1. UNIT I
Audits and Regulatory Compliance
By S.D.Mankar
Assistant Professor
Department Of Pharmaceutics
Pravara Rural College Of Pharmacy,Pravaranagar
2. Scope of course:
This course deals with the understanding and
process for auditing in pharmaceutical industries.
This subject covers the methodology involved in
the auditing process of different in pharmaceutical
industries
4. Objectives:
The main objective of this course is to provide
understanding and process for auditing in
pharmaceutical industries.
5. Outcomes:
Upon completion of this course the student
should be able to
To understand the importance of auditing
To understand the methodology of auditing
To carry out the audit process
To prepare the auditing report
To prepare the check list for auditing
6. Audit
Audits are performed to ascertain the validity
and reliability of information; also to provide an
assessment of a systems internal control. The
goal of an audit is to express an opinion of the
person / organization / system (etc.)in question,
under evaluation based on work done on a test
basis.
7. The general definition of an audit is an
evaluation of a person, organization, system,
process, enterprise, project or product. The term
most commonly refers to audits in accounting, but
similar concepts also exist in project
management, quality management ,water
management, and energy Conservation.
8. Audits can be categorized in to two
types
Financial audit
Non financial audit
9. Financial audit: Address questions of accounting,
recording, and reporting of financial transactions.
Reviewing the adequacy of internal controls also falls
within the scope of financial audits.
Non financial audit: It is non statutory one and
serves two purposes
It checks company’s compliance to standards
It determines whether a product or service satisfy the
customer’s demands in terms of quality and features
10. Different categorization of Audit
Statutory Audit
Privates Audit
Internal Audit
Management Audit
IT Audit
11. Statutory Audit
A legally required review of the accuracy of a companies or
governments financial records. The purpose of a statutory audit
to determine whether an organization is providing a fair and
accurate representation of its financial position by examining
information such as bank balances, bookkeeping records and
financial transactions
For Example,
a state law may require all municipalities to submit to an annual
statutory audit examining all accounts and financial transactions
and to make the results of the audit available to the public. The
purpose of such an audit is to hold the government accountable
for how it is spending taxpayers money.
12. Private Audit
When the audit is not a statutory requirement , but is
conducted at the desire of owners , such an audit is
private audit . The audit is conducted primarily for their
own interest. At times the private audit may become a
requirement under tax laws , if the turnover exceeds a
specified limit. Private Audit is following types
1 audit of sole proprietorship
2 audit of partnership firms
3 audit of individuals accounts
4 audit institutions not covered by statutory audit
13. Internal Audit
The examination, monitoring and analysis of activities
related to a company's operation, including its
business structure, employee behavior and
information systems. Internal audit found to play the
following roles-
Check weather existing controls are effective and
adequate.
Weather financial and other reports show the actual
results of the company
Weather subunits are following the policies and
procedures laid down by the company.
14. Management Audit
Analysis and assessment of competencies and
capabilities of a company's management in order
to evaluate their effectiveness, especially with
regard to the strategic objectives and policies of
the business. The objective of a management
audit is not to appraise individual executive
performance, but to evaluate the management
team in relation to their competition
15. Information system Audit
Address the internal control environment of
automated information processing systems and how
these systems are used. IS audits typically evaluate
system input, output and processing controls, backup
and recovery plans, and system security, as well as
computer facility reviews. IA’s scope of work is
comprehensive and considers all aspects of the
organization - both financial and non-financial - with
an emphasis on constructive improvement.
16. Auditing Process
Staffing the audit team
Creating an audit project plan
Laying the groundwork for audit
Analysing audit results
Sharing audit results
Writing audit results
Dealing with resistance to audit recommendations
Building an ongoing audit programs.
17. Advantages of Audit
Companies Directors
Assurance that statutory responsibilities concerning
accounts have been carried out. Availability of expert
advise. The letter of weakness.
To Shareholders
Assurance that accounts show a true and fair view and
comply with statutory requirements Other Organization
with publish accounts Assurance that accounts are reliable
In addition they provide reliable accounts to regulatory
bodies such as the companies s Registry, the stock
exchange etc.
18. Objectives of Auditing
Primary Objective:
To produce a report by the auditor of his opinion of the
truth and fairness of financial statements so that any
person reading and using them can belief in them.
Secondary Objective:
To detect Error and Fraud
To prevent Errors and fraud by the deterrent and
moral effects of Audit
19. Other objectives of audit
Completeness
Ownership
Accuracy
Valuation
Classification
Disclosure
20. Purpose of audit Planning
The fieldwork standard related to planning for performance
audits conducted in accordance with Generally Accepted
Auditing Standards are:
In planning the audit, auditors should define the audit objectives
as well as the scope and methodology to achieve those
objectives.
Audit objectives, scope, and methodologies are not determined
in isolation.
Auditors determine these three elements of the audit plan
together, as the considerations in determining each-- often
overlap.
Planning is a continuous process throughout the audit.
Therefore, auditors should consider the need to make
21. The objectives are what the audit is intended to
accomplish. They identify the audit subjects and
performance aspects to be included, as well as the
potential finding and reporting elements that the
auditors expect to develop.
Audit objectives can be thought of as questions about
the program that auditors seek to answer.
22. Scope is the boundary of the audit and should be directly tied to
the audit objectives.
For example, the scope defines parameters of the audit such as
the period of time reviewed, the availability of necessary
documentation or records, and the locations at which fieldwork
will be performed. Keep in mind that the scope can be expanded
and should, if certain issues arise that places the integrity or the
objectives of the audit in question.
23. The methodology comprises the work involved in gathering and
analyzing data to achieve the objectives. Audit procedures are the
specific steps and tests auditors will carry out to address the audit
objectives.
Auditors should design the methodology to provide sufficient,
competent, and relevant evidence to achieve the objectives of the
audit. Methodology includes both the types and extent of audit
procedures used to achieve the audit objectives. Planning should
be documented.
24. Principles of auditing
Ethical conduct
Fair presentation
Due professional care
Independence
Evidence based approach
25. Personal attributes of auditor
Ethical
Open minded
Diplomatic
Observant
Perceptive
Versatile
Tenacious
Decisive
Self –reliant
26. Managing an audit programme
Objectives of audit programme are:
Management priorities
Commercial intentions
Management system requirements
Statutory, regulatory and contractual requirements
Need for supplier evaluation
Customer requirement's need for other interested
parties
Risk to the organization
27. Audit methods and techniques
Audit methods:
Horizontal auditing
Vertical auditing
Random auditing
29. Vertical auditing:
Examining functional areas of an organization that are
actively contributing to a specific work package or
contractual requirement.
30. Random auditing:
Examinees various aspects of an organizations
operation as determined by auditor and due to the
need to closely examine a particular activity or
generally probe the system in a random manner.
31. Six-Step Audit Process
Requesting Documents
Preparing an Audit Plan
Scheduling an Open Meeting
Conducting Fieldwork
Drafting a Report
Setting Up a Closing Meeting
32. Requesting Documents
After notifying the organization of the upcoming audit, the
auditor typically requests documents listed on an audit
preliminary checklist.
These documents may include a copy of the previous
audit report, original bank statements, receipts and
ledgers.
In addition, the auditor may request organizational charts,
along with copies of board and committee minutes and
copies of bylaws and standing rules.
33. Preparing an Audit Plan
The auditor looks over the information contained
in the documents and plans out how the audit will
be conducted.
A risk workshop may be conducted to identify
possible problems. An audit plan is then drafted.
34. Scheduling an Open Meeting
Senior management and key administrative staff
are then invited to an open meeting during which
the scope of the audit is presented by the auditor.
A time frame for the audit is determined, and any
timing issues such as scheduled vacations are
discussed and handled. Department heads may
be asked to inform staff of possible interviews
with the auditor.
35. Conducting Fieldwork
The auditor takes information gathered from the
open meeting and uses it to finalize the audit
plan. Fieldwork is then conducted by speaking to
staff members and reviewing procedures and
processes.
The auditor tests for compliance with policies
and procedures. Internal controls are evaluated
to make sure they're adequate.
The auditor may discuss problems as they arise
to give the organization an opportunity to
respond.
36. Drafting a Report
The auditor prepares a report detailing the findings of
the audit.
Included in the report are mathematical errors,
posting problems, payments authorized but not paid
and other discrepancies; other audit concerns are
also listed. The auditor then writes up a commentary
describing the findings of the audit and recommended
solutions to any problems.
37. Setting Up a Closing Meeting
The auditor solicits a response from
management that indicates whether it agrees
or disagrees with problems in the report, a
description of management's action plan to
address the problem and a projected
completion date. At the closing meeting, all
parties involved discuss the report and
management responses. If there are any
remaining issues, they're resolved at this
point.
38. Preliminary Audit Planning
The purpose of preliminary audit planning is to
confirm the relevance of the audit and its
high level scope and
gather applicable information for detailed
audit planning
39. Audit planning meeting
The person who is responsible for the overall quality
and delivery of the audit should lead the meeting.
Depending on the audit team structure, this person is
usually the audit manager. In any case, this person
should be someone who has sufficient business and
audit experience.
40. The meeting agenda should cover changes in
structure, people, process and systems. The
information may lead you to ask questions or ask
for further information:
41. organizational structure
e.g. How does the structure support segregation of
duties and effective monitoring?
people
e.g. Loss of experienced staff may result in
processes not followed and/or controls not
executed; at the same time, new staff may see
weaknesses that were not noticed previously
42. process
e.g. Change in process may lead to better efficiency, or it
may result in gaps in controls
systems
e.g. Is a newly implemented system working effectively
as intended? Were system changes properly tested?
any specific management concerns and/focus
These give you further insight into the proposed audit
area and assist you in the next step of the audit planning
process
43. Gathering information for audit
planning
typical list of information is as follows, though the
availability will vary from organization to organization and
among business units within the same organization. It is
a good idea to discuss the availability of the information
at the planning meeting:
business plan and performance indicators
organizational chart
policies, procedure manual and end-to-end process
maps
risk register and profile
issue register
loss event data
44. Contd…
report(s) from and review by regulator(s)
previous internal audit report(s)
management letter points from external auditor
report(s) from other assurance providers
results of control self assessment conducted by the
business
45. The most common problem, in 80% of the
cases, was the auditors failure to gather sufficient
audit evidence.
Many of the cases involved inadequate evidence
in area such as management representation.
46. Audit program design was a problem cited in
44% of the cases. Auditors failed to properly
assess inherent risk and adjust the audit program
accordingly. The best way for a firm to remedy
such deficiencies is to promote more involvement
by audit firm executives-partners and managers-
in plannining the engagement.
47. Other common audit problems include failure
to exercise due to professional care and the
appropriate level of professional skepticism,
overreliance on inquiry as a form of audit
evidence , deficiency in confirming accounts
receivable, failure to recognize related party
transactions and assuming internal controls exist
when they ma not.
48. COMMON AUDIT PROBLEMS
The most common problem—alleged in 80% of the
cases—was the auditor’s failure to gather sufficient
evidence.
In some instances, this failure was pervasive throughout
the engagement; in other instances the allegations were
more specific. For example, many of the cases involved
inadequate evidence in the areas of:
49. Asset valuation. The auditor did not obtain evidence to
support key assumptions.
Asset ownership. The auditor did not obtain evidence
to indicate the company owned certain assets.
Management representations. The auditor did not
corroborate management responses to inquiries.
50. Some cases involved the auditor’s failure to
examine relevant supporting documents (for
example, examining a draft, instead of a final,
sales contract) or failure to perform steps
listed in the audit program.
Overall, this failure contributed to
management’s success in overstating assets,
the most common fraud technique
51. 1997
S.NO. Problem area Percentage
(Number) of
cases
1 Gathering sufficient audit evidence. 80% (36 cases)
2 Exercising due professional care 71% (32)
3 Demonstrating appropriate level of professional
skepticism
60% (27)
4 Interpreting or applying requirements of GAAP. 49% (22)
5 Designing audit programs and planning
engagement (inherent risk issues, nonroutine
transactions).
44% (20)
6 Using inquiry as form of evidence (relying too
much on this method).
40% (18)
7 Obtaining adequate evidence related to the
evaluation of significant management estimates
(failing to gather sufficient evidence).
36% (16)
8 Confirming accounts receivable 29% (13)
9 Recognizing/disclosing key related parties. 27% (12)
10 Relying on internal controls (rely too much/failing
to react to known control weaknesses). 24% (11)
Beasley MS, Carcello JV, Hermanson DR. Top 10 audit deficiencies. Journal of Accountancy.
2001 Apr 1;191(4):63.
52. Deficiencies in Audit Findings
Allowance for Loan Losses
Revenue
Fair Value
Accounting for Income Taxes
Statement of Cash Flows
Business Combinations
Internal Control over Financial Reporting
Financial Instruments
Initial and Secondary Offerings
Independence
53. 1.Allowance for Loan Losses
this is the number one issue that requires the most time from
auditors and management, which should come as no surprise.
Part of the issue is that loan and qualitative data often isn’t accurate
or complete.
Typical audit findings relate to ineffective controls over:
Changes in loan grades
Lack of support for cash flow estimates or recent appraisals on
impaired loans
Internal controls over identifying and reporting troubled debt
restructuring
54. 2.Revenue
Accounting firms have been criticized for not focusing on
revenue.
The auditing standards require external auditors to
consider the risk of fraud over revenue on every
engagement. In fact, revenue is selected on virtually
every audit engagement subject to the
PCAOB’s inspection process, during which it generally
focuses on accuracy and whether revenue is recognized
in the correct period.
55. 3.Fair Value
We often see that fair value information for mortgage
servicing rights—prepayment speeds, for example—
isn’t well supported, especially when it’s derived by
an in-house model. There’s also a lack of support
for:
Market-to-market adjustments
Fair value on hedging activities
Third-party pricing data for available-for-sale
securities (isn’t independently corroborated)
Fair value of impaired loans or troubled debt
restructuring (unsupported by current appraisals or
discounted cash flows)
56. 4.Accounting for Income Taxes
Accounting for income taxes is an often-overlooked area
and may not get a detailed review in some cases, either
internally or externally. We often find there’s either a lack
of sufficient support for the income tax provision or it
doesn’t reconcile with underlying data or a general
ledger.
57. 5.Statement of Cash Flows
This may come as a surprise, but the statement of cash
flows is an area where we see frequent deficiencies. This
was also cited by the SEC at its 2014 conference as an
area that generated a high level of restatements and
SEC comment letters
58. 6.Business Combinations
There are often findings here due to the complex
accounting and one-time nature of these
transactions. The most common relates to the
failure to apply acquisition accounting properly,
including identifying all considerations
transferred, assets acquired, and liabilities
assumed.
59. 7. Internal Control over Financial
Reporting
Internal control audit deficiencies continued to dominate
inspection findings, based on public PCAOB statements.
PCAOB staff often reminds auditors, preparers, and audit
committees to focus on a few specific questions, such as:
60. Do you understand the flow of transactions
and the points within that flow where a
misstatement could occur?
How are internal controls designed to address
those risks?
Are the controls designed and operating at a
level that can effectively detect a material
misstatement?
Are there controls designed to identify the
risks of material misstatement?
Will those controls be effective?
61. 8.Financial Instruments
Audit and accounting issues around the treatment
of financial instruments as either liabilities or equity
tend to be more common in nonbank financial
service companies.
62. 9.Initial and Secondary Offerings
Since many companies today are raising capital for either
growth, acquisitions, or some combination thereof, it’s helpful
to highlight a few problem areas here as well. Similar to
business combinations, these nonrecurring accounting
events present challenges for preparers and auditors alike.
Due diligence and changes in audit scope can uncover
deficiencies such as:
63. Failing to properly recognize and measure
existing contingencies
Recognizing revenue in the wrong period
Changes in the classification and presentation on
the balance sheet and income statement
64. 10.Independence
Auditor independence standards are
heightened for public companies and those
preparing to go public. Consulting and other
nonaudit services may impair the
independence of the audit firm, depending on
the nature of the service.