CHAPTER 2 THEORITICAL FOUNDATION. Auditing is the accumulation and evaluation of evidence about information to

Transcription

1 12 CHAPTER 2 THEORITICAL FOUNDATION 2.1 Auditing Nature of audit Audit definition based on Arens, et al (2006): Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and establish criteria. Auditing should be done by a competent, independent person. Audit definition based on Konrath (2002): Auditing defined as a systematic process of objectively obtaining and evaluating evidence regarding assertions about economics actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. Based on above statements, we can conclude that audit form of systematic process implemented by competent and independent person, to gather and evaluate the evidence objectively in order to determine the level of concordance between the information with predetermined criteria, and report the results to the management.

2 Purpose of Audit Purpose of audit listed on SAS 1 (AU 110) cited by Arens, et al (2006): The objective of the ordinary audit of financial statement by the independent auditor is the expression of an opinion on the fairness with which they present fairly, in all material aspects, financial position, results of operations, and its cash flows in conformity with generally accepted accounting principles. On statement above, purpose of audit can be defined as an assessment in a form of audit report. Purpose of audit used as standardized plan for auditor in gathering evidence to state an adequate operation in Clients Company, then based on these evidence, auditor can perform an audit report. Purpose of audit set by an auditor expected to correspond with management assertions, the management's statement regarding the type of transaction and associated estimation in the financial statements. Auditing purposes become a basic framework for collecting material of competent evidence. According to Arens, et al (2006), there is some purpose of audit which have to be completed before auditor conclude that several transaction or operation that have been recorded correctly, this purpose called Transaction Related Audit Objectives (TRAO), while purpose of audit which have to be completed for each account balance called Balance Related Audit Objective (BRAO).

3 Types of Audit Types of audit according to Arens,et al (2006) 1. Operational Auditing Operational audit also known as management audit. Examination conducted to evaluate the efficiency and effectiveness of procedures and methods of operation of an organization. Operational audits more like management consulting. At the end of the audit, the auditor will make recommendations to management to improve operations. 2. Compliance Audit Compliance audit is an examination conducted to determine whether the client has followed the procedures and rules set by the authorities. Compliance audit results are usually reported to a particular party in the company, to assess the extent to which compliance has been made. 3. Financial Statement Audit Financial statement audit is an examination of the financial statements of an enterprise, to determine whether the financial statements have been prepared in accordance with the criteria established. Criteria normally used are the Generally Accepted Accounting Principles (GAAP), while in Indonesia the criteria used is the Standar Akutansi keuangan (SAK).

4 15 Audit of financial statements includes the examination of the balance sheet, income statement, statement of cash flows, and notes to financial statements. The results of this examination are audit report, which contains the auditor's opinion regarding the fairness of the financial statements Audit Evidence According to arens, et al (2008) there is seven types of audit evidence: 1. Physical Examination Physical examination is the inspection or count by the auditor of a tangible asset. Count a sample of inventory and compare quantity and description to client s counts. 2. Confirmation Confirmation describes the receipt of a written or oral response from an independent third party verifying the accuracy of information that was requested by the auditor. 3. Documentation Documentation is the auditor s inspection of the client s documents and records to substiante the information that is, or should be, included in the financial statements. Compare quantity on client s perpetual records to quantity on client s counts. 4. Analytical procedures Analytical procedures use comparisons and relationship to asses whether account balances or other data appear reasonable compared to the auditor s expectations.

5 16 5. Inquiries of the client Inquiry is the obtaining of written or oral information from the client in response to questions from the auditor. 6. Recalculation Recalculation involves rechecking a sample of calculations made by the client. Rechecking client calculations consists of testing the client s arithmetical accuracy and procedures. 7. Reperformance Is the auditor s independent tests of client accounting procedures or controls that were originally done as part of the entity s accounting and internal control system. Whereas recalculation involves rechecking a computation, reperformance involves checking other procedures. 8. Observation Observation is the use of the senses to assess client activities. Throughout the engagement with a client, auditors have many opportunities to use their senses.

6 Audit Phase According to Arens, et al (2006), there are four phase in audit process: 1. Plan and design audit approach Information obtained during client acceptance and initial planning; understand the business and clients industry, client s business risk assessments and early implementation of analytical procedures to determine the inherent risk and acceptable audit risk. Assessment of materiality, acceptable audit risk, inherent risk, and control risk is used to develop a plan and audit program as a whole. 2. Perform test of control and substantive test of transaction Purpose of this phase are (1) to obtain material evidence supporting the procedures and control policies that contribute to the risk controls that have been set by the auditor (with a test of control) and (2) to obtain material evidence supporting the truth of the monetary and the number of transactions (by performing substantive tests of transactions). 3. Perform analytical procedures and test of detail of balances. The purpose of this phase is to get additional evidence, analytical procedure is a procedure used to qualify overall operation of transaction and account balance. Test of detail balances is specific procedure which used to qualify account balance in financial statement.

7 18 4. Complete the audit and issue an audit report. Next step after finishing all the procedure of each purpose of audit and each account in financial statement, auditor needs to combine information that used for prepare audit report 1) reviewing contingent liabilities 2) over viewing subsequent event 3) gathering evidence 4) publish audit report 5) communicate the result with audit committee and management Audit Risk Auditor gives reasonable assurance, which means there are risks that related to audited subjects. Definition of audit risk according to Arens, et al (2006): The risk that auditor will conclude that the financial statements are fairly stated and on unqualified opinion can be issued when, in fact, they are materially misstated Audit Program The audit program is bridge between preliminary survey and the field work. In the preliminary survey internal auditor identify operating objectives, risks, operating conditions, and controls. In the field work, auditor should gather evidence according to effectiveness of control system, the efficiency of operations, the accomplishment of objectives, and the effects of risks on the enterprise.

8 19 According to sawyer (1996) criteria of audit programs are identified as follows: The objectives of the operation under review should be stated carefully and agreed to by the auditee. Programs should be tailor made to the audit assignment unless compelling reasons dictate otherwise. Each programmed work step should show the reason behind it, i.e., the objective of the operation and the controls to be tested. Work steps should include positive instructions. Whenever practicable, the audit program should indicate the relative priority of the work steps. Audit programs should be flexible and permit the use of initiative and sound judgment in deviating from prescribed procedures or extending the work done. Programs should not be cluttered with material from sources readily available to the staff. Unnecessary information should be avoided. Audit programs should bear evidence of supervisory approval before they are carried out. When the auditee management asks the auditor to perform certain tests, these should be included in the audit program if the audit budgets permits.

9 20 This data will be gathered in the form of Standard Audit Programme Guides (SAPG). SAPG provide detailed guidance and direction during projects and field visits. SAPG define the key and essential knowledge about a given subject used in audit documentation. According to chambers (1997), SAPG divided to three distinctions: A title page The risk/ control issues System interfaces To calculate the effectiveness of the activity, the auditor use standard formula from Badan Pengawasan Keuangan dan Pembangunan (BPKP) (2001) 2.2. Internal Auditing The nature of internal auditing Modern internal auditing evolved from essentially accounting oriented craft to a management oriented profession. Before, internal auditing assessing more on financial matters, but today auditing provides series that include examination and appraisal of both control and performance issue of private or public organization. Internal auditor s across the world practicing different auditing work differently, based on audit scope they

10 21 are try to reach or what they rely in to. Is it true that different names have been given to the function of internal auditing, for example; operational auditing, performance auditing, program auditing, results auditing, comprehensive auditing, and management oriented auditing. Yet, when all is said and done, the forms of audits practiced today fall into three fundamental approaches. Based on Lawrence B. Sawyer (1996) internal auditing practices, they are: Financial. The analysis of the economic activity of an entity as measured and reported by accounting methods Compliance. The review of both financial and operating controls and transactions to see how well they conform with established laws, standards, regulations, and procedures. Operational. The comprehensive review of the varied functions within the enterprise to appraise the efficiency and economy of operations and the effectiveness with which those functions achieve their objectives Internal auditor and External auditor Internal auditor and external auditor represent two distinct professions. According to Sawyer (1996) internal auditing practices, the difference between internal and external auditor are:

11 22 INTERNAL AUDITOR EXTERNAL AUDITOR Is an organizations employee. Is an independent contractor. Serves needs of the organization. Serves third parties who need reliable financial information. Focuses on future events by evaluating controls designed to assure the accomplishment of entity goals and objectives Is directly concerned with the prevention of fraud in any form or extent in any activity reviewed. Focuses on the accuracy and understandability of historical events as expressed in financial statements. Is incidentally concerned with the prevention and detection of fraud in general, but is directly concerned when financial statements may be materially affected. Is independent of the activities audited, but is ready to respond to the needs and desires of all elements of management Reviews activities continually. Independent of management and the board of directors both in fact and in mental attitude. Reviews records supporting financial statements periodically usually once a year.

12 Fraud risk assessment by internal auditing According to Schneider (2010) noted by the Treadway Commission (1987), internal auditor can easily detect fraud with process and procedure of internal auditing, these enable them to access organizational fraud effectively. This claim has been supported by several KPMG surveys which indicate that internal auditors are more likely to uncover fraud than external auditors (KPMG, 2003). Whereas 65% of frauds were discovered in 2003 by internal auditors, only 12% were discovered by external auditors (KPMG, 2003). This is because internal auditors may give greater exposure to the operation inside the company or internal auditing work typically over external audit work. (Church, McMillan, & Schneider, 1998). SAS No. 99, Consideration of Fraud in a Financial Statement Audit, acknowledges the important role of internal auditors by requiring external auditors to: inquire of appropriate internal audit personnel about their views about the risks of fraud, whether they have performed any procedures to identify or detect fraud during the year, whether management has satisfactorily responded to any findings resulting from these procedures, and whether the internal auditors have knowledge of any fraud or suspected fraud (AICPA, 2002, AU ). This SAS No. 99 requirement

13 Operational Audit Definitions of operational audit Term operational auditing may reflect to several pictures for internal auditing. Audit of operating units such as factories, subsidiary companies, overseas operations. Which make it limited for some accounting or financial controls or it may give bigger picture. Institute of internal auditors publication defines operational auditing as: A systematic process of evaluating an organization s effectiveness, effeciency, and economy of operations under management s control and reporting to appropriate persons the results of the evaluation along with recommendations for improvement (Gill and Cosserat 1996, P.809) Audit of accounting and financial perspective in the functional areas of the business, it is different from audit in financial and accounting area, these functional area might be marketing, sales, distribution, production, and etc, which based on the business nature itself. Operational audit stressed on the internal audit that reviews all the operating area in the business. Bussiness audit such as operating, functional, department of accounting, treasury, etc. The objective of the activity is to review the effectiveness and efficiency also the economical way to achieve the management objectives. The operational auditing may go over the internal control issues.

14 25 The categorization of operational audit in the business sector may fall to these areas: 1. Management and administration 2. Financial and accounting 3. Personnel 4. Procurement 5. Stock and materials handlings 6. Production and manufacturing 7. Marketing and sales 8. After sales support 9. Research and development 10. Information technology

15 Objectives of operational audit Pany and whittington (1997, p.770) states several objectives of operational audit: 1. To assess the unit s performance in relation to management s objectives or other appropriate criteria. 2. To assure that its plan (as described in statements of objectives, programs, budgets, and defectiveness) are comprehensive, reliable, and understandable at the operating levels. 3. To provide information on weaknesses in operating controls, principally as to possible sources of waste. 4. To reassure that all operating reports can be relied on as basis for action Differences between operational auditing and financial auditing According to D. C. Lane (1983), the main differences between financial audit and internal audit, the operational audit has a much wider time horizon. Financial audit focused on historical data, operational audit looks at the present and medium termfuture. Operational audit provide reliable forecasts and judgments about changes and developments in industrial and technological environments. The operational auditors verify the validity of forecasting and planning.

16 27 Arens et al. (2003, p738) states three main differences between operational and financial audit. 1. Purpose of audit Financial audit underlines the fair presentation of financial statement, whereas operational audit underlines on effectiveness and efficiency. In addition, financial audit concern with historical financial information, whereas operational audit concern with operating performance for the future. 2. Distribution of the report Financial audit report is normally intended for public use, such as shareholders, investors, creditors, bank, governments, etc. Operational audit report, on the other hand, is primarily intended for internal user, which is management. 3. Inclusion of non-financial areas Operational audit covers any aspect of efficiency and effectiveness in an organization. Hence, operational audit can involve a wide variety of activities. On the contrary, financial audit are limited to materials that directly affect the fairness of financial statement presentations.

17 28 Differences between financial audit and operational audit can be summarized as follows: Characteristic Financial audit Operational audit 1. purpose To give a true and fair opinion of financial statements. 2. scope Accounting records Business operations 3. orientation Historical financial information 4. Generally Accepted assessment Accounting Principle criteria (GAAP) To improve internal control efficiency and effectiveness Historical, current, and future operations Management operation principles and procedures 5. method Generally Accepted Management operation techniques 6. precision Auditing Standard (GAAS) Absolute Relative 7. recipient Outside party, such as shareholders, governments, banks 8. realization Actual Potential Internal party, such as management, divisions 9. frequency Regular, at least once a year Periodic, often on an uncertain basis 10. obligation Compulsory Optional 11. focus Financial statements Operation positive improvements 12. viewpoint presented fairly Management 13. success financial Unqualified opinion Management adoption of recommendations

18 Scope of operational auditing The breakdown of the organization into set of separate audit reviews could be said to form the audit universe of potential audit projects. The activities require coordination between number of department or function. For example, the development of new product may involve the marketing, accounting and research function. Each organization may differ in audit function. According to chambers (1997) operational auditing handbook scope of operational auditing divide as follows: Management and administration: the control environment organization (i.e. structure) management information planning risk management legal department quality management estates management and facilities environmental issues insurance security

19 30 capital projects industry regulation and compliance media, public and external relations company secretarial department Financial and accounting: treasury payroll accounts payable accounts receivable general ledger/ management accounts fixed asset (and capital charges) budgeting and monitoring bank accounts and banking arrangements sales tax (i.e. VAT) accounting taxation inventories product/project accounting petty cash and expenses financial information and reporting investment

20 31 Personnel: human resources department (including policies) recruitment manpower and succession planning staff training and development welfare pension scheme (and other benefits) health insurance staff appraisal and disciplinary matters health and safety labor relations company vehicles Procurement: purchasing contracting Stock and materials handling: stock control warehousing and storage distribution, transport and logistics

21 32 Production/manufacturing: planning and production control facilities, plant, and equipment personnel materials and energy quality control safety environmental issues law and regulatory compliance maintenance Marketing and sales: product development market research promotion and advertising pricing and discount policies sales management sales performance and monitoring distribution relationship with parent company (for overseas of subsidiary operations) agents order processing

22 33 After sales support: warranty arrangements maintenance and servicing spare parts and supply Research and Development: product development project appraisal and monitoring plant and equipment development project management legal and regulatory issues Information Technology: IT strategic planning IT organization IT sites Processing operations Back-up and media Systems/operating software System access control Personal computers Software maintenance Local area networks Databases

23 34 Data protection Facilities management System development Software selection Contingency planning Electronic data interchange Viruses Electronic office User support Spreadsheet design Expert system IT accounting Operational audit variables (6 E s) In operational auditing according to Andrew Chambers and Graham Rand (1997), auditor must consider 3 primary variables and 3 further audit interest. These are: Effectiveness: doing the right things which is achieving entity objectives. Efficiency: doing them well choosing the appropriate system to avoid waste of input and rework. Economy: doing them cheap for instance, unit costs for labor, materials, etc. Being under control.

24 35 The further E s that maters the audit interests are: Equity: avoidance of discrimination and unfairness. Environment: acting in an environmentally responsible way. Ethics: legal and moral conduct by management and staff The figure below represent connection between each variable ACTUAL ACTUAL INPUTS [Efficiency] OUTPUTS [Economy] [Effectiveness] PLANNED INPUTS PLANNED OUTPUTS (objectives)

25 Audit performance measure According to Andrew Chambers and Graham Rand (1997) operational auditing handbook, Audit performance measure categorized as follows: Workload/demand performance measures: This measurement indicates the output volume, the quality and quantity of the service or product. Such as number of users, number of units produced, percentage, etc. Economy performance measures: These may highlight waste in the provision of resources indicating that the same resources may be provided more cheaply. Such as; cleaning cost per hour worked, maintenance cost, cost of finance function, etc. Efficiency performance measures: These may highlight potential opportunities to convert given resources to end product with less waste. Many performance measures will point to either uneconomic or inefficient practices. Such as; breakdown per production day, ratio of actual input and actual output, accidents at work per 1000 personnel, etc.

26 37 Effectiveness performance measures: These performance measure reviews about how to achieve entity s objectives regardless of economy, efficiency, or equity except if they are correlated. Effectiveness performance measuring things such as; actual output in comparison to planned output, ration of customer complain compare to the sales, etc. Equity performance measures: These performance measures draw attention to unfairness or social irresponsibility in terms of corporate policy and practice. Such as; departmental grant per member or staff, proportion of female employees, etc Phases of operational audit According to Arens et al (2003) pg , phases of operational audit are as follow: 1. Planning Operational audit planning phase is quite similar to financial audit planning. It involves determining the scope of the engagement, assigning proper staff to the engagement, obtain proper understanding of the client s business industry, obtain information of internal control and decide on proper evidence to accumulate.

27 38 2. Evidence accumulation and evaluation Operational auditors must accumulate applicable and related evidence for a reasonable basis result in making a conclusion about the objective being tested. The following activities involved in evidence collections are: o Reviewing operating policies and documentation o Confirming procedures with management and operating personnel o Observing operating functions and activities o Examining financial and operating plans and reports o Testing the accuracy of operating information o Testing controls (romney and steinbart 2003, p.342). 3. Reporting and follow up Operational audit report is prepared for internal management, which make a standardized wording is less necessary. However, operational audit report needs tailor-made report addressing the scope of audit, findings, and recommendation are made to the management. This is to determine whether recommendation is applicable or not.

28 Types of operational audit 1. Functional auditing Functional audit deals with one or more functions in an organization, for example effectivness and efficiency of payroll department for the company as a whole. 2. Organizational audit An operational audit of an organization deals with an entire organizational unit, such as department, branch or subsdiary. An organizational audit emphasizes on how efficiently and effectively functions interact. 3. Special assignments Special assignments in operational audit depend on the request of management for kinds of audit, such as determining the ineffectiveness of the IT system, etc Relation of internal auditing and operational auditing According to Mark Penno (1990) the scope of internal audit department typically extends beyond financial reporting. The internal audit also performs operational (or management) auditing. Operational auditing is not constrained by the limited informational requirements of financial reporting and considers a much wider variety of information than does a financial audit. The operational audit fills the gap between the economic organizations informational requirements. Operational audit

29 40 or management audit fulfill the gap between financial requirements needed by internal auditing. Operational auditing also eliminates data manipulation which becomes important requirements in internal auditing Auditing operations and resource management. Auditing operations and resource management is the operational auditing dimensions of production and manufacturing as being representative of operations in general. According to Andrew Chambers and Graham Rand (1997) operational auditing handbook, they normally involve the following aspects: Identifying an underlying requirement and endeavoring to cost effectively exploit it Ensuring that suitable and adequate resources (human and material) are brought together at the right time and place to fulfill the identified requirements. Ensuring that the operation is conducted safely, economically, efficiently, effectively, to the required standard, and in accordance with any prevailing regulations and laws; and so on.

30 41 System/function components of a production/manufacturing environment: planning and production control facilities, plant, and equipment personnel materials and energy quality control safety environmental issues law and regulatory compliance maintenance 2.4 Internal Control Definition of internal control According to Arens et al (2003, p.274), a system of internal control consist of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals. The Auditing Methods Committee of the American Institute of Certified Public Accountants (AICPA) defined the internal control as being involve the organizational plan, coordination methods, measures followed to protect the assts, checking, and reviewing accounting data check their accuracy, dependability, increase productive efficiency, and encourage employee's adoption of established management policies.

31 42 According to Al-Qudah(2011), The essential goals of internal control that can be deduced from the earlier definitions include : First: authorities, powers and responsibilities of an organization, clearly state the existence of organizational structure in the organization which important for achieving internal control that supported by structured organizational components. Second: provide protection of company s assets from fraudulent manipulations. Third: accurate accounting information needed for overall company s operations and processes that become a subject of internal control. Fourth: Encouraging compliance with policies, regulations, and administrative instructions in organization Internal control components The COSO concept of internal control includes five components of internal control. They are: 1. The control environment The control environment consists of actions, policies, and procedures that expose the overall position of top management concerning the extent of internal control importance. Several factors that contribute to the control environment are: o Integrity and ethical values o Commitment to competence

32 43 o Board of directors or audit committee participation o Management s philosophy and operating style o Organizational structure o Assignment of authority and responsibility o Human resources policies and practices 2. Risk assessment Risk assessment is management s identification and analysis of risks in relation to the preparation of financial statements in conformity with GAAP. Factors that may increase risk include failure to meet prior objectives, quality of personnel, company operations, geographic scatter, significance and complexity of core business processes, introduction of new system, and entrance of new competitors. 3. Control activities Control activities are policies and procedures that are intended to ensure that actions are taken to address risks in an attempt to achieve the entity s objectives. Control activities closely relate to policies and procedures that concern: o Adequate segregation of duties o Proper authorization of transactions and activities o Adequate documents and records

33 44 o Physical control over assets and records o Independent checks on performance 4. Information and communication The rationale behind information and communication is to initiate, record, process, and report the entity s transactions as well as to preserve accountability for the related assets. This is typically achieved and documented by narrative description of the system or by a flowchart. 5. Monitoring Monitoring activity cope with continuing or regular assessment of the quality of internal control by management in an attempt to determine that controls are operating as intended. Information for assessment and modification comes from a range of sources, including internal auditor reports, evaluation of the current internal control, feedback from operating personnel, reports by regulators and complaints from customers General characteristic of good internal control structure Gay and Simnett (2000, p.305) present general characteristics of a good internal control structure: 1. There should be proper segregation of duties. There should be no incompatible functions, so that no person has a chance to commit or cover irregularities in the normal course of duties.

34 45 2. The internal control structure should have a system of authorization, recording, and custodianship procedures sufficient enough to provide accounting control of assets, liabilities, revenues and expenses. 3. There should be reliable business practices in performance of duties and functions by each department. 4. Internal control should ensure that persons have qualifications corresponding to their responsibilities Relationship between internal control and operational auditing Fadzil et al. (2005) as cited by Agbejule (2007) state that the primary concern of organization internal control system are providing administrative management along with reasonable assurances that financial information is accurate and reliable: organization must concern about plans, procedures, policies, laws, regulation and contract; assets are safeguarded against loss and theft; resources are used economically and efficiently; and established objectives and goals for operations or programs can be met. The following three internal control objectives can be found in the COSO framework: (1) Effectiveness and efficiency of activities; (2) Reliability of financial information; and (3) Compliance with applicable laws and regulations. Obviously, the first of these three clients concerns directly relate to operational auditing, but the other two also effect the efficiency and effectiveness.

35 46 Purpose of operational auditing of internal control is to evaluate efficiency and effectiveness and to make recommendations to management. In contrast, internal control evaluation for financial auditing has two primary purposes: to determine the extent of substantive audit testing required and to report on the effectiveness of internal control over financial reporting for public companies. The scope of operational auditing concerns any control that related to efficiency and effectiveness, while the scope of internal control evaluation for financial audit is restricted to the effectiveness of internal control over financial reporting and its effect in the fair presentation of financial statements.