Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Professional Updates »
Open DEMAT Account in 24 hrs
  IMPORTANT ANNOUNCEMENT
 Extension of Last Date for Online Empanelment of Members to act as Observers for May/June 2024 Examinations up to 15th March 2024
 Empanelment of Members to act as Observers at the Examination Centres for the Chartered Accountants Examinations May/June 2024
 Guidance Note on Audit of Banks (2024 Edition)
 Issuance of SA 800 (Revised), SA 805 (Revised), SA 810 (Revised)
 Implementation Guide on Reporting on Audit Trail under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 (Revised 2024 Edition) - (12-02-2024)
 Important Announcement for May-June 2024 CA Examinations
 Draft Bank Branch Auditors' Panel (MEF) for the year 2023-24
 Results of the Chartered Accountants Final and Intermediate Examinations held in November 2023 declared.
 Observations of the candidates on the question papers of CA Foundation examinations - December - 2023
 Inviting suggestions by way of Questionnaire for preparation of ICAI Vision 2049

Technical Guide on Digital Assurance
January, 16th 2023

 

 

 

 

Technical Guide on Digital Assurance

 

 

 

The Institute of Chartered Accountants of India

(Set up by an Act of Parliament)

New Delhi

 

 

 

 

 

© The Institute of Chartered Accountants of India

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise without prior permission, in writing, from the publisher.

 

 

 

 

 

 

 

First Edition : January 2023

 

Committee/Department : Auditing and Assurance Standards Board

and Digital Accounting and Assurance Board

 

E-mail :  aasb@icai.in gdaab@icai.in

 

Website : http://www.icai.org

 

 

Price :  Rs. 100/-

 

Published by :  The Publication & CDS Directorate on behalf

of the Institute of Chartered Accountants of India, ICAI Bhawan, Post Box No. 7100, Indraprastha Marg, New Delhi - 110 002 (India).

 

Printed by : Sahitya Bhawan Publications, Hospital Road, Agra 282003.

 

 

 

 

 

 Foreword

 

 

The Technical Guides are an important resource for the members to deal with practical difficulties in audit. These Guides help the members in obtaining efficiency and effectiveness in their audit procedures.

This Technical Guide on “Digital Assurance” is brought out jointly by the Auditing and Assurance Standards Board (AASB) and the Digital Accounting and Assurance Board (DAAB) of ICAI. This Technical Guide will help the members to adopt enhanced use of technology in audit by implementing the use of digitally available audit evidence and information. Accordingly, this Guide is a step towards digital auditing. This Guide provides awareness to the members about the online sources of audit evidence and explains them through various illustrations as to how to put them to better use while conducting audit.

I congratulate AASB and DAAB in taking this initiative of coming up with the Technical Guide on ‘Digital Assurance’. The Technical Guide has been written in easy-to-understand lucid language.

I appreciate the efforts of CA. (Dr.) Sanjeev Kumar Singhal, Chairman, AASB CA. Charanjot Singh Nanda, Chairman, DAAB, CA. Vishal Doshi, Vice- Chairman, AASB, CA. Dayaniwas Sharma, Vice-Chairman DAAB and other members of the respective Committees for bringing out this Technical Guide for benefit of the members.

I am sure that this Guide would be able to bring awareness to the members with respect to digitally available audit evidence.

 

 

 

January 5, 2023 New Delhi

CA (Dr.) Debashis Mitra

President, ICAI

 

 

 

 

 

 

 

 Preface

 

The Auditing and Assurance Standard Board (AASB) of ICAI and the Digital Accounting and Assurance Board (DAAB) of ICAI felt a need to provide guidance to the members on the use of technology in audit. There are various information available in online mode upon which the members are required to report on or certify. The members are required to be made aware of such sources available through online mode which can be utilized easily by the members in their audit procedures. This will also help in reducing the time taken in completing the audit procedures.

In order to provide guidance to the members, AASB and DAAB undertook a joint project to develop a Technical Guide on ‘Digital Assurance’. We feel pleasure to place in hands of the members, this Technical Guide on Digital Assurance brought out by AASB and DAAB jointly. This Guide primarily focuses on sources of external audit evidence available and how it can be utilized by the members in their audit procedures. This Guide also highlights the importance of reliability and relevance of the source from which the information is being obtained. In addition to using the available source, the members are guided to consider the reliability and relevance of the source and information being used in audit. This Guide also provides various illustrations of available sources of external audit evidence and how they can be used.

We express our sincere thanks to CA. Viren Shah and CA. Shankar Srinivasan for squeezing time out of their pressing preoccupations for providing valuable inputs and reviewing the Guide.

At this juncture, we wish to express our sincere thanks to CA. (Dr.) Debashis Mitra, President, ICAI and CA. Aniket Sunil Talati, Vice President, ICAI for their guidance and support in various endeavours of AASB and DAAB.

We wish to place on record, the appreciation of CA. Vishal Doshi, Vice Chairman, AASB, CA. Dayaniwas Sharma, Vice Chairman, DAAB, all members of AASB and DAAB viz. CA. Piyush Sohanrajji Chhajed, CA. Chandrashekhar Vasant Chitale, CA. Dheeraj Kumar Khandelwal, CA. Durgesh Kabra, CA. Purushottamlal Khandelwal, CA. Mangesh Pandurang Kinare, CA. Sridhar Muppala, CA. Prasanna Kumar D, CA. Rajendra Kumar P, CA. Cotha S Srinivas, CA. Sripriya Kumar, CA. Ranjeet Kumar Agarwal,

 

CA. Sushil Kumar Goyal, CA. Abhay Kumar Chhajed, CA. Anuj Goyal, CA. Gyan Chandra Misra, CA. Prakash Sharma, CA. (Ms.) Kemisha Soni, CA. Sanjay Kumar Agarwal, CA.(Dr.) Raj Chawla, CA. Hans Raj Chugh, CA. Pramod Jain, Shri Manoj Pandey, Shri Deepak Kapoor, Adv. Vijay Kumar Jhalani, CA. Abhijit Bandyopadhyay, CA. Shyam Lal Agarwal, CA. Sanjay Vasudeva, CA. Shivakumar R Hegde, CA. Jignesh Jashwantbhai Shah, CA. Pinaki Chowdhury, CA. Devinder Kumar Singla, CA. Rakesh Agarwal, CA. Jayanta Mukhopadhyay, CA. Niranjan Joshi, Prof. Naman Desai, Shri Jeevan Sonparote, CA. Dhananjay Gokhale, CA. Amit Mitra, CA. Sandeep Sharma, CA. Lalit Kumar, CA. Parveen Kumar, CA. Sumant Chadha, CA. Pranav Jain, CA. Rajesh Mody, CA. Rajeev Saxena, CA. Naveen Aggarwal, Shri Manish Deo Mishra, CA. Aniruddha Godbole, Shri Atma Sah, Shri Inderjeet Singh, Shri Shardul Admane, CA. Pallav Gupta, Ms. Lopa Ruparel, Shri Subhendu Bhattacharyya, CA. Priti Savla, CA. Umesh Sharma, CA. Rohit Ruwatia, Shri Chandra Wadhwa, CA. Rajesh Deedwania, CA. Hardik Chokshi, CA. Suvendu Chunder, CA. Parikh Sandip Ashwinbhai, CA. Manu Agarwal, CA. Bheda Atul Chunilal, CA. Gopal Choudhury, CA. K. Raghu, CA. Animesh Mukhopadhyay and, all Council members for their suggestions, support and guidance in finalising this Guide. We also thank CA. Megha Saxena, Secretary, AASB, CA. Amit Gupta, Secretary, DAAB, staff of AASB and DAAB for their contribution on this project.

We are sure that the members and other interested readers would find this Guide useful. We look forward to the feedback of readers on the publication.

 

 

 

 

 

CA. Charanjot Singh Nanda

Chairman

Digital Accounting and Assurance Board

CA. (Dr.) Sanjeev Kumar Singhal

Chairman                  Auditing and Assurance Standards

Board

 

 

 

 

 

 

Chapter 1

 Executive Summary

 

Standards on Auditing (SAs) require the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. The relevant requirements and guidance for the auditors are prescribed in SA 500, “Audit Evidence”.

Audit evidence includes both information contained in the accounting records underlying the financial statements and information obtained from other sources such as “information obtained from external sources”. The audit evidence obtained from external sources plays an important role in the audit process.

Advancements in technology in recent years have improved accessibility and expanded the volume of information available to entities and their auditors from traditional to recently developed external sources. Information from recently developed, non-traditional external sources, such as web data aggregators and social media platforms, are becoming more prevalent.

If the auditor plans to use external information as audit evidence, the auditor is required to evaluate the relevance and reliability of the information, regardless of whether it has been used by the entity (auditee) in preparing the financial statements or obtained by the auditor.

Judgement may be required in determining whether the external information is suitable for use by a broad range of users, taking into account the ability of the entity (auditee) to influence the external information source. Judgement may be required in determining whether the external individual or organisation is acting as an external information source or as a management’s expert.

Factors that are important while considering the relevance and reliability of information obtained from the external source include the nature and authority of the external information source; independence of the data; competence and reputation of the external information source w.r.t external information; auditor’s past experience with reliability of information; market acceptability of data source; whether information has been subject to review or verification; alternative information that may contradict the information; nature and extent of the disclaimers/ restrictive language relating to

 

 

 

Technical Guide on Digital Assurance

 

 

information; methods used in preparing information; appropriateness of assumptions and other data.

When the auditor does not have a sufficient basis with which to consider the relevance and reliability of information from an external information source, the auditor may have a limitation on the scope if sufficient appropriate audit evidence cannot be obtained through alternative procedures.

An auditor may use digital information from external sources across various phases of the audit. Few examples of cases of how electronic/digital information from external sources can be used in audits are provided in this guidance.

 

 

 

 

 

Chapter 2

Engagement and Quality Control

 Standards

 

To ensure that information provided in the financial statements are of high quality and is acceptable worldwide, the Auditing and Assurance Standards Board (AASB) under the authority of the Council of the Institute of Chartered Accountants (ICAI) has formulated Engagement and Quality Control Standards. These standards are in line with the International Standards issued by the International Auditing and Assurance Board (IAASB). These Standards include:

Standards on Quality Control (SQCs) for all the services under Engagement Standards. These standards apply to all firms which perform audits and reviews of historical financial information including assurances and related service engagements.

Standards on Auditing (SAs) for auditing historical financial information. These apply whenever any independent audit of financial statements is carried out.

Standards on Review Engagements (SREs) for reviewing historical financial information.

Standards on Assurance Engagements (SAEs) for assurance engagements other than the audits and reviews of historical financial information.

Standards on Related Services (SRSs) for all engagements about the application of agreed procedures to information, compilation engagements, and other related services engagements.

 

 

 

 

 

Chapter 3

Auditor’s Responsibilities to Obtain

 Sufficient Appropriate Audit Evidence

 

Standards on Auditing (SAs) require the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. The relevant requirements and guidance for the auditors are prescribed in SA 500, “Audit Evidence”. SA 500 defines the term “audit evidence” as under:

“Audit evidence  Information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence includes both information contained in the accounting records underlying the financial statements and information obtained from other sources.”

Information obtained from other sources includes both internal sources and external sources.

Paragraph 7 of SA 500 requires as under:

“When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence.”

Accordingly, the auditor is required to consider the relevance and reliability of information (e.g., information contained in accounting records, information obtained from other sources, information prepared using the work of a management’s expert) which is intended to be used by the auditor as audit evidence.

Regarding reliability of information to be used as audit evidence, SA 500 inter alia provides as under:

“The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalisations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, information obtained from an independent external source may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While

 

 

 

Auditor’s Responsibilities to Obtain Sufficient Appropriate Audit Evidence

 

 

recognising that exceptions may exist, the following generalisations about the reliability of audit evidence may be useful:

  • The reliability of audit evidence is increased when it is obtained from independent sources outside the entity.
  • The reliability of audit evidence that is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective.
  • Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
  • Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed).
  • Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitised or otherwise transformed into electronic form, the reliability of which may depend on the controls over their preparation and maintenance.”

It may be noted that the information obtained from external sources (a) is from independent sources outside the entity (b) obtained directly by the auditor (c) is in documentary form. Accordingly, such information may generally be considered reliable.

Paragraph 11 of SA 500 provides as under:

“Inconsistency in, or Doubts over Reliability of, Audit Evidence

11. If:

(a) audit evidence obtained from one source is inconsistent with that obtained from another or

(b) the auditor has doubts over the reliability of information to be used as audit evidence,

The auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit.”

 

 

 

Technical Guide on Digital Assurance

 

 

The information obtained by the auditor from external sources may reveal inconsistencies with the information obtained by the auditor from other sources (e.g., accounting records, information obtained during the course of audit, etc.). This would help the auditor in performing necessary modified or additional procedures to resolve the matter. Thus, audit evidence obtained from external sources plays vital role in the audit process.

 

 

 

 

 

Chapter 4

 Digital Auditing

 

Technology is changing the way business is conducted and data is analysed. There is an increasing focus on data management; ‘Know Your Data’ (KYD) is the new buzzword replacing ‘Know Your Client’ (KYC). Going beyond the confines of company data allows auditors to collect and analyse broader industry data sets that were previously inaccessible.

In audit, the pace of technological change has also made possible processing of 100% of sample populations. Technology has the potential to reduce significantly the time taken to conduct an audit, as testing has become more automated and possible to be conducted on a real-time basis.

Technology and artificial intelligence (AI) have been around for quite some time. Auditors have been using Computer Assisted Auditing Techniques (CAATS) and audit documentation software for many years. Advanced technology is here and available to all of us. Organisations also expect the smart use of technology in their audit.

Automating tasks like recording work in repositories, extracting data and sampling have improved the quality of audits. The approach to technology has two different ways: auditing digital and digital auditing. There is a real opportunity to improve quality and efficiency in the way the auditors audit the client’s technology (auditing digital) and how they use technology to audit in a different way (digital auditing).

It is time to digitise the way the auditors deliver audits through automation and innovation. There are exciting new technologies to help capture data, automate procedures, analyse information, and focus on the real risks. There is also a great ecosystem of auditing tools that make technology available and accessible to all. The opportunity is in understanding how technology can help and then applying it to mitigate the auditing challenges. There are many opportunities where more advanced technologies such as artificial intelligence and drones could have an even bigger impact. Such technologies may also play a role in evolving the scope of the audit (e.g., in using data analytics and machine learning to help identify fraud).

However, possible specific issues w.r.t. auditor’s consideration of audit

evidence, may be categorised into the below-cited topics:

 

 

 

Technical Guide on Digital Assurance

 

 

  • Changes in the  sources  of information and how the  information  is processed, communicated, and used,
  • Continual development in technology; and
  • Professional skepticism.

The ICAI has issued various publications/documents to provide guidance to the members on the subject. These publications/documents are available on the ICAI’s website at the following link:

 

 

 

 

Chapter 5

 Audit Evidence from External Sources

 

5.1 USE OF INFORMATION FROM EXTERNAL SOURCES

An external information source is an external individual or organisation that provides information that has been used by the entity in preparing the financial statements, or that has been obtained by the auditor as audit evidence, when such information is suitable for use by a broad range of users.

Advancements in technology in recent years have improved accessibility and expanded the volume of information available to entities and their auditors from traditional to newer external sources/information. Traditional external sources of information, such as regulatory agencies and industry data providers, are increasingly making certain information more accessible. For example, some external sources have developed interactive applications/ industry reports that can provide real-time industry data to companies e.g., FICCI report for Media, TRAI report for Telecom, Society of Indian Automobile Manufacturers for Mobility sector, Retail Association of India for Retail sector, Ministry of Corporate Affairs, GST, etc.

In addition, information from relatively newer, non-traditional external sources, such as web data aggregators and social media platforms, are becoming more prevalent. Some companies use external information such as product reviews, weather patterns, and customer web traffic to inform business and financial reporting decisions.

Changes in the entity’s use of external information for financial reporting may, in turn, affect audits of the entity’s financial statements and internal control over financial reporting.

5.2 CONSIDERATIONS REGARDING THE RELIABILITY OF INFORMATION FROM EXTERNAL SOURCES

If the auditor plans to use external information as audit evidence, the auditor is required to evaluate the relevance and reliability of the information, regardless of whether it has been used by the entity in preparing the financial statements or obtained by the auditor.

The auditor’s evaluation may include obtaining an understanding of why management or, when applicable, a management’s expert uses an external

 

 

 

Technical Guide on Digital Assurance

 

 

information source, and how the relevance and reliability of the information was considered (including its accuracy and completeness).

Information from external information sources may include:

  • Prices and pricing related data
  • Transaction level data such as those available on the GST Network
  • Macro-economic data, such as historical and forecast economic growth rates
  • Credit history data
  • Industry specific data, such as an index of capital cost, fertiliser supply chain data in the governments’ systems, or viewership information or ratings used in the media and entertainment industry
  • Mortality tables used to determine liabilities in the life insurance and pension sectors
  • Documents or records on websites or in databases or distributed ledgers

A particular set of information is more likely to be suitable for use by a broad range of users and less likely to be subject to influence by any particular user if the external individual or organisation provides it to the public for free or makes it available to a wide range of users in return for payment of a fee. Judgement may be required in determining whether the information is suitable for use by a broad range of users, taking into account the ability of the entity to influence the external information source.

In some situations, an individual or organisation may have issued information that is available for a broad range of users and may also be contracted to provide specific related information for the purposes of management. Judgement may be required in determining whether the external individual or organisation is acting as an external information source or as a management’s expert.

The following factors may be important when considering the relevance and reliability of information obtained from an external information source, including its accuracy and completeness, taking into account that some of these factors may only be relevant when the information has been used by management in preparing the financial statements or has been obtained by the auditor:

 

 

 

Audit Evidence from External Sources

 

 

  • The nature and authority of the external information source, including the extent of regulatory oversight (if applicable)
  • The “independence” of the data – is the entity able to influence the information obtained
  • The competence and reputation of the external information source with respect to the information, including whether, in the auditor’s professional judgement, the information is routinely provided by a source with a track record of providing reliable information
  • The auditor’s past experience with the reliability of the information
  • Market acceptability of the data source
  • Whether the information has been subject to review or verification
  • Whether the information is relevant and suitable for use in the manner in which it is being used, including the age of the information and the nature and strength of the relationship between the information and the entity’s transactions, and, if applicable, the information was developed taking into account the applicable financial reporting framework
  • Alternative information that may contradict the information used
  • The nature and extent of disclaimers or other restrictive language relating to the information obtained
  • Information about the methods used in preparing the information, how the methods are being applied including, where applicable, how models have been used in such application, and the controls over the methods
  • When available, information relevant to considering the appropriateness of assumptions and other data applied by the external information sources in developing the information obtained

The auditor’s procedures regarding the reliability of information from external information sources may differ from procedures performed on information produced by the entity (IPE) because of the inherent limitations to evaluating the completeness and accuracy of information obtained from an external information source.

By its nature, some information may be more relevant for purposes of certain audit procedures than other information. Below are some examples of the relevance of data:

 

 

 

Technical Guide on Digital Assurance

 

 

Stock market data: A year-end price of an actively traded equity security obtained from a stock exchange and used to compare to the entity’s recorded price would ordinarily provide relevant audit evidence for testing the valuation assertion of financial asset holdings because the exchange price would represent the fair value of the instrument.

Social media data and sentiment analysis: An entity could use customer reviews of its products from a social media website to monitor customer satisfaction and identify any emerging quality issues. This information may be relevant to the auditor’s risk assessment procedures. For example, it could inform the auditor’s understanding of how the entity collects information about potential quality problems and identifies a need for changes to warranty reserves. However, to determine whether social media reviews provide relevant evidence to support, for example, conclusions from substantive analytical procedures performed for a warranty provision, the auditor would need to further understand how closely the negative customer reviews are correlated with product returns or warranty claims, taking into consideration the entity’s business, the industry, and the nature of the entity’s products.

Weather data: Some research suggests that weather data may be used to predict retail customer behaviour and sales trends. However, before using the weather data in developing certain expectations – e.g., for substantive analytical procedures related to product revenue – the auditor would need to understand the relationship between weather data and entity activities to determine the relevance of the data to the audit objective. This may involve, among other things, comparing historical weather trends and historical trends in the entity’s revenue.

Census data: The age of the external information and the period it covers is also important in considering the information’s relevance. For example, in performing substantive analytical procedures over a utility entity’s revenue, the relevance of census data to the auditor’s expectations of revenue and to achieving the desired objective of the procedure could vary depending on whether there have been significant expansions or contractions in the related population since the data was collected.

When the auditor does not have a sufficient basis with which to consider the relevance and reliability of information from an external information source, the auditor may have a limitation on the scope if sufficient appropriate audit evidence cannot be obtained through alternative procedures.

 

 

 

Audit Evidence from External Sources

 

 

5.3 ILLUSTRATIVE CASES OF DIGITAL EXTERNAL DATA THAT ARE USED IN PERFORMING AUDIT PROCEDURES

An auditor may use digital information from external sources across various phases of the audit. Most often, external data is used extensively by auditors in understanding the business, identifying risks associated with the business including stakeholders’ perception of the entity’s risks, performance of benchmarking, analytical reviews, during the execution or performance of substantive procedures in various phases of the audit.

In many cases, the auditor is also able to use internal evidence and reconcile

/ map them to the external data. This happens frequently in many sectors where transaction level dis-aggregated data is available.

Given below are cases of how electronic / digital data from external sources can be used in audits. These cases have been compiled based on the current usage by some auditors and the expected availability of information. Auditors are required to evaluate the reliability and relevance of these information in their audits.

A. Process related to Profit and Loss

I. Sales process - Cut off testing

Background: Electronic Way Bill (E-Way Bill) is basically a compliance mechanism wherein by way of a digital interface the person causing the movement of goods uploads the relevant information prior to the commencement of movement of goods and generates e-way bill on the GST portal.

To reconcile the revenue booked as per the records vis-à-vis the E-way bill register in order to test the revenue cut-off testing based on the terms of delivery.

Data source:

Following data sets are required

  • E-way bill register (External evidence – from Government authorised site)
  • Sales register with delivery dates and terms of delivery (Internal evidence – books of accounts)

 

 

 

Technical Guide on Digital Assurance

 

 

Use case: Auditor can take the E-way bill register and sales register with delivery terms and the date of delivery. This can be used to map the delivery terms and date in sales register with the dates in the E-way bill register to ensure that the revenue is recognised in the correct period.

Stage in audit: Execution - Completeness of revenue

Accounts & Assertions - Revenue – Cut-off

 

II. Sales Analytics  Fertilizer & Chemicals Industry

Background: Fertilizer and Pesticide manufacturing companies generate revenue that is dependent on government subsidies. These subsidies are awarded based on submissions made by the entity on a government website.

Data Source:

  • Railway receipts, shipment documents and other external data submitted to the government (external)
  • Sales register containing invoice level details of rate, quantity and price of each product sold (internal)

Use Case: To obtain assurance over revenue the audit team can correlate the total quantum of submissions on the website (external source) with the books of account to ensure completeness and accuracy of the revenue recognised

The audit team can document and summarise the rail and transport receipts submitted to the government and, compare the total quantity and value of each product with the sales register maintained by the client to obtain assurance over the total quantity and sales for the period.

Stage in audit: Execution – Revenue completeness

Accounts & Assertions: Revenue – Completeness, measurement

Links: Integrated Fertilize Management System (dbtfert.nic.in)

 

III. Sales Analytics  Aviation Industry (Airport)

Background: The revenue recognised by airlines and airports is based on the number of passengers, and the number of landings for a given period. Organisations use this as a basis for computing revenue for the period.

 

Audit Evidence from External Sources

 

 

The AAI (Airports Authority of India) database contains the submissions made by companies, for various industry related compliances. By obtaining this external data and reconciling the same with the books of account of the entity, the auditor can verify the completeness of revenue.

Data Source:

  • Data from external source on number of passengers on each day (external)
  • Passenger movement data containing count of pax for every day (internal)
  • Airline wise pax data on number of passengers boarded per flight (internal)

Use Case: The auditor can reconcile the number of passengers declared to the airport authorities, with the internal data to ensure completeness of number of passengers. This in turn can be used to obtain assurance over the completeness of revenue

Stage in audit: Execution – Revenue completeness and accuracy

Accounts & Assertions: Revenue – Completeness, Measurement, Occurrence; Debtors – Valuation, Existence

 

IV. Sales Analytics  Aviation Industry (Airlines)

Background: The revenue in the Airlines industry is driven by the number of passengers on each flight, per day. The load factor and pax data for each flight is available in the Civil Aviation website which can act as a benchmark for rationalisation of revenue and confirming the occurrence of transactions during the year.

Data Source:

  • Passenger count as available on Civil Aviation website (external)
  • Passenger count data per day from the airline’s sales data (internal)
  • Rate card per passenger (internal)

Use Case: The passenger count available on the external website can be used along with the average rate to perform the overall rationalisation of the revenue and ensure the completeness and accuracy of Revenue

 

 

 

Technical Guide on Digital Assurance

 

 

Stage in audit: Execution – revenue completeness

Accounts & Assertions: Revenue – Completeness, Measurement, Occurrence; Debtors – Valuation, Existence

Links: Home | Directorate General of Civil Aviation | GoI (dgca.gov.in)

 

V. Trading of industrial metals (Metals & Mining)

Background: The London Metal Exchange (authorised and regulated in the UK by the Bank of England) is the World Centre for the trading of industrial metals – the majority of all non-ferrous metal futures business is transacted on this platform. The Exchange provides producers and consumers of metal with a physical market of last resort and, most importantly of all, with the ability to hedge against the risk of rising and falling world metal prices.

Data source:

Following data sets are required

  • LME Rates from website (External data)
  • Sales Register (Internal data)
  • Purchase Register (Internal data)

Use case: To gain greater assurance on the transactions related to ferrous/non-ferrous/EV/Platinum Group metals, auditor can reconcile the full population of the sales or purchase ledger of an entity with the corresponding LME Rates received from https://www.lme.com/en/

Example: XYZ sold 20MT (1MT = ₹8000) Copper and reported ₹1,60,000 as income from operating business for the month of April, but on review of the financials auditor analysed the conversion rate from LME is incorrect and for April it should be ₹7800. This will have a significant impact over the top line with a potential impact of ₹4000 and eventually will have an impact on margins as well.

Stage in audit: Execution stage - At each reporting date and year-end to ensure accurate reporting of figures.

Accounts & Assertions: Revenue – Measurement Debtors, Creditors & Inventory – Valuation

 

Audit Evidence from External Sources

 

 

VI. e-BRC and Bulk e-BRC details:

Background: A new portal released by DGFT for e-BRC services. It provides single point of access to all information, help and access to e-BRC services.

Data Source:

Following data sets are required:

  • IEC (Internal data)
  • Sales Register  (Internal data)
  • e-BRC details (External data)

Use Case: Bank realisation details in relation of export sales is available through this portal. Through e-BRC portal one can view 200 latest records directly (for the selected time period) and could also request for full year data i.e., e-BRC bulk data request with the help of client’s digital signature and the auditor can receive the data directly on his email. Once auditor receive the data, auditor can reconcile the full year’s export revenue from the Revenue register for the transactions already realised. Auditor can also check compliance with FEMA regulations.

Stage in Audit:

Execution stage – At each reporting date and year-end to ensure accurate reporting of figures (Export revenue and Receivables).

AccountsandAssertions:Revenue and Accounts Receivable - Completeness, Accuracy, Existence/Occurrence, Rights and Obligations

 

VII. EDPMS/IDPMS: Received directly from the Authorised Dealer (AD) Banker

Background:

The EDPMS/IDPMS are IT based systems of RBI for monitoring of Export/Import transactions respectively, in consultation with the Customs authorities and Authorised Dealer Banks. The IDPMS tracks import transactions and similarly EDPMS tracks export transactions through banking system, in pursuance of Foreign Exchange Management Act, 1999 and Foreign Exchange Management (Current Account Transaction) Rules, 2000.

IDPMS:

 

 

 

Technical Guide on Digital Assurance

 

 

Primary data on import transactions from Customs and SEZ first flow to the RBI secured server and thereupon depending on the Authorised Dealer (AD) code shall be shared with the respective banks for taking the transactions forward. The AD bank shall enter every subsequent activity, viz. document submission, outward remittance data, etc. in IDPMS to update the RBI database on real time basis.

EDPMS:

In this system, the primary data on exports transactions including offsite software exports from all the sources viz. Customs/SEZ/STPI will flow to RBI secured server and then the same will be shared with the respective banks for follow up with the exporters. Subsequently, the document submission and realisation data will be reported back by the AD banks to RBI through the same secured RBI server so as to update the RBI database on real time basis to facilitate quicker follow up/data generation. The AD banks are required to download and upload the data on daily basis.

Data Source:

Following Data sets are required:

  • IDPMS and EDPMS reports from AD Banker (External Data)
  • Purchase Register (Internal Data)
  • Sales Register (Internal Data)
    • Ageing reports (Internal Data)

Use Case: Auditor can verify the import purchase and export revenue from the reports and reconcile the same with sales and purchase register to ensure completeness of the transactions. Also, auditor would be able to compare the ageing of export receivables and import payables with the EDPMS and IDPMS reports to ensure compliance with FEMA regulations and appropriate presentation in the financial statements.

Stage in Audit:

Execution stage – At year-end as well as to check compliance with laws and regulations

Accounts and Assertions: Trade Receivables – Export (BS), Trade Payables – Import (BS), Foreign Currency Advances/Loans (BS), Revenue – Export (PL), Purchases – Import (PL) -Completeness, Accuracy, Existence/Occurrence, Rights and Obligations and Cut-off

 

Audit Evidence from External Sources

 

 

Link: https://edpms.rbi.org.in/edpms/faces/pages/login.xhtm [Data to be obtained from AD Banker]

 

VIII. GSTN Portal: Electronic Ledgers (Cash, Credit and Liability ledgers)

Background:

GSTN Portal allows the client to view and download Electronic Cash Ledger, Electronic Liability Ledger and Electronic Credit Ledger which contai ns details of input tax accrued, output tax liability, refund received, cash deposited, amount utilised from cash ledger/credit ledger, etc.

Data Source:

Following Data sets are required:

  • Electronic Cash Ledger (External Data)
  • Electronic Credit Ledger (External Data)
  • Purchase Register (Internal Data)
  • Sales Register (Internal Data)
  • GSTR 3B returns

Use Case: Auditor can verify the completeness of revenue and purchases to a great extent on the basis of these ledgers. Following are the major line items over which comfort could be obtained:

  1. Balance with government  authorities
  2. Refund claimed and outstanding
  3. ITC claimed and reversed
  4. Voluntary payments of previous period
  5. Interest, late fee
  6. CARO compliance (statutory dues)
  7. Unrecorded liabilities
  8. Provisions
  9. Purchases
  10. Sales

 

 

 

Technical Guide on Digital Assurance

 

 

Stage in Audit:

Execution stage – At year-end as well as to check compliance with laws and regulations

Assertions: Completeness, Rights and Obligations, Accuracy/Measurement Existence/ Occurrence, and Cut-off

Link:  https://services.gst.gov.in/services/login

 

IX. E-Invoice NIC Portal

Background:

NIC portal gives single point of access to all the information of Invoice Reference Number (IRN) generated.

Data source:

  • Following data sets are required:
  • Sales register (internal data)
  • IRN detail (external data)

Use Case: IRN generated for all the recorded outward transactions can be mapped against each sales transaction and it gives the authentication and completeness for every transaction.

Stages in audit:

Execution stage – at each reporting date and year-end to ensure accurate reporting of sales figures

Accounts and Assertions: Completeness, accuracy, existence/occurrence

Link: https://einvoice1.gst.gov.in/

 

X. Payroll process  employee master data validation through provident fund portal using UAN number

Background: Universal Account Number (UAN) is a 12-digit unique number for EPFO members. To validate PAN, Bank account details, Aadhar number, Date of birth, Mobile, email id etc. UAN number linked to the EPF portal plays a critical role.

 

Audit Evidence from External Sources

 

 

Data source:

  • Employer login for Employees' Provident Fund Organisation portal (External evidence – Government authorised site)
  • Employee master data and employee pay-register (Internal evidence –

books of accounts)

Use Case: Auditor can compare the details available on the Employees' Provident Fund Organisation portal with the employee master and identify discrepancies in PAN details, Aadhar details, Bank account numbers, previous employment details, educational qualifications etc.

Stage in audit: Execution - Overall comfort with the payroll process

Accounts & Assertions: Payroll cost – Occurrence Payroll liability –

Existence, Rights & Obligation

 

 

  1. Payroll process  Minimum Wages Act

Background: The Minimum Wages Act, 1948 is an Act of Parliament concerning Indian labour law that sets the minimum wages that must be paid to skilled and unskilled labours. To validate whether the wages paid to the employees are in line with the minimum wages act.

Data Source:

  • Minimum rate of wages as per the Minimum Wages Act (External evidence – Government guidelines)
  • Payroll register (Internal evidence – books of accounts)

Use case: Auditor can take the amount paid to respective employees from the payroll register and compare the same with minimum wage requirement as per the Minimum Wages Act, 1948. In case, the wages are not as per the act, the entity needs to provide for the differential amount.

Stage in audit: Execution – Comfort with payroll cost accounting

Accounts & Assertions: Payroll cost – Measurement, Completeness Payroll liability – Existence, Rights & Obligation

 

 

 

 

Technical Guide on Digital Assurance

 

 

XII. Benchmarking Background:

Publicly available information for listed clients across all the sectors can be

utilised for benchmarking. To benchmark whether the broad-level growth in the topline, bottomline, margin and contribution is in line with peer group companies and other relevant ratios.

Data source:

  • Financial results of the listed companies (External evidence – Data available as per SEBI regulations)
  • Financial statements of the companies (Internal evidence – books of accounts)

Use case: Auditor can analyse and benchmark the revenue growth, EBITDA percentage, net profit percentage, margin, contribution of the company with all the peer companies in that particular sector. This can help to analyse whether the figures of the financial statements are in line with the industry standards

Stage in audit: Planning stage

Accounts & Assertions: Measurement & Valuation

Links: BSE- https://www.bseindia.comNSE - https://www.nseindia.com

B. Process related to Balance Sheet

I. Sales process - recoverability of debts

Background:

Entities work with a wide variety of customers and vendors some of which are large corporate entities. As an auditor, it is imperative to understand the financial standing of such companies. To facilitate this understanding, credit ratings assigned by credit rating agencies can be leveraged.

“Credit Rating Agency” means a body corporate which is engaged in the business of rating of securities. For certain companies/issuers, these credit rating agencies assign credit ratings which represents the rating agency's opinion on the likelihood of a rated debt obligation being repaid in full and on time. This rating process is carried out in accordance with the rules and regulations laid down by the Securities and Exchange Board of India (SEBI). A simple alphanumeric symbol is normally used to convey a credit rating.

 

 

 

Audit Evidence from External Sources

 

 

In the audit process, analysing the credit ratings of the entities with whom the entity is transacting can provide valuable insights with respect to the financial position and financial capability of such entities and support in the risk assessment process.

Data source:

  • Credit rating from rating agencies (External evidence)
  • Customer master (Internal evidence – Books of accounts)

Use case: Auditor can leverage the credit rating and map them with the customers with whom the entity is transacting with. On performing this analysis, if auditor notices that significant amount is receivable from companies who are rated as likely to default on their financial obligation, then the audit team can perform specific and detailed audit procedures to assess recoverability of such dues.

Stage in audit: Planning - Risk assessment of customer balances; Execution

- Provision for doubtful debts

Accounts & Assertions - Debtors – Valuation; Provision for doubtful debts –

Measurement

Links  Relevant Credit Rating Agency website

 

II. Collections/ cash and bank operations - Bank reconciliation process

Background: Organisations today, big or small, operate with multiple bank accounts and it is always a focus area for audit.

To gain greater assurance on the cash and bank transactions, Auditor can re-perform and automate the Bank Reconciliation Statement (BRS) process to reconcile the full population of the bank ledger of an entity with the corresponding bank statement received from different banks. Additionally, the auditors can be provided with the login and view rights of the bank accounts (enabled by RBI through SEBI) through which they can verify the account balances.

Data source:

Following data sets are required

  • Bank Statement (External evidence – from Bank’s site)
  • Bank ledger (Internal evidence – books of accounts)

 

 

 

Technical Guide on Digital Assurance

 

 

  • Opening & Closing BRS (Internal evidence – books of accounts)
  • View bank account by obtaining login wherever view rights are enabled by RBI (External evidence – from Bank’s site)

Use case: Auditor can take the bank ledger from the entity’s ERP and bank statement from the banks’ website. Auditor can re-perform the reconciliation of bank ledger records with bank statement including reconciliation items in BRS statements for a given period. Further, the auditor can obtain the rights to login and view the bank accounts if it is enabled by RBI for the selected banks/ accounts. If available, the auditor can verify the account balances using this external source and agree the bank statements provided by the management.

Stage in audit - Execution – Overall reperformance of the bank reconciliation

Accounts & Assertions - Cash & Bank – Completeness, Rights & Obligation

Links: Illustrative bank sites  -Relevant Bank Website

 

III. Procure to pay  identifying struck-off companies and other company details

Background:

Ministry of Corporate Affairs has amended Schedule III of the Companies Act, 2013 vide notification dated 24th March 2021. One of the requirements as per the amendment includes companies to disclose any transactions with companies struck off under section 248 of the Companies Act, 2013 or section 560 of Companies Act, 1956. Companies are required to disclose details such as the name of struck off companies with which they have relationships / transactions, nature of relationship, nature of transactions and outstanding balances. Auditors are required to validate and signoff on these disclosures from audits of financial year ended on 31st March 2022.

Data source:

  • ROC files for Struck off companies (External evidence – Government authorised site)
  • Vendor & customer master (Internal evidence – Books of accounts)

Use case: Auditor can compare and identify the company with whom the company is transacting with the list of struck off companies from the

 

 

 

Audit Evidence from External Sources

 

 

respective ROCs files from the MCA portal and report those transactions in the financial statements.

Stage in audit: Planning - risk assessment of vendor balances and customer balances; Reporting - Financial statement disclosure

Accounts & Assertions: Trade payables & Trade receivables – Rights & obligations, Existence, Presentation & Disclosure

 

 

IV. Procure to pay  GST Input tax credit

Background: GST Input Tax Credit is the process of claiming the credit of the GST paid on purchase of goods and services which are used for the furtherance of business. To extract details corresponding to a GSTIN from any publicly available websites and to check for inaccuracies with regards to incorrect HSN code, fictitious GSTINs, incorrect credits, etc.

Data source:

  • GSTIN details from GST portal (External evidence – Government authorised site)
  • Vendor master having the GST details and GSTIN (Internal evidence books of accounts)

Use case: Auditor can identify fictitious GSTINs in the vendor master wherein no details of such GSTINs are available on the GST portal. Similarly, Auditor can also Identify cancelled and suspended GSTINs from the portal. We can tie back the transactions for fictitious GSTINs, cancelled & suspended GSTINs and input credit for those transactions will be disallowed.

Stage in audit: Execution - Overall comfort with the GST Input tax credit

Accounts & Assertions: GST Input tax credit – Existence, Valuation, Rights & Obligation

 

 

V. Conversion of foreign exchange into INR

Background: Companies dealing in foreign exchanges whether receivables or payables always bear the risk of exchange fluctuations. This could have a significant impact over the revenue, cost and profits. Also, Indian Accounting Standard (IND AS) 21 “The Effect of Changes in Foreign Exchange Rates

 

 

 

Technical Guide on Digital Assurance

 

 

and Accounting Standard (AS) 11 “The Effect of Changes in Foreign Exchange Rates” requires company to translate foreign figures into INR at each reporting date. To gain greater comfort over the translation of foreign exchanges into INR, an auditor can automate the working to check the accuracy of conversion.

Data source:

Following data sets are required

  • RBI foreign exchange rates (External data source- day wise rate sheet)
  • Foreign exchange amount bifurcated in type of foreign currency such as USD, GBP etc. (Internal- maintained by the company)

Use case: ABC earned $10 million in quarter 2 and reported INR 78 crores (1$= 78 rupees) as income from operating business, but on review of the financials auditor analysed the conversion rate is incorrect and for quarter 2 it should be 76. This will have a significant impact over the top line which will go down by Rs. 2 crores and eventually the profits.

Stage in audit: At each reporting date and year-end to ensure accurate reporting of figures

Accounts & Assertions: Balance Sheet items – Valuation; P&L –

Measurement

Links: Reserve Bank of India - Reference Rate Archive (rbi.org.in); FBIL

 

VI. Wilful Defaulter Testing

Background: Under clause IX (b) of Companies (Auditor's Report) Order (CARO), 2020, auditor needs to report that “whether the company is a declared wilful defaulter by any bank or financial institution or other lender”.

Data source:

Following data sets are required

  • Information from website (External source)
  • Master data

Use case: Auditor can check whether the Company is wilful defaulter with any bank, NBFC or other financial institutions. The auditor needs to visit requisite websites and check the company name there.

 

 

 

Audit Evidence from External Sources

 

 

Stage in audit:Planning stage & conclusion stage - auditor’s report to

comply with CARO, 2020

Accounts & Assertions: Trade payable and Trade receivable – Rights & Obligation, Presentation & Disclosure

Links: Suit filed CIBIL

 

VII. Ownership and License Details of MEIS/SEIS/RoSCTL:

Background: DGFT (Directorate General of Foreign Trade) keeps records/details of various Export Incentives (MEIS, SEIS, RoDtep, etc) related licenses, scrips, like Current Owner, Original Owner, Transfer details, Validity period, Scheme details. The auditor can verify the authenticity of license/scrips with the help of license issue date, license number, IEC code.

Data Source:

Following Data sets are required:

  • License Details (Internal data) – License number, issue date, IEC
  • License Ownership Details (External Data)

Use Case: To gain assurance on ownership of various export incentive license and scrips, the auditor can reconcile the closing balance of export incentive receivable in the balance sheet from the DGFT website which contains various details like Current ownership of license, Original Owner, Transfer details (date and time), Validity of license, etc. Based on validity of license, auditor can conclude whether the client needs to provide for expired licenses.

Stage in Audit:

Execution stage – At each reporting date and year-end to ensure accurate reporting of figures (Export Incentive Receivable balances and Income).

Accounts and Assertions: Advances recoverable/Financial Assets and Export Incentive

Income - Completeness, Accuracy, Existence/Occurrence, Rights and Obligations

Link: https://www.dgft.gov.in/CP/?opt=meis (View Ownership)

 

 

 

Technical Guide on Digital Assurance

 

 

5.4 HOW CAN TECHNOLOGY ENABLE THE USE OF EXTERNAL DATA SOURCES IN AUDITS

The advancements in data and technology in today’s world have simply put the power of data and computing in the hands of the end users. It is left to one’s imagination the extent to which the data can be leveraged from various external sources.

Today there are various third-party tools as well as open-source software which enable users to access data from external sources, mine the data, and also come out with meaningful analysis and insights.

Some of such tools and software are cited below: -

  • Open-source software such as Python can be used for mining the data from various external sources such as websites, pdf files and/ or unstructured data sources.
  • BI Tools like Power BI/ Tableau help in data transformation and visualisation for storytelling.
  • ETL tools such as SQL, and Alteryx help in appending data and slicing and dicing data into meaningful analysis.

5.5 HOW TECHNOLOGY IMPACTS THE ENGAGEMENT TEAM

Audit of the future is data-driven and technology-enabled, thereby driving higher quality audits. This is possible only with multi-disciplinary and specialised talent within the audit team.

A diverse audit team could consist of data scientists, engineers, and data analysts along with a team of Chartered accountants to enable a digital audit.

There is an enhanced focus on having the right blend of technical and functional skills, knowledge, iterative decision-making, and continual learning. This blend will include IT specialists and people from the finance team with the relevant domain knowledge. External expertise in areas such as tax and audit may be necessary. Finding the right software partners can take time but building internal expertise is also vital e.g., training in data analytics for audit teams has become a major priority for audit firms.

Having the right blend of team also ensures that the audit team is competent to understand the fully automated process of the client and the team will

 

 

 

Audit Evidence from External Sources

 

 

make the best use of the audit process available in the system to verify the process. Besides having the diverse team, the adequacy of training provided to the audit team is also important. The audit staff needs to be well versed with the digital evidence such as how to identify, obtain, analyse, and retain the digital evidence.

 

 

 

 

 

Annexure

 Relevant Publications of ICAI

 

1. Concept paper on “ABCD of Technology”

Link:  https://resource.cdn.icai.org/61587daab50107.pdf

2. Concept paper on “Blockchain Technology Adoption Trends and Implications for Accountancy Profession 2021”

Link:  https://resource.cdn.icai.org/65677daab230721b.pdf

3. Concept Paper on “Embracing Robotic Process Automation 

Opportunities and Challenges for Accountancy Profession

Link: 65676daab230721a.pdf (icai.org)

4. Digital Competency Maturity Model for Professional Accounting Firms - Version 2.0 and Implementation Guide

Link:  https://resource.cdn.icai.org/57964daaab47265.pdf

5. Digital Competency Maturity Model (DCMM) for Professional Accounting Firms- Version 1.0

Link:    https://resource.cdn.icai.org/47921daab37895dcmm.pdf

6. Data Analysis for Auditors-Practical Case Studies Using CAAT's (Revised 2017)

Link: https://pqc.icai.org/assets/announcement_files/1646826953.pdf https://pqc.icai.org/assets/announcement_files/1646826953.pdf

7. Report on Automation in Finance Functions- lessons from India and the UK

Link:  https://resource.cdn.icai.org/61318daab49915.pdf

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting