6.

THE AUDIT CYCLE

6.1 Introduction
6.1.1 Every audit assignment must be properly planned. The auditor has a Efficient and
professional duty to undertake each audit in a manner that ensures reliable effective
and meaningful conclusions, which in turn lead to practical and useful audit collection of
recommendations. The auditor must therefore collect appropriate and evidence
sufficient evidence to arrive at such conclusions and recommendations. The depends on a
efficient and effective collection of evidence depends on a clear audit plan. clear audit plan
This audit plan should include a well-developed audit programme.
6.1.2 The audit plan should include:
a) A clear statement of the audit objective(s);
b) Statement of the magnitude of operations (expenditures, revenues,
assets, personnel) and for an attest audit, the significant line items and
accounts in the financial statements and significant financial statement
assertions;
c) Summary of significant issues and results of an initial risk assessment;
d) Proposed audit scope, including:
- Type(s) of audit activity (attest, compliance, effectiveness of internal
controls, safeguarding of assets, fraud investigation, value-for-money,
IT systems, or some combination thereof);
- locations to be visited;
- functions, activities, systems and procedures to be examined;
- aspects of performance to be covered;
- audit methods and tests; and
- samples selected or methods of selecting samples.

e) Budget and schedule;

f) Audit steps; and
g) Assigned audit responsibilities.

6.1.3 DAGP audit teams should plan to perform audits that encompass both DAGP audit teams
financial attest and compliance components. These two audit components should plan audits
have much in common. Each requires the auditor to: that encompass
both financial attest
a) Understand the audit entity; and compliance
b) Conduct a risk assessment; components.
c) Define audit objectives and scope;
d) Develop an audit programme
e) Test the controls;
f) Determine sample size (for statistical or non-statistical);
g) Conduct substantive tests;
h) Report; and

Audit Manual – Chapter 6 6-1

 i) Follow up.
6.1.4 The audit cycle for an individual audit involves planning the audit,
conducting the work, evaluating the results of the work, reporting the
results of the work, and following up to see what the entity has done as a
result of the work. (Sometimes the follow up is conducted as the first phase
of the next audit of the entity, where the auditor determines what changes
have occurred since the previous audit).

6.1.5 This Chapter describes the audit cycle for an individual audit performed in
accordance with DAGP’s auditing standards. This Chapter also summarises
the work that is performed at each phase of the cycle. This material is
expanded upon in subsequent Chapters of this Manual.

6.1.6 The audit cycle is shown in Figure 6.1. It contains six basic phases:
a) General audit planning;
b) Detailed activity and resource planning;
c) Fieldwork;
d) Evaluation;
e) Reporting; and
f) Follow-up.

6.1.7 These phases are discussed in more detail below.

6.1.8 Because many financial statement audits are performed every year, much of
the general and detailed planning for these audit activities will be limited to
updating the planning decisions made in the previous year to reflect
changes to the entity or desired changes to the audit approach. There will
rarely be a need to start from scratch.

6.1.9 Changes to the audit approach will normally have been identified at the end
of the previous year’s audit. The auditors will have identified significant
issues that need to be revisited in the next audit, as well as areas requiring
less audit effort, such as where the internal controls were found to be
strong, allowing more reliance to be placed upon them. At that time, the
auditors would have assessed the overall efficiency and effectiveness of
their audit, and identified possible ways in which the efficiency and
effectiveness could be improved. This process could include analysing the
feedback obtained from entity officials, the PAC, and the media.

6.1.10 Audit management (providing advice, supervising, reviewing, approving,

etc.) is not listed as a separate step in the audit cycle. This is because these
activities need to occur throughout each phase of the process.

6.1.11 Creating good relations with entity officials is key to achieving an effective
and efficient audit. The progress and outcomes of an audit will be enhanced
if the audit team can obtain the cooperation of management and foster
confidence by maintaining a fully professional approach during the course
of the audit.

6-2 Audit Manual – Chapter 6

6.1.12 It is important for the auditor to avoid creating an adversarial relationship
with entity officials. To facilitate good relations the auditor should:
a) Be fully aware of all other audit activities being undertaken;
b) Plan to minimise impact on the audit entity; and
c) Ensure that all discussions with entity officials take place at an appropriate
and reasonable level, and at an appropriate and reasonable time.

Figure 6.1: Audit Cycle for Individual Audits

Establish audit objectives and scopes

Understand the entity's business

A
U Assess materiality, planned precision,
D and audit risk
I
T
Understand the entity's internal control structure

P
L
A Determine components
N
N
I Determine financial audit and compliance with authority objectives and
N error/irregularity conditions
G

Assess inherent and control risk

Determine mix of tests of internal control, analytical procedures and

substantive tests of details

Develop audit programmes

ACTIVITY AND
RESOURCE
PLANNING
Establish resource requirements and timing

FIELDWORK Execute audit programmes

EVALUATION Conclude on results of work

REPORTING Issue reports

FOLLOW UP Follow up matters in reports

Audit Manual – Chapter 6 6-3

 6.2 General audit planning
6.2.1 The general audit planning phase is where most key planning decisions are
made. It involves:
Step 1 Establish audit objectives and scope;
Step 2 Understand the entity’s business;
Step 3 Assess materiality, planned precision and audit risk;
Step 4 Understand the entity’s internal control structure;
Step 5 Determine components;
Step 6 Determine financial audit and compliance with authority objectives, and
error/irregularity conditions;
Step 7 Assessment inherent risk and control risk; and
Step 8 Determine mix of tests of internal control, analytical procedures and
substantive tests of details.

6.2.2 These steps are introduced below, and are discussed in more detail in the
next Chapter.

Step 1 – Establish overall audit objectives and scope

6.2.3 The audit objective should be a clear statement of what the auditor intends
The audit objective
to examine and what is to be achieved by the audit. There should be clear
should be a clear
audit objectives for every assertion, for each financial statement component
statement of what
and for each audit area to be examined.
the auditor intends
to examine and
6.2.4 One or more audit objectives should be defined for each component of a
what is to be financial audit and for each line of inquiry. The audit objective is a
achieved byshould
Objectives the statement of what is to be achieved by the audit.
audit.
be defined for each
component. 6.2.5 The audit scope is a statement of what areas will be looked at, what work
must be done and what will not be done and the methodology to be used to
Audit scope is a achieve the audit objectives(s).
statement of what
areas will be looked 6.2.6 The auditor should update the audit plan to reflect the mix of financial
at, what work must certification and control and compliance objectives established for the
be done and the current year.
methodology.
6.2.7 The scope of the audit will reflect the audit entity. For audits that are
required under Section 7 of the Auditor-General Ordinance, the entity to be
audited will be defined by the applicable accounting policies of the
government. For example, for an audit of the financial statements of the
Federation, the entity to be audited would be all of the ministries,
departments, agencies, etc. that the accounting policies require to be
included in the financial statements of the Federation.

6-4 Audit Manual – Chapter 6

Step 2 – Understand entity’s business

6.2.8 The auditor should assemble and review material that will enable the team
to gain a sufficient knowledge of the business to assess materiality,
determine components, identify error conditions, etc.

Step 3 – Assess materiality, planned precision, and audit risk

Materiality, planned precision and audit risk are key concepts when conducting an
Materiality,
audit that will result in the Auditor-General expressing an opinion on the financial
planned
statements of an audit entity. The opinion paragraph of a standard unqualified
precision and
auditor’s report commences, “In my opinion, these financial statements properly
audit risk are
present, in all material respects, the financial position of [the entity] …”
key concepts
6.2.9 Materiality. When the Auditor-General states that the financial statements when
The auditor
“properly present, in all material respects”, he/she is stating that the must determine
financial statements are not materially misstated. An error (or the sum of what amount is
the errors) is material if the error (or the sum of the errors) is big enough to considered
influence the users of the financial statements. Therefore the auditor must material.
determine what amount is considered material.

6.2.10 Planned precision. Planned precision is the auditor’s planned allowance for
further possible errors. To determine it, the auditor first estimates the most
likely error that will exist in the financial statements as a whole. This
estimate is referred to as the “expected aggregate error.” The auditor then
subtracts the expected aggregate error from the materiality amount to arrive
at planned precision.

6.2.11 Audit risk. The opinion paragraph of the standard unqualified auditor’s
report begins “In my opinion …” This means that the auditor is not stating
that he/she is absolutely certain that the financial statements “properly
present in all material respects” (i.e., are not materially misstated). Rather,
the auditor is stating that he/she has some degree of assurance that is less
than 100% that the financial statements are not materially misstated. GAAS
refers to this degree of assurance as “reasonable assurance”.

The auditor should determine what level of confidence is required. If the auditor
wants to be 95% confident that the financial statements are not materially
misstated, this means that the auditor is prepared to take a 5% risk that he/she will
fail to detect errors summing to more than the materiality amount. Audit risk in this
case is therefore 5%.

Using a 5% audit risk and a Rs. 3,000,000 materiality amount, when the auditor
states, “In my opinion, these financial statements present fairly, in all material
respects …”, the auditor is stating, “I have 95% assurance that the financial
statements are not misstated by more than Rs. 3,000,000”.

Step 4 – Understand entity’s internal control structure

Audit Manual – Chapter 6 6-5

The auditor GAAS require the auditor to have an up-to-date understanding of the entity’s
must have an internal control structure.
understanding
of the entity’s The required level of understanding depends on the extent to which the auditor
internal control intends to rely on the internal controls to reduce his/her substantive tests. Even
structure. when no reliance is intended, some knowledge is still required.

Step 5 – Determine components

Auditors normally do not plan audits for the financial statements as a whole.
Rather, they divide the financial statements into parts and plan each part separately.

For an audit of financial statements, the most logical way of dividing up the
financial statements is to consider each line item in the financial statements to be a
separate component.

Sometimes the financial statements include several different groupings of the same
total amount. For example, expenditures may be grouped by:

a) The ministries, departments, agencies, etc. making up the reporting entity;

b) Appropriation account;
c) Economic function (general public services, defence affairs and services,
etc.); and/or
d) Object element (payroll expenditures, operating expenditures, civil works,
etc.).

The auditor normally selects the grouping that makes it the easiest to plan, perform
and evaluate the audit work.

6.2.12 If the financial statements group the expenditures by object element, the
auditor might then plan the audit of each object element to obtain the
desired assurance that errors in each object element do not sum to more
than the materiality amount.

Step 6 – Determine financial audit and compliance with authority objectives,

and error/irregularity conditions

Having divided the audit into components, the auditor needs to define attest and
compliance objectives, as applicable, and define what is considered to be an error
or irregularity.

6.2.13 Specific financial audit objectives. For a financial statement audit, a

component is considered to be in error if:

6-6 Audit Manual – Chapter 6

 a) It is not valid (the asset or liability does not exist or the revenue or
expenditure has not occurred) – the existence objective; or
b) The statement of the asset, liability, revenue or expenditure is not complete
– the completeness objective; or
c) The asset is not owned by the entity, or the liability is not owed by the
entity – the regularity objective; or
d) The asset or liability is not properly valued or is misclassified, or the
revenue or expenditure is not properly measured or is misclassified - the
valuation or measurement objective; or
e) The financial statement presentation is not proper – the presentation
objective.

6.2.14 Related compliance with authority objectives. Section 3.4 of DAGP’s

auditing standards states, “In conducting regularity (financial) audits, a
test should be made of compliance with applicable laws and regulations.”

To comply with this standard, the auditor should test for compliance with those
laws and regulations that are related to the audit of the financial statements.

The following compliance with authority objectives are considered to be

applicable:

6.2.15 Spend:
a) The services were performed or the goods received;
b) The expenditure was consistent with the nature of the appropriation to
which it was charged;
c) The expenditure is in accordance with applicable legislation and the rules
and regulations issued by such legislation; and
d) The expenditure does not result in the total approved expenditure being
exceeded.
6.2.16 Borrow:

The amount and debt terms (period, interest rates, repayment schedule, etc.) are
in accordance with applicable legislation, and related rules and regulations.

6.2.17 Raise revenue:

a) The cash received was for an approved tax or other approved source;
b) The cash received is in accordance with applicable legislation and
associated rules and regulations.

6.2.18 Error conditions. The last part to this step is to consider error conditions.
The idea here is to consider possible ways in which an asset, liability,
revenue or expenditure might not be valid, complete, compliant with
applicable authorities etc. Put another way, the idea is to think of possible
ways in which a monetary error can occur in the financial statements and
the ways in which monetary amounts may not be in accordance with
applicable authorities.

Audit Manual – Chapter 6 6-7

For example, to apply the validity and measurement objectives to the component
“payroll expenditures”, the auditor should consider how payroll expenditures might
not be complete.

6.2.19 There are many possible reasons why payroll expenditures might not be
valid or properly measured. However the chance of some of them occurring
might be negligible. Similarly, the maximum possible error that could result
from some of them might be insignificant. The idea is to identify the errors
that have a real chance of occurring, and that could be relatively large in
relation to the materiality amount.

6.2.20 For the validity and measurement objectives, the auditor may identify four
error conditions, as follows:

a) Services paid for are not performed;

b) Employees are being paid more or less than they should be paid;
c) Payroll expenditures are being charged to an incorrect account or
appropriation; and
d) The amounts in the payroll register are not included in the financial
statements at the correct amount.

In addition, the auditor might also identify the following compliance with authority
matters:

a) the work being performed was not properly approved; and

b) the payments were not properly approved.

The auditor should then develop audit procedures to determine whether any of the
possible errors or deviations have occurred.

Step 7 – Assess inherent risk and control risk

6.2.21 Inherent risk. Inherent risk is the chance of material error occurring in the
first place assuming that there are no internal controls in place. “Material
error” may be a single error or the sum of multiple smaller errors.

Inherent risk is assessed at this stage as it determines how much testing of internal
controls and substantive testing (analytical procedures and substantive tests of
details) the auditor needs to perform in total to achieve his/her desired level of
reasonable assurance (95% in our illustration).

6.2.22 Control risk. Control risk is the chance that the entity’s internal controls
will not prevent or detect material error. Again, “material error” may be one
error or the sum of multiple smaller errors.

Control risk is assessed at this stage as it determines the amount of assurance that
the auditor can obtain from his/her tests of internal control.

6-8 Audit Manual – Chapter 6

Step 8 – Determine mix of tests of internal control, analytical procedures and
substantive tests of details

The auditor needs to select a combination of tests of internal control, analytical

procedures and substantive tests of details that, in total, will provide the desired
level of assurance that payroll expenditures are not incomplete by an amount
greater than the materiality amount.

The auditor can obtain this assurance in a number of ways, for example by:

a) reviewing the internal controls that the entity has in place to ensure the
completeness of, using our payroll example, payroll expenditures, and then
performing tests of internal control to ensure that the controls are
functioning properly;
b) performing such analytical procedures as comparing the payroll
expenditures by month to each other and to the equivalent amounts in the
previous year; and/or
c) selecting a sample of payroll transactions and performing various
substantive tests of details on those transactions.

6.2.23 These methods can be used in different combinations. For example:

a) Place a lot of reliance on the internal controls. Under this option, the auditor
would perform a lot of tests of internal control, supplemented by only
limited analytical procedures, and select a very small sample of payroll
transactions for substantive tests of details; or,
b) Place very little reliance on the internal controls. Under this option, the
auditor would do fewer tests of internal control than in the first option, but
would perform more rigorous analytical procedures and/or select a larger
sample of payroll transactions for substantive tests of details.

6.2.24 When deciding which combination to use, the auditor should consider
several factors, including the cost of each combination in terms of audit
resources.

6.3 Activity and Resource Planning

This phase primarily involves taking the decisions made during the general
planning phase and using them to build the audit programmes that will be used
during the fieldwork phase. It also involves establishing budgets, staffing
requirements, the timing of the audit work, and the information to be obtained from
the entity.

These steps are introduced below, and are discussed in more detail later.

Develop audit programmes

The audit programmes provide the auditor with a list of all the procedures to
perform.

Audit Manual – Chapter 6 6-9

The auditor can use the error conditions identified during the general planning
phase, or a previous audit programme for the entity, as a starting point for the
development of the audit programmes.

The auditor should also determine what information the entity management are
required to make available for the audit work.

Establish resource requirements and timing considerations

6.3.1 For each audit determine:

a) the number of auditors with required level of seniority and skill sets;
b) related out-of-pocket expense budgets; and,
c) timing of the work.

The resource requirements are based on the audit programmes. Resource

allocations from previous audits of the entity may provide a helpful starting point.

Fieldwork

6.3.2 During the fieldwork phase, the auditors complete the procedures that are
contained in the audit programmes. The required evidence is gathered, and
the work performed is documented in the appropriate working paper files.

Chapter 8 contains detailed guidance on this phase of the audit cycle.

Evaluation

During the evaluation phase, the results of the audit are summarised and
conclusions are reached.

The auditor first concludes on the results of each test. The auditor then reaches a
conclusion on each component. Finally, the auditor reaches a conclusion on the
financial statements as a whole, and/or identifies specific irregularities and general
systemic weaknesses based on compliance with authority tests.

Chapter 9 contains detailed guidance on this phase of the audit cycle.

Reporting

6.3.3 The reporting phase involves performing some final clearance procedures
and issuing an audit certificate (opinion) on the financial statements. In this
certificate, the auditor expresses an opinion as to whether:

a) the financial statements properly present in all material respects, the

government’s financial position, the results of its operations, its cash flows
and its expenditure and receipts by appropriation; and,

b) the sums expended have been applied, in all material respects, for the
purposes authorised by Parliament, and have, in all material respects, been
booked to the relevant grants and appropriations.

6-10 Audit Manual – Chapter 6

Often, the reporting phase also involves issuing other reports dealing with internal
controls, compliance with authorities, and performance matters that were identified
as part of a financial audit, or in separate audits. These matters can be reported in a
management report or in one of the Auditor-General’s reports to Parliament and the
Public Accounts Committee.

Chapter 10 contains detailed guidance on this phase of the audit cycle.

Follow up

The follow-up phase involves returning to the entity at a later date to determine if
entity management has:

a) Corrected errors identified during the audit; and

b) Implemented recommendations made by the auditors or by the Public
Accounts Committee.

6.3.4 Chapter 11 contains detailed guidance on this phase of the audit cycle.

6.4 Roles and Responsibilities

General Roles and Responsibilities

The general planning phase is where most of the key planning decisions are made. Key planning
Many of these decisions have a significant impact on the nature, extent and timing decisions impact
of the work that is performed during the fieldwork phase. Because of this, general the nature,
planning decisions should be made by the more senior and experienced members of extent and
the audit directorate. timing of the

Similarly, conclusions reached during the evaluation phase may have a significant
impact on the type of audit report that is issued. The more senior and experienced
members of the audit directorate also need to be directly involved in the evaluation
process, and in the finalisation of the report.

6.4.1 It is not possible to lay down specific roles and responsibilities for all
audits. Each audit is different – some are quite complex and difficult to plan
and perform; others are relatively small and straightforward. In addition,
there may be differences in the knowledge of the entity and audit skills
possessed by different staff members within each directorate.

To encourage consistency, Figure 6.2 contains a chart that shows the suggested
roles and responsibilities of individuals at each level, for the general tasks to be
performed during the audit.

Centrally Led Audits

Audit Manual – Chapter 6 6-11

6.4.2 These are audits where a central team is responsible for the overall
planning, performance, evaluation, reporting and follow up. An example of
such an audit is the annual audit of the financial statements of the
Federation.
With a centrally led audit, there will be a division of responsibilities between the
central team and each directorate. For example, for the annual audit of the financial
statements of the Federation, the central team is responsible for:
a) Setting the basic planning parameters (materiality, planned
precision, audit risk, components, etc.);
b) Setting inherent risk, control risk, other substantive procedures risk
and substantive test of details risk for each component and each specific
financial audit objective and compliance with authority objective and error
condition;
c) Determining the optimum mix of tests of internal control, analytical
procedures and substantive tests of details for each component and for each
specific financial audit objective and related compliance with authority
objective and error condition;
d) Drafting the audit programmes, forms and checklists to be used by
the audit teams performing the work;
e) Performing the overall error evaluation; and
f) Reporting the results of the audit.

6.4.3 The auditors from each of the directorates are, in turn, responsible for:

a) Providing advice to assist the central team to plan the audit;

b) Reviewing the material received from the central team to ensure
audit programmes, forms and checklists reflect the optimum mix of tests for
that particular directorate, and contain all the work required to obtain the
required amount of overall assurance;
c) Performing the audit work; and
d) Reporting the results of the work, including individual errors and
other matters of note, to the central team.
6.4.4 Regarding the above, the central team will likely not have the same detailed
level of knowledge of a particular entity as the auditors from the applicable
audit directorate. For example the central team may not be aware that the
internal controls are weak and that the planned level of reliance on them is
not possible. The auditors from the audit directorate must bring these
matters to the attention of the central team and ensure necessary
adjustments are made to the audit plan.
With a centrally led audit, some of the roles and responsibilities that, according to
Figure 6.2, are to be performed by the Director General will be performed by the
Director General responsible for the central team, while other roles and
responsibilities will be performed by the Director General in charge of each
directorate. The same applies to the other levels of staff shown in Figure 6.2.

6-12 Audit Manual – Chapter 6

To ensure that everyone is aware of their roles and responsibilities, the central team
will provide a schedule similar to Figure 6.2 that clearly lays out the roles and
responsibilities of individuals within the central team, and within each audit
directorate.

Figure 6.2: Roles and Responsibilities

DAG Deputy
Auditor- Director Audit
Step (Senior) Director Director or
General General Officer
or DAG Asst. Director

General Planning
Update overall audit A(1) R(1) P
objectives and audit
scope

Update understanding A(1) R(1) P

of entity’s business

Update assessment of A(1) R(1) P

materiality, planned
precision, and audit risk

Update understanding A(1) R(1) P

of the entity’s internal
control structure

Update determination A(1) R(1) P

of components

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(1) The review and approval would be done through a review and approval of the permanent
file, planning file, audit planning memorandum, audit programmes, etc. produced at the end of the
planning process.

Audit Manual – Chapter 6 6-13

 Deputy
DAG
Auditor- Director Director Audit
Step (Senior) Director
General General or Asst. Officer
or DAG
Director

Update determination A(1) R(1) P

of specific financial
audit objectives,
compliance with
authority objectives
and error conditions

Update assessment of A(1) R(1) P

inherent risk and
control risk

Update optimum A(1) R(1) P

combination of
procedures

Detailed Planning
Update audit A(1) R(1) S P
programmes

Update budgets, A(1) R(1) S P

staffing requirements,
timing considerations,
etc.

Fieldwork

Complete audit
R S P
programmes

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(1) The review and approval would be done through a review and approval of the permanent file,
planning file, audit planning memorandum, audit programmes, etc. produced at the end of the planning
process.

6-14 Audit Manual – Chapter 6

 Deputy
DAG
Auditor- Director Director Audit
Step (Senior) Director
General General or Asst. Officer
or DAG
Director

Evaluation
Conclude on results R S P
of work

Reporting
Audit Opinions A(2) A(2) R P

A(2) A(2) R P
Audit Reports
A P
Management
reports

Follow up
(3) (3) (3) (3) (3) (3)
Follow up matters in
reports

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(2) It is expected that the audit opinions and audit reports on the major entities would be approved by the
Auditor-General; the other audit opinions and audit reports would be approved by the Deputy Auditor
General (Senior) or a Deputy Auditor General.

(3) The roles and responsibilities would match those for the equivalent work performed during the audit
itself.

Audit Manual – Chapter 6 6-15