Contents

CA Himanshu

Basics of Auditing 5

SA 200 17

SA 210 21

SA 230 26

SQC 1 & SA 220 32

SA 300 40

Concept of Risk 50

SA 315 57

SA 330 69

Assertions75

SA 320 77

SA 500 82

SA 501 91

SA 505 97

SA 510 100

SA 520 103

SA 550 110

SA 560 112

SA 580 116

SA 260 120

SA 265 125

SA 610 128

SA 450 136

Automated Environment 138

Evaluation of Internal Controls 146

CA Himanshu

Page No.1
CA Himanshu

This book is crafted for every student out there. I want to make it clear:
there's no copyright claim on this material. Whether you're a teacher or a
student, if you find it useful, I wholeheartedly encourage you to make the
best use of it.

No legal case or no permission of Author required :)

CA Himanshu

CA Himanshu Jagetiya Page No.2

CA Himanshu

Message from the Author

Dear Readers,

The compilation of these fantastic notes is a labour of love, fueled by a deep passion
for the subject. Having extensively researched all available content on CA Inter Audit
in the market, I can confidently say that what you hold in your hands is unparalleled.
It covers 100% of the module content, ensuring a comprehensive and thorough study
experience.

In the grand scheme of things, the source of your study materials may vary, but what
truly matters is our shared goal of successfully clearing this exam. I've poured countless
hours into refining this material, not because I was keeping track of time, but because
I love what I do.

My earnest wish is for you to find that same passion in your pursuits. When you love
what you do, the hours spent become irrelevant, and the journey becomes the reward.

May every topic within these pages serve as inspiration for your hard work and dedication.
Remember, success in your endeavors is not just a possibility but a certainty.

If you ever need guidance or support, feel free to reach out to me at 90249 76491.
Let's embark on this journey together and conquer new heights.

For Best Results, use this with my Scanner.

Wishing you success and fulfillment,

Yours,

Himanshu

#I am not a Teacher :)

#I am not a Ranker :)

# I will change the system :) CA Himanshu

Page No.3
 Short Forms Used
CA Himanshu

FS - Financial Statements

ROMM - Risk of Material Misstatement

EP - Engagement Partner

NTE - Nature, Timing and Extent

SAAE : Sufficient and appropriate audit evidence

FRF : Financial reporting framework

CTABD: Class of transaction, account balance or disclosure

Mgmt : Management

EA : External Auditor

IA : Internal Audit

TCWG : Those charged with governance

CA Himanshu

CA Himanshu Jagetiya Page No.4

 Basics of Auditing
CA Himanshu

1. Meaning and Nature of Auditing

1. An audit is independent examination of financial information of any entity

2. Whether profit oriented or not, and irrespective of its size or legal form
3. When such an examination is conducted with a view to express an opinion thereon.

2. Purpose of Auditing

1. The purpose of audit engagements is to enhance the degree of confidence of intended

users of FS. Such engagements are also reasonable assurance engagements.
2. This is done by an independent auditor expressing their opinion on whether the FS
present a true and fair view of the entity’s affairs.

3. Auditor’s Task that Financials should not Mislead

The person conducting this task should take care to ensure that FS would not mislead
anybody. This he can do by satisfying himself that:

1. Accounts have been drawn up with reference to entries in the books of account
2. Entries in the books of account are adequately supported by sufficient and appropriate
evidence
3. None of the entries in the books of account has been omitted in the process of
compilation and nothing which is not in the books of account has found place in the
statements
4. Information conveyed by the statements is clear and unambiguous
5. FS amounts are properly classified, described and disclosed in conformity with AS
and
6. Statement of accounts present a true and fair picture of the operational results and
of the assets and liabilities.

Trick :)
CA Himanshu

Basics of Auditing Page No.5

 4. Scope of Audit - What it Includes & Won’t ?
CA Himanshu

1. Coverage of all aspects of entity: relevant to the FS being audited: Audit of financial
statements should be organized adequately to cover all aspects of the entity relevant
to the financial statements being audited.
2. Reliability and Sufficiency of financial information: The auditor should be reasonably
satisfied that information contained in underlying accounting records and other
source data (like bills, vouchers, documents etc.) is reliable and sufficient basis for
preparation of financial statements.
3. Proper disclosure of financial information: The auditor should also decide whether
relevant information is properly disclosed in the financial statements. He should also
keep in mind applicable statutory requirements in this regard.
4. Expression of an opinion on FS
5. Not in Scope: Responsibility of preparation and presentation of FS
6. Not in Scope: Duties outside scope of competence of auditor
7. Not in Scope: Expertise in authentication of documents
8. Not in Scope: Investigation

5. Advantages of Audit of Financial Statement

1. Safeguarding Stakeholders Interest: It protects the financial interests of people

not involved in managing the entity, like partners, shareholders, bankers, and the
public.
2. Moral Check: It deters employees from committing theft or fraud.
3. High Quality Information: Audited FS are useful for calculating taxes, securing loans,
and determining the value of a business in a sale.
4. Dispute Resolution: They can also resolve disputes related to wages, bonuses, or
property damage.
5. Point out Deficiencies: Audits find and suggest solutions for wastage and losses,
especially those caused by inadequate internal controls. Audits review organizational
controls, highlighting weaknesses or shortcomings.
6. Records Maintenance: Audits check if records are maintained properly and help
clients correct any deficiencies.
7. Partnership: Audited accounts simplify settling financial matters when a partner
joins or leaves. The government may require audited statements before granting
assistance or licenses for specific businesses

6. Audit Mandatory or Voluntary ?

Audit is not legally obligatory for all types of business organisations or institutions.
On this basis audits may be of two broad categories i.e., audit required under law and
CA Himanshu

voluntary audits.

1. Audit required under law: The organisations which require audit under law are the
following: e.g., companies governed by the Companies Act; banking companies; other
statutory bodies required by their regulators or by specific Act.
CA Himanshu Jagetiya Page No.6
 2. Voluntary category are the audits of the accounts of proprietary entities, partnership
CA Himanshu

firms, Hindu undivided families, etc. In respect of such accounts, there is no basic
legal requirement of audit. Many of such enterprises as a matter of internal rules
require audit.

7. What is Engagement

Engagement means an arrangement to do something. In the context of auditing, it means

a formal agreement between auditor and client under which auditor agrees to provide
auditing services. It takes the shape of engagement letter.

External audit engagements:

1. External audit engagements aim to boost the confidence of FS users.
2. These engagements provide reasonable assurance.
3. In India, companies must have their annual accounts audited by an EA.
4. Non-corporate entities can also opt for external audits due to their associated
benefits.

To whom audit report is submitted by an auditor ?

1. The report is given to the person who appoints the auditor.
2. In companies, this is the shareholders, and in firms, it’s the partners.

8. Meaning of Assurance Engagement

1. Assurance engagement involves a practitioner providing a conclusion.

2. The conclusion aims to increase the confidence of intended users (other than
responsible party
3. About outcome of evaluation or measurement of a subject matter against criteria.
4. The practitioner offers an opinion on specific information.
5. This helps information users make confident decisions with reduced risk of
inaccuracies.

How to write :

Elements of an Assurance Engagement:

1. Three Party relationship : An assurance engagement involves said three parties:
CA Himanshu

a. Practitioner is a person who provides the assurance. The term practitioner

is broader than auditor. Audit is related to historical information whereas
practitioner may provide assurance not necessarily related to historical financial
information.

Basics of Auditing Page No.7

 b. Responsible party is the party responsible for preparation of subject matter.
CA Himanshu

c. Intended users are the persons for whom an assurance report is prepared. These
persons may use the report in making decisions.

2. Subject matter : It refers to Info. to be examined by practitioner. For eg. financial

info. contained in FS while conducting audit of FS.
3. Suitable Criteria: Refer to benchmarks used to evaluate the subject matter like
standards, guidance notes, laws, rules and regulations.
4. Sufficient appropriate evidence:

▶ The practitioner performs an assurance engagement to obtain SAAE

▶ It is on the basis of evidence that conclusions are arrived and an opinion is

formed by auditor.

▶ “Sufficient” relates to quantity of evidence obtained by auditor .

▶ “Appropriate” relates to quality of evidence obtained by auditor.

▶ One evidence may be providing more comfort to auditor than the other evidence.
The evidence providing more comfort is qualitative and, therefore, appropriate.

▶ Evidence should be both sufficient and appropriate

5. Written assurance report in appropriate form: Written report is provided containing

conclusions that conveys assurance about subject matter. A written assurance report
is outcome of an assurance engagement.

Chart:

9. Audit Vs. Review

1. Audit is a reasonable assurance engagement.

2. Review is a limited assurance engagement.
CA Himanshu

3. It provides less assurance compared to an audit.

4. Reviews involve fewer procedures and gather sufficient evidence for limited
conclusions.
5. Both audit and review pertain to FS based on historical financial data.

CA Himanshu Jagetiya Page No.8

 10. Reasonable Assurance vs Limited Assurance
CA Himanshu

Reasonable assurance engagement Limited assurance engagement

Reasonable assurance Limited assurance engagement provides lower
engagement provides high level of assurance than reasonable assurance
level of assurance. engagement.
It performs elaborate and extensive It performs fewer procedures as compared to
procedures to obtain sufficient reasonable assurance engagement.
appropriate evidence.
It draws reasonable conclusions on It involves obtaining sufficient appropriate
the basis of sufficient appropriate evidence to draw limited conclusions.
evidence.
Example of reasonable assurance Example of limited assurance engagement is
engagement is an audit engagement. review engagement.

Point to be noted my lord !!

11. Prospective vs Historical financial Information

“Prospective financial information” means financial information based on assumptions

about events that may occur in the future and possible actions by an entity. It can be in
the form of a forecast or projection or combination of both.

• Prospective financial information relates to future events.

• While evidence may be available to support the assumptions on which the prospective
financial information is based, such evidence is itself generally future- oriented.

• The auditor is, therefore, not in a position to express an opinion as to whether the
results shown in the prospective financial information will be achieved.

• Hence, such type of assurance engagement provides only a “moderate” level of

assurance.

“Historical financial information” means information expressed in financial terms

• of a particular entity,
CA Himanshu

• derived primarily from that entity’s accounting system,

• about economic events occurring in past time periods or

• about economic conditions or circumstances at points in time in the past.

Basics of Auditing Page No.9

 12. Engagement and Quality Control Standards : An Overview
CA Himanshu

Overview Dehk lo Pehle !!

Standards on Auditing (SA):

1. Standards on Auditing apply to independent Audit of FS.
2. They specifically pertain to Historical information.
3. These standards set high-quality benchmarks for auditors.
4. Auditors must follow these standards during financial statement audits.
5. Standards cover various auditing topics, including objectives, documentation, planning,
risk assessment, sampling, evidence, and reporting.
6. They encompass all key aspects of financial statement audits.

Example of Standards on Auditing are:

1. SA 230 Audit Documentation

2. SA 500 Audit Evidence

Standards on Review Engagements (SRE):

1. Standards on review engagements apply to the review of FS.
2. A review is a limited assurance engagement and offers less assurance than an audit.
3. Reviews involve fewer procedures than audits.
4. Despite being a limited assurance engagement, reviews still require obtaining SAAE
5. An example of a review is when an auditor reviews interim financial information for
an entity.

Examples of Standards on Review engagements are:

1. SRE 2400 (Revised) Engagements to Review Historical FS

CA Himanshu

2. SRE 2410 Review of Interim Financial Information Performed by the Independent

Auditor of the Entity

Standards on Assurance Engagements (SAA):

1. Apply to assurance engagements dealing with subjects other than historical financial

CA Himanshu Jagetiya Page No.10

 information.
CA Himanshu

2. These engagements do not involve auditing or reviewing historical financial data.

3. An example is an assurance engagement for examining prospective financial information.
4. These standards cover various assurance tasks, including those related to non-
financial matters like the design and operation of internal controls in an entity.

Examples of Standards on Assurance Engagements are:

1. SAE 3400 The Examination of Prospective Financial Information

2. SAE 3420 Assurance Engagements to Report on the Compilation of Pro Forma Financial
Information Included in a Prospectus

Standards on Related Services (SRS):

1. These standards apply to engagements where agreed-upon procedures are performed
on financial information.
2. For instance, such engagements might involve the auditor conducting specific
procedures on financial data like accounts payable, accounts receivable, related party
purchases, segment profits, or entire FS such as a balance sheet.
3. In some cases, the practitioner might help mgmt prepare historical financial
information but doesn’t provide assurance on it.
4. These compilation engagements are related services, and the practitioner issues a
report stating that it’s not an assurance engagement, and no opinion is given.

Examples of Standards on related services are:

1. SRS 4400 Engagements to perform agreed-upon procedures regarding financial

information
2. SRS 4410 (Revised) Compilation engagements

One Important Example

Standards on Quality Control (SQC):

1. Standards on Quality Control (SQCs) are guidelines for firms to maintain quality
control in their audit, review, and assurance engagements.
2. SQC 1 is one of these standards and requires auditors/practitioners to establish a
quality control system.
3. The system ensures compliance with professional standards, legal requirements, and
the issuance of appropriate reports.
CA Himanshu

4. The main goal is to have a quality control system in firms to ensure compliance with
professional standards and legal requirements when providing services covered by
engagement standards.

Basics of Auditing Page No.11

 13. Why are Standards Required ?
CA Himanshu

1. Standards ensure carrying out of audit against established benchmarks at par with
global practices.
2. Standards improve quality of financial reporting thereby helping users to make
diligent decisions.
3. Standards promote uniformity as audit of FS is carried out following these Standards.
4. Standards equip professional accountants with professional knowledge and skill.
5. Standards ensure audit quality.

14. Duties in relation to Standards

1. Professional accountants have a responsibility to follow standards in their work.

2. They must adhere to these standards in most cases, but there can be situations
where following a standard isn’t effective for a specific job.
3. In such cases, accountants should document the alternative procedures they used
and explain why they departed from the standard unless it’s obvious.
4. Their report should also highlight any departures from the standards.
5. Mere disclosing a departure in the report doesn’t absolve the accountant from
following the standards.

15. Meaning of Independence

Independence implies that the judgement of a person is not subordinate to the wishes
or direction of another person who might have engaged him. Independence is linked to
the fundamental principles of objectivity and integrity. It comprises:

1. Independence of mind
2. Independence in appearance

Independence of mind:

The state of mind that permits the expression of conclusion/opinion without being
affected by influences that compromise professional judgement, thereby allowing an
individual to:

1. Act with integrity

2. Exercise objectivity and
3. Professional skepticism

Independence in appearance:

The avoidance of facts and circumstance that are so significant that a reasonable and
informed third party would be likely to conclude that a firm’s or an audit or assurance
team member’s integrity, objectivity and professional skepticism has been compromised.
CA Himanshu

(This relates to others perception of auditor’s independence).

16. Threat to Independence

CA Himanshu Jagetiya Page No.12

 Examples from Real Life
CA Himanshu

Direct financial interest

Loan or guarantee to/from Client
Undue dependence on a client’s fees
Close business relationship with client
Potential employment with the client
Contingent fees for the audit engagement
Member of the audit team previously was senior employee at client
Auditor becomes the client’s advocate in litigation and third-party disputes
Close relative of an audit team member is working in a senior position in the client company,
Former partner of the audit firm being a director or senior employee of the client
Long association between specific auditors and their specific client counterpart
Acceptance of significant gifts or hospitality
Threat of replacement by client

1. Self Interest Threats:

which occur when an auditing firm, its partner or associate could benefit from a financial
interest in an audit client. Examples include:

1. Direct financial interest or materially significant indirect financial interest in a

client. E.g., equity ownership
2. Loan or guarantee to or from the concerned client
3. Undue dependence on a client’s fees and, hence, concerns about losing the engagement.
E.g., large proportion of revenue from one client.
4. Close business relationship with an audit client. E.g., joint venture with client
5. Potential employment with the client. E.g., Auditor or auditor’s spouse enters into
employment negotiation with client
6. Contingent fees for the audit engagement. E.g., contingent fees are arrangement
where fee is dependent of outcome of a certain event or fixed fees is not charged
and computed on percentage basis.

2. Self-Review Threats:

This occur during the review of any judgement or conclusion reached in a previous audit
or non-audit engagement.

Eg. When a member of the audit team previously was an employee of the client (especially
a director or senior officer) in a position to exert significant influence over the subject
matter of the audit engagement.
CA Himanshu

Eg. assisting an audit client in matters such as preparing accounting records or FS. This
may create a self-review threat when the firm subsequently audits the FS.

3. Advocacy Threats:

Basics of Auditing Page No.13

 This occur when the auditor promotes, or seems to promote, a client’s opinion to a point
CA Himanshu

where people may believe that objectivity is getting compromised.

Eg. when an auditor deals with shares or securities of the audited company, or becomes
the client’s advocate in litigation and third-party disputes.

4. Familiarity threats:

These threats are self-evident, and occur when auditors become too sympathetic to the
client’s interests. This can occur in many ways:

1. Close relative of an audit team member is working in a senior position in the client
company,
2. Former partner of the audit firm being a director or senior employee of the client
3. Long association between specific auditors and their specific client counterparts,
and
4. Acceptance of significant gifts or hospitality from the client company, its directors
or employees.

5. Intimidation threats:

This occurs when auditors are deterred from acting objectively with an adequate degree
of professional skepticism. Two examples of intimidation threats are:

1. When an auditor is told he will be replaced based on a disagreement over application

of an accounting principle and
2. Pressure to reduce the scope of the audit in order to reduce fees.

17. Safeguard to Independence

The Chartered Accountant has a responsibility to remain independent, safeguards

should be identified and applied to eliminate the threats. The following are the guiding
principles in this regard :

1. For the public to have confidence in the quality of audit, it is essential that auditors
should always be and appears to be independent of the entities that they are auditing.
2. In the case of audit, the key fundamental principles are integrity, objectivity and
professional skepticism, which necessarily require the auditor to be independent.
(Extra point)
3. Before taking on any work, an auditor must conscientiously consider whether it
involves threats to his independence.
4. When such threats exist, the auditor should either desist from the task or eliminate
the threat or at the very least, put in place safeguards which reduce the threats to
an acceptable level.
5. All such safeguards measures need to be recorded in a form that can serve as evidence
CA Himanshu

of compliance with due process. When such threats exist, the auditor should either
desist from the task or put in place safeguards that eliminate them.
6. If the auditor is unable to fully implement credible and adequate safeguards, then he
must not accept the work

CA Himanshu Jagetiya Page No.14

 Time for Practical Insight: How this works in real life ?
CA Himanshu

18. Principle vs. Rule Based Approach

Ethical guidance may follow principles-based approach or rules-based approach.

Principles-based approach to ethics requires:

1. Compliance with spirit of ethics.

2. Accountants to exercise professional judgment in every situation based upon their
professional knowledge, skill and expertise.
3. Accountants should use professional judgment to evaluate every situation to arrive
at conclusions.

Rules-based approach to ethics:

1. Strictly follows clearly established rules.

2. May lead to a narrow outlook and
3. Spirit of ethics may be overlooked while strictly adhering to rules.
4. Rules- based approach is somewhat rigid as it may not be possible to deal with every
practical situation relying upon rules.

“Dream Big, Stay Positive, Work Hard and Enjoy the Journey”
CA Himanshu

Basics of Auditing Page No.15

CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.16

 SA 200
CA Himanshu

1. Objective of SA 200

As per SA-200 “Overall Objectives of the Independent Auditor”, in conducting an audit

of FS, the overall objectives of the auditor are:

a. To obtain reasonable assurance about whether the FS as a whole are free from
material misstatement; and

b. To report on the FS, and communicate as required by the SAs, in accordance with
the auditor’s findings.
Summary:
1. Obtaining a reasonable assurance that FS as a whole are free from material
misstatement due to fraud or error
2. Gaining a reasonable assurance leads to formation of opinion whether FS are prepared,
in all material respects, in accordance with applicable FRF
3. To report on the FS
4. Reporting of opinion in accordance with audit findings
5. Communication of reporting
6. Reporting and communication in accordance with SA

“Reasonable assurance is to be distinguished from absolute assurance. Absolute assurance

is a complete assurance or a guarantee that FS are free from material misstatements.
However, reasonable assurance is not a complete guarantee. Although it is a high-level
of assurance but it is not complete assurance”

Kitne Aadmi the ?

2. Inherent Limitation of Audit (ILA)

As per SA 200, the auditor is not expected to, and cannot, reduce audit risk to zero and
cannot therefore obtain absolute assurance that the FS are free from MM due to fraud
or error.

This is because there are inherent limitations of an audit, which result in most of the
audit evidence on which the auditor draws conclusions and bases the auditor’s opinion
being persuasive rather than conclusive.

These fundamental limitations arise due to the following factors:

1. The Nature of financial reporting
CA Himanshu

2. The Nature of Audit procedures

3. Audit is not investigation
4. Timeliness of financial reporting and decrease in relevance of information over time

SA 200 Page No.17

 5. Future events
CA Himanshu

The Nature of Financial Reporting:

1. Preparation of FS involves making many judgments by Mgmt
2. These judgments may involve subjective decisions or a degree of uncertainty.
Therefore, auditor may not be able to obtain absolute assurance that FS are free
from MM due to frauds or errors.
The Nature of Audit Procedures:
There are practical and legal limitations on the auditor’s ability to obtain audit evidence.
For example:

1. The auditor carries out his work by obtaining audit evidence through performance
of audit procedures. However, there are practical and legal limitations on ability of
auditor to obtain audit evidence. For example, an auditor does not test all transactions
and balances. He forms his opinion only by testing samples. It is an example of practical
limitation on auditor’s ability to obtain audit evidence.
2. Mgmt. may not provide complete information as requested by auditor. There is no
way by which auditor can force mgmt. to provide complete information as may be
requested by auditor. In case he is not provided with required information, he can
only report. It is an example of legal limitation on auditor’s ability to obtain audit
evidence
3. The mgmt. may consist of dishonest and unscrupulous people and may be, itself,
involved in fraud. It may be engaged in concealing fraud by designing sophisticated
and carefully organized schemes which may be hard to detect by the auditor.
4. An auditor is not an expert in authentication of documents. Therefore, he may be led
to accept invalid audit evidence on the basis of unauthentic documents.

Audit is not investigation

Audit is not an official investigation. Hence, auditor cannot obtain absolute assurance
that FS are free from material misstatements due to frauds or errors.

Timeliness of Financial Reporting and the Balance between Benefit and Cost:
The relevance of information decreases over time and auditor cannot verify each and
every matter. Therefore, a balance has to be struck between reliability of information
and cost of obtaining it.

Future events
Future events or conditions may affect an entity adversely. Adverse events may seriously
affect ability of an entity to continue its business. The business may cease to exist in
future due to change in market conditions, emergence of new business models or products
or due to onset of some adverse events. Therefore, it is in view of above factors, that
CA Himanshu

an auditor cannot provide a guarantee that FS are free from material misstatements
due to frauds or errors.

CA Himanshu Jagetiya Page No.18

 Barkhurdar Jara Dhyan Se !!
CA Himanshu

3. Professional Skepticism

As per SA 200, Professional skepticism refers to an attitude that includes a:

• Questioning mind,

• Being alert to conditions which may indicate possible misstatement due to error or
fraud, and

• Critical assessment of audit evidence.

The auditor shall plan and perform an audit with professional skepticism recognising
that circumstances may exist that cause the FS to be materially misstated.

Professional skepticism requires the auditor to be alert to (for example) :

1. When audit evidence contradicts other evidence obtained, this can indicate a problem.
2. When information raises doubts about the reliability of documents and responses to
inquiries, this can indicate an issue.
3. When there are conditions that may suggest possible fraud.
4. Sometimes, circumstances arise that suggest the need for additional audit procedures
beyond what is required by the Standards on Auditing

During an audit, the auditor needs to be careful and maintain professional skepticism to
avoid making mistakes. This helps in reducing the chances of missing important things
like:
CA Himanshu

1. Unusual changes (Overlooking unusual circumstances)

2. Relying on incomplete information (Over generalising)
3. Making wrong assumptions when planning the audit work (Using Inappropriate
assumption in planning and concluding audit)
SA 200 Page No.19
 Examples and Tricks for Retention
CA Himanshu

“Hard Work Beats Talent, when Talent doesn’t Work Hard”

CA Himanshu

CA Himanshu Jagetiya Page No.20

 SA 210
CA Himanshu

1. Objective of SA 210

The objective of the auditor is to accept or continue an audit engagement only when the
basis upon which it is to be performed has been agreed, through:

1. Establishing whether the preconditions for an audit are present; and

2. Confirming that there is a common understanding between the auditor and mgmt. and,
where appropriate, TCWG of the terms of the engagement.

Kya Samje ?

2. Preconditions of Audit

As per SA 210 “Agreeing the Terms of Audit Engagements”, preconditions for an audit
may be defined as mgmt’s use of an acceptable FRF in the preparation of the FS and
the agreement of mgmt. and, where appropriate, TCWG to the premise on which an audit
is conducted.

In order to establish whether the preconditions for an audit are present, the auditor
shall:

1. Determine whether the FRF is acceptable; and

2. Obtain the agreement of mgmt. that it acknowledges and understands its responsibility:

a. For the preparation of the FS in accordance with the applicable FRF;

b. For the internal control as mgmt. considers necessary; and

3. To provide the auditor with:

a. Access to all information such as records, documentation and other matters

b. Additional information that the auditor may request from mgmt. for the purpose
of the audit; and

c. Unrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence.

Kaise Establish Karenge ?

CA Himanshu

3. If Preconditions are Not Present

If the preconditions for an audit are not present, the auditor shall discuss the matter
with mgmt..

SA 210 Page No.21

 Unless required by law or regulation to do so, the auditor shall not accept the proposed
CA Himanshu

audit engagement:

1. If the auditor has determined that the FRF to be applied in the preparation of the
FS is unacceptable or
2. If the agreement of mgmt. is not obtained on matters relating to understanding of
responsibility of mgmt on preparation of FS, internal controls for preparation of FS,
providing access to all information to auditor and unrestricted access to persons
within the entity.

Wo Agree Nahi karta rahenga toh?

4. Terms of Engagement Letter

According to SA 210 “Agreeing the Terms of Audit Engagements”, the auditor shall
agree the terms of the audit engagement with mgmt or TCWG, as appropriate.

The agreed terms of the audit engagement shall be recorded in an audit engagement
letter or other suitable form of written agreement and shall include:

1. Objective and scope of the audit of the FS;

2. Responsibilities of the auditor;
3. Responsibilities of mgmt;
4. Identification of the applicable FRF for the preparation of the FS; and
5. Reference to the expected form and content of any reports to be issued by the
auditor and a statement that there may be circumstances in which a report may
differ from its expected form and content.

“If law or regulation prescribes in sufficient detail the terms of the audit engagement, the
auditor need not record them in a written agreement, except for the fact that such law
or regulation applies and that mgmt acknowledges and understands its responsibilities.”

Time for Practical Check Up:

5. Limitation on Scope Prior to Engagement

If the auditor believes the limitation will result in the auditor disclaiming an opinion on
CA Himanshu

the FS, the auditor shall not accept such a limited engagement as an audit engagement,
unless required by law or regulation to do so.

6. Acceptance of change in terms of Engagement

CA Himanshu Jagetiya Page No.22

 A request from the client for the auditor to change the engagement may result from:
CA Himanshu

1. A misunderstanding as to the nature of an audit or related service originally requested.

2. Change in circumstances affecting the need for the service,
3. Restriction on the scope of the engagement, whether imposed by mgmt or caused by
circumstances.

For Example:

What should an auditor do before agreeing to change Audit engagement to an

engagement providing lower level of Assurance ?
▶ If the auditor is requested to change the audit engagement to an engagement that
conveys a lower level of assurance, the auditor shall determine whether there is
reasonable justification for doing so.
▶ The auditor shall not agree to a change in the terms of the audit engagement where
there is no reasonable justification for doing so.
▶ The auditor considers the justification given for the request, particularly the
implications of a restriction on the scope of the audit engagement.
▶ Change may not be considered reasonable if it appears that the change relates to
information that is incorrect, incomplete or otherwise unsatisfactory.
▶ Before agreeing to change an audit engagement to a review or a related service, an
auditor who was engaged to perform an audit in accordance with SAs may also need
to assess any legal or contractual implications of the change.

If the auditor concludes that there is reasonable justification to change the audit
engagement to a review or a related service, the audit work performed to the date of
change may be relevant to the changed engagement.

However, the work required to be performed and the report to be issued would be those
appropriate to the revised engagement.

In order to avoid confusing the reader, the report on the related service would NOT
include reference to:

1. The original engagement; Or

2. Any procedures that may have been performed in the original audit engagement,
EXCEPT where the audit engagement is changed to an engagement to undertake
agreed- upon procedures and thus reference to the procedures performed is a normal
part of the report.
CA Himanshu

Revised Engagement Letter:

If the terms of the audit engagement are changed, the auditor and mgmt shall agree on
and record the new terms of the engagement in an engagement letter or other suitable

SA 210 Page No.23

 form of written agreement.
CA Himanshu

7. Unable to Agree on New Terms

If the auditor cannot agree to a change in the terms of the audit engagement and mgmt
does not allow the original engagement to continue, then the auditor shall:

1. Withdraw from the audit engagement where possible under applicable law or regulation;
And
2. Determine whether there is any obligation, either contractual or otherwise, to report
the circumstances to other parties, such as TCWG, owners or regulators.

8. Recurring Audit

Recurring audit is an audit which is performed by an auditor over years. On recurring

audits, the auditor shall assess whether circumstances require the terms of the audit
engagement to be revised and whether there is a need to remind the entity of the
existing terms of the audit engagement.

The auditor MAY decide not to send a new audit engagement letter or other written
agreement each period.

The following factors may make it appropriate to revise the terms of the audit engagement
or to remind the entity of existing terms:

1. Any indication that the entity misunderstands the objective and scope of the Audit.
2. Any revised or special terms of the audit engagement.
3. Recent change of senior mgmt.
4. Significant change in ownership.
5. Significant change in nature or size of the entity’s business.
6. Change in legal or regulatory requirements.
7. Change in the FRF adopted in the preparation of the FS.
8. Change in other reporting requirements.

Yaad Kaise Rakhega Bhidu ? CA Himanshu

“It might not be easy but it’ll worth it”

CA Himanshu Jagetiya Page No.24

 CA Himanshu

SA 210
Page No.25
CA Himanshu
 SA 230
CA Himanshu

1. Objective of SA 230

The objective of the auditor is to prepare documentation that provides:

1. Sufficient and appropriate record of the basis for the auditor’s report; and
2. Evidence that the audit was planned and performed in accordance with SAs and
applicable legal and regulatory requirements

2. What is Audit documentation (Working Papers) ?

Audit documentation refers to the record of:

a. Audit procedures performed,
b. Relevant audit evidence obtained, and
c. Conclusions the auditor reached.

(Terms such as “working papers” or “work papers” are also sometimes used in reference
to audit documentation)
Examples of audit documentation:
1. Overall Audit Strategy
2. Audit plan
3. Issues memorandum
4. Summaries of significant matters.
5. Letters of confirmation and representation
6. Checklists
7. Correspondence (including e-mail) concerning significant matters
8. Memo on accounting and auditing matters
Nature of Audit Documentation:(Same as Objective)
Audit documentation provides:
a. Evidence of the auditor’s basis for conclusion on their report.
b. Evidence that the audit was planned and performed in accordance with SAs and
applicable legal and regulatory requirements.

3. Purpose/Importance of Audit documentation

The following are the purpose of Audit documentation:

1. Assists the engagement team to plan and perform the audit.

2. Assists members of the engagement team responsible for supervision to direct,
supervise and review the audit work
CA Himanshu

3. Enables the engagement team to be accountable for its work.

4. Retains a record of matters of continuing significance to future audits.
5. Enables the quality control reviews and inspections to be performed as per SQC 1.

CA Himanshu Jagetiya Page No.26

 6. Enables the external quality inspections to be performed
CA Himanshu

4. Form content and extent of audit documentation

Documentation should be sufficient to enable an experienced auditor, with no previous

connection to the audit, to understand:

1. NTE of audit procedures performed.

a. Identifying characteristics of the specific items or matters tested;
b. Who performed the audit work and the date such work was completed; and
c. Who reviewed the audit and extent of such review

2. Results of the procedures performed and the evidence obtained.

3. Significant matters arising during the course of the audit and the conclusions reached
thereon, and significant professional judgments made in reaching those conclusions.
The form, content and extent of audit documentation depend on factors such
as:
1. Size and complexity of the entity. (Reliance vs Binod Bhai & Co.)
2. Identified ROMM. (High vs Low)
3. Nature of the audit procedures to be performed. (Substantive vs TOC)
4. Significance of the audit evidence obtained.
5. Nature and extent of exceptions identified. (Misstatement)
6. Audit methodology and tools used.
7. Need to document a conclusion or the basis for a conclusion that isn’t clear from the
audit evidence or from the documentation of the work performed.

Create a Map in Mind:

CA Himanshu

5. Documentation of Significant matters and Judgements

The auditor shall prepare audit documentation that is sufficient to enable an experienced
auditor to understand significant matters arising during the audit.

SA 230 Page No.27

 Judging the significance of a matter requires an objective analysis of the facts and
CA Himanshu

circumstances.

Examples of significant matters include:

1. Matters that give rise to significant risks. (As per SA 315)

2. Results of audit procedures indicating:
a. FS could be materially misstated, or
b. Need to revise auditor’s previous assessment of the ROMM and response to those
risks

3. If the auditor faces challenges while performing necessary audit procedures or

4. Findings that could require modification in opinion or require them to add an EOM
Paragraph in the auditor’s report

Example of circumstances in which it is appropriate to prepare audit documentation

relating to the use of professional judgment:

1. Rational for auditor’s conclusion when a requirement provides auditor ‘shall consider’
certain information or factors, and that is significant in particular engagement.
2. Basis for auditor’s conclusion on reasonableness of areas of subjective judgements
(for eg, reasonableness of significant accounting estimates
3. Basis for auditor’s conclusion about authenticity of a document when further
investigation (such as use of auditors expert or confirmation procedures) undertaken
in response to conditions that caused auditor to believe document may not be authentic.

Understand from Example:

6. Completion Memorandum (Audit Documentation Summary)

The auditor may consider it helpful to prepare and retain as part of the AD a summary
(sometimes known as a completion memorandum) that describes:
CA Himanshu

1. The significant matters identified during the audit and

2. How they were addressed.
a. Such summary can help in reviewing and inspecting Audit Documentation, specially
useful for large and complex audits

CA Himanshu Jagetiya Page No.28

 b. Preparing a summary can help the auditor focus on significant matters
CA Himanshu

c. Summary can help identify whether any SA objective cannot be achieved, which
would prevent achieving overall audit objectives

7. Audit File

Audit file may be defined as

• one or more folders or other storage media,

• in physical or electronic form,

• containing the records that comprise

• audit documentation for a specific engagement.

8. Assembly of Audit file

1. SQC 1 requires firms to establish policies and procedures for the timely completion
of the assembly of audit files.
2. The auditor shall assemble the AD in an audit file and complete the administrative
process of assembling the final audit file on a timely basis after the date of the
auditor’s report.
3. Time Limit: An appropriate time limit within which to complete the assembly of the
final audit file is ordinarily not more than 60 days after the date of the auditor’s
report.
4. The completion of the assembly of the final audit file after the date of the auditor’s
report is an administrative process that does not involve the performance of new audit
procedures or the drawing of new conclusions. Changes may, however, be made to the
audit documentation during the final assembly process, if they are administrative in
nature.

Examples of such changes include:

1. Deleting or discarding superseded documentation.

2. Sorting, collating and cross-referencing working papers.
3. Signing off on completion checklists relating to the file assembly process.
4. Documenting audit evidence that the auditor has obtained, discussed and agreed
with the relevant members of the engagement team before the date of the auditor’s
report.
After the assembly of the final audit file has been completed:
The auditor shall not delete or discard audit documentation of any nature before the
end of its retention period.

Retention Period: SQC 1 requires firms to establish policies and procedures for the
CA Himanshu

retention of engagement documentation. The retention period for audit engagements

ordinarily is no shorter than 7 years from the date of the auditor’s report, or, if later,
the date of the group auditor’s report

9. Ownership of Audit Documentation

SA 230 Page No.29
 SQC 1 provides that, unless otherwise specified by law or regulation, Audit Documentation
CA Himanshu

is the property of the auditor.

Auditor may at his discretion, make available portions or extracts from Audit
Documentation to clients, provided:

• Disclosure does not undermine the validity of the work performed, or,

• In case of assurance engagements, the independence of the auditor.

Example:

“Push Yourself as no one is going to do that for you”

CA Himanshu

CA Himanshu Jagetiya Page No.30

 CA Himanshu

SA 230
Page No.31
CA Himanshu
 SQC 1 & SA 220
CA Himanshu

1. Objective of SQC 1

The objective of the firm is to establish and maintain a system of quality control to
provide it with reasonable assurance that:

1. The firm and its personnel comply with professional standards and
2. Reports issued by the firm or engagement partners are appropriate in the
circumstances.

2. Objective of SA 220

The objective of the auditor is to implement quality control procedures at the Engagement
level that provides the auditor with reasonable assurance that:

1. The audit complies with professional standards and applicable legal and regulatory
requirements; and
2. The auditor’s report issued is appropriate in the circumstances.

Apne Mind ko Kya Samja ?

3. Elements of System of Quality Control

SQC 1 SA 220
1. Leadership responsibilities for quality 1. Leadership responsibilities for quality within
within the firm the firm
2. Ethical requirements 2. Ethical requirements
3. Acceptance and continuance of client 3. Acceptance and continuance of client
relationships and specific engagements relationships and specific engagements
4. Human resources 4. Assignment of Engagement Teams
5. Engagement performance 5. Engagement performance
6. Monitoring 6. Monitoring

A. Leadership Responsibilities for Quality on Audits

The engagement partner (EP) shall take responsibility for the Overall Quality on each
audit engagement to which that partner is assigned.

1. The EP should emphasise the importance of:

a. Performing work that complies with professional standards and regulatory and
CA Himanshu

legal requirements;

b. Complying with the firm’s quality control policies and procedures as applicable;

c. Issuing auditor’s reports that are appropriate in the circumstances; and

CA Himanshu Jagetiya Page No.32

 d. The engagement team’s ability to raise concerns without fear of reprisals.
CA Himanshu

2. The fact that quality is essential in performing audit engagement

How to Convert to SQC 1

B. Ethical Requirements

The Code establishes the following as the fundamental principles of professional ethics
relevant to the auditor when conducting an audit of FS:

1. Integrity
2. Objectivity
3. Professional Competence and due care
4. Confidentiality
5. Professional Behaviour

Integrity

1. Requires Auditor to be honest and straightforward in their professional and business

relationships.
2. Implies Fair dealings and Truthfulness.
3. If effectively means that he shall not be associated with reports, return,
communications or other information which he believes contains a :
▶ Materially false or misleading statement
▶ Contains statements or info. provided recklessly or
▶ Omits required info. where such omission could be misleading.

Objectivity

Requires an auditor not to compromise professional judgment because of bias, conflict

of interest or undue influence of others.

It requires that a professional accountant shall not undertake a professional activity if

a circumstance or relationship unduly influences the accountant’s professional judgment
regarding that activity

Professional competence and due care:

It requires that auditor attains and maintains professional knowledge and skill at the
CA Himanshu

level required to render competent professional service based on current technical and
professional standards and legislations.

Diligence includes responsibility to act carefully, thoroughly and on a timely basis in

accordance with requirements of an assignment.

SQC 1 & SA 220 Page No.33

 Confidentiality:
CA Himanshu

Confidentiality principle requires an auditor to respect the confidentiality of information

acquired as a result of professional or business relationships. However, such confidential
information may be disclosed, for example, when it is required by law.

Professional behaviour:

It requires an auditor to comply with relevant laws and regulations and avoid any conduct
that he knows or should know might discredit the profession.

Answer these Question?

Ethical Requirements relating to Independence

The Code outlines fundamental principles like integrity, objectivity, competence,

confidentiality, and professional behavior.

Firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm, its personnel and (including experts contracted by the firm
and network firm personnel) maintain independence where required by the Code. Such
policies and procedures should enable the firm to:

1. Communicate its independence requirements to its personnel

2. Identify and evaluate circumstances and relationships that create threats to
independence
3. Take appropriate action to eliminate those threats or reduce them to an acceptable
level by applying safeguards, or
4. If considered appropriate, to withdraw from the engagement.

EP shall provide firm with relevant info. about client and personnel to firm of circumstances
and relationships that create a threat to independence.

All breaches of independence should be promptly notified to firm for appropriate action.

At least annually, the firm should obtain written confirmation of compliance with its
policies and procedures on independence.
CA Himanshu

CA Himanshu Jagetiya Page No.34

 Writing Practice:
CA Himanshu

The responsibilities of an engagement partner in relation to ethical requirements in an

audit engagement are as under:

1. Identifying a threat to independence regarding the audit engagement that

safeguards may not be able to eliminate or reduce to an acceptable level.
2. Reporting by engagement partner to the relevant persons within the firm to determine
appropriate action., which may include eliminating the threat, or withdrawing from
the audit engagement, where withdrawal is legally permitted.

C. Acceptance and Continuation of Client Relationship

SQC 1 requires the firm to obtain information before accepting an engagement.

The following factors assists the EP in determining whether the decisions regarding the
acceptance and continuance of audit engagement are appropriate:

1. Integrity, trustworthiness of the owners, mgmt, and TCWG of the entity.

2. Whether the engagement team is competent to perform the audit engagement and
has the necessary capabilities, including time and resources;
3. Compliance with ethical requirements by the firm and the engagement team.
4. Any significant issues that arose during the current or past audit engagement and
their impact on the continuity of the relationship.

Evaluation of Integrity of Client:

With regard to the integrity of a client, matters that the firm considers include, for
example:

1. Identity and business reputation of the client’s principal owners, key mgmt, related
parties and TCWG.
2. Nature of the client’s operations, including its business practices.
3. Information concerning the attitude of the client’s principal owners, key mgmt and
TCWG towards such matters as aggressive interpretation of accounting standards
CA Himanshu

and the internal control environment.

4. Whether the client is aggressively concerned with maintaining the firm’s fees as low
as possible.
5. Indications of an inappropriate limitation in the scope of work.
SQC 1 & SA 220 Page No.35
 6. Indications that the client might be involved in money laundering or other criminal
CA Himanshu

activities.
7. Reasons for the proposed appointment of the firm and non-reappointment of the
previous firm.

How to Memorise !!

D. Human Resources

The firm should establish policies and procedures designed to provide it with reasonable
assurance that it has sufficient personnel with the capabilities, competence, and
commitment to ethical principles necessary to perform its engagements:

Such policies and procedures address the following personnel issues:

1. Recruitment;
2. Performance evaluation;
3. Capabilities;
4. Competence;
5. Career development;
6. Promotion;
7. Compensation; and
8. Estimation of personnel needs.

D1. Assignment of Engagement Teams

It should be ensured by engagement partner that the engagement team and any auditor’s
experts who are not part of the engagement team, collectively have the appropriate
competence and capabilities to perform the engagement.
CA Himanshu

E. Engagement Performance

Engagement partner has the responsibility for:

1. Direction, supervision and performance of audit engagement in accordance with

CA Himanshu Jagetiya Page No.36
 professional standards and regulatory and legal requirements
CA Himanshu

2. Ensuring undertaking appropriate consultation on difficult or contentious matters by

engagement team not only within the team but also with others at appropriate level
within or outside the firm.

For audits of FS of listed entities, the engagement partner shall:

1. Determine that an engagement quality control reviewer has been appointed.

2. Discuss significant matters arising during the audit engagement, including those
identified during the engagement quality control review, with the engagement quality
control reviewer.
3. Not date the auditor’s report until the completion of the engagement quality control
review

The review does not reduce the responsibilities of the engagement partner.

Bhai Kaun hey ye EQCR ?

Difference of Opinion:

The report should only be issued after resolution of differences. In case, recommendations
of engagement quality control reviewer are not accepted by engagement partner and
matter is not resolved to reviewer’s satisfaction, the matter should be resolved by
following established procedures of firm like by consulting with another practitioner or
firm, or a professional or regulatory body.

Assembly of Audit File:

The firm should establish policies and procedures for engagement teams to complete
the assembly of final engagement files on a timely basis after the engagement reports
have been finalized. The assembly of engagement files should be completed in not more
than 60 days after date of auditor’s report in case of audit engagements and in other
cases within the limits appropriate to engagements.

Retention of Audit file:

In the specific case of audit engagements, the retention period ordinarily is no shorter
than seven years from the date of the auditor’s report, or, if later, the date of the
CA Himanshu

group auditor’s report.

Ownership of Audit Documentation:

Unless otherwise specified by law or regulation, engagement documentation is the

SQC 1 & SA 220 Page No.37

 property of the firm. The firm may, at its discretion, make portions of, or extracts
CA Himanshu

from, engagement documentation available to clients, provided such disclosure does not
undermine the validity of the work performed, or, in the case of assurance engagements,
the independence of the firm or its personnel.

Mix and Merge

F. Monitoring

Provide firm with reasonable assurance that its policy and procedures relating to system
of quality control are relevant, adequate and operating effectively.

The EP should document following matters pertaining to an audit engagement:

1. Issues identified with respect to compliance with relevant ethical requirements and
how they were resolved.
2. Conclusions on compliance with independence requirements that apply to the audit
engagement, and any relevant discussions with the firm that support these conclusions.
3. Conclusions reached regarding the acceptance and continuance of client relationships
and audit engagements.
4. The nature and scope of, and conclusions resulting from, consultations undertaken
during the course of the audit engagement.

The firm should ensure that policies and procedures relating to the system of quality
control are relevant, adequate, operating effectively and complied with in practice.

Such policies and procedures should include an ongoing consideration and evaluation
of the firm’s system of quality control, including a periodic inspection of a selection
of completed engagements.

“You can wish for it or you can work for it”

CA Himanshu

CA Himanshu Jagetiya Page No.38

CA Himanshu

CA Himanshu

SQC 1 & SA 220 Page No.39

 SA 300
CA Himanshu

1. Objective

Objective of the auditor is to plan the audit so that it will be performed in an effective
manner.

2. Planning Process

Involvement of key engagement team members in planning audit

1. EP & other key members of engg team shall be involved in planning.
2. The involvement of the engagement partner and other key members of the engagement
team in planning the audit draws on their experience and insight, thereby enhancing
the effectiveness and efficiency of the planning process.
Discussion of elements of planning with entity’s mgmt
1. The overall audit strategy and the audit plan remain the auditor’s responsibility
2. The auditor may decide to discuss elements of planning with the entity’s mgmt to
facilitate the conduct and mgmt of the audit engagement.
3. When discussing matters included in the overall audit strategy or audit plan, care is
required in order not to compromise the effectiveness of the audit.

3. Benefits of Planning

Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. (Planning = Audit Strategy + Audit Plan)

Planning benefits the audit of FS in several ways, including the following:

1. Ensuring that appropriate attention is devoted to important areas;

2. Identifying and resolve potential problem on timely basis;
3. Selecting the right people for the audit team in terms of the skills and experience
mix;
4. Ensuring that work gets reviewed properly;
5. Involving third parties such as component auditors, internal auditors and experts.
6. Proper direction and supervision of engagement team and
7. Assist in organising audit in efficient and effective manner

4. Planning is a CONTINUOUS Process

Planning is not a discrete phase of an audit, but rather a continual and iterative
process that often begins shortly after (or in connection with) the completion of the
previous audit and continues until the completion of the current audit engagement.

Planning, however, includes consideration of the timing of certain activities and audit
CA Himanshu

procedures that need to be completed prior to the performance of further audit

procedures.

For eg, Prior to the auditor’s identification and assessment of the ROMM, planning

CA Himanshu Jagetiya Page No.40

 includes the need to consider matters such as:
CA Himanshu

1. The analytical procedures to be applied as risk assessment procedures.

2. Obtaining a general understanding of the legal and regulatory framework applicable
to the entity and how the entity is complying with that framework.
3. The determination of materiality.
4. The involvement of experts.
5. The performance of other risk assessment procedures

Key Points

5. Planning Process - Elements of Planning

Overview: Elements of Planning

CA Himanshu

SA 300 Page No.41

 The elements of planning can be categorized as under: -
CA Himanshu

(I) Preliminary engagement activities

(II) Planning activities

(I) Preliminary engagement activities:
The auditor considers whether relationship with client should be continued and whether
ethical requirements including independence continue to be complied with.

It includes: -

1. Performing procedures regarding the continuance of the client relationship

2. Evaluating compliance with ethical requirements, including independence
3. Establishing an understanding of terms of engagement
(II) Planning activities
1. Establishing the overall audit strategy
2. Developing an audit plan

6. Preliminary Engagement Activities

A. Acceptance and Continuance of Client Relationships and Audit Engagements

1. Ensure that appropriate procedures regarding the acceptance and continuance of
client relationships and audit engagements have been followed and that conclusions
reached in this regard are appropriate.
2. Integrity of principal owners and key mgmt
3. Competence of engagement team to perform the audit engagement
4. Implications of matters that have arisen during current and previous audit engagement
may need to be considered.
B. Evaluating compliance with ethical requirements, including independence
1. Auditor shall continuously evaluate compliance with ethical requirements including
independence
2. EP shall remain alert, for evidence of non-compliance with relevant ethical requirements
by members of the engagement team
3. If matters come to the EP’s attention that indicate that members of the engagement
team have not complied with relevant ethical requirements. EP in consultation with
others in the firm, shall determine the appropriate action.
4. Obtain relevant information from the firm to identify and evaluate circumstances
and relationships that create threats to independence
5. Evaluate information on identified breaches, if any, of the firm’s independence
policies and procedures to determine whether they create a threat to independence
CA Himanshu

for the audit engagement and

6. Take appropriate action to eliminate such threats or reduce them to an acceptable
level by applying safeguards, or, if considered appropriate, to withdraw from the
audit engagement, where withdrawal is permitted by law or regulation.

CA Himanshu Jagetiya Page No.42

 7. The engagement partner shall promptly report to the firm any inability to resolve the
CA Himanshu

matter for appropriate action.

C. Establishing an understanding of terms of engagement
It is in the interests of both the entity and the auditor that the auditor sends an audit
engagement letter before the commencement of the audit to help avoid misunderstandings
with respect to the audit. It ensures that there is no confusion with the client regarding
terms of the engagement.

How to Memorise/Write:

7. Planning activities

Establishing the overall audit strategy:

The auditor shall establish an overall audit strategy that sets the scope, timing and
direction of the audit, and that guides the development of the audit plan.

In establishing the overall audit strategy, the auditor shall:

1. Identify the characteristics of the engagement that define its scope; example:
a. Applicable FRF applicable to the entity
b. Nature of business segments to be audited including the need for specialized
knowledge
c. Industry specific reporting requirements required by industry regulators
d. Expected use of audit evidence obtained in previous audits
e. Expected audit coverage
f. No. of locations to be included
g. Nature of business segment
h. Need of specialised knowledge

2. Ascertain the reporting objectives of the engagement to plan the timing of the
CA Himanshu

audit and the nature of the communications required. The cases by which auditor can
ascertain the reporting objective of the engagement are (example):
a. The entity’s timetable for reporting
b. Organization of meetings to discuss of NTE of audit work with mgmt

SA 300 Page No.43

 c. Discussion with mgmt regarding the expected type and timing of reports to be
CA Himanshu

issued including the auditor’s report

d. Discussion with mgmt regarding the expected communications on the status of
audit work throughout the engagement.
e. Expected nature and timing of communications among engagement team members,
including the nature and timing of team meetings and timing of the review of
work performed.

3. Consider the factors that, in the auditor’s professional judgment, are significant
in directing the engagement team’s efforts; More energies need to be devoted to
significant matters to obtain desired outcomes. Few examples are listed as under
a. Volume of transactions which may determine whether it is more efficient for the
auditor to rely on internal control
b. Significant industry developments such as changes in industry regulations and
new reporting requirements.
c. Significant changes in the FRF, such as changes in accounting standards.
d. Other significant relevant developments, such as changes in the legal environment
affecting the entity.

4. Consider the results of preliminary engagement activities and, where applicable,

whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant; and
5. Ascertain the NTE of resources necessary to perform the engagement.

8. Audit Strategy - Assistance in Resource mobilisation/ Benefits

The process of establishing the overall audit strategy assists the auditor to determine,
subject to the completion of the auditor’s risk assessment procedures, such matters as:

1. The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on
complex matters;
2. The amount of resources to allocate to specific audit areas, such as the number of
team members assigned to observe the inventory count at material locations, the
extent of review of other auditors’ work in the case of group audits, or the audit
budget in hours to allocate to high risk areas;
3. When these resources are to be deployed, such as whether at an interim audit stage
or at key cut-off dates; and
4. How such resources are managed, directed and supervised, such as when team
briefing and debriefing meetings are expected to be held, how engagement partner
and manager reviews are expected to take place (for example, on-site or off-site),
and whether to complete engagement quality control reviews
CA Himanshu

CA Himanshu Jagetiya Page No.44

 9. Audit Plan - Description and Content
CA Himanshu

Once the overall audit strategy has been established, an audit plan can be developed to
address the various matters identified in the overall audit strategy, taking into account
the need to achieve the audit objectives through the efficient use of the auditor’s
resources.

Understanding client’s business is one of the important principles in developing an

audit plan. In fact, without adequate knowledge of client’s business, a proper audit is
not possible. Gaining knowledge of client’s business is, therefore, one of the foremost
requirements to develop audit plan.

SA-300 states that auditor shall develop an audit plan that shall include description of :

1. The NTE of planned risk assessment procedures

2. The NTE of planned further audit procedures at assertion level
3. Other planned audit procedures that are required to be carried out so that the
engagement complies with SAs.

10. Relation between Strategy and Plan

1. Audit strategy sets the broad overall approach to the audit whereas audit plan
addresses the various matters identified in the overall audit strategy.
2. Audit strategy determines scope, timing and direction of audit.
3. Audit plan describes how strategy is going to be implemented.
4. The audit plan is more detailed than the overall audit strategy that includes the NTE
of audit procedures to be performed by engagement team members
5. Once the overall audit strategy has been established, an audit plan can be developed
to address the various matters identified in the overall audit strategy.
6. The establishment of the overall audit strategy and the detailed audit plan are not
necessarily discrete or sequential processes, but are closely inter-related since
changes in one may result in consequential changes to the other.

11. Changes to Planning during the course of Audit

The auditor shall update and change the overall audit strategy and the audit plan as
necessary during the course of the audit as a result of:

1. Unexpected events
2. Change in conditions
3. Audit evidence obtained

The auditor may need to modify the overall audit strategy and audit plan and thereby the
resulting planned NTE of further audit procedures, based on the revised consideration
of assessed risks.
CA Himanshu

12. Direction Supervision and Review work of Team members

The NTE of the direction and supervision of engagement team members and review of
their work vary depending on many factors, including:
SA 300 Page No.45
 1. The size and complexity of the entity
CA Himanshu

2. The area of the audit

3. The assessed ROMM
4. Capability and competence of team members

13. Documentation

The auditor shall document:

1. Overall audit strategy;

2. Audit plan; and
3. Any significant changes made during the audit engagement to the overall audit
strategy or the audit plan, and the reasons for such changes.

The documentation of the overall audit strategy is a record of:

1. Key decisions considered necessary to properly plan the audit and

2. Significant matters that need to communicated to the engagement team.

The documentation of the audit plan is a record of:

1. Planned NTE of risk assessment procedures and

2. Further audit procedures at the assertion level in response to the assessed risks.

Record of the significant changes as to explain:

1. Why changes were made and

2. Overall strategy and audit plan finally followed.

14. Meaning of Audit Programme

An audit programme consists of

▶ series of verification procedures

▶ detailed plan of applying the audit procedures
▶ to obtain sufficient evidence
▶ to enable the auditor to express opinion on a company’s FS

15. Constructing an Audit Programme

The following points should be kept in mind:

1. Stay within the scope and limitation of the engagement.

2. Determine the evidence reasonably available.
3. Identify the best evidence for deriving the necessary satisfaction.
4. Apply only those steps and procedures which are useful in accomplishing the
CA Himanshu

verification purpose in the specific situation.

5. Consider all possibilities of error.
6. Co-ordinate the procedures that need to be applied to related items.

CA Himanshu Jagetiya Page No.46

 16. General points about audit programme:
CA Himanshu

Evolving One Audit Programme – Not Practicable for All Businesses

• Businesses vary in nature, size and composition.

• Work which is suitable to one business may not be suitable to others.

• Existence and efficiency of internal controls and other factors vary from assignment
to assignment.

On account of such variations, evolving one audit programme applicable to all business
under all circumstances is not practicable.
The Assistant Engaged - Be Encouraged To Keep An Open Mind
As experience is gained on an assignment, the programme may be altered to take care
to take care of situations, which were missed out originally. So, any work which beyond
a doubt proves to be unnecessary or irrelevant may be dropped.

Assistant should be instructed to note and report significant matters coming to his
notice, to his seniors or to the partners or proprietor of the firm engaged for doing the
audit.
Periodic Review of The Audit Programme
1. There should be periodic review of the audit programme to assess whether the same
continues to be adequate for obtaining required knowledge and evidence about the
transactions.
2. Unless this is done, any change in the business policy of the client may not be
adequately known, and consequently, audit work may be carried out, on the basis of
an obsolete programme.
3. The utility of the audit programme can be retained and enhanced only by keeping the
programme as also the client’s operations and internal control under periodic review
so that inadequacies or redundancies of the programme may be removed.

17. Advantages of Audit Programme

1. Provides the assistant carrying out the audit with clear instructions of the work to
be done
2. Provide a total perspective of work to be performed
3. Selection of assistants for the jobs on the basis of capability becomes easier when
the work is rationally planned, defined and segregated
4. Prevents danger of ignoring or overlooking certain books and records
5. The assistants accept responsibility for the work carried out by them
6. Principal can control the progress of the various audits in hand by examining initiated
programmes
CA Himanshu

7. Serves as a guide for audits to be carried out in the succeeding year

8. Serves as evidence in the event of any charge of negligence being brought against
the auditor

SA 300 Page No.47

 18. Disadvantage of Audit Programme
CA Himanshu

1. Work may become mechanical

2. Parts of the programme may be carried out without understanding of the objective
3. Programme may become rigid and inflexible
4. Business may change, but the old programme may still be carried on.
5. Changes in staff or internal control may require precaution in different points than
originally planned
6. Inefficient assistants may take shelter behind the programme
7. Hard and fast audit programme may kill initiative of efficient and enterprising
assistants

Advantage Disadvantage

“Talent is cheaper than table salt, what separate the talented individual from
the successful one is a lot of hardwork”

CA Himanshu

CA Himanshu Jagetiya Page No.48

 CA Himanshu

SA 300
Page No.49
CA Himanshu
 Concept of Risk
CA Himanshu

1. Audit Risk (Exam Question)

Audit risk means the risk that the auditor gives an inappropriate audit opinion when the
financial statement are materially misstated.

Thus, it is the risk that the auditor may fail to express an appropriate opinion in an audit
assignment.

Audit risk is a function of the ROMM and detection risk.

From the above, it is clear that –

Audit Risk (AR)= Risk of Material Misstatement (ROMM) x Detection Risk (DR)

Simple Language mein bole toh !!

In Simple words we state that FS give true and fair view but there were material
misstatements we could not detect.

2. Risk of Material Misstatement (ROMM)

ROMM may be defined as the risk that the FS are materially misstated prior to audit.
It simply means that there is a probability of frauds or errors in FS before audit.

This consists of Two components, described as follows at the assertion level:

1. Inherent risk (IR)

2. Control risk (CR)

The ROMM may exist at two levels:

1. Overall FS level- ROMM that relate pervasively to the FS as a whole and potentially
affect many assertions.
2. Assertion level for CTABD - ROMM at the assertion level are assessed in order to
determine the nature, timing, and extent of further audit procedures necessary to
obtain SAAE.
What is a Misstatement?
(Misstatement refers to a difference between the amount, classification, presentation,
or disclosure of a reported financial statement item and the amount, classification,
presentation, or disclosure that is required for the item to be in accordance with the
applicable FRF. Misstatements can arise from error or fraud.)

Example:

1. Charging of an item of capital expenditure to revenue or vice-versa

2. Difference in disclosure of a financial statement item vis-a-vis its requirement in
CA Himanshu

3. Applicable FRF
4. Selection or application of inappropriate accounting policies
5. Overstating or understating inventories
6. Overstating of receivables in FS by not writing off irrecoverable debts
CA Himanshu Jagetiya Page No.50
 3. Inherent Risk
CA Himanshu

Susceptibility of an assertion about a CTABD to a misstatement that could be material,

either individually or when aggregated with other misstatements, before consideration
of any related controls.

Inherent risk factors are considered while designing tests of controls and substantive
procedures.

Example:

1. An accounting standard provides guidance on some complex issue which might not be
understood by the mgmt. Therefore, recording of this issue in FS carries inherent
risk of being misstated.
2. There are large number of business failures in an industry. Therefore, assertions in
FS of an entity operating in such an industry carry an inherent risk of being misstated.

4. Control Risk

Risk that a misstatement that could occur in an assertion about a CTABD that could be
material, either individually or when aggregated with other misstatements, will not be
prevented, or detected and corrected, on a timely basis by the entity’s internal control.

Control risk is a function of the:

1. Effectiveness of the design,

2. Implementation and
3. Maintenance of internal control by mgmt.

However, internal control can only reduce but not eliminate ROMM in the FS. This is
because of the inherent limitations of internal control.

Example:

1. A company has devised control that cash and cheque books should be kept in a locked
safe and access is granted to authorized personnel only. There is risk that control is
not being followed.
2. An entity has devised a control that fire extinguishers and smoke detectors are
in place and are in working condition at all times to reduce the risk of damage to
inventories caused by fire. There is a risk that fire extinguishers in place are expired
and are not being refilled. Similarly, there is a possibility that smoke detectors are
not working.

5. Detection Risk

Risk that the procedures performed by the auditor to reduce audit risk to an acceptably
low level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements.
CA Himanshu

Detection risk may be reduced by increasing area of checking, testing larger samples
and by including competent and experienced persons in the engagement team
Detection risk comprises sampling and non-sampling risk.

Concept of Risk Page No.51

 1. Sampling risk is the risk that the auditor’s conclusion based on a sample may be
CA Himanshu

different from the conclusion if the entire population were subjected to the same
audit procedure. It simply means that the sample was not representative of the
population from which it was chosen.
2. Non-sampling risk is the risk that the auditor reaches an erroneous conclusion for any
reason not related to sampling risk. Like an auditor may reach an erroneous conclusion
due to application to some inappropriate audit procedure.

Example:

1. Sizeable work-in-progress inventories are expected in FS of a company. However,

auditor of the company does not devote time to attending inventory count. Instead,
he chooses to rely upon alternative audit procedures.
2. The auditor of a company has audited revenue of a company by taking a sample.
However, there is a risk that sample of revenue is not representative of overall
revenue.

Inherent Risk Control Risk Detection Risk

Susceptibility of an Risk that a misstatement that Risk that the procedures
assertion about a CTABD could occur in an assertion performed by the auditor
to a misstatement that about a CTABD that could be to reduce audit risk to an
could be material, either material, either individually or acceptably low level will not
individually or when when aggregated with other detect a misstatement that
aggregated with other misstatements, will not be exists and that could be
misstatements, before prevented, or detected and material, either individually
consideration of any corrected, on a timely basis by or when aggregated with
related controls. the entity’s internal control other misstatements.

There exists inverse relation b/w control risk & Efficiency of Internal control.

When efficiency of Internal control is high then control risk is low and vice versa.

6. What is not Audit Risk ?

Audit risk does not include the risk that the auditor might express an opinion that the
FS are materially misstated when they are not. This risk is ordinarily insignificant.

Further, audit risk is a technical term related to the process of auditing; it does not
refer to the auditor’s business risks such as loss from litigation, adverse publicity, or
other events arising in connection with the audit of FS.

Iska Matlab:
CA Himanshu

7. Combined assessment of ROMM

The SAs do not ordinarily refer to inherent risk and control risk separately, but rather
to a combined assessment of the “ROMM”.

CA Himanshu Jagetiya Page No.52

 1. The auditor may make separate or combined assessments of inherent and control
CA Himanshu

risk depending on preferred audit techniques or methodologies and practical

considerations.
2. The assessment of the ROMM may be expressed in quantitative terms, such as in
percentages, or in non-quantitative terms.
3. In any case, the need for the auditor to make appropriate risk assessments is more
important than the different approaches by which they may be made.

8. Significant Risk

The auditor shall consider at least the following:

1. Whether the risk is a risk of fraud

2. Risk is related to recent significant economic, accounting or other important
development
3. Complexity of transactions
4. Risk involves significant transaction with related parties
5. Risk related to financial item where there is high degree of subjectivity in measurement
6. Risk related to significant transactions outside the normal course of business
Significant risks often relate to significant non- routine transactions or
judgmental matters:
1. Non-routine transactions are uncommon transactions that occur infrequently, either
because of their size or nature.
2. Judgmental matters may include developing accounting estimates with significant
measurement uncertainty.

Risks of Material Misstatement– Risks of material misstatement–

Greater for Significant Non-Routine Greater for Significant Judgmental
Transactions: Matters:
ROMM may be greater for significant ROMM may be greater for significant
non-routine transactions arising from judgmental matters that require the
matters such as the following: development of accounting estimates,
arising from matters such as the
▶ Greater mgmt intervention to specify
following:
the accounting treatment.
▶ Greater manual intervention for data ▶ Accounting principles for accounting
collection and processing. estimates or revenue recognition
may be subject to differing
▶ Complex calculations or accounting
interpretation.
principles.
▶ Required judgment may be subjective
▶ The nature of non-routine
or complex, or require assumptions
transactions, which may make it
CA Himanshu

about the effects of future events,

difficult for the entity to implement
for example, judgment about fair
effective controls over the risks
value.

Concept of Risk Page No.53

 Chart of SR:
CA Himanshu

9. Assessment of risks- A matter of professional Judgment

1. Assessment of risks is a matter of professional judgment, rather than a matter

capable of precise measurement.
2. Professional judgement is exercised by auditor whose training, knowledge and
experience have assisted in developing the necessary competencies to achieve
reasonable judgments.

“The best view comes after the Hardest Climb”

CA Himanshu

CA Himanshu Jagetiya Page No.54

 CA Himanshu

SA 315
Page No.55
CA Himanshu
CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.56

 SA 315
CA Himanshu

1. Objective of SA 315

The objective of the auditor is to:

1. Identify and assess the ROMM, Whether due to fraud or error.

2. At FS and assertion levels, through understanding the entity and its environment,
including the entity’s internal control.

2. What is Risk Assessment Procedure?

The audit procedures performed to obtain:

1. Understanding of the entity and its environment,

2. Including the entity’s internal control,
3. To identify and assess the ROMM, whether due to fraud or error,
4. At the financial statement and assertion levels.

3. How to do Risk Assessment Procedure?

For the purpose of identifying and assessing the ROMM, the auditor shall:

1. Identify risks throughout the process of obtaining an understanding of the entity

and its environment, including relevant controls that relate to the risks, and by
considering the classes of transactions, account balances, and disclosures in the FS
2. Assess the identified risks, and evaluate whether they relate more pervasively to
the FS as a whole and potentially affect many assertions
3. Relate the identified risks to what can go wrong at the assertion level, taking
account of relevant controls that the auditor intends to test and
4. Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that could
result in a material misstatement.

Practical Linkage:

4. What is included in Risk Assessment Procedure

CA Himanshu

The risk assessment procedures shall include the following:

1. Inquiries of Mgmt and Others Within the Entity

2. Analytical Procedures
SA 315 Page No.57
 3. Observation and inspection
CA Himanshu

Inquiries of Mgmt and Others Within the Entity

The auditor obtains information about the entity and its environment through inquiry
of mgmt, individuals responsible for financial reporting, and other personnel within the
entity.

Inquiries from other people within the entity may be useful in providing the auditor
with a perspective different from that of mgmt. and those responsible for financial
reporting.

Depending on the circumstances, the auditor might make inquiries of:

1. Inquiries directed toward TCWG (e.g., board of directors or audit committee).

2. Inquiries directed toward Internal audit personnel may provide information about
internal audit procedures performed during the year relating to the design and
effectiveness of the entity’s internal control
3. Inquiries directed toward Employees involved in accounting initiating, authorizing,
processing, or recording complex transactions.
4. Inquiries directed toward In-house legal counsel may provide information about such
matters as litigation, compliance with laws and regulations
5. Inquiries directed toward Production, marketing, sales, and other personnel
6. Inquiries directed to information systems personnel may provide information about
system changes, system or control failures, or other information system- related
risks.

Briefing:

TCWG:

Internal Auditor:

Employees:

Legal Counsel:

Other:

System Related:

Analytical Procedures
1. The SA’s require the use of analytical procedures during the planning phase of audit.
2. By using Preliminary analytical procedures, the auditor can gain insight into the entity
and its environment and identify areas that may pose significant risks relevant to the
audit.
3. Analytical procedures are effective in detecting unusual transactions or events, as
CA Himanshu

well as trends, ratios, and amounts that may affect the audit planning process.
4. While performing analytical procedures, the auditor create reasonable expectations
of the relationships that should exist based on their understanding of the entity and
its environment. However, the results of such high-level analytical procedures are

CA Himanshu Jagetiya Page No.58

 only an initial indication of whether there may be a significant misstatement.
CA Himanshu

Observation and inspection

Observation and inspection include audit procedures such as:

1. Observation of entity activities and operations.

2. Inspection of documents (e.g., business plans and strategies), records, and internal
control manuals.
3. Read reports prepared by mgmt, TCWG, and internal audit.
4. Visits to the entity’s premises and plant facilities.
5. Tracing transactions through the information system relevant to financial reporting,
which may be performed as part of a walkthrough.

5. Understanding of Entity

The auditor shall obtain an understanding of the following:

1. Understanding of industry
2. Understand the entity
3. Understanding of FRF
4. Understanding entity’s objective, strategies and business model
5. The measurement and review of the entity’s financial performance

Understanding of industry: Relevant industry, regulatory, and other external factors

including the applicable FRF.

Understand the entity: The nature of the entity, including:

a. its operations;
b. its ownership and governance structures;
c. the types of investments that the entity is making and plans to make, including
investments in special-purpose entities; and
d. the way that the entity is structured and how it is financed; to enable the auditor
to understand the classes of transactions, account balances, and disclosures to
be expected in the FS.
Examples of matters that the auditor may consider while obtaining understanding
of nature of entity include:
a. Business operations such as nature of revenue sources, products or services,
conduct of operations, location of production facilities, key customers and
suppliers of goods and services
b. Investment and investment activities such as capital investment activities and
planned or recently executed acquisitions
c. Financing activities such as major subsidiaries, debt structure etc.
CA Himanshu

d. Financial reporting such as accounting principles and revenue recognition practices

Understanding of accounting system: The entity’s selection and application of accounting

policies, including the reasons for changes.

SA 315 Page No.59

 Understanding of financial reporting framework: The auditor shall evaluate whether
CA Himanshu

the entity’s accounting policies are appropriate for its business and consistent with the
applicable FRF and accounting policies used in the relevant industry.

Understanding entity’s objective, strategies and business model: The entity’s

objectives and strategies, and those related business risks that may result in ROMM.

Examples:
a. Industry developments (a potential related business risk might be, for example,
that the entity does not have the personnel or expertise to deal with the changes
in the industry).
b. New products and services (a potential related business risk might be, for
example, that there is increased product liability).
c. Expansion of the business (a potential related business risk might be, for example,
that the demand has not been accurately estimated).

The measurement and review of the entity’s financial performance: an understanding of

the entity’s performance measures assists the auditor in considering whether pressures
to achieve performance targets may result in mgmt actions that increase the ROMM,
including those due to fraud.

Examples:
a. Key performance indicators (financial and non-financial) and key ratios,trends
and operating statistics.
b. Period-on-period financial performance analysis.
c. Budgets, forecasts, variance analyses, and departmental or other level
performance reports.
d. Credit rating agency reports

CA Himanshu

CA Himanshu Jagetiya Page No.60

 6. Why understanding the entity and its environment is significant?
CA Himanshu

Understanding the entity and the environment in which it operates is very significant. It
helps the auditor in planning the audit and in identifying areas requiring special attention.
Gaining knowledge about client’s business is one of the important principles in developing
an overall audit plan. In fact, without adequate knowledge of client’s business, a proper
audit is not possible.

7. Understanding of the Entity – a Continuous Process

Obtaining an understanding of the entity and its environment, including the entity’s
internal control, is a continuous, dynamic process of gathering, updating and analysing
information throughout the audit.

Before conducting an audit, the auditor needs to have a clear understanding of the
subject matter. This helps them to plan the audit and make professional judgments
throughout the process.

1. Assessing ROMM of the FS

2. Determining materiality in accordance with SA 320;
3. Considering the appropriateness of the selection and application of accounting policies;
4. Identify areas that may need extra attention, such as transactions involving related
parties, checking if the mgmt’s use of the going concern assumption is suitable, or
analyzing the purpose of business transactions.
5. Developing expectations for use when performing analytical procedures;
6. Evaluating the sufficiency and appropriateness of audit evidence obtained, such as
the appropriateness of assumptions and of mgmt’s oral and written representations.

8. Meaning of Internal Control

As per SA-315, “Identifying and Assessing the Risk of Material Misstatement Through
Understanding the Entity and its Environment”, the internal control may be defined as
the process:

• Designed,

• Implemented and

• Maintained

by TCWG, mgmt and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives with regard to:

• Reliability of financial reporting,

• Effectiveness and efficiency of operations,

• Safeguarding of assets, and

CA Himanshu

• Compliance with applicable laws and regulations.

Benefits of Understanding of Internal Control

• An understanding of internal control assists the auditor in:

SA 315 Page No.61

 • Identifying types of potential misstatements;
CA Himanshu

• Identifying factors that affect the ROMM, and

• Designing the nature, timing, and extent of further audit procedures.

9. Limitation of Internal Control

Internal control can provide only reasonable assurance: Internal control, no matter how
effective, can provide an entity with only reasonable assurance about achieving the
entity’s financial reporting objectives. The likelihood of their achievement is affected
by inherent limitations of internal control.

Human judgment in decision-making: Realities that human judgment in decision-making

can be faulty and that breakdowns in internal control can occur because of human error.
For example, there may be an error in the design of, or in the change to, a control.

Lack of understanding the purpose: Equally, the operation of a control may not be
effective, such as where information produced for the purposes of internal control (for
example, an exception report) is not effectively used because the individual responsible
for reviewing the information does not understand its purpose or fails to take appropriate
action.

Collusion among People: Additionally, controls can be circumvented by the collusion of

two or more people or inappropriate mgmt override of internal control.

Judgements by Mgmt: Further, in designing and implementing controls, mgmt may make
judgments on the nature and extent of the controls it chooses to implement, and the
nature and extent of the risks it chooses to assume.

10. Components of Internal Control

A. Control Environment

B. The Entity’s Risk Assessment Process

C. Information system and communication

D. Control activities

E. Monitoring
A. CONTROL ENVIRONMENT:
The auditor shall obtain an understanding of the control environment. As part of obtaining
this understanding, the auditor shall evaluate whether:

Mgmt has created and maintained a culture of honesty and ethical behaviour and

The strengths in the control environment elements collectively provide an appropriate

foundation for the other components of internal control.
CA Himanshu

The control environment includes:

• The governance and mgmt functions and

• The attitudes, awareness, and actions of TCWG and mgmt

CA Himanshu Jagetiya Page No.62

 • The control environment sets the tone of an organization, influencing the control
CA Himanshu

consciousness of its people

Elements of the Control Environment:
1. Communication and enforcement of integrity and ethical values: Effectiveness of
controls cannot rise above integrity & ethical values of people who create, administer
and monitor them. For example, policy statements, codes of conduct etc.
2. Commitment to competence: Matters such as mgmt’s consideration of competence
levels for particular jobs and how these levels translate into requisite skills and
knowledge.
3. Participation by those charged with governance: Attributes of TCWG such as:
a. Their independence from mgmt
b. Experience and stature
c. Extent of their involvement and information they receive & scrutiny of activities

4. Mgmt’s philosophy and operating style: Characteristics such as mgmt’s:

a. Attitudes and actions towards financial reporting
b. Attitudes towards information processing and accounting functions and personnel

5. Organisational structure: framework within which entity’s activities for achieving

its objectives are planned, executed, controlled and reviewed.
6. Assignment of authority and responsibility: Matters such as how authority &
responsibility are assigned and how reporting relationships & authorisation hierarchies
are established.
7. Human resource policies and practices: Policies and practices that relate to, for
example, recruitment, orientation, training, evaluation, promotion etc.

CA Himanshu

SA 315 Page No.63

 Existence of a satisfactory control environment not an absolute deterrent to fraud
CA Himanshu

The existence of a satisfactory control environment can be a positive factor when the
auditor assesses the ROMM.

However, although it may help reduce the risk of fraud, a satisfactory control environment
is not an absolute deterrent to fraud. Conversely, deficiencies in the control environment
may undermine the effectiveness of controls, in particular in relation to fraud.

The control environment in itself does not prevent, or detect and correct, a material
misstatement. It may, however, influence the auditor’s evaluation of the effectiveness
of other controls (for example, the monitoring of controls and the operation of specific
control activities) and thereby, the auditor’s assessment of the ROMM.
B. THE ENTITY’S RISK ASSESSMENT PROCESS
The entity’s risk assessment process forms the basis for the risks to be managed. If
that process is appropriate, it would assist the auditor in identifying ROMM.

The auditor shall obtain an understanding of whether the entity has a process for:

• Identifying business risks relevant to financial reporting objectives;

• Estimating the significance of the risks;

• Assessing the likelihood of their occurrence; and

• Deciding about actions to address those risks.

C. INFORMATION SYSTEM AND COMMUNICATION
The information system refers to all of the business processes relevant to financial
reporting and communication. It includes the procedures within both information
technology and manual systems.

The auditor shall obtain an understanding of the information system, including the
related business processes, relevant to financial reporting, including the following areas:

• Identify Class of transactions significant to the FS

• Procedure by which transaction initiated, recorded, processed, corrected as necessary

transferred to general ledger and financial statement.

• Related accounting records, supporting information and specific accounts in the FS

that are used to initiate, record, process and report transactions.

• How information systems captures information relevant to FS.

• The process used to prepare FS

• Controls around journal entries

CA Himanshu

D. CONTROL ACTIVITIES
CA Himanshu Jagetiya Page No.64
 Control Activities are the policies and procedures that help ensure mgmt directives
CA Himanshu

are carried out. During an audit, the auditor assesses the risk and considers only the
relevant control activities related to a significant class of transactions, account balance,
and disclosure.

Examples of specific control activities include those relating to audit are the following:
[PAPSI]

• Authorisation

• Performance reviews

• Information processing

• Physical controls

• Segregation of duties

E. MONITORING OF CONTROLS

The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control over financial reporting.

1. Monitoring of controls is a process to assess the effectiveness of internal control

performance over time.
2. It helps in assessing the effectiveness of controls on a timely basis.
3. It involves assessing the effectiveness of controls on a timely basis and taking
necessary remedial actions.
4. It includes considering whether controls are operating as intended and that they are
modified as appropriate for change in conditions.
5. Mgmt accomplishes monitoring of controls through ongoing activities, separate
evaluations, or a combination of the two.
6. Ongoing monitoring activities are often built into the normal recurring activities of
an entity and include regular mgmt and supervisory activities.
7. Mgmt’s monitoring activities may include using information from communications
from external parties such as customer complaints and regulator comments that may
indicate problems or highlight areas in need of improvement.

11. Are all controls relevant to Audit ?

Factors relevant to the auditor’s judgment about whether a control, individually or

in combination with others, is relevant to the audit may include such matters as the
following:

• Materiality.

• Significance of the related risk.

CA Himanshu

• Size of the entity.

• Nature of the entity’s business, including its organisation and ownership characteristics.

• Diversity and complexity of the entity’s operations.

SA 315 Page No.65

 • Applicable legal and regulatory requirements.
CA Himanshu

• Circumstances and the applicable component of internal control.

• Nature and complexity of the systems that are part of the entity’s internal control,
including the use of service organisations.

• Whether, and how, a specific control, individually or in combination with others,

prevents, or detects and corrects, material misstatement.

12. Nature and Extent of the Understanding of Relevant Controls

What is evaluation of Design:

Evaluating the design of a control involves considering whether the control, individually
or in combination with other controls, is capable of effectively preventing, or detecting
and correcting, material misstatements.

What is evaluation of Implementation:

• Implementation of a control means that the control exists and that the entity is
using it.

• There is little point in assessing the implementation of a control that is not effective,
and so the design of a control is considered first.

• An improperly designed control may represent a significant deficiency in internal

control.

Risk assessment procedures to obtain audit evidence about the design and implementation
of relevant controls may include:

• Inquiring of entity personnel.

• Observing the application of specific controls.

• Inspecting documents and reports.

• Tracing transactions through the information system relevant to financial reporting.

13. Documenting the Risk

The auditor shall document:

1. The discussion among the engagement team and the significant decisions reached
2. Key elements of the understanding obtained regarding each of the aspects of the
entity and its environment and of each of the internal control components, the sources
of information from which the understanding was obtained; and the risk assessment
procedures performed
3. The risks identified, and related controls about which the auditor has obtained an
understanding and
CA Himanshu

4. The identified and assessed ROMM at the financial statement level and at the
assertion level.

14. Formulate Audit Programme after understanding Internal control

CA Himanshu Jagetiya Page No.66

 1. The auditor must comprehend the internal control systems and how they work before
CA Himanshu

creating the audit plan.

2. If the auditor neglects this understanding, the audit plan might become too complex,
losing sight of the audit’s purpose amid the overwhelming volume of records.
3. It’s crucial for the auditor to verify if the system is actively functioning. Sometimes,
systems are installed but not properly monitored, leading the auditor to assume they
are operational when they might not be working fully. The auditor can formulate his
entire audit programme only after he has had a satisfactory understanding of the
internal control systems and their actual operation.

“I have failed over and over again and that is why I succeed”

CA Himanshu

SA 315 Page No.67

CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.68

 SA 330
CA Himanshu

Overview

1. Objective of SA 330

1. The auditor shall design and implement overall responses to address the assessed
ROMM at the financial statement level.
2. The auditor shall design and perform further audit procedures whose NTE are based
on and are responsive to the assessed ROMM at the assertion level.

Further audit procedures comprise of:

Test of Controls: An Audit procedure designed to evaluate the operating effectiveness

of controls in preventing or detecting and correcting, material misstatements at the
assertion level.

Substantive Procedures: An audit procedure designed to detect material misstatements

at assetion. Substantive procedure comprise of:

1. Test of details
2. Substantive Analytical procedure
In designing the further audit procedures to be performed, the auditor shall:
1. Consider the reasons for the assessment given to the ROMM at the assertion level
for each CTABD, including:
a. The likelihood of material misstatement due to the particular characteristics of
the relevant CTABD (i.e., the inherent risk); and
CA Himanshu

b. Whether the risk assessment takes into account the relevant controls (i.e., the
control risk), thereby requiring the auditor to obtain audit evidence to determine
whether the controls are operating effectively (i.e., the auditor intends to rely
on the operating effectiveness of controls in determining the nature, timing and
extent of substantive procedures); and
SA 330 Page No.69
 2. Obtain more persuasive audit evidence the higher the auditor’s assessment of risk.
CA Himanshu

2. What is Test of Controls

The auditor shall design test of controls to obtain SAAE about the operating effectiveness
of controls if:

1. The auditor's assessment of ROMM at the assertion level includes an expectation

that the controls are operating effectively or
2. Substantive procedures alone cannot provide SAAE at the assertion level

Test of controls may include:

1. Inspection of documents supporting transactions and other events to gain audit

evidence that internal controls have operated properly, for example, verifying that a
transaction has been authorised.
2. Inquiries about, and observation of, internal controls which leave no audit trail, for
example, determining who actually performs each function and not merely who is
supposed to perform it.
3. Re-performance involves the auditor’s independent execution of procedures or
controls that were originally performed as part of the entity’s internal control, for
example, reconciliation of bank accounts, to ensure they were correctly performed
by the entity.
4. Testing of internal control operating on specific computerised applications or over
the overall information technology function, for example, access or program change
controls.

3. Nature and extent of Test of Controls

In designing and performing test of controls, the auditor shall:

1. Perform other audit procedures in combination with inquiry to obtain audit evidence
about the operating effectiveness of the controls, including:
CA Himanshu

a. How the controls were applied at relevant times during the period under audit.
b. The consistency with which they were applied.
c. By whom or by what means they were applied.

CA Himanshu Jagetiya Page No.70

 2. Determine whether the controls to be tested depend upon other controls (indirect
CA Himanshu

controls), and if so, whether it is necessary to obtain audit evidence supporting the
effective operation of those indirect controls.
3. The auditor shall test controls for the particular time, or throughout the period, for
which the auditor intends to rely on those controls.

Inquiry alone is not sufficient to test the operating effectiveness of controls.

Accordingly, other audit procedures are performed in combination with inquiry. In this
regard, inquiry combined with inspection or reperformance may provide more assurance
than inquiry and observation, since an observation is pertinent only at the point in time
at which it is made.

Map & What is Indirect Controls?

4. Extent of Testing of Internal Controls

When more persuasive audit evidence is needed regarding effectiveness of a control, it

may be appropriate to increase extent of testing of control as well as degree of reliance
on controls.
Matters the auditor may consider in determining the extent of test of controls
include the following:
1. The frequency of the performance of the control by the entity during the period.
2. The length of time during the audit period that the auditor is relying on the operating
effectiveness of the control.
3. The expected rate of deviation from a control.
4. The relevance and reliability of the audit evidence to be obtained regarding the
operating effectiveness of the control at the assertion level.
5. The extent to which audit evidence is obtained from tests of other controls related
to the assertion.
CA Himanshu

SA 330 Page No.71

 Chalo Likho !!
CA Himanshu

5. Timing of Test of Controls

The auditor shall test controls for the particular time, or throughout the period, for
which the auditor intends to rely on those controls in order to provide an appropriate
basis for the auditor’s intended reliance.

6. Using Audit Evidence Obtained in Previous Audits

To determining whether it is appropriate to use audit evidence about the operating

effectiveness of controls obtained in previous audit, the auditor shall consider the
following:

1. The ROMM and the extent of reliance on the control.

2. The effectiveness of the entity’s risk assessment process the entity’s monitoring of
controls
3. The effectiveness of general IT-controls;
4. The risks arising from the characteristics of the control, including whether it is
manual or automated;
5. Whether there have been personnel changes that significantly affect the application
of the control
6. Whether the lack of a change in a particular control that poses a risk due to changing
circumstances; and

Exam Question :)
CA Himanshu

7. Evaluating the Operating Effectiveness of Controls

CA Himanshu Jagetiya Page No.72

 When evaluating the operating effectiveness of relevant controls, the auditor shall
CA Himanshu

evaluate whether misstatements that have been detected by substantive procedures

indicate that controls are not operating effectively.

The absence of misstatements detected by substantive procedures, however, does not

provide audit evidence that controls related to the assertion being tested are effective.

8. Specific inquiries when deviations from controls are detected

The auditor shall make specific inquiries to understand these matters and their potential
consequences, and shall determine whether:

1. The test of controls that have been performed provide an appropriate basis for
reliance on the controls;
2. Additional test of controls are necessary; or
3. The potential risks of misstatement need to be addressed using substantive procedures

9. What is Substantive Procedure

Substantive procedures are audit procedures designed to detect material misstatements

at the assertion level. Substantive procedures comprise:

(i) Tests of details

(ii) Substantive analytical procedures.

10. Nature and Extent of Substantive Procedures

Depending on the circumstances, the auditor may determine that:

1. Performing only substantive analytical procedures will be sufficient to reduce audit
risk to an acceptably low level. For example, where the auditor’s assessment of risk
is supported by audit evidence from tests of controls.
2. Only tests of details are appropriate.
3. A combination of substantive analytical procedures and tests of details are most
responsive to the assessed risks.

Because the assessment of the ROMM takes account of internal control, the extent of
substantive procedures may need to be increased when the results from test of controls
are unsatisfactory.
Substantive procedures compulsory?
Irrespective of the assessed ROMM, the auditor shall design and perform substantive
procedures for each material class of transactions, account balance, and disclosure.

This requirement reflects the facts that:

1. The auditor’s assessment of risk is judgmental and so may not identify all ROMM and
CA Himanshu

2. There are inherent limitations to internal control, including mgmt. override

10. Test of Details

Tests of details are further classified into:

SA 330 Page No.73

 1. Tests of transactions i.e., vouching and
CA Himanshu

2. Tests of balances i.e., verification

Example:
Test of Transaction: A purchase transaction may be verified by examining the related
purchase invoice, goods received note, inward gate entry register.

Test of Balance: Verification of assets as well as liabilities like reviewing entity’s plan

for performing physical verification of fixed assets and obtaining evidence for
performance of physical verification of fixed assets by mgmt..

11. Substantive analytical procedures

Substantive analytical procedures refer to analytical procedures used as substantive

procedures by auditor.

The term “analytical procedures” means evaluations of financial information through

analysis of plausible relationships among both financial and non-financial data.

Analytical procedures also encompass such investigation as is necessary of identified

fluctuations or relationships that are inconsistent with other relevant information or
that differ from expected values by a significant amount.

Don’t Forget this : What ?

CA Himanshu

CA Himanshu Jagetiya Page No.74

 Assertions
CA Himanshu

Practical Example:

A. Meaning of Assertions

It refer to representations by mgmt., explicit or otherwise, that are embodied in the

financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur.

What is explicit or otherwise?

B. Use of Assertions

In representing that the FS are in accordance with the applicable FRF, mgmt. implicitly
or explicitly makes assertions regarding the recognition, measurement, presentation and
disclosure of the various elements of FS and related disclosures.

Assertions used by the auditor to consider the different types of potential misstatements
that may occur fall into following three categories:
Assertions about Classes of Transaction and events for the Period under Audit:
[OCACC]
1. Completeness (C): All transactions and events that should have been recorded have
been recorded.
2. Accuracy (A): Amounts and other data relating to recorded transactions and events
have been recorded appropriately.
CA Himanshu

3. Occurrence (O): transactions and events that have been recorded have occurred and
pertain to the entity.
4. Cut-off (C): Transactions and events have been recorded in the correct accounting
period.
Assertions Page No.75
 5. Classification (C): Transactions and events have been recorded in the proper accounts.
CA Himanshu

Assertions about Account Balances at the Period End: [Everyone Require

Valuable Components]
1. Completeness (C): All assets, liabilities and equity interests that should have been
recorded have been recorded.
2. Existence (E): Assets, liabilities, and equity interests exist.
3. Rights and obligations (R&O): Entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
4. Valuation and Allocation (V&A): Assets, liabilities, and equity interests are included
in the financial statements at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded.

Understand V&A:

Assertions about presentation and disclosure: [See All Our Cool Understandable
Disclosures]
1. Completeness (C): all disclosures that should have been included in the financial
statements shave been included
2. Accuracy and valuation (A&V): financial and other information are disclosed fairly
and at appropriate amounts.
3. Occurrence and rights and obligations (O&R&O): disclosed events, transactions,
and other matters have occurred and pertain to the entity.
4. Classification and understandability (C&U): financial information is appropriately
presented and described, and disclosures are clearly expressed

The auditor may choose to combine the assertions about transactions and events with
the assertions about account balances.

In case of entities where the Government is a major stakeholder, in addition to those

assertions explained above, mgmt. may often assert that transactions and events have
been carried out in accordance with legislation or proper authority.

Negative assertions are also encountered in the financial statements and the same may
be expressed or implied. For example, if it is stated that there is no contingent liability
it would be an expressed negative assertion.

Class of Transaction Account Balances Disclosure

Completeness Completeness C
Accuracy Valuation and Allocation A&V
Occurence Rights and Obligation O&R&O
CA Himanshu

Cut-off
Classification C&U
Existence

CA Himanshu Jagetiya Page No.76

 SA 320
CA Himanshu

Practical Check:

1. Materiality from Financial Perspective

FRF often discuss the concept of materiality in the context of the preparation and
presentation of FS.
What is material ?
1. Misstatements are material if expected to influence the economic decisions of users
taken on the basis of the FS.
2. Judgments about materiality are affected by the size or nature of a misstatement.
For eg, a small amount lost by fraudulent practices of certain employees can indicate
a serious flaw in the enterprise’s internal control system
3. Judgments about matters that are material are based on a consideration of the
common financial information needs of users as a group.

Concept Check:

2. Application of concept of materiality ?

The concept of materiality is applied by the auditor both in:

CA Himanshu

1. Planning and performing the audit, and

2. Evaluating the effect of identified misstatement, uncorrected misstatement and in
forming the opinion in the auditor’s report.
Auditor’s Assumptions:

SA 320 Page No.77

 The auditor’s determination of materiality is a matter of professional judgment, and is
CA Himanshu

affected by the auditor’s perception of the financial information needs of users of the
FS.

In this context, it is reasonable for the auditor to assume that users:

1. Have a reasonable knowledge of business and economic activities and accounting and
a willingness to study the information in the FS with reasonable diligence;
2. Understand that FS are prepared, presented and audited to levels of materiality;
3. Recognize the uncertainties inherent in the measurement of amounts based on the
use of estimates, judgment and the consideration of future events; and
4. Make reasonable economic decisions on the basis of the information in the FS.

3. Performance materiality

An amount set at less than materiality for the FS as a whole,

• To reduce to an appropriately low level

• The probability that

• Aggregate of uncorrected and undetected misstatements

• exceeds materiality for the FS as a whole.

If applicable, performance materiality also refers to the amount or amounts set by the
auditor at less than the materiality level or levels for particular classes of transactions,
account balances or disclosures.

The auditor sets performance materiality at a value lower than overall materiality, and
uses this lower threshold when designing and performing audit procedures.

This reduces the risk that the auditor will fail to identify misstatements that are
material when added together

4. Benchmark

Determining materiality involves the exercise of professional judgment. A percentage

is often applied to a chosen benchmark as a starting point in determining materiality for
the FS as a whole.

Factors that may affect the identification of an appropriate benchmark include the
following:

1. Elements of FS: Assets, liabilities, equity, revenue, expenses

2. Items on which attention of users focused: Profit, revenue, net assets
3. Nature of entity, life cycle, industry, economic environment
4. Ownership structure, financing: Debt/Equity emphasis
CA Himanshu

5. Volatility of benchmark

Commonly used benchmarks:

1. Profit before tax,

CA Himanshu Jagetiya Page No.78

 2. Total revenue,
CA Himanshu

3. Gross profit and total expenses,

4. Total equity or net asset value.
Choosen Benchmark - Relevant financial data
In relation to choosen benchmark, relevant financial data ordinarily includes:

• Prior period’s financial results and financial positions,

• Period to date financial results and financial positions and

• Budgets or forecast for current period

5. Other points related to materiality

Determining a percentage to be applied to a chosen benchmark involves the

exercise of Professional Judgement:
There is a relationship between the percentage and the chosen benchmark, such that
a percentage applied to profit before tax from continuing operations will normally be
higher than a percentage applied to total revenue.

Example:

The auditor may consider five percent of profit before tax from continuing operations
to be appropriate for a profit-oriented entity in a manufacturing industry, while the
auditor may consider one percent of total revenue or total expenses to be appropriate
for a not-for-profit entity. Higher or lower percentages, however, may be deemed
appropriate in different circumstances.
Materiality Level or Levels for Particular Classes of Transactions, Account
Balances or Disclosures:
Factors that may indicate the existence of one or more particular CTABD for which
misstatements of lesser amounts than materiality for the FS as a whole could reasonably
be expected to influence the economic decisions of users taken on the basis of the FS
include the following:

1. Whether law, regulations or the applicable FRF affect users’ expectations regarding
the measurement or disclosure of certain items. Example: Related party transactions,
and the remuneration of mgmt and TCWG.
2. The key disclosures in relation to the industry in which the entity operates. Example:
Research and development costs for a pharmaceutical company.
3. Whether attention is focused on a particular aspect of the entity’s business that is
separately disclosed in the financial statement.

6. Revision of materiality
CA Himanshu

Materiality for FS as a whole (and if applicable, materiality for particular CTABD) may
need to be revised as a as a result of:

1. Change in circumstances that occurred during the audit,

2. New information, or
SA 320 Page No.79
 3. Change in the auditor’s understanding of the entity and its operations as a result of
CA Himanshu

performing further audit procedures.

If the auditor concludes that a lower materiality for the FS as a whole than that initially
determined is appropriate, the auditor shall determine whether it is necessary to revise
performance materiality, and whether the NTE of the further audit procedures remain
appropriate.

For Example:

7. Documentation of materiality

Audit documentation shall include the following amounts and the factors considered in
their determination:

1. Materiality for the FS as a whole;

2. If applicable, the materiality level or levels for particular classes of transactions,
account balances or disclosures;
3. Performance materiality; and
4. Any revision of (a)-(c) as the audit progressed

8. Materiality and Audit Risk

Concept of materiality is applied by the auditor both in:

1. Planning and performing the audit, and

2. Evaluating the effect of identified misstatements on the audit and of uncorrected
misstatements, if any, on the FS and in forming the opinion in the auditor’s report.

In conducting an audit of FS, the overall objectives of the auditor as per SA 200 is to
obtain reasonable assurance about whether the FS as a whole are free from material
misstatement, whether due to fraud or error, thereby enabling the auditor to express
an opinion on whether the FS are prepared, in all material respects, in accordance with
an applicable FRF; and to report on the FS, and communicate as required by the SAs, in
accordance with the auditor’s findings.

The auditor obtains reasonable assurance by obtaining SAAE to reduce audit risk to an
acceptably low level.

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the
FS are materially misstated. Audit risk is a function of the ROMM and detection risk.
CA Himanshu

Materiality and Audit Risk are considered throughout the audit, in particular, when:

1. Identifying and assessing the ROMM;

2. Determining the NTE of further audit procedures; and

CA Himanshu Jagetiya Page No.80

 3. Evaluating the effect of uncorrected misstatements, if any, on the FS and in forming
CA Himanshu

the opinion in the auditor’s report.

Exam mein aaya toh ?

“Work hard in silence, let success make the noise”

CA Himanshu

SA 320 Page No.81

 SA 500
CA Himanshu

1. Meaning of Audit Evidence

Audit evidence is the information used by the auditor in arriving at the conclusions on
which the auditor’s opinion is based.

Audit evidence includes both:

• Information contained in the accounting records underlying the FS and

• Other information.

Accounting records include:

• Records of initial accounting entries and supporting records, such as checks and
records of electronic fund transfers

• Invoices

• Contracts

• General and subsidiary ledgers

• Journal entries and other adjustments to the FS that are not reflected in journal
entries

• Records such as work sheets and spreadsheets supporting cost allocations,

computations, reconciliations and disclosures.

Other information

Information that authenticates the accounting records and also supports the auditor’s
rationale behind the opinion, for example:

• Minutes of the meetings,

• Written confirmations from trade receivables and trade payables,

• Manuals containing details of internal control etc

2. Types of Audit Evidence

Depending upon nature:

• Visual

• Oral

• Documentary

Depending upon source:

• Internal : Evidence which originates within the organisation being audited is internal
CA Himanshu

evidence. Example: Sales invoice, Copies of sales challan and forwarding notes, goods
received note, inspection report, copies of cash memo, debit and credit notes, etc.

• External: The evidence that originates outside the client’s organization is external
evidence. Example: Purchase invoice, supplier’s challan and forwarding note, debit

CA Himanshu Jagetiya Page No.82

 notes and credit notes coming from parties, quotations, confirmations, etc.
CA Himanshu

The external evidence is generally considered to be more reliable as they come from third
parties who are not normally interested in manipulation of the accounting information
of others.

However, if the auditor has any reason to doubt the independence of any third party who
has provided any material evidence e.g. an invoice of an associated concern, he should
exercise greater vigilance in that matter.

3. Sufficient and Appropriate Audit Evidence

Sufficiency of Audit Evidence

Sufficiency is the measure of the quantity of audit evidence.

The Quantity of audit evidence needed. The quantity is affected by the auditor’s
assessment of the risks of misstatement (the higher the assessed risks, the more audit
evidence is likely to be required) and also by the quality of such audit evidence (the
higher the quality, the less may be required).

Auditor’s judgment as to sufficiency may be affected by the factors such as:

• Materiality

• ROMM

• Size and characteristics of the population

Materiality

Significance of classes of transactions, account balances and presentation and disclosures

to the users of the FS.

Less evidence would be required in case assertions are less material to users of the FS.
But on the other hand, if assertions are more material to the users of the FS, more
evidence would be required.

Risk of material misstatement

This may be defined as the risk that the FS are materially misstated prior to audit. This
consists of two components : Inherent risk and control risk at the assertion level.

Less evidence would be required in case assertions that have a lower risk of material
misstatement. But on the other hand, if assertions have a higher risk of material
misstatement, more evidence would be required.

Size and characteristics of the population

Less evidence would be required in case of smaller, more homogeneous population but on
the other hand in case of larger, more heterogeneous populations, more evidence would
be required.
CA Himanshu

Homo or Hetro ?

SA 500 Page No.83

 Appropriateness of Audit Evidence
CA Himanshu

Appropriateness is the measure of the quality of audit evidence; that is, its relevance
and its reliability in providing support for the conclusions on which the auditor’s opinion
is based. The reliability of evidence is influenced by its source and by its nature, and is
dependent on the individual circumstances under which it is obtained.

4. Relevance and Reliability of Audit Evidence

Relevance

Relevance means the evidence relates to the financial statement assertions being tested.

Relevance deals with the logical connection or relation with the purpose of audit
procedure. For example, when attending an inventory count, the auditor will:

1. Select a sample of items from physical inventory and trace them to inventory records
to confirm the completeness of accounting records
2. Select a sample of items from inventory records and trace them to physical inventories
to confirm the existence of inventory assets
3. Whilst the procedures are similar in nature, their purpose (and relevance) is to test
different assertions regarding inventory balances.

Key Difference:

Reliability

Auditors should always attempt to obtain evidence from the most trustworthy and
dependable source possible.

The reliability of evidence is influenced by its nature, source, circumstance in which its
obtained and controls over its preparation:

1. Evidence obtained from an independent external source is more reliable than client
generated evidence.
2. Evidence obtained directly by the auditor is more reliable than evidence obtained
indirectly.
3. Written evidence is more reliable than oral evidence as oral representations can be
withdrawn or challenged.
4. Original documents are more reliable than copies or documents transformed into
electronic form as it may be difficult to see if these have been tampered with.
5. The reliability of audit evidence generated internally is increased when the related
CA Himanshu

controls, including those over its accuracy and completeness, imposed by the entity
are effective.

CA Himanshu Jagetiya Page No.84

 Chart:
CA Himanshu

5. Auditor’s Procedure for Audit Evidence

1. Risk assessment procedures; and

2. Further audit procedures, which comprise
a. TOC, when required by the SAs or when the auditor has chosen to do so;
b. Substantive procedures, including Test of Details and substantive analytical
procedures.

6. Type of audit procedures

1. Inspection
2. Observation
3. External Confirmation
4. Recalculation
5. Reperformance
6. Analytical Procedures
7. Inquiry

Inspection:

Inspection means examining:

1. Records or documents,
2. Internal or external,
3. In paper form, electronic form, or other media, or
4. Physical examination of an asset

Inspection of records and documents provides audit evidence of varying degrees of

reliability, depending on their nature and source and effectiveness of internal controls
CA Himanshu

over their production.

Observation:

Looking at a process or procedure being performed by others.

SA 500 Page No.85

 1. May provide evidence that a control is being operated, e.g., segregation of duties or
CA Himanshu

a cheque signatory.
2. Only provides evidence that the control was operating properly at the time of the
observation.
3. Observation of a one-off event, e.g. an inventory count, may give good evidence that
the procedure was carried out effectively.

External Confirmation:

Obtaining a direct response (usually written) from an external, third party. Examples
include:

1. Confirmation of receivables
2. Confirmation of payables
3. Confirmation of bank balances in a bank letter
4. Confirmation of actual/potential penalties from legal advisers
5. Confirmation of inventories held by third parties.
6. May provide good evidence of existence (receivables confirmation) or valuation
(customers may confirm receivable amounts but, ultimately, be unable to pay in the
future)

Recalculation:

Manually or electronically checking the arithmetical accuracy of documents, records,

or the client’s calculations, e.g. recalculation of the translation of a foreign currency
transaction or recalculation of depreciation.

Reperformance:

The auditor’s independent execution of procedures or controls that were originally

performed as part of the entity’s internal control system, e.g. reperformance of a bank
reconciliation, re-performing the aging of accounts receivable.

Analytical procedures:

Analysis of plausible relationships between both financial and non-financial data. Analytical
procedures also encompass the investigation of identified fluctuations and relationships
that are inconsistent with other relevant information or deviate significantly from
predicted amounts.

Inquiry:

Inquiry consist of seeking information from knowledgeable persons, both financial and
non-financial, within the entity or outside.

1. Used extensively throughout the audit in addition to other audit procedures.

2. May range from formal written inquiries to informal oral inquiries
CA Himanshu

3. May provide information not previously available with auditor

4. May provide corroborative audit evidence
5. Whilst a major source of evidence, the results of enquiries will usually need to be

CA Himanshu Jagetiya Page No.86

 corroborated in some way through other audit procedures. This is because responses
CA Himanshu

generated by the audit client are considered to be of a low quality due to their
inherent bias.
6. In respect of some matters, auditor may consider it necessary to obtain written
representations from mgmt and where appropriate TCWG to confirm oral queries.
The following points are also relevant in respect of audit procedures for
auditor’s consideration:
The audit procedures inspection, observation, confirmation, recalculation, reperformance
and analytical procedures, often in some combination, in addition to inquiry may be used
as risk assessment procedures, tests of controls or substantive procedures, depending
on the context in which they are applied by the auditor.
Nature and Timing of the Audit Procedures
Nature and timing of the audit procedures to be used may be affected by the fact that
some of the accounting data and other information may be available only in electronic
form or only at certain points or periods in time.

For example: source documents, such as purchase orders and invoices, may exist
only in electronic form when an entity uses electronic commerce, or may be discarded
after scanning when an entity uses image processing systems to facilitate storage and
reference.

Certain electronic information may not be retrievable after a specified period of time.

For example: if files are changed and if backup files do not exist. Accordingly, the
auditor may find it necessary as a result of an entity’s data retention policies to request
retention of some information for the auditor’s review or to perform audit procedures
at a time when the information is available.

7. Management Expert

Who is mgmt’s expert?

An individual or organisation possessing expertise in a field other than accounting or
auditing, whose work in that field is used by the entity to assist the entity in preparing
the FS.

When information to be used as audit evidence has been prepared using the work
of a mgmt’s expert, the auditor shall, to the extent necessary, having regard to the
significance of that expert’s work for the auditor’s purposes :

1. Evaluate the competence, capabilities and objectivity of that expert;

2. Obtain an understanding of the work of that expert; and
3. Evaluate the appropriateness of that expert’s work as audit evidence for the relevant
assertion.
CA Himanshu

When information to be used as audit evidence has been prepared using the work of a
mgmt’s expert, the NTE of audit procedures may be affected by such matters:

▶ Nature and complexity of the matter to which the mgmt’s expert relates.

SA 500 Page No.87

 ▶ ROMM in the matter.
CA Himanshu

▶ Availability of alternative sources of audit evidence.

▶ Nature, scope and objectives of the mgmt’s expert’s work.
▶ Whether the mgmt’s expert is employed by the entity, or is a party engaged by it to
provide relevant services.
▶ Extent to which mgmt can exercise control or influence over the work of the mgmt’s
expert.
▶ Whether the mgmt’s expert is subject to technical performance standards or other
professional or industry requirements.
▶ Nature and extent of any controls within the entity over the mgmt’s expert’s work.
▶ Auditor’s knowledge and experience of the mgmt’s expert’s field of expertise.
▶ Auditor’s previous experience of the work of that expert.

If the entity has employed or engaged experts, the auditor may rely on the works of
experts, provided he is satisfied that SAAE is obtained with reasonable assurance to
form an opinion on the FS.

Exam Question:

8. Information Produced by Entity

When using information produced by the entity, the auditor shall evaluate whether the
information is sufficiently reliable for the auditor’s purposes, including as necessary in
the circumstances:

• Obtaining audit evidence about the accuracy and completeness of the information;

• Evaluating whether the information is sufficiently precise and detailed for the
auditor’s purposes.

For example:

9. Selecting Items for Testing to Obtain Audit Evidence

When designing tests of controls and tests of details, the auditor shall determine means
CA Himanshu

of selecting items for testing that are effective in meeting the purpose of the audit
procedure.

The means available to the auditor for selecting items for testing are:

CA Himanshu Jagetiya Page No.88

 • Selecting all items (100% examination)
CA Himanshu

• Selecting specific items

• Audit sampling

Selecting All Items:

The auditor may decide that it will be most appropriate to examine the entire population
of items that make up a class of transactions or account balance (or a stratum within
that population).

100% examination may be appropriate when:

1. The population constitutes a small number of large value items;

2. There is a significant risk and other means do not provide SAAE; or
3. The repetitive nature of a calculation or other process performed automatically by
an information system makes a 100% examination cost effective.

Selecting Specific Items:

The auditor may decide to select specific items from a population.

In making this decision, factors that may be relevant include:

1. The auditor’s understanding of the entity,

2. The assessed ROMM, and
3. The characteristics of the population being tested.

Specific items selected may include:

High value or key items: The auditor may decide to select specific items within a
population because they are of high value, or exhibit some other characteristic.

All items over a certain amount: The auditor may decide to examine items whose
recorded values exceed a certain amount so as to verify a large proportion of the total
amount of a class of transactions or account balance.

Items to obtain information: The auditor may examine items to obtain information
about matters such as the nature of the entity or the nature of transactions.

10. Inconsistency in or Doubts over Reliability of Audit Evidence

If:
a. Audit evidence obtained from one source is inconsistent with that obtained from
another; or

b. The auditor has doubts over the reliability of information to be used as audit
evidence,
CA Himanshu

The auditor shall determine what modifications or additions to audit procedures are
necessary to resolve the matter, and shall consider the effect of the matter, if any, on
other aspects of the audit.

SA 500 Page No.89

 11. Audit Trail
CA Himanshu

An audit trail is a documented flow of a transaction. It is used to investigate how a

source document was translated into an account entry and from there it was inserted into
financial statement of an entity. It is used as audit evidence to establish authentication
and integrity of a transaction. Audit trails help in maintaining record of system and user
activity. Like, in case of banks, there is an audit trail keeping track of log-on activity
detailing record of log-on attempts and device used.

It is a step-by-step record by which accounting, trade details, or other financial data

can be traced to their source. Audit trails are used to verify and track many types of
transactions including accounting and financial transactions.

Audit trails (or audit logs) act as record-keepers that document evidence of certain
events, procedures or operations, because their purpose is to reduce fraud, material
errors, and unauthorized use. Audit trails help to enhance internal controls and data
security. Audit trails can help in fixing responsibility, rebuilding events and in thorough
analysis of problem areas.

For example, audit trails can track activities of users thus fixing responsibility for
users. These can also be used to rebuild events upon occurring of some problem. Audit
trail analysis can specify reason of the problem. It can also help in ensuring operation
of system as intended.

In this way, audit trails can help entities in their regular system operations. However,
audit trails involve costs. The cost is not only in terms of system expenditure but also in
terms of time involved in analysing data made available by audit trails. However, use of
automated tools can be made to analyse large volume of data thrown up by audit trails.

Systems which have a feature of audit trail inspires confidence in auditors. It helps
auditors in verifying whether controls devised by the management were operating
effectively or not. It aids in verification whether a transaction was indeed performed
by a person authorised to do it. Since audit trails also enhance data security, these can
be used by auditor while performing audit procedures thus increasing reliability of audit
evidence obtained.

“I never dreamed about success, I worked for it” CA Himanshu

CA Himanshu Jagetiya Page No.90

 SA 501
CA Himanshu

Summary

1. Objective of SA 501

The auditor should obtain SAAE regarding:

1. Existence and condition of inventory

2. Completeness of litigation and claims involving the entity
3. Presentation and disclosure of segment information

2. Purpose of Physical Verification of Inventory

Attend the physical inventory count, if inventory is material to the FS, then obtain
SAAE regarding existence and condition of inventory by:
Attending physical inventory count (unless impracticable) to:

• Evaluate mgmt’s instructions and procedures for the inventory count

• Observe the performance of the count

• Inspect the inventory

• Perform test counts

Perform procedures on the final inventory records to determine whether they accurately
reflect the count results.

3. Auditor’s Procedure for Physical Verification

Attendance at Physical Inventory Counting involves:

1. Inspecting the inventory to ascertain its existence and evaluate its condition, and
performing test counts;
2. Observing compliance with mgmt’s instructions and the performance of procedures
for recording and controlling the results of the physical inventory count; and
3. Obtaining audit evidence as to the reliability of mgmt’s count procedures.

4. Matters relevant in Planning Physical Verification

Matters relevant in planning attendance at physical inventory counting include, for

CA Himanshu

example:

1. Nature of inventory.
2. Stages of completion of work in progress.
3. Timing of physical inventory counting.
SA 501 Page No.91
 4. Nature of the internal control related to inventory.
CA Himanshu

5. ROMM related to inventory.

6. Locations at which inventory is held, including the materiality of the inventory and the
ROMM at different locations, in deciding at which locations attendance is appropriate
7. Whether adequate procedures are expected to be established and proper instructions
issued for physical inventory counting.
8. Whether the entity maintains a perpetual inventory system.
9. Whether the assistance of an auditor’s expert is needed.

5. Physical Verification Counting at Other Dates

Conducted Other than at the Date of the Financial Statements:

The auditor shall, in addition to the procedures required above, perform audit procedures
to obtain audit evidence about whether changes in inventory between the count date and
the date of the FS are properly recorded.

Relevant matters to be considered:

1. Whether the perpetual inventory records are properly adjusted.

2. Reliability of the entity’s perpetual inventory records.
3. Reasons for significant differences between the information obtained during the
physical count and the perpetual inventory records.

Auditor is unable to Attend due to Unforeseen Circumstances:

The auditor shall make or observe some physical counts on an alternative date, and
perform audit procedures on intervening transactions.

Attendance at Is Impracticable:

The auditor shall perform alternative audit procedures to obtain SAAE regarding the
existence and condition of inventory. If it is not possible to do so, the auditor shall
modify the opinion in the auditor’s report in accordance with SA 705.

The matter of general inconvenience to the auditor, however, is not sufficient to support
a decision by the auditor that attendance is impracticable.

Further, as explained in SA 200, the matter of difficulty, time, or cost involved is not
in itself a valid basis for the auditor to omit an audit procedure for which there is no
alternative or to be satisfied with audit evidence that is less than persuasive.

Example of Alternate procedures: Inspection of documentation of the subsequent sale of

specific inventory items acquired or purchased prior to the physical inventory counting

6. Inventory under Custody or Control of Third Party

When inventory under the custody and control of a third party is material to the FS,
CA Himanshu

the auditor shall obtain SAAE regarding the existence and condition of that inventory
by performing one or both of the following:

• Request confirmation from the third party as to the quantities and condition of

CA Himanshu Jagetiya Page No.92

 inventory held on behalf of the entity.
CA Himanshu

• Perform inspection or other audit procedures appropriate in the circumstances

Other Audit Procedures may include:

1. Inspecting documentation regarding inventory held by third parties, for example,

warehouse receipts.
2. Requesting confirmation from other parties when inventory has been pledged as
collateral.
3. Attending, or arranging for another auditor to attend, the third party’s physical
counting of inventory, if practicable
4. Obtaining another auditor’s report, or a service auditor’s report, on the adequacy of
the third party’s internal control for ensuring that inventory is properly counted and
adequately safeguarded.

Summarise:

7. Auditor’s Procedure for Litigation & Claims

The auditor shall design and perform audit procedures in order to identify litigation
and claims involving the entity which may give rise to a risk of material misstatement,
including:

1. Inquiry of mgmt and, where applicable, others within the entity, including in-house
legal counsel;
2. Reviewing minutes of meetings of TCWG and correspondence between the entity and
its external legal counsel; and
3. Reviewing legal expense accounts

8. Communication with External Legal Counsel

CA Himanshu

If the auditor assesses a ROMM regarding litigation or claims that have been identified,
or when audit procedures performed indicate that other material litigation or claims
may exist:

The auditor shall, in addition to the procedures required by other SAs, seek direct
SA 501 Page No.93
 communication with the entity’s external legal counsel.
CA Himanshu

The auditor shall do so through a letter of inquiry requesting the entity’s external legal
counsel to communicate directly with the auditor.

If law and regulation prohibit such direct communication, perform alternate procedures.

If it is considered unlikely that the entity’s external legal counsel will respond to a
letter of general inquiry the auditor may seek direct communication through a letter of
specific inquiry

A letter of specific inquiry includes:

• List of litigation and claims;

• Where available, mgmt’s assessment of the outcome of each of the identified litigation
and claims and its estimate of the financial implications, including costs involved

• A request that the entity’s external legal counsel confirm the reasonableness of
mgmt’s assessments and provide the auditor with further information if the list is
considered by the entity’s external legal counsel to be incomplete or incorrect.

9. Meeting with Legal Counsel

In certain circumstances, the auditor also may judge it necessary to meet with the
entity’s external legal counsel to discuss the likely outcome of the litigation or claims.
This may be the case, for example, where:

1. The auditor determines that the matter is a significant risk.

2. The matter is complex.
3. There is disagreement between mgmt and the entity’s external legal counsel. Ordinarily,
such meetings require mgmt’s permission and are held with a representative of mgmt
in attendance.

10. Impact of Management’s Refusal

If mgmt refuses to give the auditor permission to communicate or meet with the
entity’s external legal counsel, or the entity’s external legal counsel refuses to respond
appropriately to the letter of inquiry, or is prohibited from responding; and

The auditor is unable to obtain SAAE by performing alternative audit procedures, the
auditor shall modify the opinion in the auditor’s report in accordance with SA 705.

Main Baat ?
CA Himanshu

CA Himanshu Jagetiya Page No.94

 11. Segment Information
CA Himanshu

Segment Information refers to information about different types of products and

services of an enterprise and its operations in different geographical areas.

The auditor shall obtain SAAE regarding the presentation and disclosure of segment
information in accordance with the applicable FRF by:

1. Obtaining an understanding of the methods used by mgmt in determining segment

information. Further,
a. Evaluating whether such methods are likely to result in disclosure in accordance
with the applicable FRF; and
b. Where appropriate, testing the application of such methods; and

2. Performing analytical procedures or other audit procedures appropriate in the

circumstances

Auditor’s Responsibility related to Segment Information:

The auditor’s responsibility regarding the presentation and disclosure of segment

information is in relation to the FS taken as a whole. Accordingly, the auditor is not
required to perform audit procedures that would be necessary to express an opinion on
the segment information presented on a stand alone basis.

Understanding of the Methods Used by Management

Depending on the circumstances, example of matters that may be relevant when obtaining
an understanding of the methods used by mgmt in determining segment information and
whether such methods are likely to result in disclosure in accordance with the applicable
FRF include:

1. Sales, transfers and charges between segments, and elimination of inter-segment

amounts
2. Comparisons with budgets and other expected results, for example, operating profits
as a percentage of sales.
3. The allocation of assets and costs among segments.
4. Consistency with prior periods, and the adequacy of the disclosures with respect to
inconsistencies

“You were born to win, but to be a winner, you must plan to win, prepare to
win and expect to win”
CA Himanshu

SA 501 Page No.95

CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.96

 SA 505
CA Himanshu

1. Meaning of External Confirmation

External confirmation may be defined as audit evidence obtained as a

• direct written response

• to the auditor

• from a third party (the confirming party),

• in paper form, or by electronic or other medium.

2. Important Terms

1. Positive confirmation request – A request that the confirming party respond directly
to the auditor indicating whether the confirming party agrees or disagrees with the
information in the request, or providing the requested information.
2. Negative confirmation request – A request that the confirming party respond directly
to the auditor only if the confirming party disagrees with the information provided
in the request.
3. Non-response – A failure of the confirming party to respond, or fully respond, to a
positive confirmation request, or a confirmation request returned undelivered.
4. Exception – A response that indicates a difference between information requested
to be confirmed, or contained in the entity’s records, and information provided by
the confirming party. The exception need to be assessed to the entire population
after analysing the reason for difference.

3. Audit procedures for External Confirmations

When using external confirmation procedures, the auditor shall maintain control over
external confirmation requests, including:

1. Determining the information to be confirmed or requested;

2. Selecting the appropriate confirming party;
3. Designing the confirmation requests, including determining that requests are properly
addressed and contain return information for responses to be sent directly to the
auditor; and
4. Sending the requests, including follow-up requests when applicable, to the confirming
party.

4. Design of Confirmation Requests

Design of a confirmation request may directly affect the confirmation response rate,
and the reliability and the nature of the audit evidence obtained from responses.
CA Himanshu

Factors to consider when designing confirmation requests include:

▶ Assertions being addressed.

▶ ROMM, including fraud risks.
▶ Layout and presentation of the confirmation request.
SA 505 Page No.97
 ▶ Prior experience on the audit or similar engagements.
CA Himanshu

▶ Method of communication [for example, in paper form, or by electronic mode (like

e-mail) or other medium].
▶ Mgmt’s authorisation or encouragement to the confirming parties to respond to the
auditor. Confirming parties may only be willing to respond to a confirmation request
containing mgmt’s authorisation.
▶ The ability of the intended confirming party to confirm or provide the requested
information (for example, individual invoice amount versus total balance).

Determination of properly addressed requests: Determining that requests are properly

addressed before they are sent out.

Follow-Up on Confirmation Requests: The auditor may send an additional confirmation

request when a reply to a previous request has not been received within a reasonable
time.

5. Management Refusal to Send Confirmation Requests

If mgmt refuses to allow the auditor to send a confirmation request, the auditor shall:

• Inquire as to mgmt’s reasons for the refusal, and seek audit evidence as to their
validity and reasonableness;

• Evaluate the implications of mgmt’s refusal on the auditor’s assessment of the relevant
ROMM, including the risk of fraud, and on the NTE of other audit procedures; and

• Perform alternative audit procedures designed to obtain relevant and reliable audit
evidence

If mgmt refusal is unreasonable or auditor is unable to obtain relevant and reliable audit
evidence from alternate procedure:

• Communicate with TCWG

• Determine implication for the audit and auditor’s report as per SA 705

Reasonableness of Management’s Refusal?

• Refusal by mgmt to allow the auditor to send a confirmation request is a limitation on

the audit evidence the auditor may wish to obtain. The auditor is therefore required
to inquire as to the reasons for the limitation.

• The auditor is required to seek audit evidence as to the validity and reasonableness
of the reasons because of the risk that mgmt may be attempting to deny the auditor
access to audit evidence that may reveal fraud or error.

Alternative Audit Procedures

Examples of alternative audit procedures the auditor may perform include:

CA Himanshu

1. Accounts receivable balances – examining specific subsequent cash receipts, shipping

documentation, and sales near the period-end.
2. Accounts payable balances– examining subsequent cash disbursements or
correspondence from third parties, and other records, such as goods received notes.

CA Himanshu Jagetiya Page No.98

 6. Negative Confirmations
CA Himanshu

Negative confirmations provide less persuasive audit evidence than positive confirmations.

Accordingly, the auditor shall not use negative confirmation requests as the sole
substantive audit procedure to address an assessed risk of material misstatement at
the assertion level unless all of the following are present:

1. The auditor has assessed the ROMM as low and has obtained SAAE regarding the
operating effectiveness of controls relevant to the assertion;
2. Population of items subject to negative confirmation procedures comprises a large
number of small, homogeneous, account balances, transactions or conditions;
3. A very low exception rate is expected; and
4. The auditor is not aware of circumstances or conditions that would cause recipients
of negative confirmation requests to disregard such requests.
5. A failure of a confirming party to respond to a negative confirmation request provides
significantly less persuasive audit evidence than response to a positive confirmation
request.

7. Evaluating the Evidence Obtained

The auditor shall evaluate whether the results of the external confirmation procedures
provide relevant and reliable audit evidence, or whether performing further audit
procedures is necessary.

When evaluating the results of individual external confirmation requests, the auditor
may categorise such results as follows:

• Response by the appropriate confirming party indicating agreement with the

information provided in the confirmation request, or providing requested information
without exception

• Response deemed unreliable

• Non-response or
CA Himanshu

• Response indicating an exception

“Winners are not people who never fail,but people who never quit”

SA 505 Page No.99

 SA 510
CA Himanshu

Opening Balance

1. Meaning of Initial audit engagement

Initial audit engagement is an engagement in which either:

• The FS for the prior period were not audited; or

• The FS for the prior period were audited by a predecessor auditor.

2. Objective of Auditor w.r.t Opening Balance

In conducting an initial audit engagement, the objective of the auditor with respect to
opening balances is to obtain SAAE about whether:

• Opening balances contain misstatements that materially affect the current period’s
FS; and

• Appropriate accounting policies reflected in the opening balances have been

a. Consistently applied in the current period’s FS, or
b. Changes made are appropriately accounted for, presented and disclosed in
accordance with the applicable FRF.

3. Audit procedures for Opening balances

The auditor shall obtain SAAE about whether the opening balance contain misstatements
that materially affect the current period’s FS by:

1. Determining whether the prior period’s closing balances have been correctly brought
forward to the current period or,
2. When appropriate, any adjustments have been disclosed as prior period items in the
current year’s Statement of Profit and Loss;
3. Determining whether the opening balances reflect the application of appropriate
accounting policies; and
4. The auditor shall read the most recent FS and audit report it any for any information
related to opening balance.

Performing one or more of the following:

• Where the prior year FS were audited, perusing the copies of the audited FS;
CA Himanshu

• Evaluating whether audit procedures performed in the current period provide evidence
relevant to the opening balances; or

• Performing specific audit procedures to obtain evidence regarding the opening

balances.
CA Himanshu Jagetiya Page No.100
CA Himanshu

4. Misstatement in Opening Balances

The auditor obtains audit evidence that the opening balances contain misstatements
that could materially affect the current period’s FS:

• The auditor shall perform such additional audit procedures as are appropriate in the
circumstances to determine the effect on the current period’s FS.

• If the auditor concludes that such misstatements exist in the current period’s FS,
the auditor shall communicate the misstatements with the appropriate level of mgmt
and TCWG.

5. Nature and Extent of Audit Procedures

The nature and extent of audit procedures necessary to obtain SAAE regarding opening
balances depend on such matters as:

▶ Accounting policies followed by the entity.

▶ Nature of the account balances, classes of transactions and disclosures and the
ROMM in the current period’s FS.
▶ Significance of the opening balances relative to the current period’s FS.
▶ Whether the prior period’s FS were audited and, if so, whether the predecessor
auditor’s opinion was modified.

Current assets and liabilities:

Some audit evidence about opening balances may be obtained as part of the current
period’s audit procedures.

Inventory

In the case of inventories, however, the current period’s audit procedures on the
closing inventory balance provide little audit evidence regarding inventory on hand at
the beginning of the period. Therefore, additional audit procedures may be necessary,
and one or more of the following may provide SAAE:

• Observing a current physical inventory count and reconciling it to the opening

inventory quantities.

• Performing audit procedures on the valuation of the opening inventory items.

CA Himanshu

• Performing audit procedures on gross profit and cut-off.

Non- current assets and liabilities:

Such as property plant and equipment, investments and long-term debt, some audit

SA 510 Page No.101

 evidence may be obtained by examining the accounting records and other information
CA Himanshu

underlying the opening balances.

In certain cases, the auditor may be able to obtain some audit evidence regarding opening
balances through confirmation with third parties.

6. Audit reporting Requirement

If the auditor concludes that:

• Current period’s accounting policies are not consistently applied in relation to opening
balances in accordance with the applicable FRF; or

• Change in accounting policies is not properly accounted for or not adequately presented
or disclosed in accordance with the applicable FRF

Auditor shall express a qualified opinion or an adverse opinion as appropriate in accordance

with SA 705.

Unable to obtain sufficient appropriate audit evidence: Auditor shall express a

qualified opinion or a disclaimer of opinion, as appropriate, in accordance with SA 705.

Opening balances contain a misstatement that materially affects the current period’s
FS, and the effect of the misstatement is not properly accounted for or not
adequately presented or disclosed: Auditor shall express a qualified opinion or an
adverse opinion, as appropriate, in accordance with SA 705.

CA Himanshu

“Winning means you are willing to go longer, work harder and give more than
anyone else

CA Himanshu Jagetiya Page No.102

 SA 520
CA Himanshu

Example:

1. Meaning of Analytical Procedures

The term “analytical procedures” means:

1. Evaluations of financial information through analysis of plausible relationships among

both financial and non-financial data and

2. Investigation of identified fluctuations, inconsistent relationships or amounts that

differ from expected values by a significant amount.

Meaning of Plausible:

Something that appears to be reasonable or believable, although it may not necessarily

be true or accurate.

Analytical procedures include comparisons of the entity’s financial information:

1. Comparable information for prior periods.

2. Anticipated results of the entity, such as budgets or forecasts, or expectations of
the auditor, such as an estimation of depreciation.
CA Himanshu

3. Similar industry information, such as a comparison of the entity’s ratio of sales to

accounts receivable with industry averages or with other entities of comparable size
in the same industry

Analytical procedures also include consideration of relationships:

SA 520 Page No.103

 Financial information elements, such as gross margin percentages, which are anticipated
CA Himanshu

to follow a consistent pattern based on the entity’s past experience, are to be expected.

Between financial information and relevant non-financial information, such as payroll

costs to number of employees.

2. Objective of SA 520

The Objective of the auditor are:

• To obtain relevant and reliable audit evidence when using substantive analytical
procedures; and

• To design and perform analytical procedures near the end of the audit that assist the
auditor when forming an overall conclusion as to whether the FS are consistent with
the auditor’s understanding of the entity.

3. Timing of Analytical Procedure

Analytical procedures are required in Planning, Testing as well as Completion phase.

Analytical procedures can be used at all stages of an audit.

Preliminary analytical procedures:

SA 315 requires the auditor to perform analytical procedures as a risk assessment

procedure. In planning Stage analytical procedures assist the auditor in:

• Identify aspects of the entity of which the auditor was unaware.

• Assist in assessing the ROMM

• Assist in the identification of unusual transactions or events, as well as amounts,

ratios, and trends that could potentially impact an audit.

• Help identify ROMM due to fraud.

• This information will assist the auditor in determining the NTE of his other audit
procedures.

Substantive analytical procedures:

SA 500 (Audit Evidence) allows the auditor to use analytical procedures as a substantive
procedure to help detect misstatement.

Final analytical procedure:

In addition, SA 500 requires the auditor to use analytical procedures at the completion
stage of the audit when forming an overall conclusion as to whether the FS are consistent
with the auditor’s understanding of the entity

4. Factors to be considered for Analytical Procedures

CA Himanshu

The auditor should consider the following factors for Substantive Audit Procedures:

Availability of Data: The availability of reliable and relevant data will facilitate effective
procedures.

Disaggregation: The degree of disaggregation in available data can directly affect the
CA Himanshu Jagetiya Page No.104
 degree of its usefulness in detecting misstatements.
CA Himanshu

Account Type: Substantive analytical procedures are more useful for certain types
of accounts than for others. Income statement accounts tend to be more predictable
because they reflect accumulated transactions over a period, whereas balance sheet
accounts represent the net effect of transactions at a point in time or are subject to
greater mgmt judgment.

Source: Some classes of transactions tend to be more predictable because they

consist of numerous, similar transactions, (e.g., through routine processes). Whereas
the transactions recorded by non-routine and estimation SCOTs (significant class of
transactions) are often subject to mgmt judgment and therefore more difficult to
predict. The reliability of data depends on the source from which information is received.

Predictability: Substantive analytical procedures are more appropriate when an account

balance or relationships between items of data are predictable (e.g., between sales and
cost of sales or between trade receivables and cash receipts). A predictable relationship
is one that may reasonably be expected to exist and continue over time.

Nature of Assertion: Substantive analytical procedures may be more effective in

providing evidence for some assertions (e.g., completeness or valuation) than for others
(e.g., rights and obligations). Predictive analytical procedures using data analytics can be
used to address completeness, valuation/measurement and occurrence.

Inherent Risk or “What Can Go Wrong”: When we are designing audit procedures to
address an inherent risk or “what can go wrong”, we consider the nature of the risk of
material misstatement in order to determine if a substantive analytical procedure can
be used to obtain audit evidence.

When inherent risk is higher, we may design tests of details to address the higher
inherent risk. When significant risks have been identified, audit evidence obtained solely
from substantive analytical procedures is unlikely to be sufficient.

CA Himanshu

5. Types of Analytical Procedure

Substantive analytical procedures generally take one of the following forms:

1. Trend analysis

SA 520 Page No.105

 2. Ratio analysis
CA Himanshu

3. Reasonableness tests
4. Structural modelling

Trend Analysis:

It is a commonly used technique is comparing current data with the prior period balance
or with a trend in two or more prior period balances.

1. Auditor evaluate whether current account balance moves with in line with established
trend or based on factors that my cause to change it.
2. In other words, trend analysis implies analysing account fluctuations by comparing CY
to PY info and also to info derived over several years.

Example: The auditor may compare the salary paid by the company during the year under
audit with the salary paid by the company for several earlier years. There may be some
percentage increase in the salary expense over the years. However, an unusual increase
in such expense amount may indicate that fraudulent payments are being made to fake
employees.

Ratio Analysis:

Ratio analysis is useful for analysing asset and liability accounts as well as revenue and
expense accounts.

• An individual balance sheet account is difficult to predict on its own, but its
relationship to another account is often more predictable (e.g., the trade receivables
balance related to sales).

• Ratios can also be compared over time or to the ratios of separate entities within the
group, or with the ratios of other companies in the same industry.

Commonly used rations include:

• Gross profit ratio

• Accounts receivable turnover

• Inventory turnover

• Profitability, liquidity and leverage

Reasonableness Test:

Unlike trend analysis, this analytical procedure does not rely on events of prior periods,
but upon non-financial data for the audit period under consideration (e.g., occupancy rates
to estimate rental income or interest rates to estimate interest income or expense).

These tests are generally more applicable to income statement accounts and certain
accrual or prepayment accounts.
CA Himanshu

Examples:

• Interest expense against interest bearing obligations

• Raw Material Consumption to Production (quantity)

CA Himanshu Jagetiya Page No.106

 • Wastage & Scrap % against production & raw material consumption (quantity)
CA Himanshu

• Work-in-Progress based on issued of materials & Sales (quantity)

• Sales discounts and commissions against sales volume

• Rental revenues based on occupancy of premises

Structural modelling:

A modelling tool constructs a statistical model from financial and/or non-financial data
of prior accounting periods to predict current account balances (e.g., linear regression).

6. Analytical Procedures as Substantive test (SA 330)

When designing and performing substantive analytical procedures, either alone or in

combination with tests of details, as substantive procedures in accordance with SA 330,
the auditor shall:

1. Determine the suitability of particular substantive analytical procedures for given

assertions, taking account of the assessed ROMM and tests of details, if any, for
these assertions;
2. Assess the reliability of the data used to make expectations about recorded amounts
or ratios by considering:
a. Source
b. Comparability
c. Relevance of the information
d. Controls in place for its preparation

3. Develop an expectation of recorded amounts or ratios and evaluate whether the

expectation is sufficiently precise to identify a misstatement that, individually
or when aggregated with other misstatements, may cause the FS to be materially
misstated; and
4. Determine the amount of any difference of recorded amounts from expected values
that is acceptable without further investigation.

7. Suitability of particular analytical procedures for given assertions

Substantive analytical procedures are generally more applicable to large volumes of

transactions that tend to be predictable over time.

The application of planned analytical procedures is based on the expectation that

relationships among data exist and continue in the absence of known conditions to the
contrary.

However, the suitability of a particular analytical procedure will depend upon the auditor’s
assessment of how effective it will be in detecting a misstatement that, individually or
CA Himanshu

when aggregated with other misstatements, may cause the FS to be materially misstated.

In some cases, even an unsophisticated predictive model may be effective as an analytical

procedure.

SA 520 Page No.107

 8. Extent of Reliance on Analytical Procedures - Reliability of Data
CA Himanshu

The reliability of data is influenced by its source and nature and is dependent on the
circumstances under which it is obtained. Accordingly, the following are relevant when
determining whether data is reliable for purposes of designing substantive analytical
procedures:

1. Source of the information available. For example, information may be more reliable
when it is obtained from independent sources outside the entity;
2. Comparability of the information available. For example, broad industry data may
need to be supplemented to be comparable to that of an entity that produces and
sells specialised products;
3. Nature and relevance of the information available. For example, whether budgets
have been established as results to be expected rather than as goals to be achieved;
and
4. Controls over the preparation of the information that are designed to ensure
its completeness, accuracy and validity. For example, controls over the preparation,
review and maintenance of budgets.

The auditor may consider testing the operating effectiveness of controls, if any, over
the entity’s preparation of information used by the auditor in performing substantive
analytical procedures in response to assessed risks. When such controls are effective,
the auditor generally has greater confidence in the reliability of the information and,
therefore, in the results of analytical procedures.

9. Evaluation whether Expectation is Sufficiently Precise

Factors that auditor shall consider when determining whether an expectation can be
established with sufficient precision to identify a misstatement that could potentially
cause the FS to be materially misstated include:

The accuracy with which the expected results of substantive analytical procedures can
be predicted.

For example, the auditor may expect greater consistency in comparing gross profit
margins from one period to another than in comparing discretionary expenses, such as
research.

The degree to which information can be disaggregated.

For example, substantive analytical procedures may be more effective when applied to
financial information on individual sections of an operation or to FS of components of a
diversified entity, than when applied to the FS of the entity as a whole.

The availability of the information, both financial and non-financial.

For example, the auditor may consider whether financial information, such as budgets or
CA Himanshu

forecasts, and non-financial information, such as the number of units produced or sold,
is available to design substantive analytical procedures. If the information is available,
the auditor may also consider the reliability of the information.

10. Amount of Acceptable Difference

CA Himanshu Jagetiya Page No.108
 Amount of difference from the expectation that can be accepted without further
CA Himanshu

investigation is influenced by

• Materiality and

• Consistency with the desired level of assurance, taking account of the possibility
that a misstatement, individually or when aggregated with other misstatements, may
cause the FS to be materially misstated.

SA 330 requires the auditor to obtain more persuasive audit evidence the higher the
auditor’s assessment of risk. Accordingly, as the assessed risk increases, the amount of
difference considered acceptable without investigation decreases in order to achieve
the desired level of persuasive evidence.

11. Investigating results of Analytical Procedures

If analytical procedures performed in accordance with SA 520 identify:

• Fluctuations or

• Relationships that are inconsistent with other relevant information or that differ
from expected values by a significant amount

The auditor shall investigate such differences by:

Inquiring of management and obtaining appropriate audit evidence relevant to

management’s responses:

Audit evidence relevant to mgmt’s responses may be obtained by evaluating those responses
taking into account the auditor’s understanding of the entity and its environment, and
with other audit evidence obtained during the course of the audit.

Performing other audit procedures as necessary in the circumstances:

The need to perform other audit procedures may arise when, for example, mgmt is
unable to provide an explanation, or the explanation, together with the audit evidence
obtained relevant to mgmt’s response, is not considered adequate.

CA Himanshu

SA 520 Page No.109

 SA 550
CA Himanshu

1. Meaning of Related Parties

A party that is either:

1. A related party as defined in the applicable FRF; or

2. Where the applicable FRF establishes minimal or no related party requirements:
a. A person or other entity that has control or significant influence, directly or
indirectly through one or more intermediaries, over the reporting entity;
b. Another entity over which the reporting entity has control or significant influence,
directly or indirectly through one or more intermediaries; or
c. Another entity that is under common control with the reporting entity through
having:

- Common controlling ownership;

- Owners who are close family members; or

- Common key mgmt.

2. Nature of Related Party Transactions

Many related party transactions are in the normal course of business. In such
circumstances, they may carry no higher risk of material misstatement of the FS than
similar transactions with unrelated parties.

However, the nature of related party relationships and transactions may, in some
circumstances, give rise to higher ROMM of the FS than transactions with unrelated
parties.

Example:

• Related parties may operate through an extensive and complex range of relationships
and structures, with a corresponding increase in the complexity of related party
transactions.

• Information systems may be ineffective at identifying or summarising transactions

and outstanding balances between an entity and its related parties.

• Transactions may not be conducted under normal market terms and conditions. For
example, some related party transactions may be conducted with no exchange of
consideration.

3. Understanding of Related Party Relationships & Transaction

The Auditor shall inquire of mgmt:

• Identity of the entity’s related parties, including changes from the prior period;
CA Himanshu

• Nature of the relationships between the entity and these related parties;

• Whether the entity entered into any transactions with these related parties during
the period and, if so, the type and purpose of the transactions.

CA Himanshu Jagetiya Page No.110

 Auditor shall inquire of mgmt and others within the entity, and perform other risk
CA Himanshu

assessment procedures considered appropriate, to obtain an understanding of the

controls, if any, that mgmt has established to:

• Identify, account for, and disclose related party relationships and transactions in
accordance with the applicable FRF;

• Authorise and approve significant transactions and arrangements with related parties;
and

• Authorise and approve significant transactions and arrangements outside the normal
course of business.

How can an auditor verify the existence of related party relationships and transactions?

During the audit, the auditor should maintain alertness for related party information while
reviewing records and documents. He may inspect the following records or documents
that may provide information about related party relationships and transactions, for
example:

• Entity income tax returns.

• Information supplied by the entity to regulatory authorities.

• Shareholder registers to identify the entity’s principal shareholders.

• Statements of conflicts of interest from mgmt and TCWG.

• Records of the entity’s investments and those of its pension plans.

• Contracts and agreements with key mgmt or TCWG.

• Significant contracts and agreements not in the entity’s ordinary course of business.

• Specific invoices and correspondence from the entity’s professional advisors.

• Life insurance policies acquired by the entity.

• Significant contracts re-negotiated by the entity during the period.

• Internal auditors’ reports.

• Documents associated with the entity’s filings with a securities regulator for eg.
prospectus)
CA Himanshu

“There is no way around the hard work, embrace it”

SA 550 Page No.111

 SA 560
CA Himanshu

1. Meaning of Subsequent events

Events occurring between the date of the FS and the date of the auditor’s report, and
facts that become known to the auditor after the date of the auditor’s report.

For example: if a company prepares FS for the period ending 31 March, 2026, and the
auditor issued opinion on May 15, 2026, any events or facts that occurred between 31
March, 2026, and May 15, 2026, would be considered subsequent events.

FS may be affected by certain events that occur after the date of the FS. Many FRF
specifically refer to such events. Such FRFs ordinarily identify two types of events:

1. Those that provide evidence of conditions that existed at the date of the FS and
2. Those that provide evidence of conditions that arose after the date of the FS.

Example of event providing evidence of conditions that existed at the date of the FS

Declaration of insolvency of a major debtor of the entity between the date of FS and
the date of auditor’s report providing evidence on the recoverability of the money due
from debtor as on date of the FS.

Examples of events providing evidence of conditions that arose after the date of the FS

• Issue of new share capital.

• Planned merger of the company.

• Destruction of substantial inventories due to fire between the date of the FS and
the date of auditor’s report.

2. Objective of SA 560

• Obtain SAAE about whether events occurring between the date of the FS and the
date of the auditor’s report, that require adjustment or disclosure are appropriately
reflected in accordance with the applicable FRF.

• Respond appropriately to facts that become known to the auditor after the date of
the auditor’s report, that, had they been known to the auditor at that date, may have
CA Himanshu

caused the auditor to amend the auditor’s report.

3. Audit procedures for Subsequent Events Occuring b/w Date of FS and A/R

The auditor shall take into account the auditor’s risk assessment which shall include:

CA Himanshu Jagetiya Page No.112

 1. Obtaining an understanding of any procedures mgmt has established to ensure that
CA Himanshu

subsequent events are identified.

2. Inquiring of mgmt and, where appropriate, TCWG as to whether any subsequent
events have occurred which might affect the FS.
3. Reading minutes, if any, of the meetings, of the entity’s owners, mgmt and TCWG,
that have been held after the date of the FS and inquiring about matters discussed
at any such meetings for which minutes are not yet available.
4. Reading the entity’s latest subsequent interim FS, if any

When, as a result of procedure, auditor identifies events that require adjustments or

disclosure in FS, determine whether each such event is appropriately reflected in FS.

Written representation in respect of subsequent events:

Request mgmt or TCWG to provide a WR as per SA 580 that all events that require
adjustments or disclosure in FS, have been appropriately reflected in FS.

4. Fact known After Date of Audit Report but Before Date of Issue of FS

The auditor has no obligation to perform any audit procedures regarding the FS after
the date of the auditor’s report.

However, if a fact become known to the auditor that have been known before issue of
AR, it may have amended the AR, the auditor shall:

• Discuss the matter with mgmt and, where appropriate, TCWG.

• Determine whether the FS need amendment and, if so,

• Inquire how mgmt intends to address the matter in the FS.

If management amends the financial statements, the auditor shall:

• Carry out the audit procedures necessary in the circumstances on the amendment

• Extend these procedures to the date of New audit report

• Provide a new audit report on the amended FS dated not earlier than the date of
approval of amended FS

If law or regulation or FRF doesn’t prohibit mgmt from restricitng amendments to FS to

subsequent event, auditor is permitted to restrict audit procedure to that amendment.

The auditor shall either:

• Amend the auditor’s report to include an additional date restricted to that amendment
(Dual Dating) or

• Provide a new or amended auditor’s report that includes a statement in an Emphasis

of Matter paragraph or Other Matter(s) paragraph that conveys auditor’s procedures
CA Himanshu

on subsequent events are restricted to amendments in FS (EOM/Matter Para)

If management does not amends the financial statements, the auditor shall:

• If the auditor’s report has not yet been provided to the entity, the auditor shall
modify the opinion as required by SA 705 and then provide the auditor’s report or
SA 560 Page No.113
 • If the auditor’s report has already been provided to the entity, the auditor shall
CA Himanshu

notify mgmt and TCWG, not to issue the FS to third parties before the necessary
amendments have been made.

• If the FS are nevertheless subsequently issued without the necessary amendments,

the auditor shall take appropriate action, to seek to prevent reliance on the auditor’s
report.

5. Fact known After Date of Issue of FS

The auditor has no obligation to perform any audit procedures regarding the FS after
the date of the auditor’s report.

However, when, after the date of the auditor’s report but before the date the FS are
issued, a fact becomes known to the auditor that, had it been known to the auditor at
the date of the auditor’s report, may have caused the auditor to amend the auditor’s
report, the auditor shall:

• Discuss the matter with mgmt and, where appropriate, TCWG.

• Determine whether the FS need amendment and, if so,

• Inquire how mgmt intends to address the matter in the FS.

If mgmt amends the FS, the auditor shall:

• Carry out the audit procedures necessary in the circumstances on the amendment.

• Review the steps taken by mgmt to ensure that anyone in receipt of the previously
issued FS together with the auditor’s report are informed of the situation.

6. Refusal of Management to Amend

When mgmt does not amend the FS in circumstances where the auditor believes they
need to be amended, then:

• If the auditor’s report has not yet been provided to the entity, the auditor shall
modify the opinion as required by SA 705 and then provide the auditor’s report or

• If the auditor’s report has already been provided to the entity, the auditor shall
notify mgmt and, unless all of TCWG are involved in managing the entity.

• If, despite such notification, mgmt or TCWG do not take these necessary steps, the
auditor shall take appropriate action to seek to prevent reliance on the audit report.

“I will win not immediately but definitely”

CA Himanshu

CA Himanshu Jagetiya Page No.114

 CA Himanshu

SA 560
Page No.115
CA Himanshu
 SA 580
CA Himanshu

1. Meaning of Written Representation

Written representations may be defined as

• written statement by mgmt provided to the auditor

• to confirm certain matters or to support other audit evidence.

Written representations in this context do not include FS, the assertions therein, or
supporting books and records.

Although written representations provide necessary audit evidence, they do not provide
SAAE on their own about any of the matters with which they deal.

Furthermore, the fact that mgmt has provided written representations does not affect
the nature or extent of other audit evidence that the auditor obtains.

2. Objective of SA 580

Written Representations requires the auditor to obtain written representations from

mgmt:

To obtain written representations

That they have fulfilled their responsibility for the preparation of the FS and
completeness of the information provided to the auditor

To support other evidence

To support other audit evidence relevant to the FS or specific assertions if deemed

necessary by the auditor or required by specific SAs.

To respond appropriately

To respond appropriately to written representations provided by mgmt or if mgmt does

not provide the written representations requested by the auditor.

3. Written representation is requested from ?

People who have responsibility for FS are asked to provide written confirmation.

Depending on who makes the FS, the request for written confirmation is usually sent to
the CEO, CFO, or similar positions.

Mgmt should have enough knowledge of the financial statement preparation process to
provide written confirmation, as they are responsible for making the statements and
running the business.

In some cases, mgmt used experts who have specialised knowledge,

CA Himanshu

Mgmt may use a qualifying language like: ‘representations are made to the best of its
knowledge and belief’, such wordings are reasonable to accept.

4. Written Representation about Management’s Responsibility

Written representation about mgmt’s responsibilities involves confirmation of fulfilment

CA Himanshu Jagetiya Page No.116
 of mgmt’s responsibilities in following areas:
CA Himanshu

• Preparation of the FS

• Information provided and completeness of transactions

I. Preparation of Financial Statements

The auditor shall request mgmt to provide a written representation that it has fulfilled
its responsibility for the preparation of the FS.

The written representation requests mgmt to confirm that they have fulfilled their
responsibilities based on their previously agreed acknowledgment and understanding.

In some cases, however, mgmt may decide to make inquiries of others who participate in
preparing and presenting the FS and assertions therein, including individuals who have
specialized knowledge relating to the matters about which written representations are
requested. Such individuals may include:

• An actuary responsible for actuarially determined accounting measurements.

• Staff engineers who may have responsibility for and specialized knowledge about
environmental liability measurements.

• Internal counsel who may provide information essential to provisions for legal claims.

II. Information provided and completeness of transactions

The auditor shall request mgmt to provide a written representation that:

• It has provided the auditor with all relevant information and access as agreed in the
terms of the audit engagement and

• All transactions have been recorded and are reflected in the FS.

5. Why WR about Management Responsibilities are Necessary?

Audit evidence obtained during the audit that mgmt has fulfilled its responsibilities
regarding preparation of FS and about information provided and completeness of
transactions is not sufficient without obtaining confirmation from mgmt that it believes
that it has fulfilled those responsibilities.

This is because the auditor is not able to judge solely on other audit evidence whether
mgmt has prepared and presented the FS and provided information to the auditor on the
basis of the agreed acknowledgement and understanding of its responsibilities.

The auditor may also ask for reconfirmation of these responsibilities. This is especially
necessary when:

1. Those who signed the terms of the audit engagement on behalf of the entity no
longer have the relevant responsibilities;
CA Himanshu

2. The terms of the audit engagement were prepared in a previous year;

3. There is any indication that mgmt misunderstands those responsibilities; or
4. Changes in circumstances make it appropriate to do so.

6. Other Written Representations

SA 580 Page No.117
 Auditors are required to ask for written statements from mgmt as part of various
CA Himanshu

auditing standards (SAs). These statements confirm certain facts or assertions that
are crucial for the audit.

WR in addition to WR on Responsibility of FS

They may include representations about the following:

• Whether the selection and application of accounting policies are appropriate.

• Whether matters such as the following, where relevant under the applicable FRF,
have been recognized, measured, presented or disclosed in accordance with that
framework:

• Plans or intentions that may affect the carrying value or classification of assets and
liabilities;

• Liabilities, both actual and contingent;

• Title to, or control over, assets, the liens or encumbrances on assets, and assets
pledged as collateral; and

• Aspects of laws, regulations and contractual agreements that may affect the FS,
including non-compliance.

7. Written representations about specific assertions

When obtaining evidence about, or evaluating, judgments and intentions, the auditor may
consider one or more of the following:

• Entity’s past history in carrying out its stated intentions.

• Entity’s reasons for choosing a particular course of action.

• Entity’s ability to pursue a specific course of action.

• Existence or lack of any other information that might have been obtained during the
course of the audit that may be inconsistent with mgmt’s judgment or intent.

8. Date of and Period covered by Written Representations

1. The date of the written representations shall be as near as practicable to but not
after, the date of the auditor’s report on the FS.
2. The written representations shall be for all FS and period(s) referred to in the
auditor’s report.
3. Furthermore, because the auditor is concerned with events occurring up to the date
of the auditor’s report that may require adjustment to or disclosure in the FS.

9. Doubt as to the reliability of Written representations

If the auditor concludes that the written representations are not reliable, the auditor
CA Himanshu

shall take appropriate actions, including determining the possible effect on the opinion
in the auditor’s report in accordance with SA 705, having regard to the requirement of
disclaimer of opinion.

CA Himanshu Jagetiya Page No.118

 10. Management’s refusal to provide representation
CA Himanshu

If requested written representation not provided by mgmt:

1. Auditor shall discuss the matter with mgmt

2. Re-evaluate integrity of mgmt and evaluate the effect of this may have on the
reliability of representation and audit evidence in general
3. Take appropriate actions, including determining possible effect on the opinion in the
auditor’s report

11. Disclaimer of opinion in case of Non Reliability of WR

The auditor shall disclaim an opinion on the FS in accordance with SA 705 if:

• Auditor concludes that there is sufficient doubt about the integrity of mgmt such
that the written representations about mgmt fulfilling its responsibilities are not
reliable;

• Mgmt does not provide the written representations relating to fulfilling its
responsibilities regarding preparation of FS and about information provided and
completeness of transactions.

CA Himanshu

“Be a Warrior not worrier”

SA 580 Page No.119

 SA 260
CA Himanshu

1. Objective of SA 260

The objectives of the auditor are:

1. To communicate clearly with TCWG the responsibilities of the auditor in relation to

the financial statement audit, and an overview of the planned scope and timing of the
audit;
2. To obtain from TCWG information relevant to the audit
3. To provide TCWG with timely observations arising from the audit that are significant
and relevant to their responsibility to oversee the financial reporting process and
4. To promote effective two-way communication between the auditor and TCWG.

2. Who are “TCWG”?

▶ Individuals or organizations responsible for overseeing the entity’s strategic direction

and accountability.
▶ Includes responsibilities for financial reporting oversight.
▶ Mgmt structures differ based on cultural, legal, size, and ownership factors.
▶ TCWG may include mgmt personnel or be distinct from them.
▶ SA 315 guides the auditor in understanding an entity’s governance structure.
▶ Identifying appropriate communication recipients depends on the matter being
communicated.
▶ In cases where legal frameworks or engagement circumstances don’t clearly define
communication recipients, discussion with the engaging party is needed.

3. Significance of communication with TCWG

Communication from auditor is important with TCWG. An effective two-way communication

is important in assisting:

1. The auditor and TCWG in understanding matters related to the audit in context, and
in developing a constructive working relationship. This relationship is developed while
maintaining the auditor’s independence and objectivity.
2. The auditor in obtaining from TCWG information relevant to the audit. For example,
TCWG may assist the auditor in understanding the entity and its environment etc.
3. TCWG in fulfilling their responsibility to oversee the financial reporting process,
thereby reducing the ROMM of the FS.

4. Matters to be communicated by auditor

Following matters are required to be communicated by auditor with TCWG:

CA Himanshu

1. The auditor’s responsibilities in relation to the financial statement audit

2. Planned scope and timing of the audit
3. Significant findings from the audit
The auditor’s responsibilities in relation to the financial statement audit:
CA Himanshu Jagetiya Page No.120
 The auditor shall communicate with TCWG the responsibilities of the auditor in relation
CA Himanshu

to the financial statement audit, including that:

1. The auditor is responsible for forming and expressing an opinion on the FS that have
been prepared by mgmt with the oversight of TCWG and
2. The audit of the FS does not relieve mgmt or TCWG of their responsibilities.
Planned scope and timing of the audit:
The auditor shall communicate with TCWG an overview of the planned scope and timing
of the audit, which includes communicating about the significant risks identified by the
auditor.
Significant findings from the audit
The auditor shall communicate with TCWG:

1. The auditor’s views about significant qualitative aspects of the entity’s accounting
practices, including accounting policies, accounting estimates and financial statement
disclosures. When applicable, the auditor shall explain to TCWG why the auditor
considers a significant accounting practice, that is acceptable under the applicable
FRF, not to be most appropriate to the particular circumstances of the entity
2. Significant difficulties, if any, encountered during the audit
3. Significant matters arising during the audit that were discussed, or subject to
correspondence, with mgmt
4. Written representations the auditor is requesting
5. Circumstances that affect the form and content of the auditor’s report, if any and
6. Any other significant matters arising during the audit that, in the auditor’s professional
judgment, are relevant to the oversight of the financial reporting process.

CA Himanshu

SA 260 Page No.121

 5. Communication in case of Listed Entities
CA Himanshu

In the case of listed entities, the auditor shall communicate with TCWG:

1. A statement that the engagement team and others in the firm as appropriate, the firm
and, when applicable, network firms have complied with relevant ethical requirements
regarding independence.
2. The auditor considers and evaluates all relationships and other factors between the
auditing firm, network firms, and the entity under audit, which, in their professional
judgment, could reasonably be perceived to influence or impact independence.
3. This shall include total fees charged during the period covered by the FS for audit
and non-audit services provided by the firm and network firms to the entity and
components controlled by the entity.
4. These fees shall be allocated to categories that are appropriate to assist TCWG in
assessing the effect of services on the independence of the auditor and
5. The related safeguards that have been applied to eliminate identified threats to
independence or reduce them to an acceptable level.

6. The Communication Process

1. The auditor shall communicate with TCWG the form, timing and expected general
content of communications.
2. The auditor shall communicate in writing with TCWG regarding significant findings
from the audit if, in the auditor’s professional judgment, oral communication would
not be adequate
3. Written communications need not include all matters that arose during the course of
CA Himanshu

the audit.
4. The auditor shall communicate in writing with TCWG regarding auditor independence
when required in case of listed entities.
5. The auditor shall communicate with TCWG on a timely basis.

CA Himanshu Jagetiya Page No.122

CA Himanshu

7. Adequacy of the communication process

The auditor shall evaluate whether the two-way communication between the auditor and
TCWG has been adequate for the purpose of the audit. If it has not, the auditor shall
evaluate the effect, if any, on the auditor’s assessment of the ROMM and ability to
obtain SAAE, and shall take appropriate action.

8. Documentation

1. Where matters required by SA 260 to be communicated are communicated orally, the

auditor shall include them in the audit documentation, and when and to whom they
were communicated.
2. Where matters have been communicated in writing, the auditor shall retain a copy of
the communication as part of the audit documentation.

“We don’t want to tell our dreams, we what to show them”

CA Himanshu

SA 260 Page No.123

CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.124

 SA 265
CA Himanshu

1. Objective of SA 265

Objective of the auditor is to communicate appropriately to TCWG and mgmt deficiencies

in internal control that the auditor has identified during the audit and that, in the
auditor’s professional judgment, are of sufficient importance to merit their respective
attentions.

2. Meaning of Deficiency & Significant Deficiency

Deficiency:
This exists when:

1. Control is designed, implemented or operated in such a way that it is unable to prevent,

or detect and correct, misstatements in the FS on a timely basis or
2. Control necessary to prevent, or detect and correct, misstatements in the FS on a
timely basis is missing.
Significant deficiency in internal control:
Deficiency or combination of deficiencies in internal control that, in the auditor’s
professional judgment, is of sufficient importance to merit the attention of TCWG.

The significance of a deficiency or a combination of deficiencies in internal control

depends not only on whether a misstatement has actually occurred, but also on
the likelihood that a misstatement could occur and the potential magnitude of the
misstatement. Significant deficiencies may, therefore, exist even though the auditor
has not identified misstatements during the audit.

3. Examples of Matters

Examples of matters that the auditor may consider in determining whether

a deficiency or combination of deficiencies in internal control constitutes a
significant deficiency:
CA Himanshu

1. The importance of the controls to the financial reporting process, for example:

• General monitoring controls (such as oversight of mgmt).

• Controls over the prevention and detection of fraud.

SA 265 Page No.125
 • Controls over the selection and application of significant accounting policies.
CA Himanshu

• Controls over significant transactions with related parties.

• Controls over significant transactions outside the entity’s normal course of business.

• Controls over the period-end financial reporting process (such as controls over non-
recurring journal entries).

2. The cause and frequency of the exceptions detected as a result of the deficiencies
in the controls.
3. Volume of activity that has occurred or could occur in the account balance or class of
transactions exposed to the deficiency or deficiencies.
4. Subjectivity and complexity of determining estimated amounts, such as fair value
accounting estimates.
5. Susceptibility to loss or fraud of the related asset or liability

4. Examples of Indicators

Examples of Indicators of Significant Deficiency:

1. Absence of a risk assessment process within the entity where such a process would
ordinarily be expected to have been established.
2. Evidence of an ineffective entity risk assessment process, such as mgmt’s failure to
identify a risk of material misstatement that the auditor would expect the entity’s
risk assessment process to have identified.
CA Himanshu

3. Evidence of an ineffective response to identified significant risks (e.g., absence of

controls over such a risk).
4. Misstatements detected by the auditor’s procedures that were not prevented, or
detected and corrected, by the entity’s internal control.

CA Himanshu Jagetiya Page No.126

 5. Disclosure of a material misstatement due to error or fraud as prior period items in
CA Himanshu

the current year’s Statement of Profit and Loss.

6. Evidence of mgmt’s inability to oversee the preparation of the FS.
7. Evidence of ineffective aspects of the control environment, such as:
a. Indication of significant transactions in which mgmt is financially interested are
not being appropriately scrutinised by TCWG.
b. Identification of mgmt fraud, whether or not material, that was not prevented
by the entity’s internal control.
c. Mgmt’s failure to implement appropriate remedial action on significant deficiencies
previously communicated.

5. Communication of Significant deficiencies

The auditor shall communicate in writing significant deficiencies in internal control

identified during the audit to those charged with governance on a timely basis.

The auditor shall also communicate to mgmt at an appropriate level of responsibility on

a timely basis:

1. In writing, significant deficiencies in internal control that the auditor has

communicated or intends to communicate to TCWG, unless it would be inappropriate
to communicate directly to mgmt in the circumstances; and
2. Other deficiencies in internal control identified during the audit that have not
been communicated to mgmt by other parties and that, in the auditor’s professional
judgment, are of sufficient importance to merit mgmt’s attention.

6. How it should be communicated ?

The auditor shall include in the written communication of significant deficiencies in

internal control:

1. A description of the deficiencies and an explanation of their potential effects; and

2. Sufficient information to enable TCWG and mgmt to understand the context of the
communication.
In particular, the auditor shall explain that:
1. The purpose of the audit was for the auditor to express an opinion on the FS
2. The audit included consideration of internal control relevant to the preparation of
the FS in order to design audit procedures that are appropriate in the circumstances,
but not for the purpose of expressing an opinion on the effectiveness of internal
control; and
3. The matters being reported are limited to those deficiencies that the auditor has
identified during the audit and that the auditor has concluded are of sufficient
importance to merit being reported to TCWG.
CA Himanshu

“The sky has no limits, neither should you”

SA 265 Page No.127

 SA 610
CA Himanshu

1. Definition of Internal Audit (IA) Function

Internal audit refers to:

• function of an entity that

• performs assurance and consulting activities

• designed to evaluate and improve the effectiveness of

• entity’s governance, risk mgmt and internal control processes.

2. Objectives and Scope of Internal Audit (IA)

1. Activities Relating to Governance: Assesses governance processes, including ethics,

performance, and accountability, ensuring effective communication among governance
entities, auditors, and mgmt.
2. Activities Relating to Risk Mgmt: Aids the entity in identifying and assessing
significant risks, enhancing risk mgmt and internal control, and contributes to
improving the financial reporting process. Additionally, it conducts procedures to
assist in detecting fraud.
3. Activities Relating to Internal Control:
a. Evaluation of internal control : Evaluates and reviews controls, taking on specific
responsibilities to assess their operation and recommend improvements, ultimately
providing assurance on the control effectiveness.
b. Examination of financial and operating information: Examines financial and
operating information, reviewing the methods used for identification, measurement,
classification, and reporting, including detailed testing of transactions, balances,
and procedures.

3. Review of operating activities: Evaluates the cost-effectiveness and efficiency

of an entity’s operations, encompassing both financial and non-financial aspects to
ensure optimal performance.
4. Review of compliance with laws and regulations: Ensures that an entity complies with
external laws, regulations, and internal policies, safeguarding against any deviations
and enhancing adherence to directives.

3. Ways in which the EA may make use of Internal Audit Function

EA may make use of the function for purposes of the audit in one or more of the
following ways:

1. To obtain information that is relevant to the EA’s assessments of the ROMM due to
error or fraud.
2. Unless prohibited, or restricted to some extent, by law or regulation, the EA, after
CA Himanshu

appropriate evaluation, may decide to use work that has been performed by the
internal audit function during the period in partial substitution for audit evidence to
be obtained directly by the EA.
3. Unless prohibited, or restricted to some extent, by law or regulation, the EA may use

CA Himanshu Jagetiya Page No.128

 internal auditors to perform audit procedures under the direction, supervision and
CA Himanshu

review of the EA (referred to as “direct assistance”).

4. Scope of SA 610

Standard on Auditing (SA) 610 deals with the EA’s responsibilities if using the work of
internal auditors. This includes:

1. Using the work of the internal audit function in obtaining audit evidence and
2. Using internal auditors to provide direct assistance under the direction, supervision
and review of the EA.

Nothing in this SA requires the EA to use the work of the internal audit function to
modify the nature or timing, or reduce the extent, of audit procedures to be performed
directly by the EA; it remains a decision of the EA in establishing the overall audit
strategy.

Summarise what we know so far:

5. External Auditor’s Responsibility for the audit

EA have sole responsibility for the audit opinion, unaffected by the involvement of
the internal audit function or internal auditors, who lack the required independence
mandated for EA.

SA 200 establishes conditions for the EA to utilize the work of internal auditors,
outlining the necessary efforts to ensure the adequacy of the internal audit function’s
work, preventing excessive reliance and ensuring a balanced framework for the EA’s
judgment.

6. Objectives of External Auditor where Entity has Internal Audit function

CA Himanshu

To determine whether the work of the internal audit function or direct assistance from
internal auditors can be used, and if so, in which areas and to what extent; and having
made that determination:

If using the work of the internal audit function, to determine whether that work is
SA 610 Page No.129
 adequate for purposes of the audit; and
CA Himanshu

If using internal auditors to provide direct assistance, to appropriately direct, supervise

and review their work.

7. Evaluating the Internal Audit Function

EA shall determine whether the work of the internal audit function can be used for
purposes of the audit by evaluating the following:

1. Extent to which the internal audit function’s organizational status and relevant
policies and procedures support the objectivity of the internal auditors;
2. Level of competence of the internal audit function; and
3. Whether the internal audit function applies a systematic and disciplined approach,
including quality control.

8. Objectivity and its Evaluation

Objectivity refers to the ability to perform those tasks without allowing bias, conflict
of interest or undue influence of others to override professional judgments.

Factors that may affect the EA’s evaluation in relation to Objectivity include the
following:

1. Whether the organizational status of the IA function, supports the ability to be free
from bias, conflict of interest or undue influence of others to override professional
judgments.
2. Whether TCWG oversee employment decisions related to the IA function.
3. Whether any constraints or restrictions placed on the IA function by mgmt or TCWG,
for example, in communicating the IA function’s findings to the EA.
4. Whether the internal audit function is free of any conflicting responsibilities, for
example, managerial or operational duties or responsibilities that are outside of the
IA function.

9. Competence and its evaluation

Competence of the internal audit function refers to the attainment and maintenance of
knowledge and skills of the function as a whole at the level required to enable assigned
tasks to be performed diligently and in accordance with applicable professional standards.

Factors that may affect the EA’s determination in relation to competence include the
following:

1. Whether the internal audit function is adequately and appropriately resourced

relative to the size of the entity and the nature of its operations.
2. Whether there are established policies for hiring, training and assigning internal
CA Himanshu

auditors to internal audit engagements.

3. Whether the internal auditors have adequate technical training and proficiency in
auditing.
4. Whether the internal auditors possess the required knowledge relating to the entity’s

CA Himanshu Jagetiya Page No.130

 financial reporting and the applicable FRF.
CA Himanshu

Objectivity and competence may be viewed as a continuum:

Objectivity and competence in the internal audit function exist on a continuum, with
organizational support and policies enhancing objectivity and competence facilitating
broader use by EA.

Strong support for internal auditors’ objectivity through organizational status and policies
cannot offset insufficient competence, and a high level of competence in the internal
audit function cannot compensate for inadequate support for auditors’ objectivity.

10. Application of a Systematic and Disciplined Approach

The application of a systematic and disciplined approach to planning, performing,

supervising, reviewing and documenting its activities distinguishes the activities of the
internal audit function from other monitoring control activities that may be performed
within the entity.

Factors that may affect the EA’s determination of whether the internal audit function
applies a systematic and disciplined approach include the following:

1. Existence, adequacy and use of documented internal audit procedures or guidance

covering such areas as risk assessments, work programs, documentation and reporting,
the nature and extent of which is commensurate with the size and circumstances of
an entity.
2. Whether the internal audit function has appropriate quality control policies and
procedures.

Use of Internal Audit Function:

CA Himanshu

SA 610 Page No.131

 11. Circumstances :Work of the Internal Audit function Can’t Be Used
CA Himanshu

The EA shall not use the work of the internal audit function if the EA determines that:

1. Function’s organizational status and relevant policies and procedures do not adequately
support the objectivity of internal auditors;
2. Function lacks sufficient competence; or
3. Function does not apply a systematic and disciplined approach, including quality
control.

12. Examples of work where IA function can be Used

The EA shall consider the nature and scope of the work that has been performed, or is
planned to be performed, by the IA function and its relevance to the EA’s overall audit
strategy and audit plan.

Examples of work of the internal audit function that can be used by the EA include the
following:

1. Testing of the operating effectiveness of controls.

2. Substantive procedures involving limited judgment.
3. Observations of inventory counts.
4. Tracing transactions through the information system relevant to financial reporting.
5. Testing of compliance with regulatory requirements.

13. Circumstances in which the EA shall plan to use less of the work of the Internal audit
function and perform more of the work directly

EA shall make all significant judgments in the audit engagement and, to prevent undue
use of the work of the IA function, shall plan to use less of the work of the function and
perform more of the work directly if:

1. More judgment is involved in:

a. Planning and performing relevant audit procedures; and
b. Evaluating the audit evidence gathered;

2. Higher the assessed ROMM at the assertion level, with special consideration given to
risks identified as significant;
3. Less the internal audit function’s organizational status and relevant policies and
procedures adequately support the objectivity of the internal auditors; and
4. Lower the level of competence of the internal audit function.

14. Using the Work of the Internal Audit Function

If the EA plans to use the work of the IA function, the EA shall:

CA Himanshu

1. Discuss the planned use of its work with the function as a basis for coordinating their
respective activities.
2. Read the reports of the IA function relating to the work of the function that the EA
plans to use to obtain an understanding of the nature and extent of audit procedures

CA Himanshu Jagetiya Page No.132

 it performed and findings.
CA Himanshu

3. Perform sufficient audit procedures on the body of work of the IA function as a

whole that the EA plans to use to determine its adequacy for purposes of the audit.

Discussion and Coordination with the Internal Audit Function:

In discussing the planned use of their work with the IA function as a basis for coordinating
the respective activities, it may be useful to address the following:

1. Timing of such work.

2. Nature of the work performed.
3. Extent of audit coverage.
4. Materiality for the FS as a whole (and, if applicable, materiality level or levels for
particular classes of transactions, account balances or disclosures), and performance
materiality.
5. Proposed methods of item selection and sample sizes.
6. Documentation of the work performed.
7. Review and reporting procedures.

Coordination between the external auditor and the internal audit function is effective
when, for example;

1. Discussions take place at appropriate intervals throughout the period.

2. EA informs the IA function of significant matters that may affect the function.
3. EA is advised of and has access to relevant reports of the internal audit function
and is informed of any significant matters that come to the attention of the function
when such matters may affect the work of the EA so that the EA is able to consider
the implications of such matters for the audit engagement.

15. Direct Assistance: Under the Direction, Supervision and Review of EA

Direct assistance refers to the use of internal auditors to perform audit procedures
under the direction, supervision and review of the EA.

If using internal auditors to provide direct assistance is not prohibited by law or

regulation, and the EA plans to use internal auditors to provide direct assistance on the
audit. The EA shall evaluate:

• Existence and significance of threats to objectivity

• Level of competence of the internal auditors who will be providing such assistance.

The EA’s evaluation of the existence and significance of threats to the internal
auditors’ objectivity shall include inquiry of the internal auditors regarding interests
and relationships that may create a threat to their objectivity.
CA Himanshu

The external auditor shall not use an internal auditor to provide direct assistance if:

1. There are significant threats to the objectivity of the internal auditor; or

2. The internal auditor lacks sufficient competence to perform the proposed work.

SA 610 Page No.133

 Areas where EA shall not use Internal Auditors to provide Direct Assistance to
CA Himanshu

perform procedures that:

1. Involve making significant judgments in the audit;

2. Relate to higher assessed ROMM where the judgment required in performing the
relevant audit procedures or evaluating the audit evidence gathered is more than
limited;
3. Relate to work with which the internal auditors have been involved and which has
already been, or will be, reported to mgmt or TCWG by the internal audit function; or
4. Relate to decisions the EA makes in accordance with this SA regarding the internal
audit function and the use of its work or direct assistance.

Prior to using internal auditors to provide direct assistance for purposes of the
audit, the external auditor shall:

1. Obtain written agreement from authorized representative of the entity that the
internal auditors will be allowed to follow the EA’s instructions, and the entity will
not intervene in the work the internal auditor performs for the EA; and
2. Obtain written agreement from the internal auditors that they will keep confidential
specific matters as instructed by the EA and inform the EA of any threat to their
objectivity.

Everything About Direct Assistance

CA Himanshu

“Nothing is given, everything is earned”

CA Himanshu Jagetiya Page No.134

 CA Himanshu

SA 610
Page No.135
CA Himanshu
 SA 450
CA Himanshu

1. Objective

The objective of the auditor is to evaluate: -

1. Effect of identified misstatements on the audit and

2. Effect of uncorrected misstatements, if any, on the FS.

2. Accumulation of misstatements identified during the audit

The auditor shall accumulate misstatements identified during the audit, other than
those that are clearly trivial. A misstatement may arise from a variety of factors. For
example, an inaccuracy in gathering or processing data from which financial statements
are prepared or an omission of an amount or disclosure can result into a misstatement.

An entity has wrongly capitalized machinery repair expenses amounting to Rs.5 lacs
resulting in overstatement of profits. It is an example of misstatement.

3. Consideration of identified misstatements as the audit progresses

The auditor shall determine whether the overall audit strategy and audit plan need to
be revised if:

1. The nature of identified misstatements and the circumstances of their occurrence

indicate that other misstatements may exist that, when aggregated with misstatements
accumulated during the audit, could be material or
2. The aggregate of misstatements accumulated during the audit approaches materiality
determined in accordance with SA 320

3. Communication and correction of misstatements

The auditor shall communicate on a timely basis all misstatements accumulated during
the audit with the appropriate level of mgmt, unless prohibited by law or regulation.
The auditor shall request mgmt to correct those misstatements. Timely communication
of misstatements to the appropriate level of mgmt is important as it enables mgmt to
evaluate whether the items are misstatements, inform the auditor if it disagrees and
take action as necessary.

4. Evaluating the effect of uncorrected misstatements

Prior to evaluating the effect of uncorrected misstatements, the auditor shall reassess
materiality determined in accordance with SA 320 to confirm whether it remains
appropriate in the context of the entity’s actual financial results.

The auditor shall determine whether uncorrected misstatements are material, individually
or in aggregate. In making this determination, the auditor shall consider:
CA Himanshu

1. The size and nature of the misstatements, both in relation to particular classes
of transactions, account balances or disclosures and the FS as a whole, and the
particular circumstances of their occurrence and
2. The effect of uncorrected misstatements related to prior periods on the relevant

CA Himanshu Jagetiya Page No.136

 classes of transactions, account balances or disclosures, and the FS as a whole.
CA Himanshu

5. Communication with TCWG

The auditor shall communicate with TCWG regarding uncorrected misstatements and the
effect that they, individually or in aggregate, may have on the opinion in the auditor’s
report, unless prohibited by law or regulation.

The auditor’s communication shall identify material uncorrected misstatements

individually. The auditor shall request that uncorrected misstatements be corrected.

The auditor shall also communicate with TCWG the effect of uncorrected misstatements
related to prior periods on the relevant classes of transactions, account balances or
disclosures, and the FS as a whole.

6. WR from management regarding effects of uncorrected statements

The auditor shall request a written representation from mgmt and, where appropriate,
TCWG whether they believe the effects of uncorrected misstatements are immaterial,
individually and in aggregate, to the FS as a whole. A summary of such items shall be
included in or attached to the written representation.

7. Documentation regarding misstatements identified during audit

The audit documentation shall include:

1. The amount below which misstatements would be regarded as clearly trivial;

2. All misstatements accumulated during the audit and whether they have been corrected;
and
3. The auditor’s conclusion as to whether uncorrected misstatements are material,
individually or in aggregate, and the basis for that conclusion.

“Don’t be afraid of Failures”

CA Himanshu

SA 450 Page No.137

 Automated Environment
CA Himanshu

1. What is Automated Environment

Automated environment basically refers to a business environment where the :

• Processes,

• Operations,

• Accounting and

• Even decisions

are carried out by using computer systems – also known as Information Systems (IS) or
Information Technology (IT) systems.

2. Key features of an Automated Environment

1. Automated environments aim to minimize manual intervention and rely on system-

driven processes for conducting business operations.
2. The level of automation in a business environment determines its complexity. Higher
automation leads to increased complexity, while lower automation results in a less
complex environment.
3. An example of increased complexity is when a company uses integrated software
systems, indicating higher automation. On the other hand, using off-the-shelf systems
implies lower automation and a less complex environment.

If a company uses an integrated enterprise resource planning system (ERP) viz., SAP,
Oracle etc., then it is considered more complex to audit. On the other hand, if a company
is using an off-the-shelf accounting software, then it is likely to be less automated and
hence less complex environment.

3. Understanding and documenting automated environment

Understanding the entity and its automated environment involves understanding of

how IT department is organised, IT activities, IT dependencies and relevant risks and
controls.

The understanding of a company’s IT environment that is obtained should be documented.

Given below are some of the points that an auditor should consider to obtain an
understanding of the company’s automated environment:

1. Information systems being used (one or more application systems and what they are)
2. Their purpose (financial and non-financial)
3. Location of IT systems - local vs global.
4. Architecture (desktop based, client-server, web application, cloud based).
CA Himanshu

5. Version (functions and risks could vary in different versions of same application).
6. Interfaces within systems (in case multiple systems exist).
7. In-house vs Packaged.
8. Outsourced activities (IT maintenance and support).
CA Himanshu Jagetiya Page No.138
 9. Key persons (CIO, CISO, Administrators).
CA Himanshu

Key words: Systems-Purpose-Location-Architecture-Version-Interfaces-Inhouse-

Outsourced-Key Persons

Trick: SPLAVIIOK” could be remembered as “Super People Love Amazing Varieties In

Information, Including In-house, Outsourced, and Key persons.”

4. Risks from the use of IT systems

1. Inaccurate processing of data, processing inaccurate data, or both.

2. Unauthorized access to data.
3. Direct data changes (backend changes).
4. Excessive access / Privileged access (super users).
5. Lack of adequate segregation of duties.
6. Unauthorized changes to systems or programs.
7. Failure to make necessary changes to systems or programs.
8. Loss of data.

5. Impact of IT risks on Substantive Audit, Controls and Reporting

The above risks have to be mitigated. If not mitigated, such risks, could have an impact
on audit in different ways discussed as under: -
Impact on substantive checking
Inability to address above discussed risks may lead to non-reliance of data obtained
from systems. In such a case, all information, data, and reports would have to be tested
thoroughly for their completeness and accuracy. It could lead to increased substantive
checking i.e., detailed checking.
Impact on controls
It can lead to non-reliance on automated controls, system calculations and accounting
procedures built into applications. It may result in additional audit work.
Impact on reporting
Due to regulatory requirements in respect of internal financial controls (discussed in
subsequent paras) in case of companies, it may lead to modification of auditor’s report
in some instances.

6. Types of Controls in an Automated Environment

1. General IT Controls
2. Application Controls
3. IT-Dependent Controls
CA Himanshu

7. General IT Controls

“General IT controls are policies and procedures that relate to many applications and
support the effective functioning of application controls. They apply to mainframe,

Automated Environment Page No.139

 miniframe, and end-user environments.
CA Himanshu

General IT-controls that maintain the integrity of information and security of data
commonly include controls over the following:

1. Data center and network operations

2. Program change
3. Access security
4. Application system acquisition, development, and maintenance (Business Applications)

These are IT controls generally implemented to mitigate the IT specific risks and
applied commonly across multiple IT systems, applications and business processes.
Hence, General IT controls are known as “pervasive” controls or “indirect” controls.
A. Data centre and network operations

Objective:

The objective of controls over Data centre and network operations is to ensure that
production systems are processed to meet financial reporting objectives.

Activities:

1. Overall Mgmt of Computer Operations Activities

2. Batch jobs – preparing, scheduling and executing
3. Backups – monitoring, storage & retention
4. Performance Monitoring – operating system, database and networks
5. Recovery from Failures – Business continuity planning, Disaster recovery planning
B. Program Change

Objective:

The objective of program change controls is to ensure that modified systems continue
to meet financial reporting objectives.

Activities:

1. Change Mgmt Process

2. Change Requests – record, manage, track
3. Making Changes and tracking change request
4. Testing changes
C. Access Security

Objective:

The objective of controls over access security is to ensure that access to programs and
CA Himanshu

data is authenticated and authorized to meet financial reporting objectives.

Activities:

1. Security Organization & Mgmt

CA Himanshu Jagetiya Page No.140

 2. Security Policies & Procedures
CA Himanshu

3. Application Security
4. Data Security
5. Operating System Security
6. Network & Physical Security
D. Application system acquisition, development and maintenance

Objective:

The objective of such controls is to ensure that systems are developed, configured and
implemented to meet financial reporting objectives.

Activities:

1. Overall Mgmt. of Development Activities

2. Project Initiation
3. Analysis & Design
4. Construction
5. Testing & Quality Assurance

Key Takeaways:

8. Application Controls

Application controls include both automated or manual controls that operate at a business
process level. Automated Application controls are embedded into IT applications viz.,
ERPs and help in ensuring the completeness, accuracy and integrity of data in those
systems.

Examples of automated applications include edit checks and validation of input data,
sequence number checks, user limit checks, reasonableness checks, mandatory data
fields.
CA Himanshu

9. IT dependent Controls

IT dependent controls are basically manual controls that make use of some form of data
or information or report produced from IT systems and applications.

Automated Environment Page No.141

 In this case, even though the control is performed manually, the design and effectiveness
CA Himanshu

of such controls depends on the reliability of source data.

Due to the inherent dependency on IT, the effectiveness and reliability of automated
application controls and IT dependent controls require the General IT controls to be
effective.

10. GITC vs App Controls

1. Application controls and General IT Controls are interrelated.

2. General IT Controls are necessary to support the functioning of application controls.
3. Both types of controls are required for accurate information processing through IT
systems.

11. Testing Methods in an Automated Environment

There are basically four types of audit tests that should be used. These are:

1. Inquiry
2. Observation
3. Inspection and
4. Reperformance.

• Inquiry is the most efficient audit test but it also gives the least audit evidence.

• Reperformance is most effective as an audit test and gives the best audit evidence.

When testing in an automated environment, some of the more common methods are as
follows:

1. Obtain an understanding of how an automated transaction is processed by doing a

walkthrough of one end-to-end transaction using a combination of inquiry, observation
and inspection.
2. Observe how a user processes transactions under different scenarios.
3. Inspect the configuration defined in an application.
4. Inspect technical manual / user manual of systems and applications.
5. Carry out a test check (negative testing) and observe the error message displayed
by the application

12. Manual elements vs automated elements in entity’s internal control

A. Manual elements in internal control may be more suitable where judgment and
discretion are required such as for the following circumstances:

1. Large, unusual or non-recurring transactions.

2. Circumstances where errors are difficult to define, anticipate or predict.
CA Himanshu

3. In changing circumstances that require a control response outside the scope of an

existing automated control.
4. In monitoring the effectiveness of automated controls.

CA Himanshu Jagetiya Page No.142

 B. Manual control elements may be less suitable for the following circumstances:
CA Himanshu

1. High volume or recurring transactions, or in situations where errors that can be

anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated.
2. Control activities where the specific ways to perform the control can be adequately
designed and automated.

13. Data Analytics for Audit

The combination of processes, tools and techniques that are used to tap vast amounts of
electronic data to obtain meaningful information is called data analytics.

The tools and techniques that auditors use in applying the principles of data analytics
are known as Computer Assisted Auditing Techniques or CAATs.

Data analytics can be used in testing of electronic records and data residing in IT
systems using spreadsheets and specialised audit tools viz., IDEA and ACL to perform
the following:

1. Check completeness of data and population that is used in either test of controls or
substantive audit tests.
2. Selection of audit samples – random sampling, systematic sampling.
3. Re-computation of balances – reconstruction of trial balance from transaction data.
4. Reperformance of mathematical calculations – depreciation, bank interest calculation.
5. Analysis of journal entries
6. Fraud investigation.
7. Evaluating impact of control deficiencies.

14. Digital Audit

1. Entities are adopting digitization to keep up with changing times and revamp their
business models through the use of new technologies.
2. Companies are restructuring their business models with technology at the forefront,
and automation plays a key role in the digitization process.
3. Auditors are integrating digital technology into their processes, from planning to
providing the final opinion on FS.
4. Auditors are incorporating artificial intelligence, data analytics, and other cutting-
edge technologies to gain a deeper understanding of business processes.
5. The use of digital tools enables auditors to conduct more effective audits, focusing
on areas that require greater attention and improving risk identification through
technology.

15. Assess and Report Audit Findings

CA Himanshu

At the conclusion of each audit, it is possible that there will be certain findings or
exceptions in IT environment and IT controls of the company that need to be assessed
and reported to relevant stakeholders including mgmt and TCWG:

Automated Environment Page No.143

 Some points to consider are as follows:
CA Himanshu

1. Are there any weaknesses in IT controls?

2. What is the impact of these weaknesses on overall audit?
3. Report deficiencies to mgmt – Internal controls memo or Mgmt letter.
4. Communicate in writing any significant deficiencies to TCWG.

The auditor needs to assess each finding or exception to determine impact on the audit
and evaluate if the exception results in a deficiency in internal control.

A deficiency in internal control exists if a control is designed, implemented or operated

in such a way that it is unable to prevent, or detect and correct, misstatements in the
FS on a timely basis; or the control is missing.

Evaluation and assessment of audit findings and control deficiencies involves applying
professional judgement that include considerations for quantitative and qualitative
measures. Each finding should be looked at individually and in the aggregate by combining
with other findings/deficiencies.

16. Internal financial control as per Financial Reporting

The term Internal Financial Controls (IFC) basically refers to the policies and procedures
put in place by companies for ensuring:

1. Reliability of financial reporting

2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations
4. Safeguarding of assets
5. Prevention and detection of frauds
Provision of
Companies Nature of Responsibility
Act,2013
Section 134 (5)(e) In case of listed Companies, the Directors’ responsibility statement
shall state that the Directors had laid down Internal financial
controls to be followed by the company and that such Internal
financial controls are adequate and were operating effectively.
Section 143(3)(i) The auditor’s report shall state whether the company has adequate
of the Act Internal financial controls system in place and also on the operating
effectiveness of such controls.

This requirement shall not apply to a private company which:

1. Is One Person Company or a small company; or

2. Has turnover less than ₹ 50 crore as per latest audited FS;
CA Himanshu

and which has aggregate borrowings from banks or financial

institutions or any body corporate at any point of time
during the financial Year for less than ₹ 25 crore.

CA Himanshu Jagetiya Page No.144

 Provision of
CA Himanshu

Companies Nature of Responsibility

Act,2013
Section 177(4) Every audit Committee shall act in accordance with the terms of
(vii) of the Act reference specified in writing by the Board which shall, inter alia,
include - evaluation of internal financial controls and risk mgmt
systems.
As per Section The company and independent directors shall abide by the
149(8) of the Act provisions specified in Schedule IV which lays down the Code for
independent Directors. As per this code, the role and functions of
independent directors include that they shall satisfy themselves
on the integrity of financial information and that financial controls
and the systems of risk mgmt are robust and defensible.

18. Basics of Internal Financial Control and Reporting Requirements

Internal Financial Controls (IFC) Internal controls over financial

refers to the policies and procedures reporting (IcoFR) is required where
put in place by companies for ensuring auditors are required to express
reliability of financial reporting, an opinion on the effectiveness of
effectiveness and efficiency of an entity’s internal controls over
operations, compliance with applicable financial reporting, such opinion is
laws and regulations, safeguarding of in addition to and distinct from the
assets and prevention and detection opinion expressed by the auditor on
of frauds the financial statement

“Internal financial control” is a wider term where as “Internal controls over financial
reporting” is a narrower term restricted to entity’s internal controls over financial
reporting only.

“You make your own luck, you make it while studying”

CA Himanshu

Automated Environment Page No.145

 Evaluation of Internal Controls
CA Himanshu

1. Evaluation of Internal Control– Methods

Narrative Record
1. Narrative record: written description of a system found in operation by the auditor
2. Actual testing and observation needed before creating it
3. Recommended for small businesses with no formal control system
4. Disadvantages:
a. Difficult to comprehend the system in operation
b. Hard to identify weaknesses or gaps
c. Challenging to incorporate changes due to reshuffling of manpower, etc.
Checklist
1. This is a series of instructions and/or questions which a member of the auditing
staff must follow and/or answer.
2. When he completes instruction, he initials the space against the instruction.
3. Answers to the check list instructions are usually Yes, No or Not Applicable. This is
again an on-the-job requirement and instructions are framed having regard to the
desirable elements of control.
4. Few examples of Checklist instruction are:
a. Are tenders called before placing orders?
b. Are the purchases made on the basis of a written order?
c. Is the purchase order form standardised?
d. Are purchase order forms pre-numbered?
e. Are the inventory control accounts maintained by persons who have nothing to do
with custody of work, receipt of inventory, inspection of inventory and purchase
of inventory?
Internal Control Questionnaire
1. Questionnaire: comprehensive questions for internal control evaluation
2. Most widely used method for collecting information
3. Less oversight/omission of control review procedures
4. Allows for all evaluation to be completed at one time or in sections
5. Provides orderly means of disclosing control defects
6. Review internal control system annually and record in detail
7. Yes = satisfactory, No = weakness (with explanation option)
8. Not Applicable for irrelevant questions
CA Himanshu

9. Generally, issued to client for filling by concerned executives and employees

10. Inconsistencies or incongruities further discussed with client
11. Report of deficiencies and recommendations for improvement prepared

CA Himanshu Jagetiya Page No.146

 Flow Chart
CA Himanshu

1. Flowchart: graphic presentation of company’s internal control system

2. Most concise way of recording auditor’s review
3. Minimizes narrative explanation
4. Provides bird’s eye view of system and flow of transactions
5. Helps in spotting documentation gaps and suggesting improvements
6. Auditor must study significant features of business and nature of activities
7. Comprehensive study of manufacturing, trading, and administration processes needed
8. Helps in understanding and evaluating internal controls accurately

2. Benefits of evaluation of Internal controls

1. Whether an adequate system of internal control system is in use and operating as

planned by mgmt.
2. Identify likelihood of errors and frauds in ordinary course of operations.
3. Whether internal auditing department is operating effectively.
4. Whether administrative control has impact on audit work.
5. Whether controls are adequately safeguarded.
6. How far and adequate recording function discharged by mgmt.
7. How reliable of reports, records, and certificates can be.
8. Extent and depth of examination that need to be carried out in different areas.
9. What would be appropriate audit technique and procedure.
10. What are weak areas or where control are excessive.
11. Whether some worthwhile suggestions can be given for improving control system

CA Himanshu

Automated Environment Page No.147

CA Himanshu

CA Himanshu

CA Himanshu Jagetiya Page No.148