1. Introduction:
The fourth in line of prescribed Cost Auditing Standard deal with the “Knowledge of Business, its Processes and the Business Environment”. The governing idea behind this standard is to place guidance on the Knowledge of Business, its Process and the Business Environment. This standard further describes that Cost Auditor’s level of knowledge for a cost audit engagement should include a general knowledge of the economy and the industry within which the entity operates, and a more particular knowledge of how the entity operates.
2. Objective: of this standard is to enable the cost auditor to have knowledge of the client’s business:
- Which is sufficient to identify and understand the events, transactions and practices that, in the cost auditor judgment may have a significant effect on the examination of cost statements or on the preparation of the cost audit report ; and
- This standard deals with obtaining the knowledge of the client’s business, its processes and business environment as it is important for the cost auditor and members of the audit team working on an audit engagement.
3. Requirement envisage in this standards:
The Cost Auditor shall have adequate level of understanding of the knowledge of Business, its Processes and the Business Environment to develop a reasonable assurance in order to express an opinion on the cost statements on which he is expressing an opinion. (Refer 6.1)
The Entity and Its Environment: The cost auditor should obtain an understanding of the following:
- The nature of the entity, (including its operations covering Business processes, major inputs, Joint & By-Products and Wastages and major outputs etc)and the entity’s ownership and governance structure.
- Relevant industry, regulatory, and other external factors including the applicable cost and financial reporting framework. (Refer 6.2)
- The entity’s selection and application of cost accounting policies.(Refer 6.3)
- The measurement and review of the entity’s performance.(Refer 6.4)
The Entity’s Internal Control: The cost auditor shall obtain an understanding of internal controls relevant to the audit. (Refer 6.5)
- Control Environment: The cost auditor shall evaluate whether management has created and maintained a culture of honesty and ethical behavior.
- The entity’s risk assessment process: The cost auditor shall obtain an understanding of whether the entity has a process for: (Refer 6.6, 6.7, 6.8)
- Identifying business risks relevant to cost reporting objectives;
- Assessing the likelihood of their occurrence;
- Estimating the significance of the risks; and
- Deciding about actions to address those risks.
- Cost Information System/ Management Information System: The cost auditor shall obtain an understanding of the Information System including Management Information System, relevant to cost reporting, including the following areas: (refer 6.9)
- The classes of transactions and their analysis, that are significant to the cost statements;
- The procedures, by which those transactions and their analysis are initiated, recorded, processed, and reported in the management information systems and cost statements;
- The related cost accounting records, supporting information that are used to initiate, record, process and report transactions; and
- The reporting process used to prepare the entity’s cost statements, including significant estimates and disclosures.
- Control Activities: The auditor shall obtain an understanding of the control activities, relevant to the audit. (Refer 6.10)
Monitoring of controls:
- The auditor shall obtain an understanding of the major activities that the entity uses to monitor internal control over reporting.(Refer 6.11)
- The cost auditor shall evaluate the adequacy of the internal audit function in relation to cost records.(Refer 6.12)
IT (Information Technology) Environments and Control: The cost auditor shall evaluate and assess: (Refer 6.13)
- IT Architecture, Systems and Programmers in use in the entity;
- Controls on access to data;
- Controls on changes to data in master files, systems or programmers; an
- Integrity of information and security of the data
Identifying and Assessing the Risks of Material Misstatement: The cost auditor shall identify and assess the risks of material misstatement at the cost statement level; and at the assertion level including items of cost, cost heads and disclosures thereof. For this purpose, the cost auditor shall: (Refer 6.14, 6.15, 6.16)
- Identify risks including relevant controls that relate to the risk of material misstatements or a risk of fraud;
- Assess whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention;
- Assess whether the risk involves significant transactions with related parties;
- Assess the degree of subjectivity in the measurement of information related to the risk.
- Assess whether there arises a need for revising the assessment of risk based on additional audit evidence obtained.
Documentation: The auditor shall document:
- Key elements of the understanding obtained regarding each of the aspects of the entity and its environment specified in paragraph 5.1 & 5.2 above and of each of the internal control components specified in paragraphs5.3above; the sources of information from which the understanding was obtained; and the risk assessment procedures performed;
- The identified and assessed risks of material misstatement at the cost statement level and at the assertion level including items of cost, cost heads and disclosure thereof as required by paragraph 5.5 above; and
- The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the requirements in paragraphs 5.5above.
4. Some Important and relevant terms / definitions used in the standard are:
- Audit Plan: A record of the planned nature, timing and extent of risk assessment procedures and further audit procedures at the assertion level in response to the assessed risk.
- Overall Audit Strategy: Overall audit strategy sets the scope, timing and direction of the audit, and guides the development of the detailed audit plan.
- Risk Assessment: The audit procedure performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risk of material misstatement, whether due to fraud or error, at the overall cost statement level and at the assertion level including items of cost, cost heads and disclosure thereof.