Auditing and Assurance Principles and Practice

By Augustine Addo, Baba Adibura Seidu and Yaw Ndori Queku

This book is a testament to the power of collaboration and the collective effort of a diverse group of individuals. It is not solely the product of the co-authors, but also the numerous professionals and students who contributed to the development of our ideas and enriched the knowledge presented within. We first express our gratitude to the professional accountants who provided their valuable assistance. Furthermore, we extend our appreciation to the Institute of Chartered Accountants Ghana (ICAG), its members, and the management for their support and expertise in contributing to this creation. We also thank Samuel Acquah of Cape Coast Technical University (CCTU) for his immense assistance in the formatting and proofreading. Additionally, we would like to express our gratitude to the current and past students of ICAG, University of Cape Coast (UCC), Cape Coast Technical University (CCTU), University of Professional Studies Accra (UPSA), Kwame Nkrumah University of Science and Technology (KNUST), University of Ghana (UG) as well as the students of other Universities in Ghana, who provided us with valuable feedback. We are also grateful to our colleagues and friends who provided valuable insights and feedback on various aspects of the book. Their input helped us refine our ideas and ensure that the content was both accurate and relevant to the field of auditing. Lastly, we acknowledge the indispensable support of our families, namely the Addo's family, Seidu's family, and Ndori's family, without whom such a monumental undertaking would not have been possible

• Language: English
• Publisher: Apna Book Publisher
• Release date: Apr 2, 2025
• ISBN: 9798230060376

Book preview

Auditing and Assurance

Principles and Practice

Augustine Addo

Baba Adibura Seidu

Yaw Ndori Queku

Apna Book Publisher

Copyright © 2025 Augustine Addo,

Baba Adibura Seidu,

Yaw Ndori Queku

All rights reserved

The characters and events portrayed in this book are fictitious. Any similarity to real persons, living or dead, is coincidental and not intended by the author.

No part of this book may be reproduced, or stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without express written permission of the publisher.

ISBN-13: 978-93-6303-705-2

Cover design by: Apna Book Publisher

Contents

Title Page

Copyright

Preface

About the Authors

Thank You.

SECTION A

CHAPTER ONE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWO

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THREE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION B

CHAPTER FOUR

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FIVE

SECTION C

CHAPTER SIX

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER SEVEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER EIGHT

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER NINE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION D

CHAPTER ELEVEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWELVE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FOURTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FIFTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER SIXTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER SEVENTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER EIGHTEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER NINETEEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY - ONE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-TWO

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-THREE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION E

CHAPTER TWENTY-FOUR

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-FIVE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-SIX

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-SEVEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER TWENTY-EIGHT

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION F

CHAPTER TWENTY-NINE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION CONTENTS

CHAPTER THIRTY

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-ONE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-TWO

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-THREE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-FOUR

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION H: AUDITOR’S PROFESSIONAL RESPONSIBILITY AND LIABILITY

CHAPTER THIRTY-FIVE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-SIX

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-SEVEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER THIRTY-EIGHT

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION I

CHAPTER THIRTY-NINE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY-ONE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION J

CHAPTER FORTY-TWO

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY-THREE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

SECTION K

CHAPTER FORTY-FOUR

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY-FIVE

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY-SIX

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

CHAPTER FORTY-SEVEN

CHAPTER BIBLIOGRAPHIES AND FURTHER READING LIST

APPENDIX 1: SOME PAST EXAMINATION QUESTIONS WITH ANSWERS

APPENDIX 2: SPECIMEN EXAMINATION QUESTIONS BANK [WITHOUT SUGGESTED ANSWERS]

GLOSSARY

Acknowledgment

Preface

Auditing and Assurance remain a bedrock for the going concern of businesses and the protector of hard-earned wealth. The business world has undergone a series of significant upheavals and transformations over the past decade, which have had a profound impact on the field of accountancy. This textbook, Auditing, and Assurance, has been prepared mainly to assist professional and university students pursuing accountancy programmes in their studies in auditing. The book contains all that students studying auditing for academic degrees and professional accountancy certificates require to know in order to sail through their examination. It is comprehensively written to cover the introductory aspect of auditing through to principles and practice of review and assurance engagements. Current and topical issues in auditing such as the auditor's role in anti-money laundering, forensic auditing, institutional regulation of accountancy practice, quality control for professional audit firms, tendering for audit assignments, professional ethical requirements of auditors, and the impact of e-commerce on auditing have been covered. Another plus for this book is the incorporation of virtually all the updated international auditing standards (ISAS, ISREs, and ISAEs). The contents of the book have been grouped into sections to reflect the composition of modern-day audit practice. The sections have been subdivided into chapters to reflect the specific topics in the auditing syllabus fused by many professional accountancy bodies and universities. This book should be the companion of all students studying auditing. Professional accountants in public practice, internal auditors, audit trainees, and all those who care to know A-Z of audit practice and assurance would also find this book useful.

About the Authors

Augustine Addo CA Augustine Addo is an Academic, Professional accountant, and Business Controller. He has served as an Adjunct Lecturer in Advanced Audit and Assurance, Public Sector Accounting, Financial Reporting, and Corporate Reporting in many Public Universities in Ghana. He is a Chartered Accountant of over Twenty-Five years standing. He has served as Vice-President of the Institute of Chartered Accountants Ghana (ICAG), acting Chief Executive officer of ICAG, Technical Director, and Director of Members Service of ICAG. He has worked with many companies including Accra Breweries Limited, Ghana Post Company, and the West Africa Examination Council (WAEC). He is currently the President of ICAG.

Baba Adibura Seidu Ph.D, CA Baba Adibura Seidu is a Professional Accountant and Lecturer of Department of Accounting, Faculty of Accounting and Finance, University of Professional Studies Accra (UPSA), Accra, Ghana. Dr. Seidu has been teaching Financial Reporting, Auditing and Assurance, and Taxation, for many years in several Ghanaian Universities. He is a Chartered Accountant and also a member of the Chartered Institute of Restructuring and Insolvency Practitioners, Ghana (CIRIP Ghana). He has many years of practice in several Companies as an Accountant and Finance officer.

Yaw Ndori Queku Ph.D, CA Yaw Ndori Queku is a Professional Accountant and Senior Lecturer at the Department of Accounting and Finance, School of Business and Management Studies, Cape Coast Technical University (CCTU), Cape Coast, Ghana. He is a Chartered Accountant, a Certified Valuation Analyst (CVA), and a member of the Chartered Institute of Restructuring and Insolvency Practitioners, Ghana (CIRIP Ghana). He has been teaching Financial Reporting, Advanced Financial Reporting, Auditing and Assurance, Taxation, and Corporate Finance for many years in several Ghanaian Universities. He has many years of practice as an Auditor, Accountant, Finance officer, and Business Consultant.

Thank You.

Augustine Addo

Baba Adibura Seidu

Yaw Ndori Queku

SECTION A

INTRODUCTION AND REGULATORY FRAMEWORK OF AUDITING

SECTION CONTENTS

CHAPTER ONE:  INTRODUCTION AND SCOPE OF AUDITING

CHAPTER TWO: FUNDAMENTAL PRINCIPLES AND ETHICS FOR PROFESSIONAL

ACCOUNTANTS

CHAPTER THREE: ​INTRODUCTION AND SCOPE OF AUDITING

CHAPTER ONE

INTRODUCTION AND SCOPE OF AUDITING

Auditing is one of the basic and core subjects in accountancy studies and that one’s choice for accountancy study will not be complete without auditing. Auditing is a basic business subject.  In this manual, we shall be studying the audit of accounts (end product of stewardship function) which is used by managers of businesses and organisations to communicate how their businesses have been managed.  An unqualified or favourable audit report communicates to stakeholders that their business interests have been managed well and that they can rely on the picture that the financial statements portray.

Auditing is therefore a very onerous and demanding task and a high sense of competence, integrity, skill, experience, and technical knowledge must be brought to bear on the process of auditing.  Auditors may find themselves having to gather appropriate and sufficient evidence to enable them make informed judgements about a whole range of business situations.  This can be best achieved if auditors understand how organizations operate and the environment in which they operate.  Auditing is therefore a practical and real-world subject.

CHAPTER OUTLINE

Unit 1:   Development of Auditing

Unit 2:   Definition of and the Need for Auditing

Unit 3:   Types of Audits

Unit 4:   Types of Auditors

Unit 5:   Objectives of an Audit of Financial Statements

Unit 6:   Agency theory and auditing

Unit 7:   The stages of audit process

Unit 8:   Auditing as an element of assurance engagement

LEARNING OUTCOMES

At the end of this unit, learners should be able to:

Describe the historical perspective of auditing;

Describe audit as an element of assurance engagement;

Explain the purpose and types of audit;

Outline and explain the main stages of an audit;

Outline the functions of the audit committee; and

Explain the basic principles of corporate governance

1.0 ​ ​DEVELOPMENT OF AUDITING

Auditing has gone through several spheres of evolution since its inception. Nevertheless, the evolution may be placed in three stages. Namely: Historical development, contemporary development, and future development of audit.

1.1 ​Historical Background

The evolution of auditing dates back to the medieval ages.  Records have it that in ancient Egypt and Rome, people were employed to review work done by tax collectors and estate managers.  It is also on record that in medieval Britain, independent persons were employed by the feudal Barons to ensure that returns from tenant farmers accurately reflected revenues received from the estates. The word ‘Auditor’ in Latin suggests a hearer or listener because they listened and heard the public statements of taxpayers in Rome to give accounts about the results of their businesses and the tax duty due.

Auditing as it’s seen today (i.e. based on a rigorous reporting framework) was not so in ancient times. The bookkeeping system was basically unknown in ancient cultures like the Egyptian, Mesopotamian, Roman, and Greek. Auditing in English-speaking countries where there were highly developed economic systems was primarily based on single-entry recordings. The purpose of this type of recording was to support the short-term memory of the trading partner.

Profit maximization and wealth did not fit in the culture of these ancient countries. Wealth was not a function of keen entrepreneurship or smart cost-benefit trade-offs. It was merely a reward for one’s loyalty to the government or for living in accordance with religious and moral principles and rules. Moreover, in those eras, the emphasis of auditing was on the detection of fraud and irregularities.  Further developments in the discipline have changed the forms of auditing and made it more demanding and sophisticated.

1.2 ​Development of Contemporary Auditing

It has been recognized that whenever a fiduciary relationship with financial implications exists, there is a need for a knowledgeable outsider to independently and objectively review the accounts of stewardship and to express an opinion as to their honesty or otherwise.

The accounts of stewardship, within the context of a company, is how the directors have dealt with the investments or assets of the company on behalf of the shareholders, the end product of the stewardship, being the financial statements

Auditing of today is deeply rooted in the concept of agency, stewardship, and accountability. This has been emphasized in today’s audit primarily due to the separation of ownership from management in the affairs of companies. The owners of companies are often not the same individuals who manage and control the affairs of the businesses. There is therefore an urgent need to safeguard the interests of the owners (the shareholders) who are not involved in the day-to-day decisions made by the management (the board of directors). This explains why the foundation of today’s auditing is ‘agency, stewardship, and accountability’.

The concept of agency echoes the relationship between the shareholders of a company (the principal) and the board of directors (the agent) where the agent (the directors) is expected to act in the interest of the principal (the shareholders). Auditors in this regard work to confirm or otherwise the existence of goal congruence or aberrant activities (i.e. where directors apply the resources of the company for their personal interest). This agency relationship allows directors to assume stewardship roles where they use and manage the resources of the company on behalf of the shareholders. As the agent, directors are accountable to the shareholders. The concept of accountability is generally emphasized in companies’ law where the directors are required to prepare financial statements, which are presented to the shareholders for their approval. The shareholders rely on the assurances of the auditors that the account so presented is a reflection of directors’ stewardship.

These modern trends have not only expanded the scope but also the complexities in auditing. Now the services of auditors are being employed to take up the demanding task of independent examination of financial records produced by management and to express opinion as to their truth and fairness.

1.3 ​The case of Ghana

In Ghana, the Companies Act (2019) Act 992 introduced the compulsory audit requirement for Companies.  The appointed auditor (who should be a member of the Institute of Chartered Accountants - Ghana and not disqualified by any legislation) is expected to express an opinion on the truth and fairness of the income statement and the statement of financial position, both of which should be prepared by the directors and presented to the shareholders at an annual general meeting.

2.0 ​DEFINITION OF AND THE NEED FOR AUDITING

2.1 ​Definition of Auditing

An audit is not commonly defined. The International Standards on Auditing (ISA), per se, does not define an audit.  However, following ISA 200, an audit may be defined as an examination of financial statements to express an opinion on whether or not the financial statements so prepared are in all material respects fairly presented or give a ‘true and fair view’.

ISA 200 definition has two limitations: First, it restricts or limits audit to just an examination of financial statements which is often called financial auditing. Although the majority of audit work focuses on financial auditing, other audit dimensions are becoming more and more important. These include compliance auditing, operational auditing, and strategic or management auditing. Secondly, it is also believed that the terms 'present fairly’ and ‘true and fair view’ used as equivalent terms in ISA 200 are truly not equivalent. The term ‘present fairly’ conveys the idea that ‘it is in accordance with relevant laws and regulations while ‘true and fair view’ could connote the possibility of deviation from relevant laws and regulations when such deviation provides a ‘true view’.

The American Accounting Association (AAA) provides a more encompassing definition that cures the limitations in the ISA 200. AAA defines audit as a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between these assertions and established criteria, and communicating the results to interested users.

Although the definition of AAA is comprehensive, it fails to recognize the auditor’s role in communicating the results of the examination of non-economic or non-financial events such as compliance (including regulatory and legal compliance), operational, and other accompanying non-financial information. The current understanding of audit based on the lessons from the existing definitions shows that audit is not only a factor of financial or economic events but also recognizes the relevance of other non-financial information. Therefore, an audit may be defined as a systematic and independent examination of data (financial or otherwise) by an appointed qualified person or body about an entity whether profit-oriented or not to objectively obtain sufficient-appropriate evidence that corresponds with the established criteria, and communicate the results to interested users as to their truth and fairness.

Having understood the current understanding of what auditing is, an explanation of the key elements in the definition would be a worthwhile cause.

a)          Systematic Approach means that an audit is conducted or carried out through a well-structured and documented plan (audit plan). An audit employs planned and structured techniques and procedures to fully obtain, examine, and analyse all the relevant and important evidence

b)         Independent Examination means the conduct of the audit should be carried out independent of the person who provided the records (financial and non-financial).  The work of the auditor should not under any circumstances, be influenced by the client.  An auditor cannot give an unbiased opinion unless he or she is independent of all the parties involved.  Not only must the auditor be independent in fact and in attitude of mind, but he or she must also be seen to be independent.

c)          ‘A qualified person’ means the auditor should be professionally qualified, and have the relevant skills, experience, and integrity to carry out the examination.

d)         ‘Data’ includes financial and non-financial records or information.

e)          ‘Objectively’ means the auditor is fair and does not allow personal sentiment, prejudice, and bias to override the professional judgment. He or she maintains an impartial attitude throughout the engagement.

f)          ‘Sufficient-appropriate Evidence’ means that an auditor should seek not just evidence but evidence which is relevant and reliable in sufficiency and appropriate for the established criteria to support the audit conclusion or expression of opinion.

g)         ‘Established Criteria’ include conforming to laws (national, sector-specific, etc.), regulation (reporting standards, compliance frameworks, operational guidelines and policies, etc.), and management assertions.

h)         ‘Communicating the Results to Interested Users’ means an audit is carried out with the purpose of expressing a credible and informed opinion in a written report. In an audit, this written audit report that communicates the auditor’s opinion is called attestation, or the attest function.

i)           ‘True and fair’ means that the information or record so audited is free from material misstatement, factual, conforms to expected standards, rules, and realities, and is free from bias and discrimination.

2.2 ​ ​Need for Audit

The managers of the business (directors) are obliged to report to the owners (shareholders) on how their business has been managed.  The owners, at this point, would like to assure themselves that:

The report contains no errors.

The report is not misleading.

The report discloses all relevant information.

A way out of this problem of credibility in financial accounts and reporting is to appoint an independent person, referred to as an auditor, to investigate the report and express his opinion on it.

Modern companies have expanded; some across political boundaries.  The preparation of accounts for such companies is complex since it imbibes various legislations, standards, conventions, policies, and control systems.  It is therefore essential that such accounts are examined by independent experts who have the skills and experience in examining financial statements.

Financial statements are required to comply with various legislations and standards.  Compliance with these requirements can be assured if an audit is carried out on financial statements.

There are many interested parties who use financial statements as a basis for making decisions.  Bankers, creditors, employees, potential investors, etc., all have an interest in the state of affairs of the company.  The independent audit requirement fulfils the need to ensure that those financial statements are objective, free from material misstatements, and relevant to the needs of the users.

2.3 ​ ​Classification of Auditing

An audit is not legally mandatory for all entities be it profit oriented or not. On the basis of this, audit may be classified broadly into two: Statutory/Mandatory Audit and Private/Voluntary Audit

2.3.1 ​ Statutory/Mandatory Audit

This is a type of audit that is legally required or obliged. Thus, it is conducted to meet specific legal provisions. It is usually carried out for public consumption. It is often called Mandatory or Required Audit. Statutory audit is conducted by an independent external auditor sanctioned by laws and regulations. In Ghana, all companies whether profit-oriented or not are required to engage the services of an auditor.

2.3.2 ​   Private/Voluntary Audit

This is a type of audit conducted to meet the specific needs of the users. It is not backed by any legal provision or regulation. This type of audit is conducted as a matter of internal regulations or rules. It may be conducted by external or internal auditors. The institutions or entities which are not required to present audit reports include:

a)      Proprietary businesses

b)      Partnership businesses

Nevertheless, some of these institutions still call for the services of an auditor even though they are not obliged. Some of the fundamental reasons for such voluntary audit are:

As a matter of internal regulations or rules

To improve standard operating procedures

To meet Government and Non-Governmental requirements for grants and assistance

As check and balance for the separation of ownership and control

To benefit from the monitoring effect of an independent professional audit.

3.0 ​TYPES OF AUDITING

Specifically, there are several types of auditing. The types may be based on activity or timing.

3.0.1 ​ Types of Auditing: Activity

In terms of activity, there are three (3) basic types of auditing. Namely, financial statement audit, performance/operation audit, and compliance audit.

Financial Statement Audit: It is a type of audit that focuses on the independent examination of the financial statements of an entity whether profit-oriented or not to objectively obtain sufficient-appropriate evidence that corresponds with the established criteria, and communicating the results to interested users as to the true and fair view or fairly presentation of the financial statements. It is important to acknowledge that this type of audit may be mandatory (i.e. required or statutory audit) or voluntary audit. Thus, it may be conducted for all entities.

Operational Audit: An operational audit is an audit conducted within a specific unit of an entity whether profit-oriented or not for the purpose of measuring its performance. Since an operational audit primarily seeks to measure performance, it is also called a performance audit. This type of audit reviews either all or specific parts of an entity’s operating procedures with the performance often benchmarked by the efficiency and effectiveness of the operation. Effectiveness as a performance benchmark measures whether an entity is doing the right thing by achieving its goals and objectives. Efficiency also measures how well an entity applies its resources including assets to achieve its goals and objectives. Operational audits may or may not rely on accounting or financial records. This type includes the examination of organizational structure, operational frameworks, and guidelines, production methods, marketing, computer systems, or any other unit of the entity that management desires to be reviewed. The final output of the operational audit provides recommendations for improving operations.

Compliance Audit: A compliance audit is a type of audit that examines an organization’s procedures, regulations, and frameworks for the purpose of determining whether the organization is complying and the extent of such compliance or non-compliance. It measures the compliance of an entity against established criteria such as laws, regulations, policies, and procedures.  An audit of tax returns by a tax authority, an audit to determine a bank’s level of minimum capital requirement or capital adequacy ratio, etc. are all examples of compliance audits. Conducting a compliance audit is dependent on:

a)         the existence of verifiable data and

b)        established criteria or standards,

Theoretically, each of these audits requires a specialist auditor: External Auditor, Internal Auditor, and Governmental Auditor. In theory, the External Auditor is an independent auditor who is mainly concerned with the audit of the financial statements and other incidental issues, the Internal Auditor focuses on performance/operational audit and Governmental

Auditors may be more concerned about compliance audits. However, in practice, these types of audits are becoming more aligned and integrated. Therefore, External Auditors may conduct all these three types of audits.

3.0.2 ​Types of Auditing: Timing

Auditing types may also be presented according to the timing of the auditing. In terms of the timing, there are three (3) basic types of auditing. Namely, complete audit, interim audit, and continuous audit.

Complete Audit: Complete audit applies to smaller concerns where the volume of transactions and complexity of records do not require the auditor’s attendance of more than one each year.  This visit normally takes place as soon as the business’s financial year ends and continues until it has been completed and the audit report signed.

Interim Audit:  In the case of larger clients, the auditor will often find a necessary to proceed with the audit on an interim basis in view of the volume of testing to be undertaken in order to reach an opinion on the reliability of the records.  Interim audits, as arranged with the cooperation of the client, maybe bi-annual, quarterly, or even monthly, depending on the volume of audit work considered necessary.

Continuous Audit:  Where the system of internal control operated by a large company displays fundamental and material weaknesses, the auditor may be obliged to check a higher proportion of transactions than would otherwise be necessary, and in exceptional circumstances, members of the audit team may be required to execute checking work continuously throughout the period to which the accounts relate.

3.1 ​Future of Auditing

In the future, the audit focus and scope are expected to shift from overreliance on financial information (i.e. financial statements) to an integrated scope encompassing non-financial information that are likely to impact on the agency, stewardship and accountability principles. Working materials and source documents for auditing in the future may include mandatory sustainability reports, environmental reports, and social and governance reports.

4.0 ​TYPES OF AUDITORS

Basically, there are two types of auditors. Namely, External Auditors and Internal Auditors. Although there are Governmental Auditors, they become External or Internal Auditors depending on the specific function they perform at any point in time.

4.1 ​Internal Auditor

An Internal Auditor is often an employee of an entity engaged with the responsibility to appraise and investigate the effectiveness and efficiency of operation. An internal auditor may also be an external person through outsourcing services. Whatever the form it will take, this type of auditor’s work is largely dependent on the direction of management. This type of auditor often directs the attention to internal controls and a large part of his or her work to operational audit and sometimes conducts compliance audit. In some jurisdictions such as Ghana, an internal audit may be involved in a financial audit. Although an internal auditor cannot be as independent as the external auditor, the internal auditor must be independent of the executives and officers whose work he or she reviews.

4.2 ​External Auditor

An External Auditor is an independent person outside the entity it serves with the primary responsibility to conduct a financial statement audit. The modern audit practice has extended the scope of external audits to include both compliance and operational audits. Auditors in this category often go through rigorous training, certification, and licensing.

The following table summarizes the distinction between external auditors and internal auditors.

5.0 ​OBJECTIVES OF AN AUDIT OF FINANCIAL STATEMENTS

The primary objective of an audit of financial statements is to

Enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.

Besides the primary objective, an audit also seeks to achieve two fundamental secondary objectives. These are to

Detect and prevent fraud

Detect and prevent fundamental, principle, and technical errors

5.1 ​Advantages of Audit

a)                   The primary advantage of an audit is to add credibility to the financial statements concerned and to assure stakeholders of the truth and fairness of the statements.

b)                  Apart from the primary advantage, there are inherent (secondary) advantages to having accounts audited.  Among them are the following:

Disputes between partners/management may be largely avoided especially where complicated profit-sharing arrangements subsist.  Independent examination of partnership accounts will ensure accurate assessment and division of profits.

Changes in ownership are facilitated by unqualified audit reports.  For example,

the admission of a new partner or two sole proprietors merging their businesses to form 

a partnership is made easier than otherwise would have been the case if the previous 

audited accounts are available for examination

Audited financial statements serve as a reliable source of information for bank and other financial institution when it comes to assessing the strength of loan/overdraft applicants.

Audited accounts, as adjusted for tax purposes, submitted to revenue-collecting agencies carry greater authority than unaudited accounts.

The presence of a qualified auditor is useful because of the variety of other capacities in which he is able to assist.   In the case of a company, the auditor can offer taxation, information technology services, etc.

5.2 ​Disadvantages of Audit

Some disadvantages of an audit may be stated as follows:

a)                   The payment of audit fees:  Auditors fees add extra financial burden to businesses.  It is believed that had it not been a statutory obligation, many companies would not engage the services of external auditors (in spite of the advantages outlined above).  It is for this same reason that few partnerships and sole proprietors have their accounts audited.

b)                  Auditing requires the client’s staff and management to provide information to the auditors.  An external auditor should therefore plan his audit work carefully to minimize the disruption that his work will cause.

5.3 ​Limitations of Audit

There are some limitations to what the auditors do.

a)                   The auditors’ opinion is neither: A guarantee of the future viability of the entity; nor an assurance of management’s efficiency and effectiveness. Even though the auditor, in the course of the audit work, pays attention to both matters, neither of them represents the main purpose of an audit.

b)                  An audit work is focused on examining financial records and statements relating to past transactions and the verification of assets and liabilities held by the client at the end of the relevant accounting period.  There is no guarantee or assurance from the auditors that what happened in the past will apply to the future.

c)                   The primary concern of auditors is how the decisions of management affect the financial statements and to recommend ways of improving the control systems.  Auditors do not conduct extensive reviews of efficiency.

d)                  Auditors express an opinion; they do not certify whether a set of accounts is completely correct or not.  What is ‘reasonable assurance’ depends largely on what a user of financial statements expects from the auditors’ report.  This limitation stems from the fact that: It is not practically possible for the auditor to examine all items within an account balance or class of accounts.

e)                   There is the possibility of collusion and misrepresentation for fraudulent purposes, and many audit evidence are persuasive (indicating what is probable) rather than conclusive (indicating what is definite).

5.4 ​Audit Expectation Gap

Audit expectation gap refers to the non-alignment of stakeholders’ expectations from auditors and the primary duties and engagement processes required of auditors.  It may also be described as the gap in the understanding of what constitutes the primary or required auditor’s responsibilities and processes and what some users or audit audiences expect as the auditor’s responsibilities and processes. Many people still have some misconceptions about the role of the auditor and what auditing is meant for. Some of the non-alignments or misconceptions are outlined as follows:

a)      Many are those who think that the auditors report to the directors of the company but not the members

b)     Some people think that a qualified audit report is more useful to those who appoint the auditors than an unqualified report.

c)      There is the misconception that it is the auditor’s duty to detect fraud, (when in fact the detection of fraud is the responsibility of the directors).

6.0 ​THE AGENCY THEORY AND AUDITING

Agency theory is one of the foundations of modern auditing. The theory gives birth to agency, stewardship, and accountability which are anchors for modern audit and assurance practice.

6.1 ​Agents and Principals Relationship

The modern organizational theory views an organisation as being comprised of various interest groups. The relationships between the various interested parties in the company are often described in terms of agency theory. An agency relationship occurs when one party, the principal, employs another party, the agent, to perform a service on his behalf.

For example, directors of a company can be seen as the agents of the shareholders; employees as the agents of directors, and auditors as agents of shareholders. Each principal must recognize the fact that although he is employing the agent, the agent will have interests of his own to protect and thus may not fully carry out the requirements of the principal.

6.2 ​Agency Relationship Conflict

The directors have a duty of stewardship of the company’s assets.  However, they are also interested in their level of remuneration and if this increases, the assets of the company go down. The decision to award the directors pay increases is effectively in the hands of the directors themselves.

The auditors submit their report to the shareholders.  However, the auditors know the decision to reappoint is effectively in the hands of the directors.  They therefore have a potential conflict in carrying out their function and also remaining on good terms with the directors.

These agency relationships need to be recognized so that, perhaps steps can be taken by a principal to ensure that an agent works closer to the interests of the principal.

6.3 ​The Application of the Agency Theory to Auditing

Despite having recognized the conflicts of interest that may arise, agency theory predicts that matters can be organized so that, by behaving rationally, the agent would not act against the interest of the principal.

For example, the theory assumes that the shareholders will only buy shares if safeguards are in place to protect their interests. The legal requirement for audited accounts is one example of a necessary precondition.  In addition, management will recognize the desirability of an audit.  If shareholders are suspicious of the quality of an audit, they will not be prepared to invest.  Management will therefore arrange for a proper audit as it is in their own interest to do so.

If this is true, then the practical effect of agency theory in auditing is to conclude that statutory regulation is unnecessary.  The management of large companies will pay high fees for extensive and sophisticated audits as they have the greatest need to convince shareholders of the management’s honesty.

In contrast, a small company where the management and shareholders are virtually the same group will not pay a high fee for an audit.  It can be argued that in the latter situation, this is a reasonable result, as the shareholders have no great need for an audit.  However, this conclusion does not necessarily satisfy other users of the accounting information such as lenders (who may lend on the basis of the accounts) and the tax authorities (who assess liability to tax based on the profit reported in the accounts).  The audit requirements for small companies have been substantially relaxed and most of them are not legally required to have their accounts audited.

7.0 ​THE STAGES OF THE AUDIT PROCESS

This section of the unit provides insight into the steps that auditors follow in carrying out an audit. These steps are applicable to all types of audit assignments (even though in practice and in detail, each audit differs from the other)

Stage 1: Review of Theoretical Background and Operational System

The objective of this stage is to discover the background and operational system on a theoretical basis.  Means of achieving the objective include the following:

Selected management interview;

Ascertain the background and nature of the business and the record;

Reference to procedural manual and organizational chart; and

Draft own system notes.

Stage 2: Assessment of Operational System in Practice

The objective of this stage is to discover the operational system in practice.  This is achieved by:

own observations;

conducting selected walk-through tests on particular transactions; and

preparing systems to flow diagrams.

Stage 3: Review of Control Systems

The objective is to discover the strengths and weaknesses of the control systems in detail. This is achieved by:

Completing all applicable sections of the internal control questionnaire

Conducting compliance tests as necessary, and

Preparing memoranda on weak areas.

Stage 4: Evaluation of Implications of Control Weaknesses

The audit objective is to evaluate the relative effect of weaknesses in each major operational area.  Specific tasks to achieve the objective include:

Considering the effect of weak areas with reference to materiality and any compensating controls completing the internal control evaluation schedule after the total effect of weaknesses already noted reporting the effect of major weaknesses to management.

Stage 5: Ascertain the Reliability of Records

The objective is to confirm the reliability of the records as a basis for the preparation of final accounts.  Means of achieving this objective include:

Preparation of a detailed audit programme, specifying the nature of substantive tests and the extent of substantive tests of transactions and balances.

Executing audit programme by applying depth testing techniques.

Stage 6: Agreement of Records/Source Documents to Financial Statements

The objective is to ensure that the draft financial statements are in agreement with the underlying records.  Means of achieving this objective include:

Preparing detailed year-end schedules (Income statements schedules).

Summarizing individual items by cross-referencing to the records and Statement of financial position schedules;

Reconciling the movement of each item from the previous statement of financial position to the current statement of financial position.

Stage 7: Collating Audit Observations and Conclusions

The objective is to form an opinion as to whether the accounts as presented, give a true and fair view and comply with statutory and other requirements.  Means of achieving the objective include:

Obtaining a letter of representation from the chief executive;

Completing verification of assets and liabilities;

Executing statement of financial position audit programme;

Executing analytical review;

Considering effects of changes in accounting policy and post statement of financial position events; and

Using checklists to cover all disclosure requirements post-audit review of files, audit programs, and accounts by independent partner.

Stage 8: Drafting Audit Report and Opinion

The objective of this final stage is to express opinions in the audit report to members.  At this stage, the auditor

Review draft contents of Directors’ report;

Considers the need for qualification;

Refers any qualification to independent partners; and

Draft final audit report for inclusion in the published accounts.

In the Auditors’ Operational Standard, the following five essential phases are highlighted: -

a)      The auditor should adequately plan, control, and record his work

b)      The auditor should ascertain the enterprise's system of recording and processing transactions and assess its adequacy as a basis for the preparation of financial statements.

c)      The auditor should obtain relevant and reliable audit evidence sufficient to enable him to draw reasonable conclusions therefrom

d)     If the auditor wishes to place reliance on any internal controls, he should ascertain and evaluate those controls and perform compliance tests on their operation.

e)      The auditor should carry out such a review of the financial statements as is sufficient, in conjunction with the conclusions drawn from the other audit evidence obtained to give them a reasonable basis for his opinion on the financial statements.

8.0 ​AUDITING AS AN ELEMENT OF ASSURANCE ENGAGEMENT

8.1 ​Definition and Objective of an Assurance Engagement

An Assurance engagement means ‘an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria’. Giving assurance means ‘offering an opinion about specific information so the users of that information are able to make confident decisions’ Assurance service reduces risk and increases confidence relating to a given information for the purpose of decision-making

In some assurance engagements, the evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the intended users. These engagements are called assertion-based engagements. In other assurance engagements, the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users. The subject matter information is provided to the intended users in the assurance report. These engagements are called direct reporting engagements.

There are two types of assurance engagement a practitioner is permitted to perform:

i) ​a reasonable assurance of engagement, and

ii) ​a limited assurance engagement.

The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioner’s conclusion.

The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.

8.2 ​Engagement Acceptance

A practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge of the engagement circumstances indicates that:

(a)    Relevant ethical requirements, such as independence and professional competence    

will be satisfied; and

(b) The engagement exhibits all of the following characteristics:

(i)  The subject matter is appropriate;

(ii)  The criteria to be used are suitable and are available to the intended users;

(iii) The practitioner has access to sufficient appropriate evidence to support the      

practitioner’s conclusion;

(iv) The practitioner’s conclusion, in the form appropriate to either a reasonable 

assurance engagement or a limited assurance engagement is to be contained in

a written report; and

(v)   The practitioner is satisfied that there is a rational purpose for the engagement

If there is a significant limitation on the scope of the practitioner’s work, it may

be unlikely that the engagement has a rational purpose.

Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable justification. A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not disregard evidence that was obtained prior to the change.

8.3 ​Elements of an Assurance Engagement

The following elements of an assurance engagement are discussed in this section:

(a)    A three-party relationship involving a practitioner, a responsible party, and intended

users;

(b) An appropriate subject matter;

(c) Suitable criteria;

(d) Sufficient appropriate evidence; and

(e) A written assurance report in the form appropriate to a reasonable assurance

engagement or a limited assurance engagement.

8.3.1 ​Three-Party Relationship

Assurance engagements involve three separate parties: a practitioner, a responsible party, and intended users.

The responsible party and the intended users may be from different entities or the same entity. As an example of the latter case, in a two-tier board structure, the supervisory board may seek assurance about information provided by the management board of that entity. The relationship between the responsible party and the intended users’ needs to be viewed within the context of a specific engagement and may differ from more traditionally defined lines of responsibility. For example, an entity’s senior management (an intended user) may engage a practitioner to perform an assurance engagement on a particular aspect of the entity’s activities that is the immediate responsibility of a lower level of management (the responsible party), but for which senior management is ultimately responsible.

a)    Practitioner

The term practitioner as used in this Framework is broader than the term auditor as used in ISAs and ISREs, which relates only to practitioners performing audit or review engagements with respect to historical financial information.

A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialized skills and knowledge beyond those ordinarily possessed by an individual practitioner. A practitioner does not accept an engagement if preliminary knowledge of the engagement circumstances indicates that ethical requirements regarding professional competence will not be satisfied. In some cases this requirement can be satisfied by the practitioner using the work of persons from other professional disciplines, referred to as experts. In such cases, the practitioner is satisfied that those persons carrying out the engagement collectively possess the requisite skills and knowledge, and that the practitioner has an adequate level of involvement in the engagement and understanding of the work for which any expert is used.

b)    Responsible Party

The responsible party is the person (or persons) who:

a)  In a direct reporting engagement, is responsible for the subject matter; or

b)  In an assertion-based engagement, is responsible for the subject matter information (the   assertion), and may be responsible for the subject matter. An example of when the responsible party is responsible for both the subject matter information and the subject matter, is when an entity engages a practitioner to perform an assurance engagement regarding a report it has prepared about its own sustainability practices.

An example of when the responsible party is responsible for the subject matter information but not the subject matter is when a government organization engages a practitioner to perform an assurance engagement regarding a report about a private company’s sustainability practices that the organization has prepared and is to distribute to intended users.  The responsible party may or may not be the party who engages the practitioner (the engaging party).

The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users. In a direct reporting engagement, the practitioner may not be able to obtain such a representation when the engaging party is different from the responsible party.

c)     Intended User

The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report. The responsible party can be one of the intended users, but not the only one.

Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. The practitioner may not be able to identify all those who will read the assurance report, particularly where there is a large number of people who have access to it. In such cases, particularly where possible readers are likely to have a broad range of interests in the subject matter, intended users may be limited to major stakeholders with significant and common interests. Intended users may be identified in different ways, for example, by agreement between the practitioner and the responsible party or engaging party, or by law.

Whenever practical, intended users or their representatives are involved with the practitioner and the responsible party (and the engaging party if different) in determining the requirements of the engagement. Regardless of the involvement of others, however, and unlike an agreed-upon procedures engagement (which involves reporting findings based upon the procedures, rather than a conclusion):

(a) The practitioner is responsible for determining the nature, timing, and extent of procedures; and

(b) The practitioner is required to pursue any matter the practitioner becomes aware of that leads the practitioner to question whether a material modification should be made to the subject matter information.

In some cases, intended users (for example, bankers and regulators) impose a requirement on, or request the responsible party (or the engaging party if different) to arrange for, an assurance engagement to be performed for a specific purpose. When engagements are designed for specified intended users or a specific purpose, the practitioner considers including a restriction in the assurance report that limits its use to those users or that purpose.

8.3.2 ​Subject Matter

The subject matter, and subject matter information, of an assurance engagement can take many forms, such as:

• Financial performance or conditions (for example, historical or prospective financial position, financial performance, and cash flows) for which the subject matter information may be the recognition, measurement, presentation, and disclosure represented in financial statements.

• Non-financial performance or conditions (for example, performance of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness.

• Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document.

• Systems and processes (for example, an entity’s internal control or IT system) for which the subject matter information may be an assertion about effectiveness.

• Behaviour (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness.

Subject matters have different characteristics, including the degree to which information about them is qualitative versus quantitative, objective versus subjective, historical versus prospective, and relates to a point in time or covers a period. Such characteristics affect the:

(a) Precision with which the subject matter can be evaluated or measured against ​criteria; and

(b) The persuasiveness of available evidence.

The assurance report notes characteristics of particular relevance to the intended users.

An appropriate subject matter is:

Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate.

8.3.3 ​Criteria

Criteria are the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and disclosure. Criteria can be formal, for example in the preparation of financial statements, the criteria may be International Financial Reporting Standards or International Public Sector Accounting Standards; when reporting on internal control, the criteria may be an established internal control framework or individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria may be the applicable law, regulation or contract. Examples of less formal criteria are an internally developed code of conduct or an agreed level of performance (such as the number of times a particular committee is expected to meet in a year).

Suitable criteria are required for reasonably consistent evaluation or measurement of a subject matter within the context of professional judgment. Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Suitable criteria are context-sensitive, that is, relevant to the engagement circumstances. Even for the same subject matter there can be different criteria. For example, one responsible party might select the number of customer complaints resolved to the acknowledged satisfaction of the customer for the subject matter of customer satisfaction; another responsible party might select the number of repeat purchases in the three months following the initial purchase.

Suitable criteria exhibit the following characteristics:

(a)       Relevance: relevant criteria contribute to conclusions that assist decision-making by the intended users.

(b)       Completeness: criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure.

(c)       Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the subject matter including, where relevant, presentation and disclosure, when used in similar circumstances by

Similarly qualified practitioners.

(d)  Neutrality: neutral criteria contribute to conclusions that are free from bias.

(e) Understandability: understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations.

The evaluation or measurement of a subject matter on the basis of the practitioner’s own expectations, judgments, and individual experience would not constitute suitable criteria.

The practitioner assesses the suitability of criteria for a particular engagement by considering whether they reflect the above characteristics. The relative importance of each characteristic to a particular engagement is a matter of judgment. Criteria can either be established or specifically developed.

Established criteria are those embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process. Specifically developed criteria are those designed for the purpose of the engagement. Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement.

Criteria need to be available to the intended users to allow them to understand how the subject matter has been evaluated or measured. Criteria are made available to the intended users in one or more of the following ways:

(a) Publicly.

(b) Through inclusion in a clear manner in the presentation of the subject matter information.

(c) Through inclusion in a clear manner in the assurance report.

(d) By general understanding, for example the criterion for measuring time in hours and minutes.

Criteria may also be available only to specific intended users, for example the terms of a contract, or criteria issued by an industry association that are available only to those in the industry. When identified criteria are available only to specific intended users, or are relevant only to a specific purpose, use of the assurance report is restricted to those users or for that purpose.

8.3.4 ​Evidence

The practitioner plans and performs an assurance engagement with an attitude of professional scepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material misstatement. The practitioner considers materiality, assurance engagement risk, and the quantity and quality of available evidence when planning and performing the engagement, in particular when determining the nature, timing and extent of evidence-gathering procedures.

An attitude of professional scepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. For example, an attitude of professional scepticism is necessary throughout the engagement process for the practitioner to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing conclusions from observations, and of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and evaluating the results thereof.

An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected to be an expert in such authentication. However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance where relevant.

Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of evidence; that is, its relevance and its reliability. The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality, the less may be required). Accordingly, the sufficiency and appropriateness of evidence are interrelated. However, merely obtaining more evidence may not compensate for its poor quality.

The reliability of evidence is influenced by its source and by its nature and is dependent on the individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of evidence can be made; however, such generalizations are subject to important exceptions. Even when evidence is obtained from sources external to the entity, circumstances may exist that could affect the reliability of the information obtained. For example, evidence obtained from an independent external source may not be reliable if the source is not knowledgeable. While recognizing that exceptions may exist, the following generalizations about the reliability of evidence may be useful:

• ​Evidence is more reliable when it is obtained from independent sources outside the entity.

• ​Evidence that is generated internally is more reliable when the related controls are effective.

• ​Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).

• ​Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was discussed).

• ​Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.

The practitioner ordinarily obtains more assurance from consistent evidence obtained from different sources or of a different nature than from items of evidence considered individually. In addition, obtaining evidence from different sources or of a different nature may indicate that an individual item of evidence is not reliable. For example, corroborating information obtained from a source independent of the entity may increase the assurance the practitioner obtains from a representation from the responsible party. Conversely, when evidence obtained from one source is inconsistent with that obtained from another, the practitioner determines what additional evidence-gathering procedures are necessary to resolve the inconsistency.

The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence-gathering procedure for which there is no alternative. The practitioner uses professional judgment and exercises professional scepticism in evaluating the quantity and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.

Materiality is relevant when the practitioner determines the nature, timing, and extent of evidence-gathering procedures, and when assessing whether the subject matter information is free of misstatement. When considering materiality, the practitioner understands and assesses what factors might influence the decisions of the intended users. Materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests of the intended users. The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement are matters for the practitioner’s judgment.

The quantity or quality of available evidence is affected by:

(a) The characteristics of the subject matter and subject matter information. For example, less objective evidence might be expected when information about the subject matter is future-oriented rather than historical; and

(b) Circumstances of the engagement other than the characteristics of the subject matter, when evidence that could reasonably be expected to exist is not available because of, for example, the timing of the practitioner’s appointment, an entity’s document retention policy, or a restriction imposed by the responsible party. Ordinarily, available evidence will be persuasive rather than conclusive.

An unqualified conclusion is not appropriate for either type of assurance engagement in the case of a material limitation on the scope of the practitioner’s work, that is, when:

(a) Circumstances prevent the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level; or

(b) The responsible party or the engaging party imposes a restriction that prevents the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level.

8.3.5 ​Assurance Report

The practitioner provides a written report containing a conclusion that conveys the assurance obtained about the subject matter information. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so.