

Lower materiality level Greater Greater
Higher materiality level Less Less

7.3.7 Planning for qualitative misstatement

Qualitative misstatement deals with disclosure – once the auditor has a thorough
understanding of the entity and its environment and before considers materiality he/she should
have a good idea about disclosures which could influence user if they are omitted or
inadequately presented. These could be:

 Inadequate or improper decisions of accounting policies which could mislead the user,
 Litigation in which the client is involved,
 Failure to disclose the possible cancellation of a manufacturing license.

7.3.8 Factors to be considered when planning materiality:

Importance of specific information to users – if there is a special importance for one

specific account that will give rise to a stricter planning materiality level e.g. bank has provided
loan to client provided current ratio is maintained. This would then mean that the bank would
be specifically relying on the fair presentation of the current assets and current liabilities and
auditor would plan the audit to ensure that they are fairly presented

Legal requirements – any specific legal requirement would be carefully and thoroughly
audited to ensure that misstatement (quantitative or qualitative) is kept at an acceptable level
e.g. figure that must be specifically disclosed in terms of the JSE Securities Exchange
regulations

REGENT Business School Page 86

Auditing 2 BCOMACC

Preliminary Judgments about materiality based on draft or preliminary figures – auditor

will have to consider if planning materiality needs to be adjusted in the client’s final figures differ
from the draft.

7.3.9 Final materiality

Planning materiality is done before audit and the risk of misstatement is assessed and then the
auditor forms the audit plan (nature, timing and extent of testing that will be done). Auditor then
carries out the selected audit procedures which are normally samples of different accounts
(populations). Errors will be found in the samples and as audit conclusions are drawn from the
populations where the sample came from the auditor, must analyze and project the error in the
sample over the population that has been sampled either by:

 Using statistical basis – if has used statistical basis for selecting the sample then
must use the appropriate statistical method for projecting the error in the sample over
the population.
 Proportional method – to obtain an idea of the extent that the population is misstated:

Error value in sample x total value of population

Total value of sample

Whichever method of projection is used – if the projected misstatement for the population is
unacceptable then the auditor must decide if further tests should be carried out by the audit
team or if the client should be asked to check the population in detail for further errors.

The auditor will then discuss all misstatements with management in an attempt to have
them rectified. When management doesn’t correct the misstatements then auditor left with
unresolved audit differences and this is when using final materiality.

Management might refuse to correct misstatements because they may:

 Disagree that there is a misstatement – client thinks that their estimation of stock
obsolescence is fair but auditor thinks that it is too low.
 Not regard the misstatement as material – i.e. it would not influence a user.

REGENT Business School Page 87

Auditing 2 BCOMACC

 Have ulterior motives – e.g. directors want to achieve particular ratios which are based
on figures in the financial statements and if the auditor’s adjustments are made then the
ratios will not be achieved.
 Regard it as “too much hassle” to make the changes – e.g. adjustment would
mean changing the income statement, balance sheet, consolidation etc.
 Be unconcerned about receiving a qualified audit opinion - auditor must decide if the
unresolved audit differences are immaterial (so will not influence the decision of the
user) or if they are material (so failure to correct them will result in financial statements
which contain more misstatement then is acceptable i.e. some of the financials will not
be fairly presented and the auditor will have to give a qualified opinion.) Decision is not
just deciding that final materiality should be equal to planning materiality and anything
over that would be material – still have to consider various factors at the evaluation
stage.

7.3.10 Reasons why planning materiality can differ from the auditor’s assessment of final
materiality:

Auditor usually considers materiality for planning purposes even before the financial information
to be audited has been compiled – so materiality is merely being estimated on the basis of
provisional, forecasts / budgets etc from previous periods.

During evaluation and conclusion stage of the audit, materiality is established on the actual
figures on which he is reporting, so final materiality (actual) may differ from planning materiality
(estimated).

Auditor may also set planning materiality at a lower level then the expected final materiality in
order to ensure that they have based the audit procedures on a conservative estimate of
materiality.

REGENT Business School Page 88

Auditing 2 BCOMACC

7.3.11 Calculating Materiality

Normally matter for professional judgment but can use following as guidelines:

 Pre-tax income – between 5% and 10%

 Total assets or gross profit – between 1% and 2%
 Average of total assets and income – percentage used for statistical procedures (such
as regression analysis)

Auditor can use any basis for calculating materiality as long as he can give reasons for his
decisions in respect of that specific client. In evaluating the fair presentation of the financials
auditor also has to decide if the total of uncorrected misstatements (both qualitatively and
quantitatively) that were detected in the course of the audit are material or not. If material then
auditor should consider:

Reducing the audit risk by carrying out further audit procedures

Requesting management to correct the financials

7.3.12 Factors to be considered in evaluating unresolved audit differences:

Factual misstatement is a misstatement that the auditor and client can clearly identify and
substantiate with supporting evidence (e.g. sales invoice in the wrong period). Auditor can be
more forceful in requesting that the error is correct and if management refuses then the auditor
is on strong grounds when he decides to qualify the audit opinion.

Judgmental misstatement is misstatement that the auditor is unable to specifically quantify

and substantiate because there is a level of subjectivity or uncertainty associated with the error
(e.g. provision for doubtful debts). Auditor has to be less forceful and more open to discussion
and negotiation when insisting that the correction is done and qualifying the report because the
error is of a subjective nature.

So the main difference is the way in which the attitude or stance of the auditor differs when
dealing with these two errors.

REGENT Business School Page 89

Auditing 2 BCOMACC

 Misstatements should not be considered in isolation – must be aggregated and

trends or patterns of misstatement should be carefully evaluated, e.g. if general trend
of understating provisions then are the directors trying to manipulate the financials?
 Statutory or other contractual obligations – auditor will not tolerate quantitative or
qualitative errors in accounts that must be specifically disclosed e.g. directors
emoluments
 Nature of the misstatement - error in principle is more important than misallocation of
an expense – i.e. auditor will be strict regarding incorrectly applied financial reporting
standards
 Misstatement due to dishonesty of director is regarded as serious, not just
ignored as it may not be quantitatively material in subjective misstatements auditor
can be a bit less strict because these are essentially estimates e.g. allowance for
obsolete stock
 Impact of the misstatement – auditor must assess the impact of the misstatement with
common figures or ratios, e.g. earnings per share as that is a figure commonly used
so auditor must ensure it is presented as fairly as possible
 Absolute and relative size of the misstatement – auditor will consider the size of the
misstatement in its absolute form – e.g. known error of R1 million is unacceptable just
by virtue of its size. Misstatement must also be considered relative to other accounts
(i.e. error may be material in debtors but not relative in current assets).

In making decision as how to decide if unresolved audit difference is material auditor may
be influenced by the difficulty or inconvenience of rectifying the misstatement, however this is
professionally unacceptable (e.g. misstatement in depreciation means correcting IS, BS, cash
flow and notes so client will not be happy).

7.3.13 Risk and materiality

Whenever risk assessment is performed then materiality must be considered – i.e. if

account heading or class of transactions is immaterial then it cannot attract any audit risk.

If found that there is an immaterial error or omission then auditor’s risk of expressing an
inappropriate opinion is minimal but auditor cannot simply ignore the weakness – must be
reported to company in a management letter.

REGENT Business School Page 90

Auditing 2 BCOMACC

7.4 Auditor’s responsibility to Consider Fraud in an Audit of Financial Statements

Objective of the auditor is to:

 Consider fraud when identifying and assessing risk of material misstatement

 Respond to assessed identified or suspected risk.

Error is an unintentional act which results in misstatement in the financial statements including:

 Mistake in gathering or processing data from which financial statements are prepared
(e.g. mathematical or clerical misstates or omission of a transaction)
 Oversight or misinterpretation of facts (e.g. charging incorrect rates of interest because
did not understand terms of the loan agreement)
 Misapplication of accounting policies (e.g. capitalising an operating lease because does
not understand GAAP).

Fraud is an intentional act by either management, someone charged with governance,

employees or parties involving the use of deception to obtain an unjust or illegal advantage.

Fraud risk factors are events or conditions that indicate an incentive or pressure to commit
fraud or provide an opportunity to commit fraud.

Management fraud is fraud by management or those charged with governance.

Employee fraud is fraud by only employees NOT management or those charged with
governance.

Fraudulent financial reporting involves intentional misstatements (including omissions) in the

financial statements meant to deceive financial statement users. It may be accomplished by the
following:

 Manipulation, falsification or alteration of the account records or supporting

documentation underlying the financial records
 Misrepresentation in or intentional omission from the financial statements of events,
transactions or other significant information
 Intentional misapplication of accounting principles to amounts, classification manner of
presentation or disclosure
 Management overrides (especially where controls are operating effectively)

REGENT Business School Page 91

Auditing 2 BCOMACC

7.4.1 Misappropriation of assets

Misappropriation of assets is theft of an entity’s assets by either employees or management

including:

 Embezzlement
 Theft of physically assets or intellectual property
 Causing the entity to pay for goods and services not received
 Using the company’s assets for personal use

Essential difference between fraud and error is intention – not always easy to determine
intention, but auditor would use his/her assessment of the integrity of management as a
consideration.

7.4.2 Responsibility of management and those charged with governance

Responsibility for the prevention and detection of fraud and error lies with those
charged with governance and management. Should be controlled by the implementation and
continued operation and monitoring of internal control. Management also needs to create and
maintain a culture of honesty and ethics so that there is a strong control environment, and
management also responsible for conscious assessment of the risk that the financial
statements may be materially misstated as result of fraud.

7.4.3 Responsibility of the auditor

Auditor must:

 Maintain professional scepticism – must not be naïve and believe that the
intentions of the client are always honest and that, even if in the past the management
has acted with integrity, does not mean that they will continue to do so.
 Facilitate the discussion of the client’s susceptibility to material misstatement
due to fraud amongst the audit team – each member of the teams should be aware
of the circumstances / factors which may indicate fraud and should know what to look
for.
 Obtain information that can be used to identify the risk of material
misstatement due to fraud – auditor should ask management about:

REGENT Business School Page 92

Auditing 2 BCOMACC

 Their assessment of the risk that their financial statements will be materially
misstated due to fraud
 Their processes for identifying fraud including details of any fraud already
identified or which management considers likely
 Their processes for responding to alleged fraud
 How management communicates on ethical behavior to employees
 Make enquiries of management to determine if they know of any actual,
suspected or alleged fraud
 Obtain an understanding of how management exercises their responsibility
to oversee management’s

 Processes for identifying and responding to the risk of fraud:

 Attending meetings where the matter is addressed
 Reading minutes of those meetings
 Direct enquiries to those charged with governance

 Consider unusual or unexpected relationships when performing analytical

procedures to obtain an understanding of the entity and its environment (e.g.
unexpected fluctuations in the gross percentage ratio may increase fraudulent
misstatement of the figures used to calculate the ratio)
 Consider information from other sources (e.g. from previous audit engagement at the
same client)
 Consider whether the information gained when obtaining an understanding of the
entity and its environment indicates that one or more fraud risk factors are present.
 Identify and assess the risk of material misstatement due to fraud at financial
statement level and at assertion level (account balance / transaction level)
 Determine an overall (audit) response to address the risk of material
misstatement due to fraud at financial statement level and assertion level.

REGENT Business School Page 93

Auditing 2 BCOMACC

7.5 Responses to the risk of material misstatements due to fraud

7.5.1 At financial statement level auditor must:

 Competent and technically skilled (experts)

 Experienced
 Strongly independent (can’t be bullied by client)
 Able to adopt the correct degree of professional scepticism
 Consider the accounting policies adopted by management

Incorporate an element of unpredictability in determining nature, timing and extent of testing.

Management will generally have some kind of idea of what the auditor will do so changing the
nature, timing and extent of the tests may upset their attempts at concealing fraud.

7.5.2 At assertion level auditor should:

Consider the nature, timing and extent of testing necessary to reduce the risk of material
misstatement due to fraud being present to an acceptably low level.

Decide on what tests to do (nature), when to do them (timing) and how to do (extent) - tests
and procedures which the auditor has available in compiling the audit plan to address the risk
of fraud are not different to those which are used to respond to the risk of unintentional
material misstatement, but when addressing appropriate response to fraud auditor needs to
remember people doing the fraud will try to hide it therefore making it more difficult for the
auditor to find, the most reliable and relevant evidence must be sought – severe
consequences arising out of fraud and auditor needs to be on firm ground before deciding if
there is or isn’t fraud.

Nature of testing is likely to become more inclusive (e.g. observation supported by inspection
and analytical review that provides more corroborative evidence coupled with extensive testing.)
Auditor may then decide on substantive testing due to management override, auditor-generated
and changing the timing of tests – introducing surprise visits e.g. arriving unannounced to
count cash, stock or conduct a physical verification of employees.

REGENT Business School Page 94

Auditing 2 BCOMACC

7.5.3 Management override, auditor should:

 Test the appropriateness of journal entries and other adjustments made in

preparation of the financial statements (remember even a system that produces valid,
accurate and complete data can be overridden by the passing of a journal entry to
manipulate the balances or totals produced by the system.) When deciding which
entries or adjustments to select for testing, auditor must consider:

 Presence of any fraud risk factors which might indicate journal entries related to
fraud (e.g. an assessed risk that proceeds from debtors are being stolen and
concealed by writing the debtor off as a bad debt)
 Effectiveness of the client’s controls over the authorisation of all journal entries
and concentrate on those which are inadequately authorised
 Whether the characteristics of fraudulent journal entries are present
 Nature and complexity of the accounts used in the entry e.g. fraudulent journal
entries made to accounts which are complex or unusual and not reconciled
regularly or which seem to have no specific purpose (such as slush funds)
 Journal entry is outside normal course of business (i.e. non-recurring,
because not normally addressed by the internal control system so greater
chance they are fraudulent)

 Review accounting estimates for biases which could result in material misstatement
due to fraud (e.g. deliberate understate provisions such as obsolete stock, bad debts
or depreciation to intentionally manipulate earnings figures)
 Obtain an understanding of the business reasons of significant transactions
outside of the normal course of the company’s business or anything that appears to be
unusual (e.g. the company suddenly purchases another company which manufactures
a completely different and unrelated product to that which the company manufactures.)

REGENT Business School Page 95

Auditing 2 BCOMACC

7.5.4 Evaluation of evidence, auditor must:

Consider whether the assessment of material misstatement at assertion level remains

appropriate once the initial planned audit procedures have been concluded – while carrying out
the planned audit procedures the auditor may be alerted to the possibility of fraud by the
existence of numerous situations of circumstance.

ISA 240 gives list of these circumstances with individually or combined can indicate that
possibility that the financial statements may contain material misstatement resulting from fraud:

 Discrepancies in accounting records

 Conflicting or missing evidence
 Problematic or unusual relationships between the auditor and management

Think Point:
For each statement given above, provide a list
of examples.

Consider whether an identified misstatement (not initially thought to be fraud) is in fact fraud.
This would be an assessment of whether the misstatement is intentional and if so, auditor
should consider the effect of this fraud on the rest of the audit especially other representations
made by management.

7.5.5 Management representations

The auditor must obtain written representations from management relating to fraud.

Representations should:

 Contain management’s acknowledgment that management is responsible for the

design and implementation of internal control to prevent and detect fraud
 State that management has disclosed to the auditor the results of the assessment of
the risk that the financial statements may be materially misstated as a result of fraud

REGENT Business School Page 96

Auditing 2 BCOMACC

 State the management has disclosed to the auditor it’s knowledge of fraud involving
management and employees
 State that management has disclosed to the auditor any allegations of fraud or any
suspected fraud affecting the entities financial statements communicated by employees,
former employees, analysts, regulators etc.

7.6 Fraud risk factors

When gaining understanding of the entity and its environment and assessing the risk of
material misstatement due to fraud, the auditor must consider whether the information obtained
indicates the presence of fraud risk factors – either:

 Risk factors relating to misstatement resulting from fraudulent financial reporting

 Risk factors relating to misstatements resulting from misappropriation of assets

Both these categories should be looked at from the perspective of:

 Incentives for / pressure on management to report fraudulently or for

management or employees to misappropriate assets
 Opportunities for fraudulent financial reporting of misappropriation of assets and
 Does the attitude and rationalizations (behavioral manner of management and
employees) suggest an environment conductive to fraudulent reporting or
misappropriate on assets?

7.7 Examples of fraudulent financial reporting

7.7.1 Incentives / pressures factors:

Financial stability or profitability is threatened by economic or industry of entity’s operating

conditions:

 High degree of competition accompanied by declining margins

 High vulnerability to rapid changes (changes in technology, product obsoleteness or
interest rates)
 Operating losses threatening going concern

REGENT Business School Page 97

Auditing 2 BCOMACC

 New accounting, statutory or regulatory requirements (e.g. deliberate omission or

contravention of environmental transgressions
 Excessive pressure exists for management to meet the requirements or expectations of
3rd parties due to:
 Profitability or trend level expectations of investment analysts, institutional investors,
significant creditors or other external parties
 Need to obtain additional debt or equity financing to stay competitive (e.g. manipulating
financial statements used to support a loan application)
 Difficulty in meeting debt repayment or other debt requirements (e.g. manipulating the
financials to maintain prescribed financial ratios specified in a loan agreement)
 Perceived or real adverse effects of reporting poor financial results on significant pending
transactions such as a merger or the awarding of a contract (e.g. construction company
reporting on financial losses having recently tendered for a large contract to construct an
office block)
 Information which indicates that the personal financial situation of management is
threatened by the entity’s financial performance arising from the following:
 Significant personal financial interest in the entity (e.g. management holds significant
number of shares)
 Significant portions of their compensation (e.g. bonuses or stock options are contingent
on receiving aggressive targets for stock price)
 Personal guarantees of debts of the entity (e.g. by directors)
 Excessive pressure on management to meet financial targets established by those
charged with governance (including sales or profitability incentive goals)

7.7.2 Opportunity factors

Nature of the industry or the entity’s operations:

 Significant related-party transactions particularly where the related party is not audited
by the same firm
 Strong financial presence or ability to dominate a certain industry sector that allows the
entity to dictate terms or conditions to suppliers or customers that may result in non-
arm’s length transactions

REGENT Business School Page 98

Auditing 2 BCOMACC

 assets, liabilities, revenues or expenses based on significant estimates that involve

subjective judgments or uncertainties that are difficult to corroborate which can be used
to manipulate results
 Significant, unusual or highly complex transactions which can be used to manipulate
results
 Use of business structures or business methods for which there appears to be no
clear business justification (e.g. importing goods indirectly through a neighboring
country)

Ineffective monitoring of management:

 Domination of management by a single person or a small group in non-owner

managed business without compensating controls
 Ineffective oversight by those charged with governance over the financial reporting
process and internal control there is a complex or unstable organisational structure

Internal control components that is deficient because of:

 Inadequate monitoring of controls

 High turnover rates or employment of ineffective accounting, internal audit or IT staff.
Ineffective accounting and information systems

7.7.3 Attitudes / rationalisations

Indicate that management might be predisposed to fraudulent financial reporting:

 Ineffective enforcement of the entity’s values or ethical standards by management

standards
 Non-financial management with high level participation in accounting policies or
significant estimates (suggests they might have personal financial interest in the reported
earnings)
 Fraud or violations of laws and regulations against management (e.g. insider trading)
 Excessive interest by management in maintaining or increasing share price or earnings
trend
 Interest by management in using inappropriate means to minimize reported earnings for
tax-motivated reasons (e.g. understating sales)

REGENT Business School Page 99

Auditing 2 BCOMACC

 Owner-manager makes no distinction between personal and business transactions (e.g.

personal holiday charged to the company).

7.8 Fraud risk factors relating to misstatements from misappropriation of assets

7.8.1 Incentives / Pressures

Factors that might cause management and employees to misappropriate assets:

 Personal financial problems

 Adverse relationships between entity and employees or management e.g. anticipated
retrenchments or unhappiness with compensation or conditions of service.

7.8.2 Opportunities

Opportunities (caused by nature of entity’s assets)

 Large amounts of cash on hand

 Inventory characteristics – e.g. small size with high value and demand (e.g. jewellery &
iPods)
 Easily convertible assets (e.g. bearer bonds or diamonds)
 Fixed assets characteristics such as small size, marketability or lacking in ownership
identification (e.g. hand-held power tools)

Opportunities (caused by lack of internal controls)

 Inadequate segregation of duties (e.g. store man can access and change stock records)
 Lack of appropriate management supervision (e.g. no-one controls goods taken in or
from stores)
 Lack of procedures to screen applicants for positions where employees have access to
assets that are susceptible to misappropriation
 Inadequate record keeping or no reconciliation of assets (comparison of theoretical to
actual)
 Lack of appropriate system of authorisation and approval of transactions (e.g.
acquisition of and payment for purchases)

REGENT Business School Page 100

Auditing 2 BCOMACC

 Poor physical safeguards over cash or inventory

 Lack of timely and appropriate documentation for transactions (e.g. customer takes
goods but paperwork only completed later)
 Lack of mandatory vacations for employees performing key control functions
 Inadequate authorisation and review of senior management expenses (e.g. travel claims)
 Inadequate management understanding of IT so IT employees have access to all
levels of data (e.g. can change debtor’s balances in the master file)

7.8.3 Attitudes / Rationalisations

Factors indicating a relaxed or negative attitude towards control over misappropriation of assets

 Poor control environment (ignoring theft or overriding controls)

 Changes in behaviour or lifestyle that might suggest assets have been misappropriated
 Negative behaviour from management or employees showing displeasure or
dissatisfaction with the entity or the way staff is treated.

7.9 Communication regarding fraud with management, those charged with governance

If auditors identifies misstatement due to fraud then must take action, but should first consider:

 Confidentiality – auditor cannot simply inform everyone because of confidentiality issue

(cannot go directly to SAPS etc)
 Management could be involved in the fraud – auditor must take care in deciding
whom to report the fraud to (if unsure if anyone on top of the ladder can be trusted – i.e.
Chairperson of the Board – then could consider reporting it to IRBA as a “reportable
irregularity”
 Absolute evidence of fraud – auditor doesn’t have to have absolute proof of fraud, but
should have sufficient appropriate evidence and should not make direct accusations,
must document the whole matter

REGENT Business School Page 101

Auditing 2 BCOMACC

Parties with whom the auditor can communicate concerning fraud:

 Management (other than Board of Directors) – normally fraud should be reported to

the level of management above the level at which the fraud is occurring. Auditor must
decide:
 If level above is high enough to report (in case of major fraud should go hirer then
immediate supervisor)
 If level above might be involved in the fraud

 Those charged with governance of the company – ultimately the Board of

Directors or audit committee (Companies Act stipulates that public interest companies
have to appoint audit committees). Auditor will have to decide if necessary to report
fraud to the Board and audit committee – generally the auditor should report:
 Material weakness in internal control (management are not meeting their
responsibility and so risk of fraud is greater)
 Questions regarding management integrity fraud involving management
 Other fraud that results in material misstatement of financial statements

7.10 Regulatory and enforcement authorities

Auditor’s duty of confidentiality stops him reporting fraud or error to a 3 rd party unless:

 Reportable irregularity is reported to IRBA in terms of Section 45

 Court or statute states that information has to be disclosed
 Client gives their permission

Should auditor who has resigned or is about to be replaced disclose details of fraud or
suspected fraud to the new auditor? Code of Professional Conduct says that existing auditor
should communicate with the successor auditor to say if it is appropriated for the new auditor to
accept the engagement.

It would depend on if the client has given existing auditor permission to discuss their affairs, but
if permission not granted then may not discuss the client with the new auditor, but should rather
convey that client’s permission has been refused.

REGENT Business School Page 102

Auditing 2 BCOMACC

7.11 Fraud and retention of clients

If company has a high incidence of fraud there is high audit risk and so not in best interests of
auditor or auditing firm to retain that client, especially if those charged with governance don’t
take decisive action to stop the fraud.

But if auditor resigns as auditor because of fraud then must be careful of Section 280 of the
Companies Act which states that if audit intends resigning (either at end of term of office or at
any other time) then has to deliver to the company and Registrar written notification that he
has no reason to believe that there is a reported irregularity at the company except one that
has already been reported to IRBA.)

Therefore if auditor wanted to resign simply because didn’t want to have to follow up on fraud
issue then will have to consider if the fraudulent activities are a reportable irregularity and if
they are then must report them to IRBA before resigning (also in terms of Section 45 of
APA)

Auditor should also act professionally and with honesty and integrity and should fulfill his duty
to finish his reporting obligations (that is why he was hired).

REGENT Business School Page 103

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

During the current financial year the following matters arose at Harbor (Pty) Ltd, one of your
audit firms clients. Both matters were uncovered by the newly established internal audit
department.

1. It emerged that Jim Jones, the head store man, had been for a number of years
operating the following scheme, one of his duties was to check deliveries of raw
materials for quantity against copy purchase orders prepared by the purchasing
department. In collusion with a suppliers delivery clerk he has consistently accepted
short deliveries, but signed goods received notes for the quantities of goods ordered.
The delivery clerk subsequently sold the goods short – delivered and shared the
proceeds with Jim Jones.

2. Sam Smith, the purchasing manager, and the financial director, Mr Bill Brown, had an
arrangement with a major supplier to the company whereby they would accept a
commission from the supplier in their personal capacities for placing orders with that
supplier. This has also been going on for some years.

The managing director of Harbor (Pty) Ltd immediately informed you as auditor of both these
matters.

Required:

a) Discuss the auditor’s general responsibilities with regard to the prevention and detection
of fraud.
b) With regard to each of the matters described, briefly discuss whether it should be
classified as irregular acts or as illegal acts, and indicate what action you would have
taken had you discovered the matter while performing the audit.

REGENT Business School Page 104

Auditing 2 BCOMACC

CHAPTER 8

A FRAMEWORK FOR INTERNAL CONTROL

REGENT Business School Page 105

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the objective of internal controls.

 Be exposed to Internal Control and its components.
 Be familiar and be able to describe the limitations and advantages of Internal
Control.
 Understanding the control activities.
 Compare and contrast between preventive, detective and corrective controls.

READINGS

Prescribed Readings:
Chapter 12
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 5
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 106

Auditing 2 BCOMACC

8.1 Introduction to internal control

One of the main requirements in planning an audit is to study and evaluate the existing
internal controls so as to define the tests to be applied to the entity being audited. From a
business perspective, Control is any action taken by management, the board and other parties
to manage risk and to increase the likelihood that an organization’s objectives and goals will be
achieved. Therefore one of the fundamental concepts of internal control is to address the risk of
something undesirable, unintended or illegal from happening. Also rooted in the concept of
internal control is that it is the responsibility of everyone in the business, those in charge of
governance (e.g. board of directors), management at all levels as well as ordinary employees.
According to the Committee of Sponsoring Organizations (COSO) Internal Control is a
process, affected by an entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives in the
following categories:

 Compliance with applicable laws and regulations

 Effectiveness and Efficiency of operations
 Reliability of financial reporting

Internal control could also be referred to as the ‘built in’ cross-checks in the organization that is
supplemented with proper supervision. It is not limited to financial matters and it involves setting
objectives and identifying the potential risks associated with achieving those objectives. It
also includes putting suitable records, documents, policies and procedures in place to address
the identified risks. It’s policies and procedures work best in combination as there is no single
control that totally addresses each identified risk. Internal control forms the backbone of any
organization hence weaknesses and total absence of internal control activities could result
in the eventual collapse of an organization. It consist of the plan of an organization and all of
the methods and measures adopted within the organization to safeguard its assets, check
the accuracy and reliability of its data (e.g. accounting data and operational data), promote
operational efficiency, and encourage adherence to the prescribed managerial policies.

REGENT Business School Page 107

Auditing 2 BCOMACC

8.2 Components of internal control

Internal control consists of five main components. These five components are integrated with
management processes and are derived from the way management runs the organization. The
five components are:
 The Control Environment
 Risk Assessment
 Control Activities
 Information System
 Monitoring

8.2.1 The Control Environment

The control environment serves as the foundation upon which all other internal control
components are built. It provides the atmosphere in which people conduct their activities and
perform their organizational control responsibilities. It also includes the governance and
management functions and the awareness, actions and attitudes of those charged with the
management concerning an organization or entity’s internal control and its importance.

8.2.2 Risk Assessment

This component deals with how an organization assesses the risks that face the business and
how they should be addressed. It involves the identification and analysis of risk. However, it
should be noted that the objectives of an organization is also a factor in determining the kind of
risks the organization is exposed to. Hence if the objectives of an organization are not defined,
the risks of not achieving the objectives cannot be well identified, assessed and responded to.

REGENT Business School Page 108

Auditing 2 BCOMACC

8.2.3 Control Activities

These are the policies and procedures that help an organization ensure that management
directives are carried out. They help ensure that necessary actions are taken in order to
address the risks that could affect the achievement of organizational objectives. There are
numerous control activities with different objectives and which are applied at different
organization levels and functions. They can also be categorized as follows:

a) Type
 Approval (authorization) – employees perform certain tasks within certain parameters.

 Segregation of duties – the most important objective of internal control is the safe
guarding of the company’s assets. The principle is that the various actions or procedures
that are carried out in respect of a transaction should be divided amongst the
employees. Segregation of duties also facilitates the checking of one employees work by
another employee. The biggest enemy of segregation of duties is collusion.

 Isolation of responsibility – for any internal control system to work effectively, the people
involved in the system must be fully aware of their responsibilities and must be
accountable for their performance.

 Access/custody (security) – control activities will include actions, policies and procedures
which protect the company’s assets. Access/custody controls are designed to: prevent
damage to the physical assets, prevent deterioration of certain non physical book
assets, and prevent unauthorised use, theft or loss of physical assets.

 Comparison and reconciliation – a reconciliation is a comparison of two different sets of

recorded information or of recorded information and a physical asset.

 Performance reviews – when carrying out a review, the reviewer is looking for
consistency and reasonableness in the data being reviewed. Unexpected results or
unusual conditions will then be followed up.

REGENT Business School Page 109

Auditing 2 BCOMACC

b) Preventive, detective or corrective.

 Preventive controls are controls which are put in place to prevent or minimize errors
or illegal events from occurring.
 Detective controls are like a second line of defence and are designed and
implemented to identify the errors, thefts, omissions, which got through the first line of
defence.
 Corrective controls are implemented to resolve errors and problems which have been
identified by detective controls.

c) General and application controls

The classification of controls into general and application controls emerged originally from
computerized environment. It is not a term that is generally used in manual accounting system.

8.2.4 Information System

This component of the internal control consists of the procedures and records established by an
organization to initiate, record, process and report transactions. The objective of this
component is to produce information which is valid, accurate and complete and also produced
at right time, so as to enable people to perform their responsibility. Properly designed
documents can assist in promoting the accuracy and completeness of recording transactions;
this can be achieved as follows:

 Pre – printed in a format that leaves minimal amount to be entered manually.

 Pre numbered assists in identification of any missing documents.
 Multi copied, carbonised and designed for multiple uses.
 Designed in a manner which is logical and simple to complete.
 Contain blank blocks or grids which can be used for authorising or approving the
document.

REGENT Business School Page 110

Auditing 2 BCOMACC

8.2.5 Monitoring

This is the final component of the internal control activity. It addresses the fact that internal
control environment is a changing environment and that it involves the assessment of internal
performance over time. Monitoring refers to the continuous assessment of the internal controls.
Successful monitoring is achieved by ongoing assessment of management itself, supervisory
staff or independent bodies such as risk committees.

8.3 Advantages of internal control

Internal control being one of the major determinants of an organization’s success requires the
attention of every individual in an organization. A good internal control system will provide
organizations with a high degree of confidence that their operations are efficiently managed.
There are many benefits to be gained from effectively designed and implemented internal
control. The following are some of the benefits:

Effective Operation: Internal control ensures effective operation by ensuring that

organization’s resources are utilized only for their intended purposes thereby minimizing the
risk of resource misuse. It also ensures that data and records are readily accessed for the
preparation of timely reports.

Clear view of risk: It identifies the nature and impact of inherent risk and also identifies
if all data; records, information databases and other material are complete and accurate, and
also protected from loss or risk.

Compliance: It ensures the compliance of organizations, their employers and employee with
legislations and regulations.

Identifies and discourages irregularities: Internal control helps to promptly identify and
control irregularities and misappropriation.

Safeguard employees, assets and resources: Internal control ensures that assets are not
used for unauthorized purposes and that employees are not being accused wrongly for any
irregularities and misappropriations. It also helps an organization achieve its goals of
profitability, and also enable organizations to save cost efficiently.

REGENT Business School Page 111

Auditing 2 BCOMACC

8.4 Disadvantages and limitations of internal control

Internal control also has the potential for disadvantages. The internal control policies and
procedures put in place in an organization do not provide absolute assurance that the risks
that threatens the objectives of the business will be adequately responded to, because some
risks may not be identified in the first place or throughout the operations of the business.
Also, if internal controls are badly planned or too rigidly designed to allow for adaptation,
frustration may set in and organizations may find it difficult to sustain. Some of the main
limitations and disadvantages of internal control are:

Cost/benefits: One of the main goals of any business is to make profit. Management’s usual
requirement that the cost of internal control does not exceed the expected benefits to be
derived is always a limitation.

Example: To safeguard the inventory of bags, a bag manufacturing company could store the
bags in a vault, have armed security guards, and demand security clearance from everyone
entering the property. The bags will definitely be safeguarded but at an unnecessary cost.
However, this type of control system will be necessary for an organization dealing in the
buying and selling of gold, diamond etc.

Routine transactions: Controls are usually designed for routine transactions rather than
non-routine transactions. Hence, unusual or non-routine transactions may bypass control
mechanisms.

Example: Internal control system to record sales in an organization. This system will have a
customer order receipt, a picking slip and a delivery note, and this three will result in an
invoice. However, when an employee of the organization sells an old item that has been
categorized as a non-trading item, it is unlikely that there will be a generated invoice. This
means that there is a risk that the sale will not be raised because this is a non-routine
transaction.

Human error: The internal control system is operated by people, so there is potential for
human error due to carelessness, distractions, improper judgment and lack of knowledge
or misunderstanding of instructions.

REGENT Business School Page 112

Auditing 2 BCOMACC

Example: A newly employed sales official calculates discounts on a sale after VAT has been
charged. This is because he/she is careless or does not understand what he is supposed to do.

Employees’ abuse of authority: There is a possibility that an employee responsible for

exercising internal control abuse a delegation or responsibility (that is, privilege given to the
employee to make internal control changes) to override the internal control system.

Example: A bag retailer organization may have a policy which states that a customer with an
overdue account may not make a purchase. A shop manager could override this internal
control policy without authority because the customer is a family member or a friend.

Inadequate procedures: Overtime, internal control may become inadequate or ineffective due
to changes in conditions, procedures or practices and this may lead to deterioration in
compliance with procedures.

Example: An organization may experience an increase in sales to an extent that the only way
the sales man can keep up with demand is by ignoring certain controls. Thus, controls
have remained static but opportunities and risk have changed, so procedures and
practices should be re-evaluated.

Think Point:
Internal control in everyday life
We are all exposed to ‘internal control’ in our
lives sometimes without even being aware of it.
For example, if we want to withdraw money from
the ATM we must enter our PIN number, if we
want to use the University’s library, we must
produce our staff or student card. All of these
regulations and procedures are designed to
address and limit potential risks.

REGENT Business School Page 113

Auditing 2 BCOMACC

End of chapter Exercise

QUESTION 1

1.1 Identify the general objectives of internal control.

1.2 Give three reasons why it is important to have source documentation numerically
sequenced.
1.3 Distinguish between segregation of duties and isolation of responsibility.
1.4 “Collusion and management over ride are the greatest enemies of good internal control”.
State whether this statement is true or false, your answer must include an explanation of
the terms “management over ride” and “collusion”.

QUESTION 2

Despite the best intentions of the directors of a company to implement “fool proof” internal
controls it is virtually impossible to do. From the auditor’s perspective, internal control, no matter
how effective, can provide an entity with only reasonable assurance about achieving the entity’s
financial reporting objectives. The reason is that internal systems do have inherent limitations.

Required:

2.1 Identify, with brief explanations, the inherent limitations of internal controls.
2.2 Give an example of each of the inherent limitations in the context of a sales/cash
receipts system for a supermarket.

QUESTION 3

Morgan Chetty, a friend of yours, patented a useful kitchen device which has proved popular in
the market place. Initially he had manufactured and sold the device himself, but as sales
increased he found it necessary to move into a small factory park, employ accounting and
administration personnel and improve his internal controls drastically. With no accounting
background, he discussed the matter with an accountant but found it all very confusing. He has
now asked you to explain some of the things he has been told.

REGENT Business School Page 114

Auditing 2 BCOMACC

“The accountant says I must introduce segregation of duties, design my source documents
properly and implement control activities, and that I must watch out for collusion –“ what is he
talking about?

Required:

Explain to Morgan Chetty what the accountant means by the following:

3.1 Segregation of duties

3.2 Proper source document design
3.3 Control activities
3.4 Collusion

Relate your explanation to his business.

REGENT Business School Page 115

Auditing 2 BCOMACC

CHAPTER 9

A FRAMEWORK FOR SUBSTANTIVE PROCEDURES

REGENT Business School Page 116

Auditing 2 BCOMACC

Learning Outcomes:

 Understanding the need for substantive procedures

 Be exposed to the different categories of substantive procedures
 Be familiar with the assertions relating to substantive procedures
 Understanding dual purpose tests
 Understanding the relationship between substantive procedures and audit risk

READINGS

Prescribed Readings:
Chapter 13
Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis.

Chapter 5
Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis.

REGENT Business School Page 117

Auditing 2 BCOMACC

9.1 Introduction to Substantive Procedures

Financial statements consisting of collection of balances (Balance Sheet) and summary of

totals (Income Statement) and accompanying notes, tests of control cannot provide auditor
with sufficient appropriate evidence pertaining to balances, totals and disclosures, so auditor
must perform procedures of a substantive nature.

Substantive procedures can be performed on balances and totals themselves or on the

individual transactions which make up the balance or total. Substantive procedures are either
tests of detail or analytical procedures.

Substantive procedures seek to provide evidence to support the financial statement assertions:

 Balances – completeness, existence, valuation, rights and obligations, presentation and

disclosure
 Transactions – completeness (totals), occurrence, measurement, presentation and
disclosure

9.2 Categories of substantive procedures:

Re-performance – auditor repeats (either wholly or in part) the same internal control
procedures that were previously performed by the client (e.g. re-performing the age analysis of
stock and debtors)

Re-calculation - checks the arithmetical accuracy of source documents and accounting

records (e.g. checking depreciation totals) auditor can also compute figures which have not
been computed by client.

Inspection of records or documents or tangible assets (e.g. inspecting fixed assets to confirm
their existence or inspecting a confirmation of balance certificate from a long term loan creditor)

Analytical procedures relating to the analysis of significant ratios and trends and include
resulting investigation of fluctuations and relationships that are inconsistent with other relevant
information or which deviate from permitted amounts.

REGENT Business School Page 118

Auditing 2 BCOMACC

Enquiry and confirmation relates to seeking information from knowledgeable persons

inside or outside the entity. Enquiries might be formal written enquires addressed to 3rd
parties or informal oral enquires to staff. Enquires will either give the auditor new information or
will corroborate audit evidence that he already has. Confirmation is procedure of obtaining a
response to an enquiry to corroborate information contained in accounting records (e.g. auditor
sees confirmation of the existence of a debtor by direct confirmation with the debtor).

Vouching and verifying

 Vouching relating to audit transactions

 Verifying relates to balances

9.3 Dual purpose tests

Note that even though certain tests appear in the same categories difference evidence will be
gather in different tests, e.g. when auditor re-performs client’s bank reconciliation he does :

Test of control – obtaining evidence that the control procedure of reconciling has taken place.

Substantive procedure – gather substantive evidence about the “cash at bank” balance.

9.4 Substantive procedures and audit risk

The relationship between inherent, control and detection risk is as follows:

Audit risk (AR)= Inherent risk (IR) X Control Risk (CR) X Detection risk (DR)

The auditor estimates the inherent risk, as well as the control risk (after testing the internal
controls by means of tests of controls) and then applies substantive procedures accordingly to
limit the detection risk.

IR and CR are low: Limit the nature, extent and timing of the substantive procedures (accept
a high detection risk).

IR and CR are high: Extended substantive procedures (nature, extent and timing) to limit the
audit risk (results in a low detection risk).

REGENT Business School Page 119

Auditing 2 BCOMACC

9.5 Extent of substantive procedures

The extent of substantive procedures is normally thought of in terms of sample size. The extent
of substantive procedures will normally be greater:

 If the risk of material misstatement is greater or

 As a result of unsatisfactory results from tests of operating effectiveness of controls.

End of chapter Exercise

QUESTION 1

1.1 What is dual purpose test?

1.2 Identify and explain the categories of substantive procedures.
1.3 Briefly discuss when substantive procedures are used.

QUESTION 2

The annual financial statements are a collection of assertions laid out in a particular format, i.e.
the balance sheet, income statement and accompanying notes. The balances reflected in the
balance sheet assert (or represent) certain things for assets, and slightly different things for
liabilities. Totals in the income statement, such as interest paid, assert or represent similar, but
again, different things, as do the accompanying notes in the financial statements.

Required:

2.1 Construct a chart which reflects the assertions which relate to:

a) Trade Debtors
b) Long term loans
c) Interest paid
d) Plant and equipment
e) Interest received

REGENT Business School Page 120

Auditing 2 BCOMACC

2.2 Give two substantive procedures you could conduct to obtain evidence relating to the
following assertions:

1) Trade debtors – existence and rights

2) Long term loans – completeness and valuation
3) Interest paid – occurrence and accuracy

REGENT Business School Page 121

Auditing 2 BCOMACC

BIBLIOGRAPHY

Marx B.; Van Der Watt; Bourne; Hamel, (2012), Dynamic Auditing; A Student Edition; 10th
Edition, Durban; LexisNexis

Jackson, R.D., & Stent, W.J. (2012), Auditing Notes for South African Students, 8th Edition,
Durban; LexisNexis

Crous, C., Lamprecht, P., Eilifsen, A., Messier, Jr.F.W., Glover, S.M., & Prawitt, D.W. (2012),
Auditing and Assurance Services, 4th South African Edition, Berkshire, McGraw-Hill

Gowar, H.R., & Jackson, R.D. (2011), Graded Question on Auditing, Durban; LexisNexis

Marx B.; Van Der Watt; Marianne van Staden, (2012), Applied Questions on Auditing; 6th
Edition, Durban; LexisNexis

REGENT Business School Page 122