This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The business risks cause by conditions, events, circumstances, actions or inactions that could impact the entity's ability to achieve the goal and execute its strategies (CA, 2009, p146). That directly influence on entity's survival and profitability (Gay & Simnett, 2007, p204). The internal control was a process designed to provide reasonable assurance as to achieve: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations (Leitch, 2008, p14). The significant of internal control are 'management must rely on numerous reports and analyses to effectively control operations, afford protection against human weaknesses and reduce the possibility that errors, and economic fee of auditing limitations without relying on the client's system of internal control (Leung & Coram & Cooper, 2007, p290).'
'An internal control structure consists of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals. (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p316).' There are some limitations of inherent that can never be regarded as completely effective, regardless of the care followed in their design and implementation. Those are showed as follow (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p317):
Cost-effective of control are required by management.
The controls may not be directed at unusual transactions.
The potential human errors which include carelessness, distraction, mistake.
Circumvention of controls those possibly through collusion with parties outside the entity or with employees of the entity.
Person responsible for exercising control could possibly abuse that responsibility.
Procedures may become inadequate due to changes in conditions.
Internal control encourages efficient and effective use of its resources. The core conception is correct information for internal decision making. Safeguarding assets and records is another important part of effectiveness and efficiency (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p318). According to AUS 402 states: 'the auditor should obtain and understanding of the internal control structure sufficient to plan the audit and develop an effective audit approach.' Controls related to the reliability of financial reporting and controls over class of transactions, both of those should be primarily concerned by auditors. If internal controls properly design and implement, so that can be effective in preventing or detecting fraud (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p318).
There are some important components of internal control:
Firstly, the control environment includes actions, policies and procedures that reflect the overall attitudes of top management, directors and owners of an entity about internal control. It is importance to the entity. Through management's philosophy and operating style that can provide clear signals to employees about the important of internal control. The organizational structure of corporation defines the existing lines of responsibility and authority. The internal audit function should be established to monitor the effectiveness of controls (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p320).
Secondly, the entity's accounting information system is designed to identify, assemble, classify, analyze, record and report the entity's transactions. It is also used to maintain accountability for the related assets (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p307).
Thirdly, all corporations, regardless of size, structure, nature or industry, face variety of risks form operation and sources, so that must be managed.p324 The most important element is control procedures. Control procedures has five types of specific control activities: (1) adequate separation of duties, (2) proper authorization of transactions and activities, (3) adequate documents and records, (4) physical control over assets and records, (5) independent checks on performance (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p309).
Adequate separation of duties include: separation of the custody of assets from accounting; separation of the authorization of transactions from the custody of related assets; separation of operational responsibility from record-keeping responsibility; separation of IT duties from duties of key users outside IT (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p309).
Proper authorization of transactions and activities include two parts. They are establishes policies for the corporation to follow (General authorization) and specific applies to individual transactions (specific authorization) (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p309).
The most important is adequate documents and records. The documents must be proved that all assets are properly controlled and all transactions are correctly recorded. As relevant principles dictate, documents and records should be (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p311):
'Pre-numbered consecutively to facilitate control over missing documents and as an aid in locating documents when they are needed at a later date.
Prepared at the time a transaction takes place or as soon as possible thereafter.
Sufficiently simple to ensure they are clearly understood.
Designed for multiple uses.
Constructed in a manner that encourages correct preparation.'
Physical control over assets and record mean to maintain adequate internal control it is essential to protect assets and records (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p328).
The internal control also need monitoring activities that 'deal with on going or periodic assessment of the quality of internal control performance by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p313)' .
An internal control weakness means absence of adequate controls which lead to risk of misstatements (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p338). Identify and evaluate weaknesses should have four-step approach: indentify existing controls, indentify the absence of key controls, determine potential material misstatements that could result, consider the possibility of compensating controls.
2.0 Sales and collection cycle
2.1 Theory discuss
Control over classes of transactions should be designed that relate to audit objectives (Arens & Best & Shailer & Fiedler & Loebbecke, 2007, p303).
Transaction-related audit objectives-general form Sales transaction-related audit objectives
Recorded transactions exist (existence). Recorded sales are for shipments made to existing customers.
Existing transactions are recorded (completeness). Existing sales transactions are recorded.
Recorded transactions are stated at the correct amounts (accuracy). Recorded sale are for the amount of goods shipped and are correctly billed and recorded.
Transactions are properly classified (classification). Sales transactions are properly classified.
Transactions are recorded on the correct dates (timing). Sales are recorded on the correct dates.
Recorded transactions are properly included in the master files and correctly summarized (posting and summarization). Sales transactions are properly included in the master files and are correctly summarized.
'The sales and collection cycle involves the decisions and processes necessary for the transfer of the ownership of goods or services to customers after they are made available for sale (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p452) '
Summary of transaction-related audit objectives and key internal controls for sales (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p461) .
Transaction-related audit objective Key internal control
Recorded sales are for shipments actually made to existing customers. (existence) Recording of sales is supported by authorized shipping documents and approved customer orders.
Credit is authorized before shipment takes place.
Sales invoices are prenumbered and properly accounted for.
Only customer numbers existing in the computer data files are accepted when they are entered.
Monthly statements are sent to customers; complaints receive independent follow up.
Existing sales transactions are recorded. ( completeness) Shipping documents are prenumbered and accounted for.
Sales invoices are prenumbered and accounted for.
Shipping documents are matched with related sales invoices and customer orders.
Recorded sales are for the amount of goods shipped and are correctly billed and recorded. Determination of prices, terms, freight and discounts is properly authorized.
Invoice preparation is internally verified.
Approved unit selling prices are entered into the computer and used for all sales.
Batch totals are compared with computer summary reports.
Sales transactions are properly classified (classification). An adequate chart of accounts is used.
Sales transactions are internally reviewed and verified.
Sales are recorded on the correct dates (timing). Procedures require billing and recording of sales on a daily basis as close to time of occurrence as possible.
Sales are internally verified.
Sales transactions are properly included in the accounts receivable master file and are correctly summarized (posting and summarization). Regular monthly statements are sent to customers.
Accounts receivable aged listing is reviewed.
Accounts receivable master file or trial balance totals are compared with general ledger balance.
2.2 Case analysis
Based on the current operation of sales and collection cycle, there are some weaknesses in the present system. These weaknesses increase business risk.
Firstly, there is not effective and efficient central service of customers' order. ROOFLEX totally has eight distribution centers. Each distribution deal with customers' order solely. Sometimes, the distribution lines can not be used effectiveness. That means ship the goods by individual distribution centers which receive the order. That probably increases the cost of shipment. If one distribution center is nearer than another distribution, the far away distribution center receives the order and then ships the goods solely that increase the cost of business.
Secondly, the head office can not immediately monitory and manage the operational situation of eight distribution centers and inventory. Transmitted dispatch details are input to the invoicing run on weekly. Each distribution mainly operates by itself. Existence of customer and inventory also just is checked weekly.
Thirdly, the dispatch documents and notes not integrity. In the process of distribution of goods, there are only three documents. However, information of the three documents is different. One copy is used for checking quantities. The second one is used as the customer's advice note. The last one is used by driver and customer's reception. There is not complete document and note in the process of goods transferring.
Fourthly, the information of any change such as missing, addition and duplication, those can not be reported to head office duly. In present system, missing dispatch notes are only report once. Those are sent to sales department where it is filed.
Lastly, the information of orders also can not be recorded immediately by head office. The information of customer's order and details of despatches are not recorded in data base immediately in present system. The information is inputted weekly. The sale clerks input the information when they receive.
If despatch notes are added, duplicated or lost when input to the invoicing run, there are risks of missing details, confusing inventory, delaying data entry, and inefficient management.
According to present operational situation, the suggestion should be:
Firstly, the ROOFLEX LIMITED should have complete registration system. The documents and notes should be recorded immediately and systematically in order to ensure security and integrate of details. Each of these processes must keep the evidences and recorders. For example, each dispatch documents should include the customer's order number, the quantity and category. Then, based on the different purpose, the details can be different.
Documents and records for the sales and collection cycle (Arens & Best & Shailer & Fiedler & Loebbecke, 2002, p453).
Classes of transactions Accounts Business functions Documents and records
Accounts receivable Processing customer orders
Billing customers and recording sales
Customer order or sales order
Summary sales report
Accounts receivable master file
Accounts receivable trial balance
Cash receipts Cash at bank
Accounts receivable Processing and recording cash receipts Remittance advice
Prelisting of cash receipts
Cash receipts journal
Sales returns and allowances Sales returns and allowances
Accounts receivable Processing and recording sales returns and allowances Credit note
Sales returns and allowances journal
Write-off of uncollectible accounts Accounts receivable
Provision for doubtful debts Writing off uncollectible accounts receivable Uncollectible account authorization form
Bad debt expense Bad debt expense
Provision for doubtful debts Providing for bad and doubtful debts General journal
Secondly, ROOFLEX LIMITED should build a central data-processing library. That means edit all customer orders' order number and sort. It makes customer order to easily find and change.
Thirdly, ROOFLEX LIMITED should establish timely dissemination of remote data system. Head office can effectively carry out macro-control and resource allocation. Information of customer orders can be inputted immediately. That avoids unnecessary cost of management and shipment. Inventory also can be more precise controlled over. Any missing or losing can be traced to the center data base. Any adding or duplicating also can be edited directly and immediately through remote data system.
However, sometimes those suggestions which are discussed as above will increase the company's operational cost, but it is only through these recommendations in order to ensure the company's development and effective management. If there is the event of data loss or mis-management, then the damage of the company is much larger than the current improvement plan.
3.0 Payroll cycle
3.1 Theory discuss
Internal controls for payroll (Homewood, 2001, p171)
Control objective Details Specific internal control
Maintenance of complete records All transactions should be recorded properly Payroll cheques should be prenumbered and completely accounted for
Validity All payroll transactions should be for labour services provided by non-fictitious employees
Payroll transactions should be authorized Time cards should be approved, and compared with leave and absentee reports
Separation of duties berween payment and work approval
Authorization procedures for work performance, pay rates and deductions
Internal check comparing payroll with termination reports to prevent payments to fictitious employees
Accuracy Payroll transactions should be accurately recorded
Payroll transactions should be properly classified
Payroll transactions need to be recorded in a timely way Internal check on time cards, pay rates and deductions
Internal reconciliation of payroll register to payments and employee records
Chart of accounts procedure
Safeguards Access to employee and payroll records restricted to approved staff members Responsibilities for payroll preparation, signing pay cheques and payroll distribution need segregation
Accountability Unclaimed pays need to be controlled Unclaimed cheques should be returned to accounts, placed in a suspense account and eventually voided
Independent reconciliation of payroll bank account
Valuation End of year liability should be reconciled to payroll register
3.2 Case analysis
Based on present payroll system, there are some risks in ROOFLEX LIMITED.
Firstly, the job cards and absence slips are not recoded timely. The job cards and absence slips just be finished weekly. That increases the risk of incompleteness and non-precision of information.
Secondly, the job cards and absence slips are completed by employees. Employees record the job cards and absence slips by themselves that increase the risk of materials misstatement. Sometimes, employees can not record the job cards and absence slips bona fide. Employees usually do not have authority of completing own the job cards and absence slips.
Thirdly, the process of payroll cycle possibly exist confusing information. When all job cards and absence slips are batched together, that make the department heads confuse the information. In other words, the department heads confuse the details of the jobs and absences of employees. The department heads can not distinguish the situation of each employee.
Finally, the Final page of an input listing is fuzzy inputting. The qualitative and quantitative of the Final page of an input listing is also uncertainty. The items are not explicit and specific. Such as, according to the present Final page of an input listing, some employees total working hours are calculated, and others are not be calculated. The each employee's rate of pay is not defined. There is the problem of rejection. Those increase the risk of materials misstatement, and the irrational nature of wage payment. The deductions, gross pay and net pay are not included in the Final pages of an input listing.
According to the present payroll system, the suggestions of ROOFLEX LIMITED show as below:
Firstly, the employee section promptly needs to update records. Independent checks should be made of files that against payroll records.
Secondly, the processes of payroll cycle need to clarified the authorizations. The employees' job cards and absence slips should be made by independent employee who is non-fictitious employee. The job cards and absence slips should be made daily. The primary objective is to ensure that only bona fide employees are paid for actual work performed (Leeson & Sisto & Flanders, 2010, p76).
Thirdly, the Final page of an input listing must include each rate of pay which relate to job cost base. It also should involve each employee's working hours, deduction, gross pay, and net pay. The total working hours and amount of payment should be recorded in the Final page of an input listing. The reject items needed to be recalculated and then recorded in the Final page of an input listing. The most important is the items of the Final page listing that can be traced to each employee and each department. The figures should be accurate and appropriate.
4.0 General controls of the company's application system development
4.1 Theory discuss
The general controls' definition is 'those manual and computer controls that relate to all or many computerized accounting applications to provide a reasonable level of assurance that the overall objectives of internal control are achieved and help ensure the continued proper operation of information systems (Gay & Simnett, 2007, p363)' There are five types of general controls: organizational control, systems development and maintenance controls, access controls, data and procedural controls (Leung & Coram & Cooper, 2007, p297). 'Application systems development and maintenance controls relate to the authorization, costing, conversion, testing, implementation and documentation of new and revised systems and applications (Leeson & Sisto & Flanders, 2010, p145).'
4.2 Case analysis
Base on the description of the application system development of the case, there are several weaknesses in the present procedures of ROOFLEX LIMITED.
First of all, there are not clear and specific authorities which relate to the different level of management. The process repeat some the steps and permissions. The duties and responsibilities are not distinguished clearly and definitely.
Secondly, the procedures lack of the effective communicating channel. The process of the form passing is too cumbersome and complex. The staffs just write their opinions in the form. Sometimes, that will cause the next staff's confusing.
Thirdly, documentation of new systems and applications are inadequate. The programmer updated the program documentation. The analyst checked the change request and updated the documents again. The documentations are not adequately understood and describe the system. The content of the documentations are is not complete.
Fourthly, there is not significant test about the new system. Programmer just repeated the few steps for the whole system test. The test of new system also do not compare with the old system to find the insufficiency.
Finally, the whole process possibly regardless the problem of conversion.
According to the present procedure, the suggestions are showed as follow:
Firstly, ROOFLEX LIMITED should identify the responsibilities of the different levels of staffs (Leeson & Sisto & Flanders, 2010, p146).
CIS manager Maintains control over all CIS activities
Systems analyst Responsible for the evaluation and design of existing and new systems.
Programmer Based on the above specifications the programmer develops flowcharts and programs.
Computer operator In very large organizations with a separate computer department the computer operator runs, operates and executes computer hardware and programs in accordance with set operating instructions.
Data entry operator Inputs transaction data into the computer
Librarian Maintains both custody and control over systems documentation.
Data control group Supervises the input, processing and output of all data.
Secondly, the testing of new system should provide the results that are satisfied its original design specifications. In other hand, the testing should ensure all programs can be operated with other existing programs (Leeson & Sisto & Flanders, 2010, p145). The pilot testing processes is the useful way to be used to evaluate the new system (Leeson & Sisto & Flanders, 2010, p145). The results of pilot testing can be used to evaluate whether or not the new system is appropriate.
Thirdly, the documentation should be achieved flowcharts and described the whole system such as the important reformation and most important part of program.
Fourthly, the old system's files and documents should be converted to the new system completely and accurately (Leeson & Sisto & Flanders, 2010, p145).
Fifthly, the whole process of the application development should establish a smooth communicating channel. Each step should be appropriately separated.
Arens, A, A & Best, P, J & Shailer, G, E, P & Fiedler, B, A & Loebbecke, J, K. (2002). Auditing in Australia: An integrated approach. (5th ed.). NSW: Pearson Education Australia.
Arens, A, A & Best, P, J & Shailer, G, E, P & Fiedler, B, A & Loebbecke, J, K. (2007). Auditing in Australia: An integrated approach. (7th ed.). NSW: Pearson Education Australia.
Homewood, L (2001). Auditing Fundamentals. Vic: Tertiary Press
Leitch, M. (2008). Intelligent Internal Control and Risk Management: Designing High-Performance Risk Control Systems. Burlington: Gower Publishing Company
Leung, P & Coram, P & Cooper, B. (2007). Modern Auditing Assurance Services. (3rd ed.). QLD: John Wiley & Sons Australia, Ltd.
Leeson, D& Sisto, S, D & Flanders, D. (2010). Internal Controls and Corporate Governance. (3rd ed). NSW: Pearson Australia
The Institute of Chartered Accountants in Australia. (2009). Australia Audit Manual for Small and Medium Sized Businesses. Sydney: Thomson Reuters (professional) Australia Limited.
Nowadays, according to the influences by business, it increases the demand of auditing and assurance services. Auditors become to play extremely important roles in business activities. The ethical rules and ethical decision-making models are associated with the auditing profession. The acceptance of the responsibility of actions is distinguishing mark of the accountancy profession in the public interest. So, members should observe and comply with the ethical requirement of this code. That instead of only satisfies the needs of individual client or employer. It becomes auditors'' responsibilities.
The code of ethics is formal and systematic rules, principles, regulation or law. It is developed by community which promotes its wellbeing. It also excludes or punishes any understanding behaviors. Therefore, a code of ethics may serve several purposes.
For example (CALOT?, 2008):
1. Make explicit values that may be implicitly required.
2. Indicate how member to act towards one another.
3. Provide an objective basis for sanctions against people who break the rules.
In order to avoid the potential auditing threat, the auditors have to analysis the case from several parts. In this essay, I will analyze the situations and characters that auditor can not audit the companies. I also will discuss which company can be audited by auditor.
2.0 Client Acceptance part
A lot of aspects should be considered before an auditor accepts a new client and establish relationship in public practice. The most important is whether the acceptance will create threats to compliance with the fundamental principles. For example: The client's issues exist some doubtful points and problems. Client's issues could threaten compliance with the fundamental principles, such as some illegal activities related to the client issues (APES110 s210, 2006).
If the identified threats are not similar as clear insignificant, safeguards. They should be applied to eliminate the identified threats and reduce the risks to an acceptable level. In the other words, the significant threats must be clearly evaluated (APES 110 s210, 2006).
However, if the client has threats and high risks which can not be eliminated or kept in the acceptable level, the audit should reject to audit the company. Those threats and high risks are showed as follow parts.
2.1 Threats and Safeguards
Compliance with the fundamental principles may potentially be threatened by a wide range of circumstances (APES 110, 2006). Such as:
2.1.1 Self-interest threat
The conflict of interest situation may exist by the following reasons:
The first reason is the auditors and professional member of audit team who is not capable of exercising objective and impartial judgments in relation to the conduct of auditing. Another reason is a reasonable person who knows all relevant facts and circumstances. The person would conclude that the auditor or a professional member of the audit term is not capable of exercising impartial judgments in relation to the conduct of the auditing (APES 110, 2006).
1. The auditors have close business relationship with a client.
2. The auditors are jointly holding a financial interest with a client.
3. The auditors have potential employment with a client.
2.1.2 Self-review threat
A self-review threat exists whenever an auditor provides the audit client with valuation services that result in the preparation of a valuation. It is incorporated into the client's financial report (sexto, 2009).
The self-review threat could not be reduced to an acceptable level by the application of any safeguard if the valuation service involves the valuation of matters material of the financial statements, and the valuation involves a significant degree of subjectivity. So that, such valuation services should not be provided (APES 110, 2006).
The significant examples are showed as following:
A member of the assurance team who recently have been a director or senior officer in the client.
It will directly affect the subject matter of the assurance engagement if the person carry out service for the client.
After being involved in their design or implementation, auditors report on the operation of financial systems
2.1.3 Advocacy threat
Advocacy can be seen as a deliberate process of speaking out on issues of concern that in order to exert some influence on behalf of ideas or persons. In auditing, the advocacy may exist when the auditor make managerial decisions on behalf of the client, use individuals that involve the audit to undertake the work, and the auditor commit the audit client for transaction (APES 110, 2006).
A entity is a financial statement audit client and the shares are promoted in a listed entity
Acting as an advocate on behalf of an assurance client in litigation or disputes with third parties.
2.1.4 Familiarity threat
A familiarity threat happens because the firm or individual person in an engagement team. It may become too sympathetic to the client's interests when there is a close or long-term relationship with a client, its directors, officers or employees (APES 110, 2006).
Director or officer of the client having a close or immediate family relationship with a member of the engagement team.
A director or officer of the client or an employee in a position to exert direct and significant influence over the subject matter of the engagement is former partner of the firm.
2.1.5 Intimidation threat
When a person in the engagement team, he or she may be deterred from acting objectively and exercising professional skepticism by threats. The threats include actual threats and perceived threats which from the directors, officers or employees of an assurance client (APES 110, 2006).
Being threatened with litigation.
In order to reduce fees, auditor is pressured to reduce inappropriately the extent of work performed.
There must be appropriate safeguards that relate to obtain knowledge and understand of the client, such as its managers and owners responsible for its management and business activities. It also has to improve corporate governance practices or internal controls by securing the client's commitment.
A member in public practice should decline to enter the client relationship if it is not possible to reduce the threats to an acceptable level (APES 110, 2006).
3.0 Engagement acceptance part
A member in public practice should agree to provide only those services. The member is competent to perform in public practice. Before accepting a specific client engagement, a member should consider whether acceptance would create any threats to compliance with the fundamental principles in public practice (APES 110, s210).
The member should evaluate whether such reliance is warranted if the member in public practice intends to rely on the advice of an expert. The member should also consider the factors such as expertise, resources, reputation, and applicable professional and ethical standards. This kind of information may be got from the expert. That come from prior association or consulting others (APES 110 s210, 2006).
4.0 Case concerned changing or replacing
When a member consider to tender for an engagement which currently held by another professional accountant, or who is asked to replace another professional accountant in public practice, he or she should determine whether there exist any appropriate reasons, professional or something else for not accepting the engagement (APES 110 s210, 2006).
For example (in public practice):
A proposed accountant accepts the engagement which has some threats of professional competence and due care. It is, however, the accountant doesn't realize it before accepts engagement.
In order to help the member to decide whether it would be appropriate to accept the engagement in public practice, the significance of the threats should be evaluated by direct communication with the existing accountant for finding the facts and circumstances behind the proposed change.
The facts and disagreements are existed with the existing accountant that may influence on decision about whether accepting the appointment cannot fully reflect on the apparent reasons of changing in appointment.
Before the proposed accountant who is asked to accept nomination as auditor or replace an existing auditor must pay attention that (APES 110 s210, 2006):
Ask for the prospective client's permission to communicate with the existing auditor. If it is refused the proposed, the auditor should decline the nomination or audit engagement.
Once receipt of permission, the auditor should ask for the information in writing from the existing auditor. The auditor enables a decision as whether the audit nomination or the engagement can be accepted.
If the proposed accountant is unable to communicate with the existing accountant, and get the honest and unambiguous information, the proposed accountant should try to obtain information about any possible inquiries of third parties or background investigations. If threats cannot be eliminated or reduced to an acceptable level, a proposed accountant should decline the engagement unless there is satisfaction as to necessary facts by other means (Public finance, 2004).
The business and regulatory environment in which audit and assurance service providers work that continue change. In order to perform appropriate and relevant role in such a dynamic environment and continue to meet the public interest, the methods of auditing and assurance need to be appropriate. That should be ensured by auditing and assurance's standard-setters.
With growing emphasis on the information and communication chain, the completion and communication stages of assurance service's engagement are also draw our attenuation. It impacts on the work of audit and assurance professions. It becomes a crucial area in the international financial markets. It can help the auditor to avoid the potential risk and threat which go together with the code of ethics (Gay & Simnett, 2007).
The auditor can not do an audit for anybody. There are three aspects of threats and risks should be concerned and evaluated. They are threats and safeguards, engagement acceptance part, and case concerned changing or replacing. Auditors should consider the whole circumstances to evaluate the clients. Auditors also should reduce the risks to an acceptable level. If there are significant risks and suspicious that will directly influence on auditors' professional performance, the auditor can not accept to audit the client. If the auditor lack of the profession knowledge about the client's industry, the auditor also should reject do audit for the client.