AUDIT PROCESS

Preliminary Planning an audit of Study and Evidence-gathering

engagement financial evaluation of (Substantive
activities statemnent internal control Testing)

Post audit Issuance of the Completing the

responsibilities Audit Report audit

1. The auditor performs major audit procedures

Overall objectives of auditor (audit of fs)
 To obtain reasonable assurance whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error, thereby
enabling the auditor to express an opinion on whether the financial statements
are prepared, in all material respects, in accordance with an applicable financial
reporting framework; and
 To report on the financial statements, and communicate as required by the
PSAs, in accordance with auditor’s findings.
Factors to consider when selecting audit procedures
 Assertions made by the entity
 Assessed level of risk
 Materiality
Major Audit Procedures
1. Risk assessment procedures. The audit procedures are performed to obtain
an understanding of the entity and its environment, including the entity’s
internal control, to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statements and assertion levels.
2. Test of controls. An audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level.
3. Substantive Procedure. An audit procedure designed to detect material
misstatements at the assertion level. Substantive procedures comprise:
i. Tests of details (classes of transactions, account balances, and disclosures
ii. Substantive Analytical Procedures
Specific Audit Procedures
1. Inspection of Records or Documents. It consists of examining records or
documents, whether internal or external, in paper form, electronic form, or
other media.
2. Inspection of Tangibles Assets. It consists of physical examination of the
assets.
3. Observation. It consists of looking at a process or procedure being performed
by others.
 4. Inquiry. It consists of seeking information from knowledgeable persons, both
financial and non-financial, throughout the entity or outside the entity. This
procedure may be used extensively throughout the audit as a complement to
other audit procedures.
5. Confirmation. A specific type of inquiry is the process of obtaining a
representation of information or of an existing condition directly from a third
party.
6. Recalculation. It consists of checking the mathematical accuracy of
documents or records. This procedure may be performed manually or
electronically.
7. Reperformance. It involves the auditor’s independent execution of procedures
or controls that were originally performed as a part of the entity’s internal
control.
8. Analytical Procedures. Procedures consist of evaluations of financial
information made by a study of plausible relationships among both financial and
non-financial data. Analytical procedure also encompass the investigation of
identified fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts.

2. The auditor gathers audit evidence

- Auditor obtains sufficient and audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.
Audit Evidence – refers to information used by the auditor in arriving at the
conclusions on which auditor’s opinion is based.
3. The auditor expresses an audit opinion
- Auditor provides a written report containing a conclusion or an opinion
regarding the fairness of preparation and presentation of financial statements in
accordance with the applicable financial reporting framework.
 Unmodified opinion (Unqualified) – financial statements are prepared, in all
material respects, in accordance with the applicable financial reporting
framework.
- Expressed if sufficient and appropriate evidence has been obtained
 Modified opinion (qualified, adverse, or a disclaimer of opinion)
 Qualified (except for) – expressed if there is material limitation in scope or
material non-compliance with the reporting framework but the overall financial
statements remain fairly presented.
 Adverse (do not present fairly in all material respect) – expressed if there is
material non-compliance with the reporting framework that pervasively effects
the financial statements.
 Disclaimer of opinion (We do not express a conclusion) – expressed if there is
material limitation in the scope of the audit that pervasively effects the financial
statements.
Sub-phases of the Audit Process
 Investigative Phase – performance of audit procedures and the gathering of
audit evidence.
  Reporting Phase – expression of opinion, preparation of the report, and
communication of the results to the different users of the audited financial
statements.
MAJOR AUDIT PLANNING ACTIVITIES
a. Identifying and assessing risks of material misstatements through
understanding the entity and its environment
- Risk assessment procedures
b. Establishing overall audit strategy
- Scope, timing, and direction of the audit
c. Developing an audit plan
- Nature, timing and extent of audit procedures
d. Direction, supervision and review
- Nature, timing and extent of managing the engagement
e. Other Planning Considerations
- Auditor’s expert
- Internal audit function
- Initial audit engagements
- Smaller entities
Risk Assessment Procedures
1. Obtain understanding of the following:
i. Entity and its environment
ii. Applicable Financial reporting framework
iii. Entity’s system of internal control
2. Consider materiality
3. Identify and Assess Risks of Material Misstatement
4. Determine the acceptable level of audit risk
5. Identify Detection Risk to Determine the nature, timing and extent of further
audit procedures
Audit Risk – is the risk that the auditor gives an inappropriate audit opinion when the
financial statements are materially misstated.
Components of Audit Risk
Inherent Risk – the susceptibility of an account balances, classes of transactions, or
disclosures to misstatement that could be material, individually or aggregated with
misstatements in other ABCOTD, assuming that there were no related controls.
Control Risk – is the possibility that a misstatement, that could occur in ABCOTD that
could be material, individually or when aggregated with misstatements in other
ABCOTD, will not be prevented or detected and corrected on a timely basis by the
accounting and internal control systems.
Detection Risk – is the risk that the auditor substantives procedures will not detect a
misstatements that exists in an ABCOTD that could be material, individually or when
aggregated with misstatements in other ABCOTD.
ROMMs levels
Financial statements level – ROMMs that relates to the financial statements as a
whole
Assertion level – for ABCOTD, focuses o0n specific accounts or disclosures

AUDITING IN CIS ENVIRONMENT

Information technology environment – refers to the IT applications and supporting
IT infrastructure, as well as the IT processes and personnel involved in those
processes, that an entity uses to support business operations and achieve business
strategies.
Components of IT Environment
IT application – program or set of programs that are used in the initiation,
processing, recording, and reporting of transactions or information.
IT infrastructure – comprises the network, operating systems, and databases and
their related hardware and software.
IT processes – entity’s processes to manage access to the IT environment, manage
program changes or changes to the IT environment and manage IT operations.
IT INFRASTRUCTURE
- Serves as the foundation of the IT environment. It includes all the hardware,
software, networks and facilities that are necessary to perform the IT services.

Database System – organized data collection that is stored and accessed

chronically
- enables data synchronization by maintaining one copy of important records
locked in an organized file system which is shared by various users without the
necessity of maintaining a copy of the file for themselves
- eliminates data redundancy
Operating System – software that controls computer hardware and supports
its basic functions
- Loaded in the data storage of the computer and is available for use upon
completion of the startup of the computer

Networks – comprised of 2 or more computers that are linked to facilitate

sharing of computer devices, application software, exchange of files, and voice
and video transmissions
- Linkages can be done through cables, satellites, and telephone lines
IT APPLICATIONS
 - Programs designed for specific end-user purposes
- Used in the initiation, processing, recording, and reporting of transactions or
information which are relevant for decision-making.

 Small and medium-sized business accounting applications – includes

basic bookkeeping functions such as invoicing, business payments, payroll
functions, and financial reporting. (QuickBooks & Xero)
 Enterprise accounting application – designed for larger organizations that
allow for more extensive accounting processes. It is often part of a larger suite
(ERP) of software that is used by the organization to manage its business
activities such as procurement, supply chain, operations, inventory
management, and risk management. (SAP Business One & Microsoft Dynamics)
 Cloud/ online accounting application – accounting application that is hosted
online or through remote servers in the cloud. It offers users greater flexibility
and cost-efficiency in managing financial information. (Oracle ERP Cloud and
SAP S/4 Hana)
IT PROCESSES
- Entity’s processes to manage access to the IT environment, manage program
changes or changes to the IT environment and manage IT operations. These
processes include general IT control.
IT Controls (RAIT)
Engtity-level IT Controls – IT organizational controls which set the overall tone on
how information should be managed and processed within the entity
 Strategies and plans
 Segregation of incompatible duties
 Policies and procedures
 Quality assurance
 Risk assessment activities
 Training
 Internal audit and monitoring
General IT Controls – controls over the entity’s IT processes that support the
continuous and proper operation of the IT environment, including the continued
effective functioning of information processing controls and the integrity of
informations
 Controls over IT changes
 IT operation controls
 Access controls
IT Applications Controls – forms part of the business process applications that help
the entity achieve its financial reporting objectives as to the completeness, accuracy,
existence/authorization, and presentation of data.
 Input Controls
 Processing Controls
 Output Controls
Audit Procedures: Identifying and Assessing Audit Risk
Understanding the Entity’s Use of Information Technology
Understand Direct Controls (Information system & communication; control activities)