Topic 1: Introduction to Auditing (AUD339)

What is Auditing?

1. Auditing = Checking financial records carefully to see if they are true and fair.
2. Auditor writes a report to show opinion if the financial statements follow laws & standards.

Key Features of Auditing

1. Evidence: Auditor collects proof (documents, invoices, etc.).
2. Criteria: Auditor compares info with rules (e.g., law, accounting standards).
3. Independent: Must be done by someone not biased.
4. Competent: Auditor must know what evidence to check.

Objectives of Financial Statement Audit

1. Required under Companies Act 2016.
2. Every registered company must audit FS annually.
3. Purpose → Auditor gives opinion:

✔ Are FS prepared correctly?

✔ Do FS follow financial reporting framework?

Auditing vs Accounting

	Auditing	Accounting
Framework	International Auditing Standards Malaysian Financial Reporting Standards Relevant Acts	Malaysian Financial Reporting Standards
Scope	Provide opinion of financial statement Post-preparation review of the whole financial statement set and underlying systems	Prepare financial statements Day-to-day processing and period-end reporting
Reporting structure	Shareholders of client’s company	Management
Core purpose	Independently examine financial statements to express an opinion on their truth and fairness	Record, classify, and summarize transactions to prepare financial statements
Main focus	Verification of accounting records and evaluation of controls, estimates, and disclosures	Measurement and reporting of financial performance/position
Timing	Periodic (usually annual/interim) after accounts are prepared	Continuous throughout the period; closes at period end
Responsibility	Independent auditor (external or internal for internal audits)	Management/accounting team
Output	Audit report/opinion (unmodified, qualified, adverse, or disclaimer)	Trial balance, financial statements, management reports
Standards/Guidance	Auditing standards (e.g., ISA/Malaysian Approved Standards on Auditing) & ethics codes	Financial reporting frameworks (e.g., MFRS/IFRS)
Independence	Must be independent of management (external audit)	Not independent—part of management function
Evidence base	Audit evidence gathered via tests: inspection, observation, confirmation, re-performance, analytics	Source documents and internal records prepared by the entity
Materiality lens	Opinion based on material misstatement thresholds	Detailed accuracy for recording and reporting
Users	External users relying on assurance: shareholders, lenders, regulators	Internal management, investors, regulators (via published FS)
Legal/Regulatory	Audits legally required for many entities; others voluntary	Preparation may be legally required for companies
Types	External (statutory), internal, compliance, forensic, performance	Financial, management, cost, tax accounting

Responsibilities

Management

✔ Prepare financial statements

✔ Use proper accounting policies

✔ Maintain internal controls

✔ Follow laws

Auditor

✔ Give opinion on FS

✔ Provide reasonable assurance FS are correct

✔ Report on internal control system (ICS)

✔ Work with care & skill

Why Do We Need Auditing?

1. To reduce information risk (wrong or biased info).
2. Needed by both private & public sector.
3. Ensures FS are trustworthy.

Causes of Information Risk

1. Distance → Owners/shareholders not directly involved.
2. Bias → Managers may hide problems.
3. Volume → Too many transactions.
4. Complexity → Complicated deals (mergers, subsidiaries).

How to Reduce Information Risk?

1. User checks information themselves (not common).
2. Sue management if wrong info (rare).
3. Audit FS (most common & effective).

Agency Theory

1. Owners (shareholders) hire managers to run company.
2. Problem → Managers have more info, may not always act in owners’ best interest (conflict of interest).
3. Solution → Audit ensures managers’ reports are correct.

Agency theory (what & why it matters)

Definition: In a corporation, principals (shareholders) delegate decision-making to agents (management). Because managers control information and may pursue their own interests, information asymmetry and conflicts of interest arise.

Key problems:

Moral hazard - (opportunistic actions not observable by owners)

Adverse selection -  (managers know more about firm quality than outsiders)

Agency costs - (monitoring, bonding, residual loss)

Why an independent audit reduces information risk

Independent audits act as a monitoring mechanism and credibility enhancer for reported numbers:

1. Assurance on reliability: Auditors test controls and transactions, providing reasonable assurance that the statements are free of material misstatement, shrinking information asymmetry.
2. Deterrence & detection: The prospect of audit testing and inquiry deters earnings management/fraud and helps detect material errors—lowering users’ estimation error.
3. Controls improvement: Recommendations from audits strengthen internal controls, reducing future misstatement risk.
4. Governance & stewardship: Independent auditors report to the board/Audit Committee, reinforcing oversight over management.
5. Contracting efficiency: More reliable numbers improve lending, investment, and compensation contracts, reducing agency costs.
6. Lower cost of capital: With reduced information risk, investors demand a smaller risk premium, often translating to cheaper financing and better market liquidity.

Types of Auditors

1. External Auditor → Chartered Accountant (audit FS).
2. Government Auditor → Auditor General’s Dept.
3. Tax Officer → Inland Revenue (check tax).
4. Internal Auditor → Works inside company (for management).
5. Forensic Auditor → Outlining Fraud related findings

Types of Audit

1. Financial Statement Audit → Check FS truth & fairness.
2. Performance Audit → Check efficiency of operations.
3. Compliance Audit → Check if rules are followed.
4. Tax Audit → Check tax compliance.
5. Forensic Audit → Detect fraud.
6. Public Sector Audit → Check government spending.

Assurance vs Non-Assurance Services

1. Assurance: Add credibility to info (e.g., audit, forensic audit).
2. Non-Assurance: No opinion, just services (e.g., consultation, preparing accounts, legal services).

Assurance, Attestation & Auditing

1. Assurance → Improves quality of information.
2. Attestation → Auditor confirms another party’s assertion.
3. Auditing → Evidence-based check of financial info & management’s claims.

The main reasons audits provide reasonable (not absolute) assurance:

1. Use of materiality - auditors focus on matters that could influence users’ decisions; trivial errors may remain.

2. Sampling, not 100% testing - auditors test samples due to volume and cost constraints.

3. Inherent limitations of internal control - controls can be overridden, colluded around, or fail unintentionally.

4. Management estimates & judgment - areas like impairment, fair values, and provisions are uncertain by nature.

5. Persuasive (not conclusive) evidence - much audit evidence is indirect, external confirmations can be limited.

6. Risk of fraud concealment - deliberate deception, forgery, or collusion can be hard to detect.

7. Time and cost constraints - audits occur within finite timeframes before reporting deadlines.

8. Complex IT environments - systems, integrations, and cybersecurity risks add detection challenges.

9. Reliance on others - experts, component auditors, and management representations carry residual risk.

10. Future events uncertainty - going concern and subsequent events involve predictions that cannot be assured absolutely.

Why directors and auditors must comply with the Companies Act 2016 (CA 2016)

For directors

• Legal compliance & fiduciary duty: Satisfies statutory duties of care, skill, diligence, and acting in the best interests of the company.

• Personal liability protection: Reduces risk of civil/criminal liability, fines, and disqualification for breaches (e.g., improper dividends, late filings).

• Financial reporting integrity: Ensures timely, true-and-fair financial statements, proper records, and required disclosures.

• Sound governance & oversight: Strengthens internal controls, board processes, and accountability to shareholders.

• Capital market access: Builds lender/investor confidence, lowering cost of capital and easing fundraising.

• Continuity & solvency: Encourages prudent decisions (e.g., solvency tests, going-concern focus) that protect the company’s longevity.

• Reputation & stakeholder trust: Avoids enforcement actions and reputational damage with regulators (SSM), customers, and partners.

For auditors

• Statutory mandate: Fulfilling appointment, independence, and reporting obligations required by CA 2016.

• Audit quality & credibility: Aligns with law and standards, producing a defensible opinion and limiting professional negligence exposure.

• Independence & ethics: Preserves objectivity (e.g., limits on relationships/services), enhancing public-interest protection.

• Proper reporting of non-compliance: Enables appropriate communication to those charged with governance (and where required, to authorities).

• Professional standing: Sustains licence to practise and reputation with MIA/PIE stakeholders; avoids sanctions.

Shared outcomes (directors + auditors)

• Reduced information risk → more reliable financial information for shareholders and creditors.

• Regulatory harmony → fewer penalties, smoother inspections, and better relationships with SSM/other regulators.

• Market confidence → stronger valuation, liquidity, and long-term sustainability of the company.

Quick Exam Tips

1. Always link auditing to reducing information risk.
2. Remember Companies Act 2016 → every company must be audited.
3. Be able to compare auditing vs accounting.
4. Know types of auditors & types of audits (frequently tested).