Auditing and assurance services

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Audit activities should be carried out in a professional manner, and according to accepted standards of practice within the audit industry. In order to ensure this level of performance, all personnel assigned to the department must share responsibility for the completion of all assigned tasks in a professional manner.

The Auditor also bears the following, higher-level responsibilities:

  • Developing a familiarity with the organization and functions of the unit to be audited.
  • Pre-planning the audit in accordance with the scope and complexity of the area under review.
  • Ensuring that an assessment of risks is incorporated into, or forms the basis of all audit work planned and performed.
  • Accepting responsibility and accountability for the audit work performed on assigned projects.
  • Managing the audit in relation to time and resource budgets.
  • Ensuring that audit findings and recommendations made during the course of the audit are promptly communicated to management.
  • Ensuring that all Worksheets issued are properly constructed, supported, and communicated.
  • As work papers are completed, ensuring that all objectives have been accomplished and all conclusions are properly supported.
  • Ensuring that the audit or review is conducted with the least amount of disruption to the audited area as is possible.
  • Conducting an "Exit Review" or briefing at the culmination of field work.
  • Finalizing the audit file(s), and ensuring that all supporting documentation is properly retained.
  • Performing follow-up work as necessary subsequent to the audit.


In the given case study the audit partner concerned about this lack of knowledge in the airline industry

Useful resources that can be used to obtain the required knowledge

To effectively plan an audit, the auditor should gather a sufficient knowledge of the entity's business and its environment. This knowledge assists the auditor to identify the events, transactions, practices and risks that may have a significant effect on the financial report. Thus, this understanding provides a framework for planning an overall audit approach that responds to the unique characteristics of the entity.

The knowledge of an auditor's about the clients business should include an understanding of the factors like about its organizational structure, objectives and strategies, accounting policies and procedures. The auditor should also be familiar with the matters such as economic conditions, business risks and government regulation.

Some of the sources to obtaining knowledge of the entity and industry:

ASA 315.26 (ISA 315.20) specified some key steps in understanding the entity and its environment, those are:

  • Industry, regulatory and other external factors, including the applicable financial reporting frame work.
  • Nature of the entity, including its selection and application of accounting policies
  • Measurement and review of entity's of financial performance.

AUS 304.08 (ISA 310.08) also identify some of the sources, those are

  • A review of publications relating to industry and government.
  • First check whether Audit Company has a previous experience with the industry and the entity in this case Airline industry.
  • Discussions with third parties (e.g. other auditors, legal and other advisers, industry economist, industry regulator, customers, suppliers and competitors).
  • Check all entity's operations step by step.
  • Discussions with the entity's management, including internal auditors and audit committees.
  • A review of internal documents pertaining to the entity's business and financial performance.
  • A review of legislation and regulations that affect the industry and the entity.
  • Check all entity's operations step by step.

In the case of airline industry the auditor can gather the information of business by

(A) Reviewing prior year's working papers: when a client is new the predecessor auditor's working papers may be helpful. The review is normally limited to matters of continuing audit significance, such as analyses of balance sheet accounts and contingencies.

(B) Reviewing minutes, contracts and correspondence: meeting minutes is one of the significant one in gathering information about the business by investigating the minutes the auditor can obtain knowledge to be substantiated during the revision of audit. Correspondence and contracts with the customers, suppliers, trade unions and government agencies contain information that enables the auditors to understand the business practices and problems of the air industry.

(C) Make inquiries of management: The auditor's discussions with management may reveal current business developments affecting the entity that may have audit significance. The auditor can inquire about the existence and extent of an internal audit function and matters pertaining to corporate accountability such as code of conduct, potential conflicts of interest and possible illegal payments.

(D) Making enquiries from the past audit partners: The auditor's discussions with past auditors may reveal may important past events which may be helpful.


The below given is the memorandum which the audit senior Mr Sai Paul prepared for the audit partner for Quanta's star airlines Mr Lao coze


January 1, 2010

TO: Lao coze (audit partner, for Quanta's star airlines)

FROM: Sai Paul, (audit senior

SUBJECT: State of Airline industry and associated risk factors

In accordance with our 2009-10 audit engagement plans, we are conducting an audit of quanta's star airlines. During preliminary work, information came to our attention that prompted further review, the results of which are included in this report. Based on the results of testing, we conclude that a significant internal control weakness resulted in the processing of payroll transactions without adequate supporting documentation. In addition, we noted compliance issues related to payroll tax reporting requirements, and calculation errors resulting in overpayments to employees. .fraudulent activities, risk of fund mismanagement, interest rate risk, we are presenting this information as a separate report for two reasons. First, though the initial scope of our work did not include termination payments, once the issues were identified we expanded our scope to include them. Second, since these transactions do not reflect typical City payroll processing, we felt reporting these issues separately was appropriate.


The airline industry is subject to an ever-increasing proliferation of inspections, reviews and audits, which often overlap in intent and content. According to the International Air Transport Association (IATA), over 70,000 audits a year are performed worldwide, costing in excess of $3 billion. Underlying this large cost is inconsistency in both operating and audit standards and their application. Standardization and harmonization will enhance air transport safety worldwide.

Following, the recent successful introduction of the Operational Quality Standard (OQS) audits (strengthening requirements for new member applicants), IATA intends to introduce a set of International Standard Audits and offer a related range of value-added audit and audit tracking services. This program will initially focus on the IATA Operational Safety Audit (IOSA) that will cover flight operations, safety management, engineering, maintenance, ground operations, cargo, dangerous goods, and related training in these areas.

As an independent international body with global influence, credibility and access to world-wide technical resources, IATA is well positioned to develop and lead the implementation of harmonized and cost-effective industry-wide operating and audit standards." The implementation of the IATA program will rationalize global audit efforts and bring significant performance improvements and cost savings to the airline industry while ensuring that the competence, quality and robustness of an airline to achieve safety objectives and manage related risks is properly assessed and accredited.


Our major task is to find and point out the State of Airline industry and associated risk factors for the particular industry as a whole. The scope of our audit will include transactions processed throughout the accounting period. And will focus on the current status of the airline industry and the relevance of Quantas star airlines in this particular industry,


Our procedures will included reviewing documentation related to guidance from tax authorities, employee bargaining unit agreements, and IATA guidelines and the compliance of the Quantas star airlines to the regulations of the IATA as it is the standard setting board for the airline industry. We will scrutinise selected transactions and supporting detail. We made inquiries of staff from the Managers, Administrative Services, and Human Resources Departments. We also consulted with outside experts in airlines Law. Our audit was conducted in accordance with Generally Accepted Government Auditing Standards.


After reviewing all applicable documentation from the relent firms in the industry,, including the agenda, annotated agenda, staff report and minutes, the senior auditor concluded the following are the key risks in the particular industry.


The average airline experienced 446 cases of fraud in 2006, with external fraud accounting for 413 of them. Although these included

  • counterfeit or stolen tickets;
  • cargo theft,
  • false baggage claims,
  • frequent flyer abuse and
  • bouncing cheques,

The main culprits were tariff abuse, cross-border ticketing, technology and web-based transactions, and credit card fraud. More than a third of airlines have detected credit card fraud, which adds up to around 60% of all external fraud-related losses. Airlines based in Europe are among the most affected, which -given the high percentage of Europeans keen to use the Internet to search for and book flights - is not surprising. Low cost carriers, who are major players in the European travel industry, are the hardest hit their average losses from this type of fraud amounted to an average of more than $550,000, compared with an average of $450,000 for network airlines. In recognition of the threats of online credit card abuse, the PCI DSS were introduced in June 2006. These data security standards were introduced following several incidents over the past couple of years where large companies,including some of the world's leading banks, admitted that customers' records had been lost or stolen. All airlines which handle credit card data must adhere to these new security standards, and yet, according to the recent global survey, 24% of internal auditors said they were not aware of the changes or the implications for their business. Of those who were, 21% are already compliant with the new standards, 66% are taking action to become so, but 13% have no plans in progress.

Credit-card misuse is also an internal issue, as 20% of survey participants have experienced internal abuse of passengers' personal details. According to 7% of internal auditors, there had been cases of employees stealing the identities of their airline's passengers!

Online bookings

Looking at technology fraud as a whole, respondents have no doubts where the fault lies- IT security that cannot keep up with ingenious fraudsters. Back in 2000, 44% of internal auditors thought that adopting new technology was putting their airlines at risk. This has grown to 67% and there is now a shared view that advanced technology is enabling abusers to bypass current control mechanisms.

The problem is exacerbated by the extended enterprise, whereby travel agencies and other third parties' IT systems interface with the airline's own system. Far more business is conducted online today than was the case six years ago, particularly in the low cost market where airlines make it financially beneficial for passengers to book online. However, along with the rewards comes the increased risk.

Carrying the costs

Low cost carriers bear the brunt of external fraud, as the average number of fraud cases for the low cost companies was over 1,000, compared to around 300 for the network carriers. Charter airlines, whose business model gives them the least contact with the mass market - have the least to worry about. Trends follow the same pattern for internal fraud too, with low cost carriers impacted most and charter airlines the least. Inventory theft and frequent flyer abuse are the most common threats here, as well as employees' misuse of passengers' personal details. Airline staff have easy access to personal and financial details of passengers, which are all presented during telephone bookings and when using the airline's website. This presents fraudulent employees with more opportunities for theft, particularly where there is no anti-fraud programme in place - as is the case with many airlines.

Under attack

The fact that 72% of airlines who completed the survey have no policy on fraud, 65% have no anti-fraud programme, 63% have no whistle blowing mechanism that would allow staff to report fraud, and 61% have no formal system to track fraud provide useful benchmarking figures for all airline executives. Less than half of the airlines surveyed perform a frequent risk assessment. Of those that do, 39% carry out an annual check, but many internal auditors felt they did so with little support from the locations and across management as a whole.When fraud is uncovered, only 21% of airlines have stringent procedures to follow that are consistent across the enterprise.

"The current assessment programmes are not comprehensive enough,

Currently, the size of the internal audit department - which is relied upon by 60% of airlines to hold the front line when it comes to fraud - is a matter of concern. Across all businesses, airlines appear to have among the smallest number of people in their internal audit teams4. 64% of airlines have an internal audit department of between one and ten people. Not every business issue can be solved with more people, but the level of staffing in this critical area and the inclusion of IT specialists does need further attention by most airline Chief Executives

Action Plans

Auditors, have to plans in place to tackle fraud. They intend to improve internal controls, by introducing whistle blowing processes and hotlines for example, and want to encourage a more open culture, supported by an Ethics Policy. They also propose tougher security checks on new employees.

However, this strategy does not really go far enough, nor does it tackle the big issues of technology, web-based fraud and credit card crime. It also needs the full support of all management before it can be effective - not just the lone internal auditor! Deloitte has therefore defined three critical steps forward that will help airlines fight back against fraud.

First, involve IT security

  • With credit card and Internet payment fraud escalating, IT security is on the front line.
  • Internal controls must adapt to keep up with new technologies. The pace of technological innovation, while generally good for customer-focused businesses, has to be matched by robust controls across the enterprise IT systems.
  • Compliance with the new PCI standards is vital. Customers will need to be reassured that this is in place, and IT security will need to facilitate it.

Second, implement an anti-fraud programme

  • Fraud risks must be assessed regularly, in the same way that any successful company will assess all the risks that could impact its profits and sustainability. Fraud risks need to be linked to controls, so management can be assured the right barriers are in place.
  • Define a fraud policy and ensure all employees understand it, and their role in making it happen.
  • Involve all relevant stakeholders - third party suppliers for instance, and increase the focus from senior management.

Third, improve your detective capability

  • Expand the internal audit team to ensure it has the capabilities and resources to match the risks. Ensure the team is fully-trained in fraud and that its scope and reach encompasses every aspect of the business. Make sure that internal audit reports to the right level of management which should be at the highest level.
  • Put in place a whistle blowing, speak-up mechanism, so that anyone who suspects fraud knows where to go to report it.
  • Create a central repository so that cases of fraud are recorded and monitored and can be escalated if necessary.

Corrective action should be taken immediately.


Legislative requirements and governance guidelines - as set out in the Combined Code, the Companies Act 2006 and Sarbanes-Oxley for instance - place the responsibilities for quality management firmly on the shoulders of company executives, and anti-fraud programmes are core to good governance. Unchecked fraud, as we pointed out at the beginning of this report, can also have a knockon impact on employees' behaviour and customer services, all of which can tarnish a company's image.

Airlines need to comply with the new data security standards and should consider bringing the expertise of their IT security specialists into the anti-fraud team. These changes will not only cut losses through fraud, they will enable airlines to operate in a more secure business environment.

Original signed by: Original signed by:

Mr Sai Paul, CPA, CIA


Katherine Gong Meissner, City Clerk

All Department Heads

Connie Cochran, Public Information Officer

Xyz audit co.

End of memo


University of Ballarat, course guide

Leung, P., Coram, P., Cooper, B.J., and Richardson P., 2009, Modern Auditing and Assurance Services, 4th Edition, John Wiley & Sons, Brisbane

The Auditing and Assurance Handbook 2009, (The Institute of Chartered Accountants in Australia, John Wiley & Sons, Brisbane); OR (CPA Australia, Pearson Australia)

Cameron, R., 2009, Study Guide Modern Auditing and Assurance Services, 4th ed., John Wiley & Sons, Brisbane.

Arens, A. A, Best P. J, Shailer, G. E, Fiedler, B. Elder, R. and Beasley, J K., 2007, Auditing in Australia, 7th Edition, Prentice Hall Australia, Sydney.

Gay, G. and R. Simnett. Auditing and Assurance Services in Australia. 3rd ed. Sydney: McGraw-Hill, 2007.

Hayes, R., Daseesn, R., Schidler, A., and Wallage, P., 2005, Principles of Auditing, 2nd ed., Pearson Education, Essex.

Rittenberg, L. E. and Schwieger, B. J., 2005, Auditing: Concepts for a changing environment, Thomson South Western, Ohio.

Schelluch, P. Topple, S. Jubb, C. Rittenberg, L. and Scweieger, B. 2004, Assurance and Auditing, Concepts for a Changing Environment, Thomson Learning Australia, Southbank Victoria.