Structure of an Audit

Understanding the three conceptual phases: audit planning, tests of controls,

and substantive testing.
 What is an Audit?
An audit is a step-by-step process
where professionals (auditors) check if a
company's financial statements and
records are accurate and comply with
the rules. When technology is involved,
it’s called an IT audit, which focuses on
how the computer systems manage
financial information.
Phases of an Audit
Audit Planning Techniques Used:
1. Questionnaires
Learn About the Company:
2. Interviews
The auditor understands the
3. Reviewing Documents
company’s operations, policies, and
4. Observations
structure.
Identify Risks:
What could go wrong? Are there
areas where errors or fraud are
more likely?
Plan the Audit:
The auditor decides which areas
need more attention and sets a
strategy for testing.
Tests of Controls
What are Internal Controls?
These are rules, procedures, or systems that help the
company operate smoothly and avoid problems.
Example: A retail store might check receipts to ensure
cashiers don’t make mistakes or steal money.
Tests of Controls
Test the Effectiveness of Controls:
Example: If the company uses software to approve
payments, the auditor checks if the software blocks
invalid transactions (like duplicate payments).
Decide Control Risk:
If the controls are strong, the auditor will do less checking
later.
If the controls are weak, they will investigate more deeply
in the next phase
 Introduction

Techniques Used:
1. Manual Techniques:
Reviewing transaction logs, invoices, or receipts.
Example: Checking if all supplier invoices were
signed before payment.
2. Using Computer Tools - Computer-Assisted Audit
Tools and Techniques CAATTs):
Specialized software helps auditors analyze large
amounts of data.
Example: Searching for duplicate payments in a
database.
 Substantive Testing
This is the "deep dive" phase, where the auditor looks closely at financial data to
confirm it is accurate.

Check Transactions and Balances:

Key Focus Areas:
Example: To verify accounts
Sending confirmation letters to
receivable, the auditor contacts a
customers to verify account balances.
sample of customers to confirm
Physically counting cash or inventory.
they owe the company money.
Using computer tools to extract and
Look for Errors or Fraud:
check digital records.
Example: If inventory records say
there are 1,000 items in a
warehouse, the auditor might visit
the warehouse to physically count
the items.
Management Assertions

Management assertions are claims that a company's

management makes about their financial statements. These
assertions assure users that the financial data is accurate,
complete, and reliable. However, because these are only
claims, auditors must verify them through audit procedures.
1. Assertions about Classes of Transactions and Events
These assertions focus on the transactions (e.g., sales, purchases) that occurred during the year.
They answer questions like: "Did the transactions really happen?" and "Are they recorded correctly?"

Occurrence. Completeness Accuracy

Transactions and events that All transactions and events Amounts and other data
have been recorded have that should have been relating to recorded
occurred and pertain to the recorded have been recorded. transactions and events have
entity been recorded appropriately.
Audit Procedure: Compare
Audit Procedure: Check shipping logs to sales records Audit Procedure: Verify
supporting documents like calculations on invoices or
to see if any sales were
compare data with supporting
sales invoices or shipping missed.
records.
receipts.
1. Assertions about Classes of Transactions and Events
These assertions focus on the transactions (e.g., sales, purchases) that occurred during the year.
They answer questions like: "Did the transactions really happen?" and "Are they recorded correctly?"

Cutoff Classification
Transactions and events have Transactions and events have
been recorded in the correct been recorded in the proper
accounting period. accounts.

Audit Procedure: Check dates Audit Procedure: Review

on invoices near the period- journal entries to confirm
end. proper classification.
2. Assertions about Account Balances
These assertions deal with the balances of assets, liabilities, and equity at the end of the accounting
period.

Existence. Assets, liabilities, •Completeness. All assets, Valuation and allocation.

and equity interests exist. liabilities, and equity interests Assets, liabilities, and equity
Audit Procedure: Perform a that should have been interests are included in the
physical inventory count recorded have been recorded. financial statements at
appropriate amounts and any
Rights and obligations. The Audit Procedure: Review loan resulting valuation or
entity holds or controls the agreements or confirm allocation adjustments are
rights to assets, and liabilities appropriately recorded.
balances with lenders.
are the obligations of the Audit Procedure: Check the
entity. aging of receivables and
Audit Procedure: Review evaluate the allowance for
purchase contracts or doubtful accounts.
ownership documents.
3. Assertions about Presentation and Disclosure
These assertions relate to how financial information is presented in the financial statements and whether
it is adequately disclosed.

Occurrence and rights and Completeness Classification and

obligations All disclosures that should understandability
Disclosed events and have been included in the Financial information is
transactions have occurred financial statements have appropriately presented and
been included. described and disclosures are
and pertain to the entity.
Audit Procedure: Confirm clearly expressed.
Audit Procedure: Review
with management and lawyers Accuracy and valuation
court documents or legal about any undisclosed items. Financial and other
correspondences. information are disclosed
fairly and at appropriate
amounts
Benefit
 Audit Risk
Audit risk is the possibility that an auditor
will mistakenly give a "clean" opinion on
financial statements that contain
material misstatements. This can
happen because of undetected errors
(unintentional mistakes) or irregularities
(intentional fraud).
 Step Three Key Components of Audit Risk

These components are interconnected and help auditors decide how much testing they
need to perform.

1. Inherent Risk (IR)

The risk of material misstatements in the financial statements before considering
any internal controls.
Factors Affecting Inherent Risk:
Companies in volatile industries or those dealing with hard-to-value assets (like
diamonds) have higher inherent risk.
Complex or unusual transactions, like derivatives, increase risk.
Cash-intensive businesses or companies under financial pressure face higher
risk.
*Auditors cannot reduce inherent risk, but they must evaluate it to plan their work.
 Step Three Key Components of Audit Risk

2. Control Risk (CR)

The risk that a company’s internal controls will fail to prevent or detect errors or
fraud in the financial statements.
Perform tests of controls to check whether internal controls are working
effectively.
Example: Input incorrect test data into the system to see if it detects the errors.

If controls are weak, auditors need to do more substantive testing to ensure

there are no errors.
 Step Three Key Components of Audit Risk

3. Detection Risk (DR)

The risk that the auditor’s own procedures will fail to detect material errors or fraud
that internal controls missed.
Auditors reduce detection risk by performing thorough substantive testing.
Relationship with Substantive Testing:
Lower DR: Requires more substantive tests (e.g., reviewing a large sample of
transactions).
Higher DR: Fewer substantive tests are needed when controls are strong.
 AR: Audit risk (acceptable level set by the
The Audit Risk Model auditor).
The relationship between these IR: Inherent risk (how prone the financials are to
components is expressed in the audit misstatements).
CR: Control risk (likelihood of control failure).
risk model: DR: Detection risk (how much risk the auditor is
AR = IR x CR x DR willing to accept).
Example Calculation
1. Acceptable audit risk (AR) = 5% (auditor wants a 95%
confidence level).
2. Assume IR=40% and CR=60%

Lower Control Risk: Strong controls allow the

auditor to accept a higher detection risk (31%)
and perform fewer substantive tests.
Higher Control Risk: Weak controls require lower
detection risk (20%) and more testing.
 Step Audit Report

After completing the audit, the auditor issues a report that includes:
Opinion on Financial Statements: Whether the financials are fairly presented.
Opinion on Internal Controls: Whether controls over financial reporting are
effective.
If internal controls are weak but financial statements are still accurate, the auditor
can:
Issue a qualified opinion on internal controls.
Issue a clean opinion on financial statements if additional testing confirms no
material misstatements.
Thank you!