Sie sind auf Seite 1von 60



In today’s society the exercise of an auditor’s to the economic and ethical

leadership sets the bounding standard or in other words equips an auditor
in such a way that recognizes him as a reliable body. With the growing
conscious recognition of the importance of financial data in the ordering of
everyday business and economic life, the need of basic economic facts is
providing a constantly enlarging opportunity for the accounting
profession. The auditors' reports have an especial capacity to fulfill the
need for reliable and authoritative financial material not only because of
the reputation or prestige of the certified statements, but also because of
the significance generally attached by the business man to the functions
of the auditor and his reports. These functions, and the scope of these
reports, have in the past been definitely related to the character of and
changes in business activity.

Audits and reviews are basically procedures performed on the financial

statements of a company, for the purpose of determining whether the
financial statements include any material misstatements. Misstatements
are essentially wrong numbers due to numerical errors, fraud, or errors in
interpreting the accounting rules. Misstatements are material if they are
large enough to make a difference to a user of the financial statements,
such as a bank or investor. And the person who involved in auditing is
known as auditor. It also provides the techniques necessary to examine
the internal control system of a company and perform operational or
compliance audits by internal or external auditors.

The early conceptions of the functions of the auditor were such as to

confine him to the duties of a mere checker and verifier of debits and
credits. As business became more complex in its interrelationships there
has been a compensating broadening demand for the acceptance of new
and formerly unrecognized responsibilities by the auditor. This has


PAGE | 1

progressed so far that the highest type of auditor is looked upon today as
a financial expert. The premises upon which most audits are predicated,
however, are still largely those of the checker-verifier. Recent economic
trends have accentuated the new conceptions and demands upon the
auditor. The control of business enterprises within and among themselves
has emphasized the importance of the budgetary and managerial aspects
of the accountants' reports in enabling business units to coordinate their
internal and external activities in the scheme of the economic plan.

Thus the word “audit” is derived from the Latin word ‘audire” which
means “to hear”. In olden times, whenever the owners of a business
suspected fraud, they appointed certain persons to check the accounts.
Such persons sent for the accountants and “heard” whatever they had to
say connection with the accounts. It was an Italian, Luca Paciaio, who first
published his treatise on double entry system of book-keeping for the first
time in 1494. He mentioned and described the duties and responsibilities
of an auditor, since then; there have been lot of changes in the scope and
definition of audit and the duties and responsibilities of an auditor.

Spicer and Pegler , have defined Audit as “such as examination of the

books, accounts and vouchers of a business, as will enable the auditor to
satisfy himself that the balance sheet is properly drawn up, so as to give a
true and fair view of the state of the affairs of the business, and whether
the profit and Loss account gives a true and fair view of profit or loss for
the financial period, according to the best of his information and the
explanations given to him and as shown by the books and if not, in what
respect he is not satisfied.”

F.R.M. De Paula, an English authority on auditing literature, describes

auditing as “ the examination of a balance sheet and Profit and Loss
account prepared by others, together with the books, accounts, and
vouchers relating thereto in such a manner that manner that auditor may
be able to satisfy himself and honestly report that, in his opinion, such
balance sheet properly drawn up so as to exhibit a true and correct view


PAGE | 2

of the state of affairs to the particular concern according to the

information and explanations given to him, and as shown by the books”.
He further continues that an “audit of a balance sheet involves the
verification of the profit and loss account, as the balance of that account
must be included in some form or other in the former”.

The complicated evolution of auditing has been changing throughout the
historical changes. Thus the practice of auditing have always had a
dramatic shift of change to cope with the needs of everyday business
environment. Auditing has been around since the beginning of human
civilization, focusing mainly, at first, on finding fraud. As the United States
grew, the business world grew, and auditing began to play more
important roles. In the late 1800’s and early 1900’s, people began to
invest money into large corporations. The Stock Market crash of 1929 and
various scandals made auditors realize that their roles in society were
very important. Scandals and stock market crashes made auditors aware
of deficiencies in auditing, and the auditing community was always quick
to fix those deficiencies. The auditors’ job became more difficult as the
accounting principles changed, and became easier with the use of internal
controls. These controls introduced the need for testing; not an in-depth
detailed audit. Auditing jobs would have to change to meet the changing
business world. The invention of computers impacted the auditors’ world
by making their job at times easier and at times making their job more

The practice of auditing has been in the human society since its
beginning. Auditing was used mostly for the detection of fraud and was


PAGE | 3

done through extensive detailed examination from ancient times until the
late nineteenth century. Fraud was a great concern during the early
history of auditing, because internal controls were not used or not used
effectively until the twentieth century. To protect the public, the British
Companies Act of 1844 provided for mandatory audits. Soon afterward, in
1853, organizations of chartered accountants were formed in Scotland.
The same industrial revolution was occurring across the Atlantic in the
United States. By the late nineteenth century, British auditors were being
sent to audit American companies. Thus it was the British who built the
infrastructure for professional auditing in the United States.

The late nineteenth century was a turning point in auditing history, when
laws like the English Companies Act of 1862 were enacted. “The English
Companies Act of 1862 was a general acceptance of the need for an
independent review of accounts for both large and small enterprises (Lee,
1988).” This Act of 1862 showed that there was a great demand for
specialized-trained professionals to perform these reviews reliably and

The Late 1800’s to Early 1900’s

During this era a lot of items were omitted from the records were
overlooked by the auditors, and the result was an auditing profession that
was viewed by outsiders as more clerical than professional. Auditing of
the late nineteenth century involved a complete review of transactions
and the preparation of the corrected accounts and financial statements.
This was obviously an inefficient and expensive way to perform an audit.
England and the United States saw the need to make an audit more
efficient and less expensive. Around 1895, the technique of sampling
emerged. The audits of the late 1800s and early 1900s were largely
devoted to the accuracy of bookkeeping detail. In most cases, all vouchers
were examined and all footings verified. Hence, items omitted from the
records were overlooked by the auditors, and the result was an auditing


PAGE | 4

profession that was viewed by outsiders as more clerical than


In the late 1890’s, therefore the main objectives of auditing were the
detection/prevention of fraud and the detection/prevention of errors.
Auditing in the United States began to branch from the heavy influences
of Britain in the 1900’s. The main objectives of auditing in the United
States were to obtain accurate financial conditions and earnings of an
enterprise and secondly to detect fraud and errors. Auditors in the early
1900’s were primarily used to submit a certified balance sheet to banks to
obtain credit. Bankers were no longer loaning money based on good
character, but now focused on the definite knowledge of the financial
affairs of the borrowers. Large life insurance companies also began using
independent public accountants to certify published statements since the
Hughes investigation of 1905.

The improvement of accounting practices and standards were the main

concerns of the accounting community in the early 1900’s. Any deviation
from the Interstate Commerce Act was forbidden and punishable. The
business world also began to feel the need for improvement of accounting
principles when the businessmen’s pocketbooks were being squeezed
during the World War I era. Income taxes before World War I were at such
a low rate that they had no or little effect on the accounting practices of
the business world. In 1917 and 1918, the U.S. Government significantly
increased income taxes and a new tax was enacted that was a heavy
graduated excess profits tax. These taxes made the business world see
the need for improvement of accounting principles and the need for
accountants to mitigate the increase in taxes. Public accountants were
now commonly called on for financial advice and tax planning guidance.
This led to periodical auditing of the companies’ accounts.

Between the 1920’s and the 1930’s

When auditors and business managers learned about internal controls,
they were able to evaluate an entity’s controls. Through this evaluation,


PAGE | 5

they can do less detailed testing if the controls are strong, strong controls
will save time and money. After the Stock Market Crash of 1929, the
government saw the need for more standards and audits. They were
needed to keep businesses and publicly traded securities to stay uniform
and truthful with respect to their financial condition.

In 1930’s, the Securities and Exchange Commission had rigorous control

of public utility holding companies and this would result in a very
important accounting provision. The Public Utility Act of 1935 specified the
prevention of the payment of dividends out of capital or unearned surplus
without the approval of the Commission. This was a very significant
movement that made the distinction of earned and unearned surplus in
statutory law, which was previously only mentioned, in accounting
practice and few corporate laws.

The responsibility to of fraud detection was a question that was

unanswered for many years until the McKesson & Robbins scandal case of
1939, which put this question in the spotlight. Before 1940, the uniform
agreement as to the audit responsibility for the detection of fraud did not
exist. By 1940, with heavy influence of the McKesson & Robbins scandal
case, the responsibility for fraud detection now began to shift to
management. Auditors’ main concern was to determine the fairness of the
reported financial statements. By this time, a uniform agreement was
made that testing was the auditors’ technique, and detailed examination
was only done when deemed necessary. Of course, the strength of the
internal controls was the deciding factor on how much testing should be

The 1950’s continued to reduce the importance of fraud detection on

auditors. The belief that fraud detection was the responsibility of the
management of the company was generally held. If auditors found any
irregularities as they performed their audit, it was their obligation to bring
this to the attention of the management. Ironically, many audit techniques
of the period were specifically designed to assist in the detection of fraud.


PAGE | 6

Emphasis of the audit was placed on the determination of the truthfulness

of the financial statements. The late 1950’s and 1960’s brought more
reform and brought up the concept of reasonable assurance of financial
statements. Also, materiality of misstatements was brought to attention of
the accounting profession. The auditor was required to perform tests in
line with G.A.A.S. to detect material misstatements that would influence
the confidence of investors in a company. The general concept to start an
audit with an examination of the companies’ internal controls and the
extent of testing required was decided from the test results. The
computer had a great impact on how businesses and accounting would be
performed from the 1960’s to the present.

Technology changing the world of auditing

The evolution of computers changed auditing forever. The first electronic
computers were analog devices that began in the 1920’s and developed
through World War II. These computers were used to perform complex
mathematical computations such as integration. The 1940’s brought the
development of digital computers that used binary logic. With binary logic,
it was now possible to express exact numerical values instead of using
approximate analog quantities to approximate numerical values.

In 1958, the Institute of Chartered Accountants issued a statement

entitled Accounting by Electronic Methods. This statement referred to
E.P.D. as he method of analyzing, marshaling, recording and reporting
business information by means of equipment, the central feature of which
is an electronic digital computer. Bookkeeping for accountant has been
time consuming and in the 1950’s accountants have looked around for
new ways of processing this data. Punch card machines was the first
move but they were not fast enough for their needs, the digital computer
was the next choice for providing a faster and more detailed cost analysis.
Accountants didn’t change their ways overnight; changing over from
manual system to computers took many years.


PAGE | 7

Auditing in general was changed forever, as data once on paper was now
on magnetic tape reels and later floppy disks. The detection of fraud was
more difficult to discover when data could be easily erased or changed.
Auditing changed with the times as it always had. The discovery for new
internal controls was needed, as these controls were important to make
an audit successful and efficient. A computer system within a business
with strong internal controls made an audit easier and resulted in more
dependable financial statements. The computer of the 1970’s could
handle large amounts of data and process the information in a very short
time. Computers made accounting jobs in general easier, with the
computer handling the bookkeeping work. This freed up time so
accountants could focus on more important jobs.


PAGE | 8

An auditor in general engages in the evaluation of an organization,
system, process, project or product. Auditors’ tasks are performed to
ascertain the validity and reliability of information; also to provide an
assessment of a system's internal control. The goal of an auditor is to
express an opinion on the person/organization/system in question, under
evaluation based on work done on a test basis. Due to practical
constraints, an audit seeks to provide only reasonable assurance that the
statements are free from material error. Hence, statistical sampling is
often adopted in audits. In the case of financial audits, a set of financial
statements are said to be true and fair when they are free of material
misstatements - a concept influenced by both quantitative and qualitative

Traditionally, audits were mainly associated with gaining information

about financial systems and the financial records of a company or a
business. However, recent auditing has begun to include other information
about the system, such as information about environmental performance.
As a result, there are now professions conducting environmental audits.

An auditor also engages in an independent assessment of the fairness by

which a company's financial statements are presented by its
management. It is performed by competent, independent and objective
person(s) known as auditors or accountants, who then issue an auditor's
report based on the results of the audit. However an auditor may be a
watchdog but not a bloodhound.

The task of an auditor is to determine the quality of financial &

operational/administrative control by examining and evaluating the
records, system and procedure, operations and activities of an


PAGE | 9

organization. Financial and operational control can be easily determined

by analytical reviews, intra and inter firm comparison and comparison of
current information with anticipated results. Profit as a percentage of
sales, expenses as a percentage of sales, working capital ratio, return on
investment and important guidelines to measure a concern’s
performance. Through interpretation of significant ratios an auditor can
find firm’s strength and weaknesses and where to emphasize to detect
fraud and error.

It is not possible for an auditor to check every single thing. In such a

situation, the auditor has to evaluate the internal control system
introduced by the organization. By doing this, an auditor also become
aware of the operational control in force in an organization. For example,
if an auditor finds that the wages as a percentage of sales is far higher in
this year than last year, then he will decide to apply more substantive
tests in this regard.

Internal auditor conclude whether the resource utilization of the enterprise

is effective & efficient or not by reviewing whether the accounting records
have been properly maintained, the assets adequately safeguarded and
the procedure lay down by the management properly compiled with.
Auditors have to conduct an appraisal of the various organizational
functions and provide advice and recommendation on the activities and
operation reviewed by him.

The auditors are straightforward, honest, independent and sincere in his

approach to this professional work. Professional ethics ensure right action
on the part of the members of the profession. That is why everybody
relies on auditor’s determination on the reliability of the financial and
operational control of an enterprise.

The auditor needs to follow a certain guidelines and standards. Standard

is the means of judging the level of professional competence and the
degree of consistency attained by auditors in the performance of their
duties/functions. For this purpose, we are to study and understand


PAGE | 10

professional pronouncements on auditing which indicating the collective

view of the profession on: -

Principles and techniques of auditing and

The application of such principles and techniques to various auditing


Professional bodies of accountants of various countries have issued

pronouncements on accepted auditing practices for the guidance of their
members. Most of these pronouncements discuss various auditing
practices primarily required for the purpose of expressing an expert
opinion on financial statements. The pronouncements issued by
professional bodies attempt to codify the auditing practices expected to
be observed by the auditor when he seeks to express an opinion on
financial statement. These however, do not interfere with the auditor’s
individual judgment in selecting the procedure to be followed and in
determining the extent to which he should apply such procedures.

The analytical review steps for forming his overall conclusions about the
consistency of financial information as a whole with his knowledge of the
entity’s business and relevant economic conditions is also performed by
the auditor. For example an auditor can compare significant ratios for the
entity with those of other entities in the same industry or with the industry
average. This review may assist an auditor in identifying an unusual and
unexpected balance, which was not previously identified. Though the
procedures of analytical review have been highly commendable in the
arena of professional audit, the extent of its reliance much depend on the
substantive information that might be available from the entity, nature of
assertion the auditor might exert on the business logically and the
predictability of relationships among items of financial information (so
that any deviation there from can be taken as being indicative of potential
miss statements) and the strength of the evaluation of the internal
control. If the auditor really faces any such circumstance where the
application of analytical review may not be expected to desired results as


PAGE | 11

expected of a good audit report, there is no barrier for the auditor for an
extensive check, as he may think proper and adequate. The system of
analytical review adopted generally in combinations of other method have
in major cases yielded the desired results enabling the auditor to present
a good audit report; exhibiting a proper statement of financial information
of the entity under audit.

The auditor’s concept of internal control is fundamentally identical to the

concept of control or management control of the management theorists. It
is one of the activities or functions of management, but it is notable in its
complete dependence upon the other functions of management. This has
led some management thinkers to suggest that it should not be regarded
as a distinct function in its own right, just as others have suggested that
coordination should not be regarded as a separate function.

As we know, there can be no control unless there is a plan to be

controlled. A successful organization, which established individual
responsibilities, is likewise an essential component of control. Staffing
must also be appropriate for control to be effective. All it means is that
when the auditor reviews an enterprise’s arrangements for internal
control, the evaluation is of the management process, embracing all the
functions of management viz: planning, organizing, staffing, directing and
leading controlling and finally coordinating.

In practice an internal auditor may be restricted by the terms of reference

to conducting reviews only in certain sections of the enterprise. They may
be asked to audit only up to a certain level. Usually it is impossible for
internal audit effectively above the organizational level of the director of
internal audit. They may audit only certain operations, such as accounting
and financial.

Even if internal audit has a restricted scope but within the areas where it
does have a mandate it should be concerned with all the functions of
management (planning, organizing, staffing, directing, controlling, and
coordinating). The only exception to this is where internal audit if


PAGE | 12

restricted to checking for distributed compliance with laid down

procedures and has no role in connecting upon which procedures are the
right ones: sterile mode of internal auditing if fortunately seldom seen
now a days. So it appears that internal audit is concerned to review all the
arrangements that have been made to manage the enterprise, being
limited only by any boundary that management themselves have
prescribed defining the scope of their internal auditing department. But
within these boundaries internal audit is concerned to review all the
functions of management. Anyway the financial auditor has no limitation
like that of the internal auditor and hence, he can go for in depth auditing
as per acceptable audit practices.

The term ‘investigation’ in auditing means a systematic and in depth

examination or enquiry to establish a fact or to evaluate a specific
situation. Professional accountants are often called upon to investigate
the accounts or related records of an undertaking. Such assignments
differ substantially from a normal audit tasks. Audit aims at collection on
the financial statements or other data under examination. An
investigation, on the other hand, requires a special in depth scrutiny of
the particular records or transaction’s with the object of substantiating a
fact or happening or assessing a particular situation.

In the backdrop of the basic differences between nature and objectives of

an audit and those of an investigation, the approach to an investigation is
different from that followed in an audit. An investigation calls for a more
thorough examination of the selected areas than what is required in an
audit of the entire financial aspect of the entity under audit. This is
because the scope and objective of an audit are broad and general while
those of investigation are narrow and specific. The investigators are
concerned with a particular task in a given area but the audit cannot be
completed without examination and scrutiny of the whole area of the
entity. It will this appear that an investigation looks for substantive and in
some cases, even conclusive evidence for establishing a fact, say a
specific complain in installing a machinery, whereas, an auditor may rely


PAGE | 13

on a persuasive evidence for his circumstantial audit report. An

investigator does not accept a fact as correct until it is substantiated.
Unlike an auditor, an investigator cannot presume that in the absence of
suspicious circumstances, a figure or a stated fact is necessarily correct.

As an investigator to investigate the alleged misappropriation of closing

stock or of finished stock of the company under investigation, a
professional accountant is engaged. His objective would be to gather
substantive evidence in support of the quantitative and monetary figures
of the opening stick, production, sales and dispatches and the stock
register. For these, he would check all the related records thoroughly,
looking into every item carefully. If he uses here the statistical sampling
techniques like random sampling, he would do so merely to narrow down
his inquiry. Rather, he would scrutinizes and crosscheck the various
transactions till he is able to check precisely what he is looking for. In a
financial audit assignment on the other hand, the auditor i.e. a
professional accountant would select a representative sample from the
transactions, examine it in depth and if nothing arouses his suspicious, he
would rely on the examination and report that the accounts and the
statements represent a true and a fair view of the affairs of the
undertaking. To use the oft repeated metaphor, an auditor is a watchdog
and not a bloodhound. But the investigator shall stretch his nose for the
faintest of scents of frauds, material misstatements, material omissions
from the record and the like.

Due to the very purpose and nature of investigators, an investigator, even

though he is a professional accountant is not bound unlike an auditor, by
accounting conventions, IGAs, ISAs (International Guidelines on Auditing,
International Standard on Auditing) policies and disclosure requirements.
The exact nature and procedures to be followed in conducting an
investigation depend entirely upon the circumstances of the case, the
nature of appointment, requirement of the investigation results, etc. but
the fundamental achievements to be obtained through investigation
entirely depends on the knowledge, Intelligence Quest (IQ), honesty,


PAGE | 14

integrity and the foresightedness of the professional accountant being

appointed as such as an investigator.

Now it is clear that the importance of audit of the financial data is so vast
that it is much more important in an organization in order to run it
efficiently, effectively and in an orderly manner.

Types of Auditors Involved in the Current Day’s

There are two types of auditors who are basically involved with present
day’s auditing practices:
• Internal Auditor - Internal auditors are employees of a company
hired to assess and evaluate its system of internal control. To
maintain independence, they present their reports directly to the
Board of Directors or to Top Management. They provide functional
operation to the concern. Internal Auditors are employees of the
company so that they can easily find out the frauds.

• External Auditor – External auditors are independent staff assigned

by an auditing firm to assess and evaluate financial statements of
their clients or to perform other agreed upon evaluations. Most
external auditors are employed by accounting firms for annual
engagements. They are called upon from the outside of the

Common types of Audit in Practice

1) Single Audit

The Single Audit, is a rigorous, organization-wide audit or examination

of an entity that expends $500,000 or more of Federal funds received
for its operations. Usually performed annually, the Single Audit’s
objective is to provide assurance to the US federal government as to the
management and use of such funds by different recipients, such as


PAGE | 15

States, cities, universities, and non-profit organizations, among others. The audit is
typically performed by an independent certified public accountant (CPA) and
encompasses both financial and compliance components. The Single
Audits must be submitted to the Federal Audit Clearinghouse along with a
data collection form.

2) Clinical Audit

It is the process formally introduced in 1993 into the United Kingdom's

National Health Service (NHS), and is defined as "a quality improvement process
that seeks to improve patient care and outcomes through
systematic review of care against explicit criteria and the
implementation of change".

The key component of clinical audit is that performance is reviewed

(or audited) to ensure that what should be done is being done, and if
not it provides a framework to enable improvements to be made.

3) Computer Security Audit

A computer security audit is a manual or systematic measurable

technical assessment of a system or application. Manual
assessments include interviewing staff, performing security
vulnerability scans, reviewing application and operating system
access controls, and analyzing physical access to the systems.
Automated assessments, or CAAT's, include system generated audit
reports or using software to monitor and report changes to files and
settings on a system. Systems can include personal computers,
servers, mainframes, network routers, switches. Applications can
include Web Services, Microsoft Project Central, Oracle Database.

4) Conformity Assessment Audit


PAGE | 16

It is any activity to determine, directly or indirectly, that a process,

product, or service meets relevant standards and fulfills relevant
requirements. Conformity assessment activities may include:
 Testing
 Surveillance
 Inspection
 Auditing
 Certification
 Registration
 Accreditation

5) Environmental Audit

Environmental audits are intended to quantify environmental

performance and environmental position. In this way they perform
an analogous function to financial audits. An environmental audit
report ideally contains a statement of environmental performance
and environmental position, and may also aim to define what needs
to be done to sustain or improve on indicators of such performance
and position.

Environmental Auditors can get certified through written exam and

acceptance of the Environmental Auditor Association code of ethics.
Depending on the nature of the audit, there are several different
designations to choose from. CECAB administers these designations.

6) Financial Audit

A financial audit, or more accurately, an audit of financial

statements, is the examination by an independent third party of the
financial statements of a company or any other legal entity (including
governments), resulting in the publication of an independent opinion on
whether or not those financial statements are relevant, accurate,
complete, and fairly presented.

Financial audits are typically performed by firms of practicing

accountants due to the specialist financial reporting knowledge they


PAGE | 17

require. The financial audit is one of many assurance or attestation

functions provided by accounting and auditing firms, whereby the firm
provides an independent opinion on published information.

Many organizations separately employ or hire internal auditors, who do

not attest to financial reports but focus mainly on the internal
controls of the organization. External auditors may choose to place limited
reliance on the work of internal auditors.

7) Internal Audit

Internal auditing is a profession and activity involved in advising

organizations regarding how to better achieve their objectives.
Internal auditing involves the utilization of a systematic
methodology for analyzing business processes or organizational
problems and recommending solutions. Professionals called internal
auditors are employed by organizations to perform the internal
auditing activity. The scope of internal auditing within an
organization is broad and may involve internal control topics such as the
efficacy of operations, the reliability of financial reporting, deterring
and investigating fraud, safeguarding assets, and compliance with
laws and regulations. Internal auditing frequently involves
measuring compliance with the entity's policies and procedures.
However, internal auditors are not responsible for the execution of
company activities; they advise management and the Board of
Directors (or similar oversight body) regarding how to better
execute their responsibilities. As a result of their broad scope of
involvement, internal auditors may have a variety of higher
educational and professional backgrounds. Publicly-traded United
States corporations typically have an internal auditing department,
led by a Chief Audit Executive ("CAE") who generally reports to the
Audit Committee of the Board of Directors, with administrative reporting to the
Chief Executive Officer. The profession is unregulated, though there are a


PAGE | 18

number of international standard setting bodies, an example of

which is the Institute of Internal Auditors .

8) Performance Audit

Performance audit refers to an examination of a program, function,

operation or the management systems and procedures of a
governmental or non-profit entity to assess whether the entity is
achieving economy, efficiency and effectiveness in the employment
of available resources. The examination is objective and systematic,
generally using structured and professionally adopted

In most countries, performance audits of governmental activities are

carried out by the external audit bodies at federal or state level.
Many of these audit bodies have established guides for conducting
performance audits which explain how performance audits are
planned, conducted and its results reported.

INTOSAI, the international association of Supreme Audit Institutions,

has published generally accepted principles of performance auditing
in its implementation guidelines. In the United States, the standard
for government performance audits is the Generally Accepted
Government Auditing Standards (GAGAS), often referred to as the
"yellow book", maintained by the federal Government Accountability Office

(GAO). Similarly, the European Court of Auditors (ECA) has developed a

"performance audit manual" for its audits of the sound financial
management of the European Commission and the programs funded
through the EU budget.

Performance audits may also be conducted by Internal Auditors who

are employees of the entity being audited. However, some national
governments require agencies, departments and branches to
periodically retain outside auditors to conduct them.


PAGE | 19

In the USA, all auditors who follow GAGAS standards are required to
maintain independence, supervision, continuing professional
education, and conduct the audit using a specific process designed
to increase the quality of the audit and reduce the politicization of
audit work. Although there are separate professional credentials and
certifications for Financial Auditors, the persons that conduct
Performance Audits in the USA are often Certified Public Accountants,

Certified Internal Auditors, or have a broad background in public

policy, business or public administration.

The scope of performance audits may include the detection of fraud,

waste and abuse, although often these are not included in the
scope. Prior to engaging in a performance audit, the auditor must
have a scope and plan defined which will be used to guide the audit
process. Performance auditing differs from performance
measurement, the latter being the responsibility of management of
the entity. In addition, performance measurement may include a
broad variety of activities that do not meet the rigor of an
independent external assessment.


Today, auditors utilize sampling techniques to test certain transactions
during the performance of an audit or review, since it would be nearly
impossible and too expensive to test every single transaction. The
sampling may be aimed at the largest items or the items on the financial
statements that pose the most risk of misstatement. If material errors in
the financial statements are discovered, the auditors will direct
management to correct them.

Auditing has been the backbone of the complicated business world and
has always changed with the times. As the business world grew strong,
auditors’ roles grew more important. The auditors’ job became more
difficult as the accounting principles changed. It also became easier with


PAGE | 20

the use of internal controls, which introduced the need for testing, not a
complete audit. Scandals and stock market crashes made auditors aware
of deficiencies in auditing, and the auditing community was always quick
to fix those deficiencies. Computers played an important role of changing
the way audits were performed and also brought along some difficulties.

So how does fraud fit into the idea of material misstatements?

Misstatements can be caused by either error or fraud. Auditors have some
responsibility for the detection of both errors and frauds that are material,
but this responsibility is not absolute. Auditors give "reasonable"
assurance that material misstatements have been uncovered, but not
total assurance. Errors are much more likely to be discovered during an
audit than are fraud. Fraud schemes are crafted to purposely exploit the
accounting system and controls, and therefore it is more difficult for an
auditor to find them. Since auditors are not all-knowing beings, the
assurance that the financial statements are correct can only be
"reasonable" assurance and not total assurance.

Traditionally audits were mainly associated with gaining information about

financial systems and the financial records of a company or a business.
However, recently auditing has begun to include other information about
the system, such as information about environmental performance. As a
result there are now professions that conduct environmental audits. In financial

accounting, an audit is an independent assessment of the fairness by which a

company's financial statements are presented by its management. It is
performed by competent, independent and objective person or persons,
known as auditors or accountants, who then issue an auditor's report on the
results of the audit.

Such systems must adhere to generally accepted standards set by

governing bodies that regulate businesses. It simply provides assurance
for third parties or external users that such statements present 'fairly' a
company's financial condition and results of operations.


PAGE | 21

Auditing Rules
It’s important to understand the guidance given to auditors on the topic of
fraud. Accountants performing audits in the United States follow Generally
Accepted Auditing Standards (GAAS) in their performance of audits.
Additional guidance is provided in the Statements on Standards for
Auditing and Review Services (SSARS) and Statements on Auditing
Standards (SAS). These sets of authoritative guidance outline the
responsibilities that auditors have for finding fraud while performing
audits and reviews.

SAS number 99, "Consideration of Fraud in a Financial Statement Audit,"

became effective in late 2003. This statement directs auditors to use
professional skepticism and to consider that a fraud could have occurred
and could materially affect the financial statements. The auditors must
consider and identify the risk of fraud, and must continuously evaluate
evidence throughout the audit to determine whether or not there are any
fraud indicators.

The American Institute of Certified Public Accountants (AICPA) recently

issued SSARS number 12, "Omnibus Statement on Standards for
Accounting and Review Services." This applies to reviews, rather than
audits. Reviews provide less assurance on the financial statements, as the
review procedures are typically less thorough and less detailed than audit
procedures. This statement dictates that during a review, the auditor is
not required to assess the risk of fraud or develop plans specifically to
identify fraud.

The guidance for auditors is continuously evolving as the accounting

profession acknowledges that fraud is becoming a bigger issue for clients.
All of this alphabet soup can be boiled down to the fact that it is
management's responsibility, not the auditor's, to prevent and detect
fraud. The auditors must consider fraud throughout their procedures, but
they do not have an absolute responsibility for the detection of fraud.


PAGE | 22

The Auditing Standards

When we talk about standards it means of judging the level of
professional competence and the degree of consistency attained in the
performance of their duties/functions. For this purpose, we are to study
and understand professional pronouncements on auditing which indicate
the collective view of the profession on (a) principles and techniques of
auditing and (b) the application of such principles and techniques to
various auditing situations.

Various Professional bodies in various countries have issued

pronouncements on accepted auditing practice for the guidance of their
members. Most of these pronouncements discuss various auditing
practices primarily required for the purpose of expressing an expert
opinion on financial statements.

The pronouncements issued by professional bodies attempt to codify the

auditing practices expected to be observed by the auditor when he seeks
to express an opinion on financial statements. These however, do not
interfere with the auditor’s individual judgment in selecting the procedure
to be followed and in determining to the extent to which he should apply
such procedures.

In case a deviation is necessary in a particular situation that should be

reported in the audit report. Compliance of standard audit practices is
expected in normal circumstances. In many countries, the auditors are
specifically required to state in their audit report whether the audit was
carried out in accordance with the generally accepted auditing standards.
The institute of chartered accountants order, 1972 specifically provides
that a chartered accountant in practice shall be deemed to be guilty of
professional misconduct if he fails to invite attention to any material
departure from the generally accepted procedure of audit applicable to
the circumstances. It is thus apparent that in normal circumstances, an
auditor in Bangladesh has to follow the generally accepted procedure of
audit such as-international Auditing guidelines.


PAGE | 23

The development of a coordinated worldwide accountancy profession,

accountancy bodies of different countries established the international
federation of accountants (IFAC) in 1977. The international auditing
practices committee (IAPC) is a standing committee of the council of IFAC
and has been assigned specific reasonability and authority to issue
international guidelines on auditing and related fields. The guidelines
issued by IAPC shall. However, in no case override the local statutory
professional regulations.

The statement on standard auditing practices (SAPs) issued by the

institute of chartered Accountants of Bangladesh are generally based on
the corresponding international Auditing Guidelines. However, in
developing the SAPs, the institute also takes into consideration the
existing laws, customs, uses and business environments of Bangladesh.

The international accounting standards committee (IASC) developed by

professional bodies all over the world has been engaged in formulating
and publishing standard of financial accounting. Auditing and accounting
professions are therefore correlated, coordinated and interdependent

The institute of chartered accountant of Bangladesh (ICAB) can be briefly

classified as-

a) statements on accounting and auditing, including statements of

auditing practices(SAPs)
b) Accounting standards
c) Guidance notes on matters relating to accounting, auditing,
taxation, company law, ethics and other related matters.
d) Opinion on specific queries
e) Research studies and other miscellaneous publications

The council of the institute of chartered Accountant of Bangladesh

regularly issues statements on basic principles governing an audit. A
member of the professional body is to generally follow these guidelines


PAGE | 24

while conducting an audit. The auditor should be straightforward, honest

and sincere in his approach to his professional work.

Last but not the least, the auditor should respect the confidentiality of
information acquired in the course of his work and should not disclose any
such information to a third unless there is a legal or professional duty to

The Behavioral Aspect of Auditing

During the course of auditing there is no doubt that an important aspect
an auditor should very carefully take note of. The conflicting role inherent
in auditor’s position is principally a conflict of reporting on people to
whom an auditor apparently appears to be an adviser, guide and a
controller. The auditor should look it upon with multidimensional angles.
Generally, the auditor tries to play down formal authority although it is
known that imposed chances have a high risk of failure. Different people
of different branches of an organization will react in different ways on
being reported upon. But the auditor’s reaction will be absolutely
nonpartisan provided the report addresses issues rightly and within areas
of main values and problems. But the auditor is not received in a
negative, hostile way. There is an inherent dislike of control system which
evaluates people before they have chances of evaluating themselves.

The behavioral aspects of auditing have now become a need nowadays.

An auditor has the needs of performing his audit jobs and so does the
individual auditee for the purpose of a representative verification of the
financial state of affairs of the entity. When a need is not met, then there
is a dissatisfaction which is potentially damaging for the both. The auditor
should utilize their psychological balance in a way most suitable to his
techniques and programs. Relationship can be regarded as the other
component of the human behavior. There is a formal relationship, the
nature of which is dependent on the personal qualities of the persons
involved. There is no meaningful relationship without proper


PAGE | 25

communication. The auditor should be well aware of all these techniques

of effective communications for his success in profession.

Types of Behavioral Auditing Study

The study of heuristics and biases appears to have been of limited
relevance for behavioral auditing research for several reasons. First, the
results have failed to reveal any consistent effects attributable to
heuristics and biases. Second, only narrow ranges of auditing tasks have
been used in heuristics and biases research. Third, it's not clear that
heuristics and biases are connected to central issues in behavioral
auditing. As a psychologist looking at the field, there appear to have been
three types of behavioral auditing studies. These are as follows:

The Replication Study:

The methods and procedures are borrowed in total. The major
research question is: Will the original findings replicate with auditors
as subjects? For the most part, behavioral auditing studies of
heuristics and biases fall into this category. They offer little advance
in methodology, analysis, theory, etc., over the original Kahneman
and Tversky studies. One positive feature of replication studies is
that they have introduced many auditing investigators to behavioral
research. On the negative side, however, replication studies are
limited in two important ways. First, they investigate issues which
originate with non-auditors and may be of questionable relevance to
auditing. Second, replication studies ask auditing subjects to answer
questions which have little relationship to their professional skills
and knowledge.

The Adaptation Study:

Another type of auditing study looks at a research problem
originating from accounting and/or auditing concepts, but using
methods adapted from behavioral research approaches. The
procedures are borrowed, but the problems arise from accounting.
One example involves analysis of sunk cost effects (e.g., Arkes &


PAGE | 26

Blumer, 1985; Thaler, 1980). The topic is of direct concern in

accounting, but the methods and analyses reflect procedures used
in heuristics and biases research.

Adaptation studies are obviously an advance over replication

research, since the research problems originate from accounting.
However, behavioral methods may be insufficient to investigate
many complex auditing issues, e.g., the effects of a new auditing
policy. Instead, it may be necessary to combine behavioral and non-
behavioral methods in unique ways to investigate such issues.

The Problem-Driven Study:

The third type of project involves research designed uniquely
around the concerns of behavioral auditing. Such studies lead to
their own methods and procedures; in contrast, the first two types
of studies are largely spin-offs from behavioral research. Thus, the
methods and procedures flow from important auditing problems, not
the other way around. This type of research marks the dividing line
as far as a non-auditor is concerned – as a psychologist, I am no
longer qualified to comment on specific projects. I firmly believe,
however, that this is the direction that behavioral research in
auditing should head. In summary behavioral auditing research on
heuristics and biases falls primarily into the replication category;
such research can be viewed as a transition stage. Adaptation
studies may apply some of the methods from heuristics and biases
research to accounting problems; this is clearly an improvement
over replication research. Finally, problem-driven studies represent
the future of behavioral auditing research; it's not clear, however,
that heuristics and biases will play any role in that future.

The Management and Internal audit:

Internal auditing involves conducting a systematic examination of
the record, systems and procedures and operations of an
organization as a service to the management. Internal audit


PAGE | 27

department is an administrative unit of the management, whereas

statutory auditing is hired by the management or statutory
authorities for a counter auditor for external uses as per the
requirements of the law.

The traditional concept of internal auditing was thus primarily

concerned with questions like whether the assets of the
organization were safeguarded and properly accounted for, whether
the accounting or other records were reliable and whether the
organizational procedures and policies were complied with. With a
significant emphasis, on the detection of fraud and accuracy of
financial records, the internal auditor was perceived as a “status
Quo” oriented auditor of financial records.

The Operating Procedures are:

1. Prepare Annual Internal Audit Plan

2. Communicate Annual Internal Audit Plan
3. Conduct Internal Audit Planning and Notification
4. Perform Audit Fieldwork
5. Report Results
6. Wrap-up Audit
7. Review Final Report
8. Disseminate Report
9. Evaluate and Follow Up

1. Prepare an Annual Audit Plan:

In cooperation with the senior management, perform the


• Conduct a preliminary risk assessment session utilizing

a facilitated group interview.
• Gather top management input on the preliminary risk


PAGE | 28

• Prepare a Draft Annual Audit Plan based upon the

results of the risk assessment process.
• Obtain the formal approval of the Audit & Governance
Committee of the Board of Trustees.

The need to conduct special requested projects from the Audit &
Governance Committee and senior management may also
require the deferral of planned audits.

2. Communicate Annual Internal Audit Plan

• Distribute the Annual Audit Plan to senior management.

• Keep senior management informed of any changes to the
Annual Audit Plan.
• Ensure that appropriate senior management is informed at
least a month prior to each planned audit.
• Note that special requested projects require different
procedures involving little or no notification to involved

3. Conduct Internal Audit Planning and Notification

• Contact department management at least two weeks in

advance of scheduled audit date to discuss risk considerations
that led to the audit being on the annual plan, expected scope
of the audit, and current management concerns.
• Develop preliminary audit program outlining anticipated
scope, risk assessment, procedures and schedule.
• Schedule an Entrance Meeting with department management
and staff, and other stakeholders as appropriate, to go over


PAGE | 29

and finalize the audit program, obtain documents, schedule

interviews and communicate expected audit completion date.

4. Perform Audit Fieldwork

• Carry out fieldwork as indicated in the audit program.

• Obtain cooperation from the line management and
department staff as necessary to identify, obtain
documentation and conduct interviews, etc.
• Conduct fieldwork with minimal disruption to department
operations; for example, whenever possible, obtain
information from central sources rather than from
departmental staff or line management.

5. Report Results

• In general, share important and sensitive findings with

responsible managers immediately upon verification by the
auditor; short memo reports may be used in this process.
• Prepare a first draft final report and discuss it with responsible
managers immediately following the fieldwork.

6. Wrap-up Audit

• Schedule an Exit Meeting after responsible managers have

received the first draft report; this meeting will provide the
opportunity for responsible managers to discuss findings,
conclusions, and recommendations with the auditor.
• During or immediately after the Exit Meeting, ask responsible
managers to provide their responses to the auditor's findings
and recommendations, either in writing or in sufficient detail
for the auditors to capture them and reduce them to writing in
the final draft report.

7. Review Final Report


PAGE | 30

• Send final draft report to responsible managers and

discuss suggested changes. After processing changes, issue
the final report to the distribution indicated on the cover of
the final draft.

8. Disseminate Report

• Provide the full report to members of the Audit & Governance

Committee, the President, the CFO and the department
heads in the area being reported. Provide the Controller with
copies of any reports with financial system findings. Provide to
the Provost and Dean of each academic department when

9. Evaluate and Follow Up

• At the completion of each audit, the auditor will send an

evaluation survey form to the primary clients of the audit. This
form should be completed and returned to the Office of
Internal Audit, in order to ensure continuous improvement of
these procedures and the internal audit function.

Approximately six months following completion of each audit,

the auditor will conduct a follow-up review to verify the
completion of agreed-upon management actions and
ascertain the status of open recommendations. A follow-up
report will be generated annually for distribution to senior
management and members of the Audit & Governance

Defining the Scope of Internal audit:

The scope of internal auditing encompasses the examination and
evaluation of the adequacy and effectiveness of the organization's
system of internal control; and the quality of performance in


PAGE | 31

carrying out assigned responsibilities. Examinations and

evaluations are composed of the following types of audits:

• Reliability and Integrity of Information

• Compliance with Policies, Plans, Procedures, Laws, and
• Safeguarding of Assets
• Economical and Efficient Use of Resources
• Accomplishment of Established Objectives and Goals for
Operations or Programs

Dependability and Integrity of Information:

Internal auditors should review the reliability and integrity of
financial and operating information and the means used to identify
measure, classify, and report such information. Information systems
provide data for decision making, control, and compliance with
external requirements. Therefore, internal auditors should examine
information systems and, as appropriate, ascertain whether:

• Financial and operating records and reports contain accurate,

reliable, timely, complete, and useful information.

• Controls over record keeping and reporting are adequate and


Conformity with Policies, Plans, Procedures, Laws, and

Auditors especially internal auditors should review the systems
established to ensure compliance with those policies, plans,
procedures, laws, and regulations which could have a significant
impact on operations and reports, and should determine whether
the organization is in compliance. Management is responsible for
establishing the systems designed to ensure compliance with such


PAGE | 32

requirements as policies, plans, procedures, and applicable laws and

regulations. Internal auditors are responsible for determining
whether the systems are adequate and effective and whether the
activities audited are complying with the appropriate requirements.

1. Safeguarding of Assets:

Internal auditors should review the means of safeguarding assets

and, as appropriate, verify the existence of such assets. Internal
auditors should review the means used to safeguard assets from
various types of losses such as those resulting from theft, fire,
improper or illegal activities, and exposure to elements. Internal
auditors, when verifying the existence of assets, should use
appropriate audit procedures.

2. Economical and Efficient Use of Resources:

Internal auditors also should appraise the economy and efficiency

with which resources are employed. Management is responsible
for setting operating standards to measure an activity's
economical and efficient use of resources. Internal auditors are
responsible for determining whether:

 Operating standards have been established for

measuring economy and efficiency.
 Established operating standards are understood and are
being met.
 Deviations from operating standards are identified,
analyzed, and communicated to those responsible for
corrective action.
 Corrective action has been taken.

3. Audits related to the economical and efficient

use of resources should identify
such conditions as:

• Under-utilized facilities.


PAGE | 33

• Nonproductive work.
• Procedures which are not cost justified.
• Overstaffing or understaffing.

4. Accomplishment of Established Objectives and Goals

for Operations or Programs

Management is responsible for establishing operating or

program objectives and goals, developing and implementing
control procedures, and accomplishing desired operating or
program results. Internal auditors should ascertain whether such
objectives and goals conform to those of the organization and
whether they are being met. The term "operations" refers to the
recurring activities of an organization directed toward producing
a product or rendering a service. Such activities may include,
but are not limited to, marketing, sales, production, purchasing,
human resources, finance and accounting, and governmental
assistance. An operation's results may be measured against
established objectives and goals which may include budgets,
time or production schedules, and/or operating plans. The term
"programs" refers to special purpose activities of an
organization. Such activities include but are not limited to the
raising of capital, sale of a facility, fund-raising campaigns, new
product or service introduction campaigns, capital expenditures,
and special purpose government grants. Special purpose
activities may be short-term or long-term, spanning several
years. When a program is completed, it generally ceases to
exist. Program results may be measured against established
program objectives and goals. Management is responsible for
establishing criteria to determine if objectives and goals have
been accomplished. Internal auditors should ascertain whether
criteria have been established. If so, internal auditors should use
such criteria for evaluation if they are considered adequate. If
management has not established criteria, or if the established


PAGE | 34

criteria, in the internal auditors' opinion, are less than adequate,

internal auditors should report such conditions to the
appropriate levels of management. Additionally, internal
auditors may recommend appropriate courses of action
depending on the circumstances. Internal auditors may
recommend alternative sources of criteria to management, such
• Acceptable industry standards.
• Standards developed by professions or associations.
• Standards in law and government regulations.

With adequate criteria are not established by management,

internal auditors may still formulate criteria they believe to be
adequate in order to perform an audit, form an opinion, and
issue a report on the accomplishment of established objectives
and goals. The internal auditors' evaluation of the
accomplishment of established objectives and goals may be
carried out with respect to an entire operation or program or
only a portion of it. The objectives and goals established by
management for a proposed, new, or existing operation or
program are adequate and have been effectively articulated and

 The operation or program achieves its desired

level of interim or final results.
 The factors which inhibit satisfactory performance
are identified, evaluated, and controlled in an
appropriate manner.
 Management has considered alternatives for
directing an operation or program which may yield more
effective and efficient results.
 An operation or program complements duplicates,
overlaps, or conflicts with other operations or programs.
 Controls for measuring and reporting the
accomplishment of objectives and goals are established
and are adequate.


PAGE | 35

 An operation or program is in compliance with

policies, plans, procedures, laws, and regulations.

Internal auditors should communicate the audit results to the

appropriate levels of management. The report should state the
criteria established by management and employed by internal
auditors and disclose the nonexistence or inadequacy of any
needed criteria. Internal auditors can provide assistance to
managers who are developing objectives, goals, and systems by
determining whether the underlying assumptions are
appropriate; whether accurate, current, and relevant information
is being used; and whether suitable controls have been
incorporated into the operations or programs.



The professionalism of an auditor is of utmost significance in the light of

the powers he exercises while scrutinizing the financial state of affairs of
an entity. He can go for in-depth auditing in any case he deems fit. But at
the same time, none would like that he would be arrogant, unscrupulous
and unreasonable while conducting an audit. So has been there provided
regulatory restrictions as to what he should do and what not.

In 1973 the institute of chartered account order aims at regulating the

profession of financial auditors of Bangladesh. Similarly, chartered
accountants act, 1949 regulates the Indian professional accountants.
Similar, regulatory laws exist in all the industrially developed nations. All
persons passing certain specified qualifications or those having passed
the examinations and completed the training prescribed by the institute of
chartered Accountants, can become its members. There are two
categories of members of Bangladesh institute of chartered accountants


PAGE | 36

(ICAB) associates and fellows. A person becomes an associate member of

the institute as soon as his name is entered in the membership register.
These entities he /she to write ACA after his/her name. An associate in
continuous practice in Bangladesh for at least five years and any other
associate who has been a member of the institute, can be enrolled as a
fellow of the institute and is entitles to use the words FCA after his/her

According to the ICAB order, 1973 clearly defines the ethical standard of a
member of the institutes. Any contravention of the prescribed ethical
standard will invoke the penal measures for such a breach as laid down in
the statue. There have been provided different penal measures for
different types of professional misconduct. Membership of the institute is
not mandatory but for doing practice as a professional accountant,
membership is obligatory. Someone getting into a substantive cadre job
may not be forced to become a member of the institute. All these are
about the institutional methods.

The IFAC considers the following to the fundamental principles by which

an accountant should be governed in the conduct of his professional
relation with others.

• Integrity: An accountant should be straightforward, honest

and sincere in his approach to his professional work.

• Objectivity: An accountant should be fair and should not

allow prejudice or bias to override his objectivity. While on
financial statements which come under his review, he should
maintain an impartial attitude.

• Independence: When in public practice, an accountant

should behold and appear to be free of any interest which
might be regarded, whatever be it actual effects, as being
incompatible with integrity and objectivity.


PAGE | 37

• Confidentiality: An accountant should respect the

confidentiality of information’s required in the course of his
work and should not disclose any such information to a third
party without a specific authority or unless there is a legal or
professional compulsion to disclose. The breach would charge
him for guilty of misfeasance.

• Technical standard: An accountant should carry out his

professional work in accordance with the technical and
professional standard relevant to that work.

• Professional competence: He should have duty to maintain

his level of competence through his professional career. He
should only undertake works which he or his firm can expect
to compete with professional competence and within
reasonable time. Last but not the least, an accountant should
conduct himself and refrain from any conduct which might
bring discredit to the profession.

In fine the practice of professional ethics is largely a matter of conscience

and the determination of the members to distinguish between what is
wrong and what is right. It thus involves a high civic sense.


The Committee of Sponsoring Organizations (COSO) of the National
Commission on Fraudulent Financial Reporting (also known as the Tread
way Commission), in 1992, published a document called Internal Control
Integrated Framework, which defined internal control as a process,
effected by an entity's board of directors, management and other
personnel, designed to provide reasonable assurance regarding the
achievement of objectives in three categories:


PAGE | 38

1. Effectiveness and efficiency of operations.

2. Reliability of financial reporting.
3. Compliance with applicable laws and regulations.

Internal control can be judged as effective in each of these categories if

the board of directors and management have reasonable assurance that:

1. They understand the extent to which the entity’s operations

objectives are being achieved.
2. Published financial statements are being prepared reliably.
3. Applicable laws and regulations are being complied with.

The COSO Framework consists of five interrelated components as follows:

Control environment:

Sometimes referred to as the tone at the top of the organization,

meaning the integrity, ethical values, and competence of the
entity's people; management's philosophy and operating style; the
way management assigns authority and responsibility and organizes
and develops its people; and the attention and direction provided by
the board of directors. It is the foundation for all other components
of internal control, providing discipline and structure.

Risk assessment:

The identification and analysis of relevant risks to achieve the

objectives that form the basis to determine how risks should be
managed. This component should address the risks, both internal
and external, that must be assessed. Before conducting a risk
assessment, objectives must be set and linked at different levels.

Control activities:

Policies and procedures that help ensure that management

directives are carried out. Control activities occur throughout the


PAGE | 39

organization at all levels in all functions. These include activities

such as approvals, authorizations, verifications, reconciliations,
reviews of operating performance, security of assets, and
segregation of duties.

Information and communication:

Addresses the need in the organization to identify, capture, and

communicate information to the right people to enable them to
carry out their responsibilities. Information systems within the
organization are key to this element of internal control. Internal
information, as well as external events, activities, and conditions
must be communicated to enable management to make informed
business decisions and for external reporting purposes.


The internal control system must be monitored by management and

others in the organization. This is the framework element that is
associated with the internal audit function in the organization, as
well as other means of monitoring such as general management
activities and supervisory activities. It is important that internal
control deficiencies be reported upstream, and that serious
deficiencies are reported to top management and the board of

These five components are linked together, thus forming an integrated

system that can react dynamically to changing conditions. The internal
control system is intertwined with the organizations operating activities,
and is most effective when controls are built into the organizations
infrastructure, becoming part of the very essence of the organization.


PAGE | 40

Significant Conditions in Internal Control:

A small number of familiar internal control conditions are described as

• Compensating Controls: Some organizations are not able to

implement basic controls such as segregation of duties by virtue of
their size. It is vital that management institute compensating
controls to disguise for the lack of a basic control in these cases, or
if a straightforward control is not capable to function for some
period of time.
• Material Drawback: Defined in the auditing journalism as a
reportable circumstance in which the outline or operation of one or
more of the internal control mechanism does not reduce to a
relatively low level. The risk that misstatements caused by errors or
fraud in amounts that would be material in relation to the financial
statements being audited may occur and not be detected within a
timely period by employee in the normal course of performing their
assigned duties.
• Reportable Prerequisite: Has the same meaning as the term
substantial insufficiency. These two terms are used to define a
substantial insufficiency in the design or operation of internal
control. These could adversely influence a company's ability to
record, process, summarize, and report financial data consistent
with the affirmation of management in the company's financial
statements. A material weakness could constitute an aggregation of
significant deficiencies.

Limitation of Internal Control

Internal control cannot ensure success, or even survival. An effective
system is not a guarantee that the organization will be successful; such is
important as an internal control structure is to an organization. An
effective internal control structure will keep the right people informed


PAGE | 41

about the organization's progress (or lack of progress) in achieving its

objectives, but it cannot turn a poor manager into a good one.

Internal control is not a solution to management and the board about the
organization's accomplishment of its objectives. Due to limitations
inherent in all internal control systems, it can only provide reasonable
assurance. For instance, due to simple error or mistake; breakdowns in
the internal control structure can occur, faulty judgments that could be
made at any level of management as well. Controls can be inserted by
collusion or by management override. Lastly, there must be a cost-benefit
analysis in the design of the system, meaning that the design of the
internal control system is a function of the resources available.

Roles and Responsibilities:

Everyone in the organization has some role to play in the organization’s
internal control system.

• Chief executive officer (CEO): Aside from setting the tone

at the top, much of the day-to-day operation of the control system is
delegated to other senior managers in the company, under the
leadership of the CEO. The CEO has ultimate responsibility and
ownership of the internal control system. The individual in this role
sets the tone at the top that affects the integrity and ethics and
other factors that create the positive control environment needed
for the internal control system to thrive.
• Chief financial officer (CFO): The audit committee should
use interactions with the CFO, and others, as a basis for their
comfort level on the internal control over financial reporting. Much
of the internal control structure flows through the accounting and
finance area of the organization under the leadership of the CFO. In
particular, controls over financial reporting fall within the domain of
the chief financial officer.


PAGE | 42

This is not done on purpose to propose that the CFO must provide
the audit committee with a level of reassurance regarding the
system of internal control over financial reporting. Rather, through
interactions with the CFO and others, the audit committee should
get a gut feeling about the completeness, accuracy, validity, and
maintenance of the system of internal control over financial

• Controller/director of accounting or finance: The

controller must demonstrate respect for the system though his or
her actions. Much of the basics of the control system come under
the domain of this position. It is a key that the controller
understands the need for the internal control system, is committed
to the system, and communicates the importance of the system to
all people in the accounting organization.
• Internal audit: Each organization should assess the need for
this team, and employ one as necessary. A main role for the internal
audit team is to evaluate the effectiveness of the internal control
system and contribute to its ongoing effectiveness. With the internal
audit team reporting directly to the audit committee of the board of
directors and/or the most senior levels of management, it is often
this function that plays a significant role in monitoring the internal
control system. It is important to note that many not-for-profits are
not large enough to employ an internal audit team.
• Board of director/audit committee: The audit committee
is the board's first line of defense with respect to the system of
internal control over financial reporting. A strong, active board is
necessary. This is particularly important when the organization is
controlled by an executive or management team with tight reins
over the organization and the people within the organization. The
board should recognize that its scope of oversight of the internal
control system applies to all the three major areas of control: over


PAGE | 43

operations, over compliance with laws and regulations, and over

financial reporting.
• All other personnel: Employees throughout the organization
should understand their role in internal control and the importance
of supporting the system through their own actions and encouraging
respect for the system by their colleagues throughout the
organization. The internal control system is only as effective as the
employees throughout the organization that must comply with it.

Compensating Controls:
The audit committee should be tuned-in to the tone-at-the-top of the
organization as a first indicator of the functioning of the internal control
system. It is important to realize that both the design and compliance with
the internal control system is important.

In addition, audit committees should realize that the system of internal

control should be scaled to the organization. Some organizations will be so
small, for example, that they will not be able to have appropriate
segregation of duties. The message here is that the lack of segregation of
duties is not automatically a material weakness, or even a reportable
condition, depending on the compensating controls that are in place.

In this case, it is one and the same person, so the implication is that there
are no checks and balances on the accounts payable person, who could
be writing checks to a personal account, then passing on them during the
bank reconciliation process (that is, there is no one to raise the red flag
that personal checks are being written on the company account). For
example, suppose an organization's accounting department is so small
that it is not possible to segregate duties between the person who does
the accounts payable and the person who reconciles the bank statements.
Compensating controls could make up for this apparent breach in the
internal control system. Here are some examples of compensating
controls in this situation:


PAGE | 44

• All checks are hand signed by an officer of the company, rather than
using a signature plate that is in the control of the person that
prepared the checks.
• The bank reconciliation may be reviewed by the person’s manager.
• A periodic report of all checks that are cleared at the bank could be
prepared by the bank and forwarded to an officer of the company
for review.
Audit committees should be aware of situations like this and be prepared
to ask questions and evaluate the answers when an obvious breach in
internal control is surfaced.

Management Override of Controls

Another area that an audit committee needs to focus on is the ability of
management to override internal controls over financial reporting to
perpetrate a fraud. Examples of techniques used by management in
overriding internal controls over the financial reporting function include:

• Back dating or forward dating documents to a different period.

• Making adjusting entries during the financial reporting closing
• Reclassifying items improperly between the statement of activity
and the statement of financial condition.

Some of these override techniques were used in some of the recent

scandals and have gained considerable notoriety.

Questions about management override, and the controls over

management override, as well as audit steps to detect if a management
override has occurred, should be addressed to the CEO, CFO, and
independent auditor during the respective executive sessions with the
audit committee as noted elsewhere in this toolkit. An audit committee
has the responsibility to help prevent or deter a management override of
controls. It is important for the audit committee to understand that there


PAGE | 45

is a system to uncover an override, as well as follow-up to determine its


This instrument was projected to provide a summary of what is meant by

internal control. The concepts are not complex, but sometimes the
application of internal control can be a challenge in an organization,
depending on its size and culture. However, it is vitally important to
design the system of internal control to achieve the objectives of

a) Effectiveness and efficiency of operations

b) Reliability of financial reporting
c) Compliance with applicable laws and regulations.


Writing the Audit Report:

This is the official record of what auditor has done, which can be returned
to in future years. A copy of his presentation slides is not likely to contain
enough detail for people to see exactly how the project was carried out, in
order to duplicate it in other areas or for a re-audit. Presentation is also
unlikely to include the action taken / to be taken as a result of the audit.
One should be prepared to write up a report for each proven Audit project.


Clinical Audit reports should include:

1. Front page:

o Name of the organization and name of division/specialty

o Project title


PAGE | 46

o Project lead/s (and name of the person who wrote the report,
if different)

o Date of report

2. Table of contents:

Recommended if report runs to more than eight pages

3. Executive summary:

It is good practice to begin a report with an executive summary (or

‘abstract’). This should be a short paragraph (certainly no more than
10% of the total length of the report) that encapsulates the main
thrust of the report. Identify the issue, state the key findings,
conclusions and what course of action is recommended. This will
help people identify whether they need to read the full report, and
will be a Useful précis for busy managers. You may (instead of or in
addition to an executive summary) want to produce a one A4 page
summary of the report for this purpose, especially if the report is
very long.

4. Background:

This is essentially narration, clarifying why the audit was done. For
example, was the project prompted by an identified local problem or
concern? The background should explain the rationale for doing the
audit, i.e. why this topic is a priority for quality improvement.
Summarize the evidence base for the audit topic, giving full
references at the end (see point 12). If you convened a team to
undertake this audit, this is a good point to say how this was
organized and who was involved.

5. Objectives:

These explain what the project is trying to achieve and should have
been identified at the start.


PAGE | 47

6. Standards:

Assuming an auditor is measuring against standards, guidelines or

benchmarks of some sort, you need to state what these are (using
the criteria/target/exception format, as detailed in ‘How to set audit
objectives and standards’) and where they come from (the source
and strength of evidence). State if the intention was to set
standards at the end of the project and if so, which aspects of care
those standards pertain to.

7. Methodology:

State the chosen population for this study (e.g. “patients referred to
the one-stop breast clinic for suspected cancer”) and then go on to
say how one has selected the sample for the audit, specifying
whether a retrospective or prospective methodology was used (e.g.
for a prospective audit, “the first 100 patients referred to the clinic
starting from 1/10/04”, or for a retrospective audit, “all patients
seen at the

8. Results:

State how many subjects (e.g. patients) were included in the audit.
This is the initial ‘n’ number. If the data is incomplete, explain why,
e.g. auditor might not be able to find every set of patient notes. How
one has analyzed the data depends upon the question. Ensure to
include the number and percentage of cases meeting each
standard, making it clear what number are taken into consideration
into Percentage of ‘n’ number may change at different points of the
report, e.g. 45/50 (90%). To use a statistical test (e.g. Chi Square) to
analyze data, state clearly what the test is and whether the results
are statistically significant. Data may be presented as tables or as a
chart. Be selective in use of charts – only illustrate the key findings
in this way so as not to overburden readers. Use the most
appropriate chart for each piece of data, e.g. pie charts to show


PAGE | 48

proportions, or bar charts for easy comparison between different

areas or standards. Quote both raw figures & percentages in the
chart where possible. Where one can only have one or the other, pie
charts should have the raw figures as a label by each segment,
rather than percentages, as this chart is designed to visually show
proportions (percentages). Charts showing only percentages should
be accompanied by a table showing the raw figures – these will be
needed when it comes to re-auditing and comparing results.
Individual healthcare staff should not be identifiable in the report -
audit should not be used as a ‘witch hunt’. If, for example, you are
comparing the results of three consultant firms, you could call them
A, B and C. Have the decoder handy though - clinicians may wish to
identify themselves! Patients should also not be identified, for
confidentiality reasons.

9. Conclusions:

List the key points that flow from your results - use bullet points and
avoid long paragraphs. Ensure that the conclusions are supported
by the data, or if the data points to no firm conclusions, say so -
don’t make claims that are not supported by the evidence. Make
objective, factual statements, not subjective ones, i.e. don’t say “it
is obvious that…” or “clearly, what is happening is…”

10. Recommendations:

Where appropriate, recommendations for change should be made.

Make sure these are realistic and achievable. If you need money to
implement recommendations, have you got access to any suitable

11. Action Plan:

When your report is presented (e.g. at an audit meeting), your

recommendations will either be accepted or revised. Once this has
been done, an action plan should be agreed (preferably at that


PAGE | 49

meeting) saying what changes will be implemented, who will be

responsible for carrying them out and when this will be done.
Include this either in the body of the report, or if the report is
already written, as an addendum to the full report. If appropriate
(i.e. changes are to be made), set a date for a re-audit to complete
the audit cycle.

12. References:

The full references of the evidence base referred to in the

background. Try to be consistent in the way reference – if one is
hoping to get the project published, some journals are quite
particular about how references are listed. Give the names and
initials of all authors followed by the title of the article, the title of
the journal, the year of publication, the volume number and the first
and last page numbers. References to books should give the names
of any editors, place of publication, publisher and year.

13. Appendices:

Include a copy of the pro-forma/questionnaire that auditor used for

data collection.

Practices of Auditing in Bangladesh

Auditing a systematic process of objectively, obtaining and evaluating
evidence, regarding assertions about economic actions and events to
ascertain the degree of correspondence between these assertions and
established criteria. It is an independent examination of financial
statements or related financial information of an entity. The results of the
examination are finally expressed in the form of a specific opinion
communicated to the relevant parties. Auditing of financial statements of
companies registered under the company’s act 1994 is compulsory in
Bangladesh. According to Sec 213(3), the auditor is to make a report to be
presented in the annual general meeting of the company on accounts
examined by him.


PAGE | 50

Before acceptance of the International Standards of Auditing (ISA) by the

Institute of Chartered Accountants of Bangladesh (ICAB), detection of
errors and frauds, and prevention of errors and frauds were the two
important objectives of auditing in Bangladesh. At present, Bangladesh
follows ISA guidelines in auditing. Auditing practices are regulated by the
Companies Act 1994, the Banking Companies Act 1991, the Insurance Act
1938, the Securities and Exchange Commission Act 1993, the Securities
and Exchange Rules 1987, the Foreign Donations Regulation Rules 1978,
and the Co-operative Societies Ordinance 1984.

According to the Companies Act 1994, accounts of companies registered

under this act must be audited by chartered accountants within the
regulations of the Bangladesh Chartered Accountants Order 1973.
Similarly, all books of accounts maintained by a NON-GOVERNMENT ORGANIZATION

receiving foreign donations shall be audited by a chartered accountant as

defined in the same Order. The accounts of every co-operative society are
to be audited at least once in every co-operative year. The audit is to be
conducted by the Registrar, or by an audit officer authorized by him, and
by such date as may be prescribed. Accounts of enterprises under sector
corporations are audited at three levels - corporations' internal audit
departments, independent professional audit firms, and the Comptroller
and Auditor General (C&AG) of Bangladesh. Internal audit, sometimes
similar to an investigation, and often termed as management audit, is
conducted by the employees of a corporation on special issues. The
purpose of this audit is to check whether the corporation's rules and
regulations are being properly followed at the time of execution of any
policy. Independent professional audit is conducted by chartered
accountants to pass opinion about the financial statements annually. The
C&AG has the obligation to conduct a government commercial audit
where there is any government interest in the form of ownership, or
investments, or where the government provides help in the form of


PAGE | 51

The Constitution of Bangladesh empowers the C&AG of Bangladesh to

conduct an audit of the accounts of the Republic and report to the jatiya

sangsad (parliament) on the findings. The public accounts of the Republic

and of all courts of law, authorities and officers of the government are
audited and reported on by the Auditor General. For that purpose he or
any person authorized by him has access to all records, books, vouchers,
documents, cash, stamps, securities, stores or other government property
in the possession of any person in the service of the Republic. In the
exercise of his functions, the C&AG are not subject to the direction or
control of any other person or authority. Having derived his authority from
the Constitution, he with the assistance of nine Directors General placed
under him, conducts audit of all government departments, agencies,
public sector corporations and public companies having fifty percent or
more government owned shares.

The purpose of government audit is to ensure transparency and

accountability in the use of resources in all types of government
management. The objectives of audit work includes verification of the
statements of accounts and statement of income and expenditure to
determine whether these are prepared truly and correctly; examination of
the adequacy of the audited body's financial management systems and
internal control framework; making sure that sufficient arrangements
have been made to achieve economy, efficiency and effectiveness in the
utilization of the entity's resources; examination of the trading,
manufacturing, profit and loss accounts and balance sheets and other
subsidiary books of accounts with regard to state-owned commercial
organizations; and undertaking special studies where necessary to
determine if environmental legislation and procedures are being strictly

The audit directorates and training academy placed under C&AG are
Commercial Audit; Local Audit; Works Audit; Foreign Aided Project Audit;
Civil Audit; railway Audit; Post, Telephone and Telegraph Audit; Defense


PAGE | 52

Audit; Mission Audit; and Financial Management Academy (FIMA). Each of

the Directorates mentioned above has its own functional set up headed by
a Director General.

Commercial Audit Directorate:

The Commercial Audit Directorate was set-up in 1956 by the government

of Pakistan to undertake audit in state-owned commercial organizations.
Following the independence of Bangladesh, the role of the department of
commercial audit expanded because of the nationalization of industries,
banks etc. At present, all autonomous and semi-autonomous public
enterprises, government-owned commercial bodies, including nationalized
banks and public enterprises, having minimum 50% government share are
audited by the directorate.

Local and Revenue Audit Directorate:

The Director General, Local and Revenue Audit (DG, L&RA), conducts
audit in two important fields covering about 12,000 government
units/individual offices in a wide range of areas. These are the
government offices (other than Post, T&T, Works, Roads & Highways,
Railways, Public Health Engineering and Defense directorates; hospitals;
educational institutions; sports and cultural bodies) and autonomous and
local bodies (city corporations, municipalities, universities, port authorities
and other autonomous bodies).

Directorate of Works Audit:

The present office of the Directorate of Works Audit was established with
effect from 18 May 1964 under the name Director of Audit and Accounts
Works and WAPDA, East Pakistan, Dacca. After liberation, it was renamed
as Accountant General Works & WAPDA, Bangladesh, DHAKA and entrusted
with the accounting and auditing function of the works expenditure and
auditing the accounts of Bangladesh WAPDA. Following


PAGE | 53

departmentalization of government accounts, the present office of the

Directorate of Works was established in 1985.

Foreign Aided Projects Audit Directorate:

Different foreign countries and donor agencies provide grants and loans
for different development projects in the form of investment or technical
assistance. The Director General, Foreign Aided Projects Audit, is
responsible for auditing all projects implemented with funding by foreign aid.

The main responsibilities of this Audit Directorate are to carry out audits in
all donor funded development projects to prevent error and fraud, to
ensure accuracy and completeness of accounting records and examine
the adequacy of rules and regulation; to prepare the annual audit report
and submit the same to C&AG for placement before the parliament; to
conduct audits of all Accounts and Financial Statements of donor fund in
accordance with the agreement between the government and donors; to
express an opinion as to whether the financial statements of the donor
funded projects presented are consistent with international standards on
auditing, whether the accounts prepared are in accordance with accepted
principles and whether they present fairly the results of the operation of
the project. In terms of IDA and ADB loans, a separate opinion needs to be
furnished for the statement of expenditure.

Civil Audit:

Following the departmentalization of government accounts, the Civil Audit

Directorate was established in 1985 to strengthen the capability of the
C&AG in discharging his duties. This directorate carries out audits in the
following accounts offices: office of the Controller General of Accounts,
Chief Account’s offices, Regional Accounts offices, District Accounts offices
and Upazila Accounts offices.


PAGE | 54

Railway Audit Directorate:

The present office of the DG Railway Audit, headed by a Chief Auditor, and
located at the Central Railway Building (CRB) CHITTAGONG, was established in
1950. This office was entrusted with the audit responsibility of the Eastern
Bengal Railway and Pakistan Eastern Railway from 1950 to 1961 and from
1961 to 1971 respectively. Following the liberation of Bangladesh in 1971,
all audit functions of Bangladesh Railway were conducted by this office
which was renamed as the office of the DG Railway Audit in 1995. The
office has 208 personnel including one director, two deputy directors, and
14 audit and accounts officers working in the regional and divisional
offices throughout Bangladesh.

Auditing types, systems and procedures

Three main types of audit are the regularity or compliance audit, financial
statements audit and performance audit (value for money audit). The
regulatory audit is very traditional and it examines receipts and
expenditures and the financial systems and transactions of the audited
organization to see whether it has complied with relevant rules,
regulations, laws, procedures, orders etc. A financial statement audit is
the examination of the financial statements of an audited body to express
an opinion on whether they truly present the expenditures and receipts in
the case of the accounts prepared. It includes the audit of the
appropriation and finance accounts of the government and of the
government owned commercial enterprises. The performance audits
examine an organization’s programs, activities, functions or management
systems and procedures to assess whether the organization has achieved
economy, efficiency, and effectiveness in the utilization of its resources.
Bangladesh recently adopted programs to conduct performance audits on
different issues in some organizations.

The auditing system adopted in all audit directorates is very similar. There
are, of course, slight variations depending on the nature and scope of the


PAGE | 55

audited organization. Each audit directorate prepares a year-wise audit

plan at the beginning of the financial year and on the basis of the budget
and risk involved with the organizations under audit. Some organizations
are audited every year; some once in every two years and some are once
in every three years or more. The director general is entrusted with audit
planning and a director and deputy directors help him in the planning
exercise. Each audit team has, in general, two/three members assigned
with fixed man-days based on risk and volume of work of the concerned

The DG Audit instructs the audit team as to what percentage of

transactions will be subject to audit. The general points taken into
consideration in audit planning are volume of transactions of the auditable
unit, number of vouchers, and nature of expenditure. Prior to the start of
an audit in any organization, the audit team needs to be familiar with the
nature, activities and objectives of the organization as well as with the
annual report and past audit report including the budget book prepared
on the organization.

The audit team gives notice to the audited body well in advance letting
them know the exact date of commencing audit and the records required
to be examined. Procedures followed in carrying out an audit of any office
include initial discussion with the head of the audited body, collection of
all the records and information needed for auditing, examination of the
records, checking the facts, collection of sufficient evidence in support of
his statement, discussions with relevant people, coming to a conclusion
and preparation of the report.

The audit team follows the guidelines mentioned in the Audit Code and
Manual and Government Auditing Standards. In some cases, the team
follows the special instructions given by the Audit Directorate. In course of
the audit work, all queries raised by the auditor are to be clarified by the
audited organization and are to be substantiated by proper supporting
documents. Queries not met with valid documents are included in the


PAGE | 56

Inspection Report. On completion of each audit, the audit team discusses

the audit report with the head of the audited organization and obtains his
opinion on it. Then an Inspection Report is issued to him. The Audit
Report, along with the working papers and an observation summary sheet
is submitted to the Deputy Director Audit for review, after which the entire
report and the audit file, with his comments on it, are submitted to the
Director/Director General for final review and approval.

Paragraphs of serious irregularities known as Advance Clauses are

communicated, after proper scrutiny, to the concerned management,
including the Principal Accounting Officer (Secretary) of the concerned
ministry. The Audi tees are given five weeks time to give explanations on
irregularities. One reminder is issued, allowing an additional two-week
time in case the explanations are not satisfactory, or if there is no
response at all. A DO (Demi-official) letter/Management letter for such
clauses is written to the Principal Accounting Officer giving four-week
time. If the reply is not satisfactory or there is no reply at all, the report is
finalized (as draft clauses) and sent to the C&AG for his approval and for
inclusion in the audit report within thirteen days.

Serious financial irregularities along with audit comments are incorporated

in the Annual Audit Report, after they have been approved by the C&AG.
The Audit Report is then submitted to the President of the Republic by the
C&AG to be laid before Parliament. The reports placed before the
Parliament is discussed by the Public Accounts Committee (PAC) and
Public Undertaking Committee (PUC). PAC deals with Audit Reports and
related issues, whereas PUC attends to issues relating to efficiency and
effectiveness of commercially run government organizations.


PAGE | 57

In today’s world; auditing has become an incorporated segment of the
association. All association wants auditing not only for avoidance and
recognition of fake but in addition for organizational effectiveness.
Auditing plays an essential part to appropriately finish the accounting
records and timely preparation of the consistent financial information.
Internal audit moreover helps organization to defend the property and
maintaining the arranged and effectively accomplish of the business
including adherences to the management policies. The manner of auditing
is becoming easier day by day because of using computer aided audit.
The computer aided audit tools and technique software is simplifying and
automating the audit process. The auditor is now able to find any kind of
fraud or material misstatement through the use of CAATTs software.
Government audit also helps the government to find whether the
resources are use effectively and efficiently. They evaluate the data and
directly report to the Comptroller and Audit general of Bangladesh. Also
to guard the shareholder, creditor and supplier from any kind of fraud,
every corporation must verify their financial report by an external auditor.
The external auditor must be an independent man also has to be a
member of the ICAB in Bangladesh.

In modern business advancement audit is one of the core factor to be

considered. Because auditing provides support to the whole organization
in such a way that it serves both the external and internal users. For
internal users it provides information to manager to make judgment and
for external user it provides guarantee that the financial report is all right
and out of any kind of material misstatement.


PAGE | 58


o Lee, T. A., The Evolution of Audit Thought and Practice(New York:


Publishing, Inc., 1988), p. 3, 5, 6

o Staub, Walter A., Auditing Developments During the Present


Harvard University Press, 1942), p.15, 17, 26, 29

o Carmichael, D.R. & Willingham, John J., Perspectives in Auditing(New

York: McGraw-

Hill Book Company, 1979), p.8, 10, 55

o Pinkney, A., An Audit Approach to Computers(London: The Institute

of Chartered

Accountants Press, 1966), p.11

o McRae, T. W., The Impact of Computers on Accounting(New York:

John Wiley & Sons,

1964), p.38, 50, 182


PAGE | 59

o Needleman, T., Micro-Computers for Accountants(New Jersey:

Prentice-Hall, Inc.,

1983), p.3, 7


PAGE | 60