By CPA Boaz Kinara
How Regulatory Shifts Are Redefining Audit Requirements
Since ancient times, the need to harness resources to have stronger control systems around all aspects of trade has been paramount. It may not have been aimed at achieving a wide array of commercial benefits that most business establishments seek to derive from an audit today. Still, the minimum assurance level that the audit presented was enough to run successful business empires, some of which have morphed into the global brands that we envy today in the commercial space.
Today’s literature abounds with the origins of auditing as a profession. Primarily, the term “Audit” is a derivative of the Latin term “Audire”, which means “to hear” (E. Phalguna, B. Mohan, 2015). In the early days, an auditor listened to the accounts as an accountant read them out to check them. This, in essence, points to the fact that the audit profession has been with us just as long as accounting has been. In this context, we can focus on the ancient countries where auditing evolved, namely Egypt, Greece, Mesopotamia, Rome, the U.K., and India.
In ancient times, the main objective of an audit was to detect errors and fraud. However, with expansion in the scope of trade and stakeholder interest, auditing evolved and grew rapidly after the Industrial Revolution in the 18th century, with the growth of joint stock companies, where ownership and management became separate.
The need for independent assurance on a company’s accounts issued by a professional became prevalent among shareholders, who were the owners. This was to ascertain that directors, who were the employees, effectively managed their investments. To this end, the objective of audit shifted significantly, and audit was expected to ascertain whether the accounts were true and fair rather than merely detect errors and frauds.
In the modern world, this continues to be the key objective of auditing, with even more scrutiny of audit findings by users of audited financial statements. Suppose the perceived interest in audited accounts is anything to go by. In that case, this can explain why there is an even wider array of stakeholders keen on the company’s audited accounts. As opposed to ancient days, where only shareholders paid attention to auditors’ findings on the financial statements, today the list has expanded to include lenders, suppliers, employees, government, academic scholars, research firms, potential investors, the public, etc.
There is also increased scope and purpose of types of audits demanded by stakeholders, which include:
- External Audit -An external audit (or statutory audit) is an independent examination of an organization’s financial statements by an external auditor to determine whether they present a true and fair view in accordance with the applicable financial reporting framework (e.g., IFRS). In Kenya, the Companies Act (CAP 490) requires certain companies to undergo an external audit annually, subject to specified thresholds and exemptions.
- Internal Audit—This is an independent appraisal of an organization’s operations that gives assurance on the effectiveness of its internal controls, risk management framework, and governance, which is aimed at facilitating the achievement of the set objectives. Internal audit is mostly conducted by employees who report to the board’s audit committee. Due to their operational nature, some organizations may outsource internal audit services due to perceived risk or resource constraints.
- Forensic Audit—This is an audit done in instances involving misappropriation of resources, money laundering, tax evasion, insider dealing, etc. These audits are carried out in cases of irregularities to determine the extent of loss or noncompliance and subsequently hold those responsible accountable through policy or legal systems in force.
- Compliance Audits—These are audits conducted to determine conformity to the established systems of internal controls, policies, procedures, the legal framework, and regulations that govern the industry in which the organization operates. Compliance audits seek to ensure that the organization operates within the confines of legal provisions and policies and protects its corporate image and standing in the eyes of the public.
- Investigative Audits—These are audits conducted when appropriate or when needed. They are performed in cases of alleged violations of legal provisions, regulations, policies, and procedures. If found culpable, disciplinary action may follow.
- Information Systems (IS) Audits—These audits address automated internal control systems and how they are used. They focus on system functionalities and controls, including input, processing, output, backup and recovery plans, system security, and reviews.
From the foregoing insights, it can be deduced that appreciating and effecting robust audit functions across the private and public sectors can go a long way in mitigating incidences of fraud that have continuously rocked most organizations.Indeed, sailing through the highly turbulent seas of the current business environment calls for adequate controls to ensure that no shilling is lost to fraud and compliance levels are top-notch, if at all, a firm has to record any success. In this regard, our mainstream media wouldn’t have been awash with various scandals ranging from the infamous Maasai Imara University Heist (2020), NYS scandal (2021), KEMSA scandal (2020), among others.
However, it’s noteworthy that most organizations have embraced the value of internal audit practitioners and have established audit departments to ensure all business aspects. This has not only enhanced the evaluation, consultative, and monitoring role in all operational aspects but has also significantly kept incidences of fraud in check. In light of this, and as previously observed, it’s also noteworthy that some organisations outsource internal audit services from accounting firms, which is often based on unique operational needs and statutory requirements across various organisations and industries. For instance, the Sacco Societies Act, No. 14, 2008 (Sections 43 and 53) provides for the appointment of an internal auditor and establishment of the internal audit function for SACCOs.
In conclusion, if we are to derive the desired value, internal or external auditors need to be empowered and supported by the relevant stakeholders and those charged with regulating the profession. They must execute their work in accordance with the established ethical requirements demanded of the profession. We need to embrace the audit profession for prosperity and effective accountability.
The writer worked with various organizations before joining Kencream Sacco, where he works as an Internal Auditor. He holds a Bachelor of Commerce Degree (Finance) and CPA (K) from KCA University. He is profoundly passionate about the audit profession and contributes to its growth through experience and knowledge sharing.
Email: [email protected]
