quality assurance vs. audit: what are the differences? presentation by: kimeu, j musyoki icpak...
TRANSCRIPT
QUALITY ASSURANCE VS. AUDIT:What are the differences?
Presentation by: KIMEU, J Musyoki
ICPAK
Hilton Hotel, Nairobi, KENYAThursday 2nd October, 2014
Introduction
Background MBA (For Executives) BCom. (Hons) CISA CPAK FCCA
Over 16 years experience in Risk Management, Audit, Consultancy in Risk, Internal Controls, IT Audits and Corporate Governance
2
CPA KIMEU, J. MusyokiMD/Lead Consultant: GAMAX Ltd+254 722 [email protected]
CONTENT
• Introduction• Quality Assurance• Quality Control• Audit {Introduction, The Audit Process and
Benefits and limitations}
• Differences & Benefits• Recap
Slide 3
QUALITY ASSURANCE (QA)
DEF.• It is a process based approach whose
prime objective is to prevent defects in deliverables in the planning process itself to avoid the rework, which costs a lot.
• It is a proactive process, and it starts at the very beginning of the project to understand the product’s stated and non-stated requirements and expectations, and then develop the plan to meet these requirements and expectations.
ASSURANCE
Assurance has been defined by the American Institute of Certified Public Accountants (AICPA) as 'Independent Professional Services that improve information quality or its context'.
Such services are very broad and could include assessments of internet security and quality of health facilities.
QUALITY ASSUARANCE VS. AUDIT
The concepts of QA and Audits are two distinct ideas that serve the same purpose: improving quality, consistency and reliability in operations. QA is more of an abstract concept, which
can be manifested through a number of operational policies and systems. It is a process used to create the deliverables, and can be performed by a manager, client, or even a third-party reviewer {Eg. process checklists, project audits and methodology and standards development}.
QUALITY ASSUARANCE VS. AUDIT
Audits are more specific. They are systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes {investigations of a specific area of operations}.
Audit involves performing assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control processes.
QUALITY ASSUARANCE
QA techniques monitor operations and test outputs to ensure consistent quality by identifying errors and opportunities to improve.
Some companies devote an entire department to quality assurance, while others designate a quality assurance manager to oversee a smaller program.
It may be a part of everyone's job in some companies, while it is distinctly separated in others.
QUALITY ASSUARANCE
QA initiatives can take a variety of forms, for instance;
Randomly checking products coming off an assembly line is an example of a quality assurance effort; and
Creating reports on trends in customer service complaints for operations managers.
helps an organization accomplish its objectives by bringing a
AUDIT BASICS
Audits dig deep into all aspects of a specific facet of company operations.
Financial audits, for example, review accounting systems and financial reporting systems by digging into financial records such as cash register tapes, canceled checks and bank deposit receipts. Companies can perform their own internal audits to enjoy full control over the audit process, or they can choose to contract with third-party auditing specialists to uncover issues the company may have missed in its own investigations.
QA AUDITS
• QA audits review the official lines of authority put in place to drive Q/A initiatives, the systems put in place to continually drive product quality higher and the monitoring systems used to review the effectiveness of Q/A efforts.
• The main task of Q/A audits is to judge how effective a Q/A program is at identifying and reducing mistakes and to provide guidance for improving Q/A efforts.
TOTAL QUALITY MANAGEMENT (TQM)
• This takes a comprehensive approach to quality assurance, addressing the full range of factors that go into final product quality rather than simply recording and analyzing errors to develop quality performance metrics.
• It can be compared to a continual quality assurance audit, because TQM requires a rigorous and continual review of factors such as;
• Communication and Ethics, • Trust and Teamwork, which ultimately
contribute to high product and service quality.
COMPARISONS BETWEEN QA & QC
Quality Assurance Quality Control
Definition
QA is a set of activities for ensuring quality in the processes by which products are developed.
QC is a set of activities for ensuring quality in products. The activities focus on identifying defects in the actual products produced.
Focus on
QA aims to prevent defects with a focus on the process used to make the product. It is a proactive quality process.
QC aims to identify (and correct) defects in the finished product. Quality control, therefore, is a reactive process.
COMPARISONS BETWEEN QA & QC
Quality Assurance Quality Control
Goal
The goal of QA is to improve development and test processes so that defects do not arise when the product is being developed.
The goal of QC is to identify defects after a product is developed and before it's released.
How
Establish a good quality management system and the assessment of its adequacy. Periodic conformance audits of the operations of the system.
Finding & eliminating sources of quality problems through tools & equipment so that customer's requirements are continually met.
COMPARISONS
Quality Assurance
Quality Control
What
Prevention of quality problems through planned and systematic activities including documentation.
The activities or techniques used to achieve and maintain the product quality, process and service.
Responsibility
Everyone on the team involved in developing the product is responsible for quality assurance.
Quality control is usually the responsibility of a specific team that tests the product for defects.
COMPARISONS BETWEEN QA & QCAs a tool
QA is a managerial tool
QC is a corrective tool
ExampleVerification is an example of QA
Validation/Software Testing is an example of QC
Statistical Techniques
Statistical Tools & Techniques can be applied in both QA & QC. When they are applied to processes (process inputs & operational parameters), they are called Statistical Process Control (SPC); & it becomes the part of QA.
When statistical tools & techniques are applied to finished products (process outputs), they are called as Statistical Quality Control (SQC) & comes under QC.
QUALITY CONTROL
Quality Control (QC) refers to quality related activities associated with the creation of project deliverables.
It is used to verify that deliverables are of acceptable quality and that they are complete and correct {E.g. inspection, deliverable peer reviews and the testing process}.
QC is about adherence to requirements (After production}.
QA is generic and does not concern the specific requirements of the product being developed.
QA activities are determined before production work begins and these activities are performed while the product is being developed.
AUDITING: PRACTICES & PROCEDURES
18
■An audit is an independent examination of and and expression of an opinion on the financial statements of the reporting entity by an appointed auditor in pursuance to his appointment and in compliance to the statutory agreements.
A key aspect of the opinion is on true and fair view.
■True: Information is factual and conforms with reality i.e. not false
1. INTRODUCTION
19
■Fair : Information is free from discrimination and bias and in compliance with expected standards and rules.
■Generally an audit is required by the law for example the Companies Act and how it is conducted is actually regulated by the professional bodies (which guides the auditor) and International Standards on Audit (ISAs) (which guide the audit process). The ISAs are developed by the International Audit and Assurance Standards Board (IAASB).
1. INTRODUCTION
20
Other objectives of an audit include:1. Prevention and detection of errors and
frauds in financial systems and statements.
2. Advising the management on adherence to framework of best practices or giving recommendations on ways of improving the accounting and internal control system based on experience.
OBJECTIVES OF AN AUDIT
21
3. Providing assurance services such as;■ Taxation■ Internal control & systems■ Due diligence4. Nature of an audit
1. Searching and verifying accounting records2. Examining other evidence supporting the financial statements
1. INTRODUCTION
22
3.The management assertions (what they are claiming):
■The assets listed in the Statement of Financial position really exist and that the company has title or rights to the assets
■Valuations assigned to the assets have been established with conformity with the generally accepted accounting principles
1. INTRODUCTION
23
That all the incomes and expenses shown were actually earned or incurred and they are correctly/valued in accordance with relevant standards.
4. Gathering evidence to show that the SFP contains all the liabilities of the company and that all liabilities are properly stated.
1. INTRODUCTION
24
5. Rationale for an audit■Directors are in charge of managing the
company therefore they are the stewards. They are also accountable to the shareholders. One approach to accountability is by preparing and presenting financial statements.
■An audit is required in order to enhance the credibility of these financial statements.
1. INTRODUCTION
25
■Audit is one of the recommended solutions to minimizing the problem that arises as explained under the agency theory in other words, an audit will help safeguard the interests of the company (principal) incase directors (agents) try to engage in activities that are to the detriment of the shareholders.
1. INTRODUCTION
26
■Contrary to what many users think, the responsibility to prepare financial statements vests with the directors of a company.
■Additionally it is not the “sole” responsibility of the auditor to check and prevent fraud.
An auditor only expresses an opinion though the auditor is required to be aware of possibility of fraud. If a business wants the auditor to check and detect fraud, then that will be a different type of engagement (such as fraud examination or forensic auditing).
1. INTRODUCTION
27
2. AUDIT PROCESS
1. Planning the audit: This entails developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient and timely manner.
28
Objectives of an audit:1. Ensuring that appropriate attention is
devoted to important areas of the audit2. Ensuring that potential problems are
identified3. Ensuring that the work is completed
expeditiously4. Proper assignment of work to assistants5. Coordination of work done by other
auditors and experts; and facilitating review
2. THE AUDIT PROCESS
29
2. Understanding the business: Perform audit procedures to understand the entity and its environment. The auditor should:i. Know the nature of the entityii. Establish the objectives and strategies and
related business risksiii. Measure and review the entity's financial
performance and Internal controlsiv. Assess the risk of material misstatement at the
financial statement and assertion levelv. Identify the industry, regulatory and other
external factors, including the applicable financial reporting framework
2. THE AUDIT PROCESS
30
3. Carry out tests of internal controls:
Theses are the process designed and effected by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
2. THE AUDIT PROCESS
31
The main purpose is to obtain sufficient and relevant audit evidence that the controls were operating effectively during the period. Approaches include:1. Observation of the entity's procedures2. Inspection of documents supporting controls or events
to gain audit evidence that controls have operated effectively
3. Examination of evidence of management reviews e.g. minutes of board meetings
4. Re-performance of the application of a control to ensure it was performed correctly
5. Testing of the control activities performed by a computer, possibly using CAATs (computer-assisted audit techniques).
2. THE AUDIT PROCESS
32
4. Carry out substantive tests■These are tests to check financial statement
items. ■The purpose is to detect material
misstatements at the assertion level. Include tests of details of transactions, balances and disclosures, and substantive analytical procedures.
{For example to confirm revenue, the auditor will check all receipts and invoices, verify they are posted correctly, cut-off (period end) dates, properly added and figures tally}.
2. THE AUDIT PROCESS
33
5. Issue an audit report. ■The auditor's report should contain a clear
written expression of opinion, in the financial statements taken as a whole.
■The auditor's report should include the following basic elements, normally in this layout:
2. THE AUDIT PROCESS
34
(a) Title(b) Addressee(c) Introductory paragraph(d) Directors' responsibility for the financial statements(e) Auditor's responsibility(f) Auditor's opinion(g) Other reporting responsibilities(h) Auditor's signature(i) Date of the auditor's report(j) Auditor's address
2. THE AUDIT PROCESS
35
■Depending on the outcome of the auditor’s work the audit report (opinion) can either be unqualified-good or qualified-bad
■An unqualified opinion is expressed when the auditor concludes that the financial statements give a true and fair view (or are presented fairly, in all material respects) in accordance with the identified financial reporting framework.
2. THE AUDIT PROCESS
36
■The report may be modified by adding an emphasis of matter.
■Emphasis of Matter Paragraph (EMP) has been defined in International Standards on Auditing (ISAs) as follows:
“A paragraph included in the auditor’s report that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the financial statements”.
2. THE AUDIT PROCESS
37
EM paragraph may be included in auditor’s report when:i. Auditor believes that there is a need to draw
user’s attention to significant uncertainty surrounding accounting estimates
ii. In case new or amended audit report has been issued after the discovery of subsequent events.
iii. In case material uncertainty exists surrounding the use of going concern assumption but the same has been disclosed to the satisfaction of the auditor in the financial statements.
2. THE AUDIT PROCESS
38
iv. In case financial statements have been prepared under two financial reporting frameworks then auditor shall include Emphasis of Matter paragraph pointing to the disclosure in respect of extent of compliance of framework
v. In case of early application of accounting standard that has pervasive effect on financial statements; thus new accounting standard has been followed and applied before its effective date.
2. THE AUDIT PROCESS
39
vi. In case auditor discovered that prior period financial statements contain material misstatements and also amended audit report has not been issued but the corresponding figures have been restated and appropriate disclosures have been made in the current period financial statements.
vii.In case financial statements are prepared under special purpose framework
viii.An entity is facing major catastrophe and its effects are expected to propagate to future periods and it is and will significantly affect the financial position of entity.
2. THE AUDIT PROCESS
40
An auditor can issue a qualified report under two circumstances:
1.There is a limitation on the scope of the auditor’s work (For example denying the auditor access to financial records or information).
2. There is a disagreement with management regarding the acceptability of the accounting policies selected, the method of their application or the adequacy of the financial statement disclosures
2. THE AUDIT PROCESS
41
Depending on the degree of the two issues regarding limitation of scope or disagreement with management a qualified report takes three forms:
1. A qualified report but stating clearly ‘except for’ if matter is material but not fundamental.
2. No opinion (a disclaimer) if there is a limitation of scope and it is material and fundamental
3. A bad opinion (an adverse opinion) if the disagreement is material and fundamental.
2. THE AUDIT PROCESS
42
BEST PRACTICE – Risk Based Audits (RBIA)
1. Value For Money (VFM) audits: Concerned with evaluating the three ‘Es’ {Economy, Efficiency & Effectiveness}
2. IT Audits {Systems development process, Asset management, Database management systems, e-business, Networks and Access controls}
3. Financial Audits4. Operational audits {management or
efficiency audits}
3. TYPES OF AUDITS
44
Differences between internal and external audit
■Codes of corporate governance, such as the IFAC Code highlight the need for businesses to maintain good systems of internal control to manage the risks the company faces.
■It is seen as part of good corporate governance to have an internal audit function to assess and monitor internal control policies and procedures.
3.INTERNAL Vs EXTERNAL AUDIT
45
Other differences:Area External Audit
(EA)Internal Audit (IA)
Objective
To express an opinion as to the truth and fairness of the financial statements
Wide ranging from value for money, operational efficiency, compliance with company policies and other laws
Reports to
Management (Where the auditor does a management report) and shareholders in the main audit report
Good Corporate Governance (also Treasury circular 16/2005 and 3/2009) requires that the IA reports directly to the audit committee of the Board of Directors (Having mainly non-executive directors)
DIFFERENCES
46
Other differences:Area External Audit Internal Audit
Status An independent person from the firm with no attachments.
May be an employee of the company though some companies outsource the internal audit work
Qualifications
Formal qualifications where auditor is a member of a professional body and the audit firm has a practicing license from a professional body
Need not be a member of a professional body, though in recent times there has been a move towards an Institute of Internal Auditors (IIA)
3.DIFFERENCES
47
4. BENEFITS OF AN AUDIT
1. The management of publicly quoted companies are willing to incur millions of shillings (even Dollars) in audit fees because they want continued access to capital markets that offer cheap long term sources of capital.
2. The shareholders of those same companies are willing to incur the audit fees because their level of trust is increased. Small companies benefit from having regular financial statement audits due to reduced information risk which means availability of capital at lower cost.
48
Bankers and other sources of credit would be willing to lend to the organization at much lower interest rates. 3. The knowledge that regular independent
audits will be carried out acts as a deterrent to the misappropriation of resources by the incumbent management
4. Auditors will usually highlight any material weaknesses in the design and operation of internal controls for free or at lower costs. These suggestions could result in savings that could be worth several times the audit fees.
4. BENEFITS OF AN AUDIT
49
5. Through their accumulated experience with various industries and businesses, auditors will give sound business advice as a value added consideration, something that could be of immense value to a client.
6. Tax authorities will be less troublesome on presentation of audited accounts.
7. The sale or valuation of a business is much easier when audited accounts exist
8. Shareholders and management will make decisions based on information that is not materially misstated
4. BENEFITS OF AN AUDIT
50
BENEFITS OF QA & AUDIT AS RISK MANAGEMENT TOOLS
i. Fewer surprisesii. Articulation of risk appetite - and
embedded process to manage thisiii. Common risk languageiv. Better management reportingv. More effective communication with
stakeholders on risk and return issuesvi. Adequate policies, procedures and
limits vii.Regulatory data management
BENEFITS OF QA & AUDIT AS RISK MANAGEMENT TOOLS
vii.Better controlled operationsviii.Adequate risk monitoring and MIS ix. Systems integration – finance and risk
datax. Lower risk-related costsxi. Better targeting of resourcesxii.Better outcomes on corporate objectivesxiii.Delivery of innovative projectsxiv.Better outcomes for service usersxv. Protection of reputation
5. LIMITATIONS OF AN AUDIT
1. Does not guarantee the future viability of an entity-For instance, rumours about the stability of a bank may surface in the media just after an auditor issues an unqualified opinion. Because banks thrive on the image of stability customers have, the bank may be hit by a run and subsequently collapse. These are issues that are clearly not covered by the audit report
2. Does not guarantee management’s efficiency and effectiveness: effectiveness is doing the right thing while efficiency is doing it right. Such traits are limited to particular individuals and an appraisal of the effectiveness and efficiency of managers is dependent on the observer.
53
3. An audit does not guarantee that there has not been fraud perpetrated at the company.
4. Where an auditor has been auditing the client for several years, independence may be compromised.
5. LIMITATIONS OF AN AUDIT
54
