flowchart LR E[Engagement<br/>Letter] --> P[Audit<br/>Planning] P --> R[Risk<br/>Assessment] R --> IC[Evaluation of<br/>Internal Control] IC --> SP[Substantive<br/>Procedures:<br/>Vouching, Verification] SP --> CL[Conclusion and<br/>Audit Report] style E fill:#FFEBEE,stroke:#C62828 style CL fill:#E8F5E9,stroke:#2E7D32
17 Auditing: Concept and Practice
17.1 Meaning of Auditing
The English word audit comes from the Latin audire — “to hear” — recalling the medieval practice of having stewards’ accounts read aloud before the lord of the manor. The modern profession is more rigorous but retains the same essence: an independent examination of financial statements to express an opinion on whether they show a true and fair view.
Spicer and Pegler offer the standard textbook definition: an audit is “the independent examination of the books of account of an enterprise with a view to express an opinion as to whether they exhibit a true and fair view of the financial position of the enterprise” (spicer2016?).
The Institute of Chartered Accountants of India (ICAI) prefers the operational definition in the Standards on Auditing: an audit is undertaken to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework (icai2024?).
Three working ideas anchor the concept.
- The examination is independent — the auditor is not the management.
- The output is an opinion, not a guarantee.
- The benchmark is a financial reporting framework (Companies Act + Ind-AS / AS).
17.2 Objectives — Primary and Secondary
TipObjectives of Auditing
| Class | Objective | Working content |
|---|---|---|
| Primary | Express opinion on truth and fairness | Form an opinion on the financial statements |
| Secondary | Detection and prevention of errors | Errors of omission, commission, principle, compensating |
| Secondary | Detection and prevention of frauds | Misappropriation of cash, of goods, manipulation of accounts |
| Tertiary / Incidental | Improve internal controls | Suggest improvements to systems |
The primary objective is the opinion. Detection of error and fraud is incidental — auditing is not designed primarily as a fraud-detection exercise, though the auditor must be alert to the risk of fraud (SA 240).
17.3 Errors and Frauds
TipTypes of Errors
| Error | Working content | Trial-balance effect |
|---|---|---|
| Error of omission (complete) | A transaction is not recorded at all | No effect — both sides missed |
| Error of omission (partial) | One aspect (debit or credit) is omitted | Trial balance disagrees |
| Error of commission | Wrong amount, wrong account, wrong side | May or may not affect trial balance |
| Error of principle | Treatment violates accounting principle | Trial balance agrees but accounts are wrong |
| Compensating error | Two or more errors that cancel each other | Trial balance agrees |
Fraud — defined in the Standards on Auditing as an intentional act involving misstatement to gain unjust advantage — has two main forms: misappropriation of assets (theft of cash or goods, fictitious payments) and fraudulent financial reporting (manipulation of accounts, window-dressing).
17.4 Classification of Audit
Audits are classified along several intersecting axes (tandon2020?).
TipClassification of Audit
| Basis | Categories |
|---|---|
| Legal status | Statutory vs Non-statutory (Voluntary) |
| Source | External vs Internal |
| Frequency | Continuous, Periodical (Final), Interim |
| Scope | Complete vs Partial |
| Subject | Financial, Cost, Tax, GST, Management, Operational, Performance, Forensic, Information-system, Environmental, Social |
Statutory audits in India include the company audit under Section 139 of the Companies Act, cost audit under Section 148, tax audit under Section 44AB of the Income-Tax Act, and GST audit under the CGST Act.
17.5 Audit Process
A typical audit assignment follows a sequenced process.
The engagement letter records the terms (SA 210). Planning (SA 300), risk assessment (SA 315) and materiality (SA 320) shape the audit’s depth and direction. Substantive procedures — vouching of transactions, verification of balances, analytical review — generate audit evidence. The audit report (SA 700 series) communicates the opinion.
17.6 Internal Control, Internal Check, Internal Audit
These three terms — frequently confused — name related but distinct mechanisms.
TipInternal Control vs Internal Check vs Internal Audit
| Mechanism | Meaning | Working actor |
|---|---|---|
| Internal Control | The whole system of controls — financial and non-financial — established by management to achieve objectives, safeguard assets, ensure reliability of records, comply with law | Management |
| Internal Check | A part of internal control — division of work so that one person’s work is automatically checked by another | Routine staff arrangement |
| Internal Audit | An independent appraisal activity established within the organisation to evaluate the controls themselves | Internal auditor (often a CA / CIA) |
The COSO framework (Committee of Sponsoring Organizations of the Treadway Commission, 1992; revised 2013) identifies five components of internal control: Control Environment, Risk Assessment, Control Activities, Information and Communication, Monitoring. The Companies Act 2013 made Internal Financial Controls a statutory matter — the auditor must report on the adequacy and operating effectiveness of IFC under Section 143(3)(i).
Internal audit is mandatory under Section 138 read with Rule 13 of the Companies (Accounts) Rules, 2014, for prescribed classes of companies — broadly, listed companies and large unlisted ones above turnover and borrowing thresholds.
17.7 Vouching and Verification
TipVouching vs Verification
| Dimension | Vouching | Verification |
|---|---|---|
| Subject | Transactions recorded in books | Assets and liabilities shown in balance sheet |
| Concern | Genuineness, completeness and authority of entries | Existence, ownership, valuation, presentation |
| Timing | Throughout the year | At year-end |
| Evidence | Vouchers — invoices, receipts, agreements | Inspection of asset, certificates, agreements |
| Standard | SA 500 (Audit Evidence) | SA 501 (External confirmations + specific items) |
Valuation is one objective of verification. The auditor checks that an asset is shown at its proper value — historical cost, lower of cost and NRV (inventory), recoverable amount (after impairment), fair value (where applicable). The auditor does not value the asset; the responsibility rests with management.
17.8 Auditor’s Appointment, Qualifications, Removal
The Companies Act, 2013 deals with company auditors in Sections 139–146.
TipStatutory Provisions on Company Auditors
| Matter | Section | Working content |
|---|---|---|
| First auditor | Sec. 139(6) | Appointed by the Board within 30 days of incorporation; if Board fails, by members within 90 days |
| Subsequent auditor | Sec. 139(1) | Appointed by members at AGM for 5 years; ratification at every AGM no longer required |
| Rotation of auditor | Sec. 139(2) | Listed and prescribed unlisted companies: individual — one term of 5 years; firm — two terms of 5 years (10 years), with a 5-year cooling-off |
| Qualifications | Sec. 141(1) | Must be a Chartered Accountant in practice or a firm thereof |
| Disqualifications | Sec. 141(3) | Indebtedness > ₹5 lakh, body corporate (other than LLP), holds securities of the company, etc. |
| Removal before term | Sec. 140 | Special resolution + Central Government approval |
| Resignation | Sec. 140(2) | File Form ADT-3 within 30 days |
| Powers and duties | Sec. 143 | Right of access, right to obtain information, duty to report, fraud reporting |
| Remuneration | Sec. 142 | Fixed by members (or Board, for first auditor) |
A fraud of ₹1 crore or more involving the company by its officers or employees, noticed by the auditor, must be reported by the auditor to the Central Government under Section 143(12) read with Rule 13 — within prescribed timelines. Frauds below ₹1 crore are reported to the Audit Committee or the Board.
17.9 Auditor’s Report
The auditor’s report is the output of the audit. Section 143 and SA 700 prescribe its content. The auditor expresses one of four kinds of opinion:
TipFour Kinds of Audit Opinion
| Opinion | When given |
|---|---|
| Unmodified (clean) | Financial statements give a true and fair view; no material misstatements |
| Qualified | Misstatement is material but not pervasive, or unable to obtain sufficient evidence on a material but not pervasive matter |
| Adverse | Misstatement is material and pervasive |
| Disclaimer | Unable to obtain sufficient evidence and the possible effects could be both material and pervasive |
The Companies (Auditor’s Report) Order — CARO 2020 — requires additional reporting on a specified list of matters such as fixed-asset records, inventory verification, loans, deposits, statutory dues, fraud reporting, internal-audit system, and resignation of auditors.
17.10 Standards on Auditing (SA)
The ICAI’s Auditing and Assurance Standards Board issues Standards on Auditing (SAs). The 2009 numbering system follows the international ISA series. Key recurring SAs:
TipImportant Standards on Auditing
| SA | Title | Scope |
|---|---|---|
| SA 200 | Overall Objectives of the Auditor | Foundation |
| SA 210 | Agreeing the Terms of Audit Engagements | Engagement letter |
| SA 230 | Audit Documentation | Working papers |
| SA 240 | Auditor’s Responsibilities Relating to Fraud | Fraud risk |
| SA 300 | Planning an Audit | Plan |
| SA 315 | Identifying and Assessing the Risks of Material Misstatement | Risk |
| SA 320 | Materiality | Materiality |
| SA 500 | Audit Evidence | Evidence |
| SA 530 | Audit Sampling | Sampling |
| SA 580 | Written Representations | Management representations |
| SA 700 | Forming an Opinion and Reporting | Opinion |
| SA 705 | Modifications to the Opinion | Qualified, adverse, disclaimer |
| SA 706 | Emphasis-of-Matter and Other-Matter Paragraphs | EOM |
| SA 720 | Auditor’s Responsibilities Relating to Other Information | Annual report |
17.11 Audit Risk
Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. The audit risk model decomposes it into three:
\[ \text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk} \]
- Inherent risk — susceptibility of an assertion to misstatement, before considering controls.
- Control risk — risk that internal control will fail to prevent or detect misstatement.
- Detection risk — risk that the auditor’s procedures will not detect a misstatement that exists.
The auditor cannot alter inherent or control risk; he manages overall audit risk by adjusting detection risk through the nature, timing and extent of substantive procedures.
17.12 Exam-Pattern MCQs
Q 01
Which of the following is not the primary objective of auditing?
View solution
Correct Option: D
Recording transactions is the bookkeeper's / management's function. Detection of errors and frauds is secondary to opinion-giving.
Q 02
Match the type of error with its description:
| Error | Description | ||
| (i) | Error of omission | (a) | Two errors that cancel each other so that the trial balance still agrees |
| (ii) | Error of commission | (b) | A transaction is not recorded at all or in part |
| (iii) | Error of principle | (c) | Treating a capital expenditure as revenue, or vice versa |
| (iv) | Compensating error | (d) | Posting wrong amount, wrong account or wrong side |
View solution
Correct Option: A
Q 03
Match each concept with its content:
| Concept | Content | ||
| (i) | Internal Control | (a) | Independent appraisal of the system within the organisation |
| (ii) | Internal Check | (b) | Whole system of controls established by management |
| (iii) | Internal Audit | (c) | Division of work so that one person's work is checked by another |
| (iv) | External Audit | (d) | Examination by an outside, independent professional |
View solution
Correct Option: A
Q 04
"Vouching" relates primarily to:
View solution
Correct Option: B
Vouching tests transactions; verification tests assets and liabilities.
Q 05
A material and pervasive misstatement in the financial statements would lead the auditor to issue:
View solution
Correct Option: C
Material and pervasive → Adverse opinion. (Inability to obtain evidence on a material and pervasive matter → Disclaimer.)
Q 06
Match each provision with its statutory anchor under the Companies Act, 2013:
| Matter | Section | ||
| (i) | First auditor | (a) | Section 140 |
| (ii) | Rotation of auditor | (b) | Section 139(6) |
| (iii) | Powers and duties of auditor | (c) | Section 143 |
| (iv) | Removal of auditor | (d) | Section 139(2) |
View solution
Correct Option: A
Q 07
Arrange the steps of the audit process in correct sequence: (i) Risk assessment and planning (ii) Engagement letter (iii) Audit report (iv) Substantive procedures (vouching and verification)
View solution
Correct Option: A
Engagement → Planning/Risk → Substantive procedures → Report.
Q 08
Match each Standard on Auditing with its scope:
| SA | Scope | ||
| (i) | SA 240 | (a) | Audit evidence |
| (ii) | SA 320 | (b) | Auditor's responsibilities relating to fraud |
| (iii) | SA 500 | (c) | Materiality in planning and performing an audit |
| (iv) | SA 700 | (d) | Forming an opinion and reporting on financial statements |
View solution
Correct Option: A
ImportantQuick recall
- Audit = independent examination to express opinion on truth and fairness.
- Primary objective = opinion. Secondary = detection of error and fraud.
- Five errors: omission, commission, principle, compensating (and complete vs partial omission).
- Internal Control ⊃ Internal Check. Internal Audit appraises the system from within.
- COSO internal-control components: Control Environment, Risk Assessment, Control Activities, Information & Communication, Monitoring.
- Vouching tests transactions; Verification tests assets and liabilities; Valuation is one purpose of verification.
- Companies Act 2013 sections to memorise: 138 (internal audit), 139 (appointment / rotation), 140 (removal / resignation), 141 (qualifications/disqualifications), 142 (remuneration), 143 (powers, duties, fraud reporting), 148 (cost audit).
- Rotation under Sec. 139(2): individual 1 × 5 yr; firm 2 × 5 yr in listed/prescribed companies; 5-year cooling-off.
- Fraud reporting ≥ ₹1 crore — to Central Government under Sec. 143(12); below — Audit Committee / Board.
- Four opinion types: Unmodified, Qualified, Adverse, Disclaimer. Material → Qualified; Material and Pervasive → Adverse / Disclaimer.
- CARO 2020 mandates additional reporting on specified matters.
- Audit Risk = Inherent Risk × Control Risk × Detection Risk. Auditor manages detection risk.