1 Distinguish between Government audit and Specific audit.

Explain types of Government and Specific Audit?

Answer: Government Audit may be discussed under following three heads:

1. Audit of Government Departments: Audit of Government departments and undertaking not
registered under Companies Act, 1956 are governed by Article 149 of the Constitution. The
Article read as follows:
a) “The Comptroller and Auditor General shall perform such duties and exercise such powers in
relation to the accounts of the union and of the states and of any other authority or body as
prescribed by or under any Law and by Parliament”.
b) The Comptroller and Auditor General of India (CAG) is a constitutional authority. The reports
of CAG relating to accounts of the government are submitted to the president of India or
Government of State. The President or Governor ensures that ultimately, it is being placed
before both Houses of Parliament or State Legislature.
2. Audit of Statutory Corporations: A statutory corporation is set up by a special act approved
by both Houses of Parliament. In most cases, the act itself requires the CAG to audit the accounts
of the corporation but sometimes accounts are also being audited by independent Chartered
Accountants or Firms of Chartered Accountants. Life Insurance Corporation, State Bank of India,
Food Corporation of India is some of such examples.
3. Audit of Government Companies: According to Section 617 of the Companies Act, 1956, a
Government company is one in which at least 51% of the paid up share capital is held (a) by the
Central Governments; or (b) by the Central or State Government along with one or more
government companies or corporations owned or controlled by the Central Government. A
Subsidiary of a government company shall also be deemed to be a Government Company.

A specific audit is one which is limited in its scope in terms of coverage of areas, events, or
period. Generally, the objectives of specific audit are being set before the audit start. The
objectives are also very specific like detection of a suspected fraud, ascertainment of profits for
declaration of interim dividend etc.
Let us discuss the different types of specific audit.
Interim audit
An interim audit is conducted in between two annual audits. The objective is to ascertain and
declare interim figures, for some specific purpose like declaration of interim dividend. Interim
audit helps in early completion of annual audit. However, it is expensive, because it involves
additional work on the part of company’s staff as well as auditor.
Tax audit
The Income Tax Act has made tax audit compulsory for specified persons under section 44AB of
the Income Tax Act, 1961. The Assessing Officer has the power to instruct the assessee to get his
accounts audited by an accountant nominated by the Commissioner of Income Tax. This
provision seeks to ensure that the books of account and other records of the assessees are
properly maintained and that the revenue authorities are provided with audited financial
statements along with the data and information relevant for assessment. Tax Audit may be
defined as the verification of the financial records to ascertain the correctness of the taxable
profits as per the provisions of the Income Tax Act.
Secretarial audit
Secretarial audit may be called as legal audit. A company registered under the Companies Act,
1956 has to comply with various provisions of the Act. A company secretary ensures that the
workings of the company are in accordance with the provisions of the Act and other applicable
law. The Companies Act has made Secretarial Audit mandatory for companies having paid up
share capital of rupees two crores or more by a whole time secretary. The whole time secretary
should be a member of the Institute of Company Secretaries of India.
Cost audit
According to Smith and Day, cost audit means ‘the detailed checking of the costing system,
techniques and accounts to verify their correctness and to ensure adherence to the objective of
cost accounting.‟ In short we can say that cost audit is the verification of the correctness of cost
accounts based on cost accounting principles.
Management audit
Management Audit is a total audit of every area of operation of organization with a view to
identifying the inefficiencies and/or ineffectiveness of the management and setting of criteria
for efficiency.
Proprietary audit
Proprietary audit can be defined as “an examination of decision from the view point of its
reasonableness or appropriateness.‟ Proprietary audit is generally related to the government
audit. As we have discussed earlier CAG is the final authority which conducts governments audit
in India. The CAG is expected to examine proprietary of expenditure and has to ensure that
money spent is properly incurred and properly utilized. The main objective of proprietary audit
is to ensure that there is no leakage of revenue or wastage of public funds by mistake or fraud.
Audit-in-depth
Audit in depth is a technique of checking, where a selected number of transactions, are
subjected to a detailed, step-by-step verification.
Social audit
The social audit is also called social responsibility audit. A business organization exists in
society. Hence, it owes certain responsibilities toward society at large.

2 Write the similarity and dissimilarity of Internal and External Audit? Explain the
Cooperation between external and internal auditor.
Similarity and Dissimilarity of Internal and External Audit
Co-operation between external and internal Auditor

Answer: Points of similarities

Internal audit and external audits are similar in following ways:
1. Both are concerned with evaluation of internal control system.
2. Both are concerned with adequacy and correctness of accounting entries.
3. Both are concerned with verification of assets and liabilities.
4. Both are similar in their approaches of auditing like test checking application of statistical
tools, observations, enquiries etc.

Points of dissimilarities
External and internal audits differ in the following respects:
1. Mandatory: In most of cases, enterprises are under compulsion of law to appoint an external
auditor. However, internal audit is not mandatory expect for those companies where Companies
(Auditor’s Report) Order, 2003 is applicable.
2. Independent: The external auditor is independent of the organization which appoints him.
On the other hand, internal auditor is generally an employee of the organization or an outside
audit firm appointed especially for the purpose. So, independence of internal auditor is assured
in most cases.
3. Scope: The scope of an external audit is determined by Law as applicable to organization and
cannot be modified or restricted. Whereas the scope of internal audit is determined by the
management and may be expanded or restricted depending on the needs and objectives of the
organization.
4. Responsibility: The responsibility of external auditor is very wide and covers almost all
stakeholders of the company. However, the internal auditor, who is an employee of the
company, is only responsible to the management.
5. Power: The external auditor being appointed by law has statutory powers to conduct audit.
He has very wide powers compare to internal auditor. The power of internal auditor comes
from the views of management. In many companies, internal auditor also has very wide power
and he reports directly to audit committee of the company.
6. Submission of Reports: External auditor submits his report to the owners or shareholders.
But an internal auditor submits his report to management.
7. Periodicity: External audit may be conducted on an annual or on a periodical basis. But
internal auditor reviews the operations of a company continuously i.e. throughout the year.

Co-operation between external auditor and internal auditor

In spite of the various dissimilarities mentioned above, there are ample scope of a gainful
cooperation and coordination between external auditor and internal auditor. Due to his
professional standing, the external auditor acquires a wide area of experiences, whereas
internal auditor has an in depth experience of the organization. If they work in tandem, the
quality of audit will improve tremendously. Unnecessary duplications of work can also be
avoided by proper audit plan. The work load of external auditor can be reduced significantly as
we know that inherent objectives and approaches of both the audit are same.

3 The audit firm follows certain policies and procedures. Explain the quality control
policies adopted by an audit firm.

Answer: 1. The audit firm should implement quality control policies and procedures designed
to ensure that all audits are conducted in accordance with the standards on auditing.
2. The objectives of the quality control policies to be adopted by an audit firm will ordinarily
incorporate the following:
a) Professional requirements: Personnel in the firm are to adhere to the principles of
independence, integrity, objectivity, confidentiality and professional behavior.
b) Skills and competence: The firm is to be staffed by personnel who have attained and
maintain the technical standards and professional competence required to enable them
to fulfil their responsibilities with due care.
c) Assignment: Audit work is to be assigned to personnel who have the degree of
technical training and proficiency required in the circumstances.
d) Delegation: There is to be sufficient direction, supervision and review of work at all
levels to provide reasonable assurance that the work performed meets appropriate
standards of quality.
e) Consultation: Whenever necessary, consultation within or outside the firm is to occur
with those who have appropriate expertise.
f) Monitoring: The continued adequacy and operational effectiveness of quality control
policies and procedures is to be monitored.
3. The firm’s general quality control policies and procedures should be communicated to its
personnel in a manner that provides reasonable assurance that the policies and procedures are
understood and implemented.
4. The auditor should implement those quality control procedures which are, in the context of
the policies and procedures of the firm, appropriate to the individual audit.
5. The auditor, and assistants with supervisory responsibilities, will consider the professional
competence of assistants performing work delegated to them when deciding the extent of
direction, supervision and review, appropriate for each assistant.
6. Any delegation of work to assistants would be in a manner that provides reasonable
assurance that such work will be performed with due care by persons having the degree of
professional competence required in the circumstances.
7. Assistants to whom work is delegated need appropriate direction. Direction involves
informing assistants of their responsibilities and the objectives of the procedures they are to
perform. It also involves informing of matters, such as the nature of the entity’s business and
possible accounting or auditing problems that may affect the nature, timing and extent of audit
procedures with which they are involved.
8. Audit programme is an important tool for the communications of audit directions. Time
budgets and the overall audit plans also helpful in communicating audit directions.
9. Supervision is closely related to both direction and reviews and may involve elements of both.
10. Personnel carrying out supervisory responsibilities
11. The work performed by each assistant needs to be reviewed by personnel of at least equal
competence
12. The following need to be reviewed on a timely basis:
a) Overall audit plan and the audit programme;
b) Assessment of inherent and control risks including the results of tests of control and the
modifications, if any, made to the overall audit plan and the audit programme as a result of tests
of control;
c) Documentation of the audit evidence obtained from substantive procedures and the
conclusion drawn there from, including the results of consultations; and
d) Financial statements, proposed adjustments in financial statements arising out of the
auditor’s examination, and the auditors’ proposed observations/report.

4 Explain the basic principles of governing internal control

Answer: Following are given, in a summarized form, some of the important basic principles
governing internal control:
1. A proper system, preferably in writing, must be implemented in the entity, in such a way
that origination, recording and accounting of business transactions take place in a
standardized way.
2. The authorities and responsibilities of every official should prefix and must be in
writing.
3. Accounting entries should not be allowed without a supporting document.
4. A standard system of internal check should be established in such a way that no person
alone handles a transaction completely from beginning to end and the work of every
person is in the ordinary course checked by another person in the same or another
department.
5. Responsibility for the custody and control of assets should be segregated from the
responsibility of accounting for the assets. In other words, persons having the custody
or control of assets and those responsible for the accounting in respect of them should
not be same.
6. The internal control system should be in consonance with the organizations structure.
As far as possible controls should be in built in the operating functions. For example, the
establishment of a separate credit control department would not be justified if the
objective of reducing credit risk and minimizing debt recovery period could be
metthrough controls in built in the accounting and sales system especially in smaller
and medium sized concerns.
7. Every internal controls should be established after a cost and benefit analysis.
8. Books of accounts should be maintained up to date.
9. The entity must have a system of rotation of duties among employee. Employees should
be encouraged to take permissible leave. This is more applicable to those employees
who are custodian of assets like cashier who deals in receipts and payment of cash.
10. The system should have inbuilt verification system from independent records. For
example verification of Bank balances from bank statement, comparison of purchase
ledger account with supplier statement etc.
11. The system should facilitate the surprise physical verification of assets with the records.
For example, Surprise cash verification can be conducted by the officials, other than
accounts department. Surprise inventory can be verified by officials from accounts
department etc.
12. A reliable and accurate management information system (MIS) should be in place to
support the internal control system, so that immediate corrective actions can be taken if
needed.
5 Discuss the specific problems of Electronic Data Processing (EDP) relating to internal
control.
Explanation of all problems of EDP

Answer: In an EDP system, the following problems arise in the implementation of internal
control:
(a) Separation of duties: In a manual system, separate individuals are responsible for
initiating transactions, recording transactions, and custody of assets. As a basic control,
separation of duties prevents or detects errors and irregularities. In a computer system,
however, the traditional notion of separation of duties does not always apply.
(b) Delegation of authority and responsibility: A clear line of authority and responsibility
is an essential control in both manual and computer systems. In a computer system,
however, delegating authority and responsibility in an unambiguous way may be
difficult because some resources are shared among multiple users. For example, one of
the objectives of using a database management system is to provide multiple users with
access to the same data, thereby reducing the control problems that arise with
maintaining redundant data. When multiples users have access to the same data and
integrity of the data is somehow violated, it is not always easy to trace who is
responsible for corrupting the data and who is responsible for identifying and correcting
the error. Some organizations have attempted to overcome these problems by
designating a single user as the owner of data. This user assumes ultimate responsibility
for the integrity of the data.
(c) Competent and trustworthy personnel: The technology of data processing is now
exceedingly complex much more complex than in the days of manual systems. Highly
skilled personnel are needed to develop, modify, maintain and operate today’s computer
systems. Thus, the existence of competent and trustworthy personnel becomes even
more important when computer systems are used to process an organization’s data,
since a relatively small number of individuals assume major responsibility for the
integrity of the data.
(d) System of authorizations: Management issues two types of authorizations to execute
transactions. General authorizations establish policies for the organization to follow. For
example, a fixed price list is issued for personnel to use when products are sold.
Specificauthorizations apply to individual transactions: for example, acquisitions of
major capital assets may have to be approved by the board of directors. In a manual
system, auditors evaluate the adequacy of procedures for authorization by examining
the work of employees. In a computer system, authorization procedures often are
embedded within a computer program. For example, the order entry module in a sales
system may determine the price to be charged to a customer. Thus, when evaluating the
adequacy of authorization procedures, auditors have to examine not only the work of
employees but also the veracity of program processing.
(e) Adequate documents and records: In a manual system, adequatedocuments and
records are necessary to provide an audit trail of activities within the system. In
computer systems, documents may not be used to support the initiation, execution and
recording of some transactions. For example, in an online order entry system customers
orders received by telephone may be entered directly into the system. Similarly, some
transactions may be activated automatically by a computer system: for example, an
inventory replenishment program may initiate purchase orders when stock levels fall
below a set amount. Thus, no visible audit or management trail may be available to trace
the transaction.
(f) Physical control over assets and records: Physical control over access to assets and
records is critical in both manual systems and computer systems. Computer systems
 differ from manual systems, however, in the way they concentrate the data processing
assets andrecords of an organization.
(g) Adequate management supervision: In a manual system, management supervision of
employee activities is relatively straight forward because managers and employees are
often at the same physical location. In computer systems, however, data
communications may be used to enable employees to be closer to the customers they
service. Thus, supervision of employees may have to be carried out remotely.
Supervisory controls must be built into the computer system to compensate for the
controls that usually can be exercised through observation and inquiry.
(h) Comparing recorded accountability with assets: Periodically, data and the assets that
the data purports to represent should be compared to determine whether
incompleteness or inaccuracies in the data exist or shortages in the assets have
occurred. In a manual system, independent staff prepares the basic data used for
comparison purposes. In a computer system, however, programs are used to prepare
this data.

6 Explain the factors for having the effective internal control system for a bank.
Explanation of various aspects of having the effective internal control system

Answer: The basic components of an effective internal control system of a bank are discussed
as below:
1. Control Environment: This is the underlying foundation for the success of all the other
elements of the internal control. As per Auditing and Assurance Standard 6 issued by
ICAI (AAS6), the control environment means the overall attitude, awareness and actions
of directors and management regarding the internal control system and its importance
in the entity. The control environment has an effect on the effectiveness of the specific
control procedures and provides the background against which other controls are
operated.
2. Risk Recognition and Assessment: An effective internal control system requires that
all material risks, internal and external, controllableand uncontrollable, that could affect
the achievement of the bank’sobjectives, are recognized and continually assessed.
Management must identify, measure and analyze the various kind of risks faced by the
bank at all levels including credit risk, country and transfer risk, market risk, interest
rate risk, liquidity risk, operational risk, legal risk, reputation risk etc. This risk
assessment process helps the management to be aware of the risks faced by the bank
and determine the internal controls required to manage these risks. Risks are not static
phenomenon and keep on changing with time and circumstances.
3. Control Activities: Control activities are the policies and procedure that ensure that
bank personnel are following the management directives for achieving the bank’s
objectives. Control activities are basic tools through which management ensures that its
internal control objectives are realized by controlling the risks assessed as above. As per
AAS 6, internal control system includes control procedures which are the policies and
procedures in addition to the control environment which management has established
to achieve the entity’s specific objectives.
4. Segregation and Rotation of Duties: This is the primary control activity to ensure that
frauds and errors are prevented or detected, as the casemay be, in a timely manner.
Segregation and rotation of duties reduces a person’s opportunity to commit fraud and
ensure detection of errors and mistakes. For example the official at the cash counter
should not be responsible for maintaining records about cash receipts and payment.
5. Authorization of Transactions: Banks usually follow a system of approvals and
authorization to execute specified kind of transactions in accordance with prescribed
conditions. Authorization may be general and applicable to all transactions or specified
 for a single transaction. Thus it is necessary to ensure that the authorizations are made
by persons acting within their scope of authority.
6. Accountability for a Safeguarding of Assets: The accountability and safeguarding of
assets can be ensured by maintaining adequate records and limiting access. Access to
assets should be limited to authorized personnel and there should be documentation for
any access or use. Access is not limited to physical access but also includes indirect
access by way of preparing documents for their acquisition or disposal.
7. Accounting, Information and Communication Systems: An effective internal control
system requires that there are adequate and comprehensive internal financial,
operational and compliance data, as well as external market information about events
and conditions that are relevant to decision making information should be reliable
timely accessible and provided in a consistent format.
8. Monitoring Activities: The overall effectiveness of the bank’s internal controls should
be monitored on an ongoing basis. Management should ensure that the internal control
systems are functioning properly and are suitable in light of changing circumstances.
This assessment should be an ongoing basis to institute preventive and corrective
measures in a timely manner. Monitoring can be done both internally and externally.