Re-Cap of Important Terms

Terms you should be conceptually clear on!

Those charged with governance The person(s) with responsibility for overseeing the strategic
direction of the entity and obligations related to the accountability of the entity. This includes
overseeing the financial reporting process. For some entities in some jurisdictions, those charged
with governance may include management personnel, for example, executive members of a
governance board of a private or public sector entity, or an owner-manager.
Management -The person(s) with executive responsibility for the conduct of the entity's
operations. For some entities in some jurisdictions, management includes some or all of those
charged with governance, for example, executive members of a governance board, or an owner-
manager.
In some cases, all of those charged with governance are involved in managing the entity, for
example, a small business where a single owner manages the entity and no one else has a
governance role
Engagement partner-The partner or other person in the firm who is responsible for the audit
engagement and its performance, and for the auditor's report that is issued on behalf of the firm,
and who has the appropriate authority from a professional, legal or regulatory body.
Engagement quality control review - A process designed to provide an objective evaluation, on
or before the date of the auditor's report, of the significant judgments the engagement team made
and the conclusions it reached in formulating the auditor's report.
Engagement quality control reviewer - A partner, other person in the firm, suitably qualified
external person, or a team made up of such individuals, none of whom is part of the engagement
team, with sufficient and appropriate experience and authority to objectively evaluate the
significant judgments the engagement team made and the conclusions it reached in formulating
the auditor's report.
Management's expert An individual or organization possessing expertise in a field other than
accounting or auditing, whose work in that field is used by the entity to assist the entity in
preparing the financial statements. The preparation of an entity's financial statements may
require expertise in a field other than accounting or auditing, such as actuarial calculations,
valuations etc. The entity may employ or engage experts in these fields to obtain the needed
expertise to prepare the financial staternents. Failure to do so when such expertise is necessary
increases the risks of material misstatement.
Audit procedure: Analytical procedures: Analytical procedures consist of evaluations of financial
information through analysis of plausible relationships among both financial and non-financial
data. Analytical procedures also encompass such investigation as is necessary of identified
fluctuations or relationships that are inconsistent with other relevant information or that differ
from expected values by a significant amount.
Audit procedure: Test of controls-An audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material misstatements at the
assertion level
Audit procedure: Substantive procedure – An audit procedure designed to detect material
misstatements at the assertion level. Substantive procedures comprise:
(1) Tests of details (of classes of transactions, account balances, and disclosures); and
(ii) Substantive analytical procedures.
Internal control The process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with applicable laws and regulations.
The term “controls” refers to any aspects of one or more of the components of internal control.
Deficiency in internal control-This exists when:
(i) A control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in the financial statements on a timely
basis; or
(ii) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely
Basis is missing.
Test of controls- They are audit procedures performed to test the operating effectiveness of
controls in preventing or detecting material misstatements in the financial statements. An auditor
might use inspection of documents, observations of specific controls, re-performance of the
control, test data or other audit procedures to gather evidence about controls.
There are many other issues that auditors struggle with when understanding and testing internal
controls in audits
Of all sizes, including:
Deciding whether to test the operating effectiveness of controls;
Determining what constitutes a deviation and the tolerable deviation rate, and then dealing with
deviations;
Revising the control risk assessment, and the effect of a revision on other audit procedures; and
Balancing the results of controls testing with substantive procedures
Audit evidence Information used by the auditor in arriving at the conclusions on which the
auditor’s opinion is based. Audit evidence includes both information contained in the accounting
records underlying the financial statements and other information.
Appropriateness (of audit evidence) – The measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for the conclusions on which the auditor’s
opinion is based.
Sufficiency (of audit evidence) -The measure of the quantity of audit evidence. The quantity of
the audit evidence needed is affected by the auditor’s assessment of the risks of material
misstatement and also by the quality of such audit evidence.
Sources of audit evidence Inspection.
Observation
Inspection involves examining records or documents, whether internal or external, in paper form,
electronic form, or other media, or a physical examination of an asset. An example of inspection
used as a test of controls is inspection of records for evidence of authorization.
Observation consists of looking at a process or procedure being performed by others, for
example, the auditor's observation of inventory counting by the entity's personnel, or of the
performance of control activities. Observation provides audit evidence about the performance of
a process or procedure, but is limited to the point in time at which the observation takes place,
and by the fact that the act of being observed may affect how the process or procedure is
performed
External confirmation
An external confirmation represents audit evidence obtained by the auditor as a direct written
response to the auditor from a third party (the confirming party), in paper form, or by electronic
or other medium,
Inquiry
Inquiry consists of seeking information of knowledgeable persons, both financial and non-
financial, within the entity or outside the entity.
Recalculation
Recalculation consists of checking the mathematical accuracy of documents or records.
Re-performance
Recalculation may be performed manually or electronically
Analytical procedures
Re-performance involves the auditor's independent execution of procedures or controls that were
originally performed as part of the entity's internal control.
Analytical procedures consist of evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data. Analytical procedures also
encompass such investigation as is necessary of identified fluctuations or relationships that are
inconsistent with other relevant information or that differ from expected values by a significant
amount.
Audit documentation The record of audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached (terms such as "working papers" or "work papers
are also sometimes used).Audit documentation may be recorded on paper or on electronic or
other media. Examples of audit documentation include:
Audit programs.
Analyses.
Issues memoranda.
Summaries of significant matters.
Letters of confirmation and representation.
Checklists.
Correspondence (including e-mail) concerning significant matters.
Misstatement-A difference between the amount, classification, presentation, or disclosure of a
reported financial statement item and the amount, classification, presentation, or disclosure that
is required for the item to be in accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.
Misstatements may result from:
(a) An inaccuracy in gathering or processing data from which the financial statements are
prepared;
(b) An omission of an amount or disclosure, including inadequate or incomplete disclosures
(c) An incorrect accounting estimate arising from overlooking, or clear misinterpretation of,
facts;
(d) Judgments of management concerning accounting estimates that the auditor considers
unreasonable or the selection and application of accounting policies that the auditor
considers inappropriate.;

(e) An inappropriate classification, aggregation or disaggregation, of information; and

 (1) For financial statements prepared in accordance with a fair presentation
framework, the omission of a disclosure necessary for the financial statements to
achieve fair presentation beyond disclosures specifically required by the
framework.
Misstatement of a qualitative disclosure
Each individual misstatement of a qualitative disclosure is considered. This is done to evaluate
its effect on the relevant disclosure(s), as well as its overall effect on the financial statements as a
whole. The determination of whether a misstatement(s) in a qualitative disclosure is material is a
matter that involves the exercise of professional judgment.
Examples where such misstatements may be material include:
Inaccurate or incomplete descriptions of information about the objectives, policies and processes
for managing capital for entities with insurance and banking activities.
The omission of information about the events or circumstances that have led to an impairment
loss (e.g., a significant long-term decline in the demand for a metal or commodity) in an entity
with mining operations.
The incorrect description of an accounting policy relating to a significant item in the statement of
financial position, the statement of comprehensive income, the statement of changes in equity or
the statement of cash flows.
The inadequate description of the sensitivity of an exchange rate in an entity that undertakes
international trading activities.

Professional judgment The application of relevant training, knowledge and experience, within
the context provided by auditing, accounting and ethical standards, in making informed decisions
about the courses of action that are appropriate in the circumstances of the audit engagement.
Professional skepticism-An attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud, and a critical assessment of audit
evidence. Professional skepticism includes being alert to, for example:
Audit evidence that contradicts other audit evidence obtained.
Information that brings into question the reliability of documents and responses to inquiries to be
used as audit evidence
Conditions that may indicate possible fraud.
Circumstances that suggest the need for audit procedures in addition to those required by the
ISAS.
Reasonable assurance the context of an audit of financial statements, a high, but not absolute,
level of assurance.

Assertions – Representations by management, explicit or otherwise, that are embodied in the

financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur.
Assertions about classes of transactions and events and related disclosures for the period under
audit
Occurrence the transactions and events that have been recorded or disclosed, have occurred, and
such transactions and events pertain to the entity.
2. Completeness all transactions and events that should have been recorded have been recorded
and all related disclosures that should have been included in the financial statements have been
included.
3. Accuracy amounts and other data relating to recorded transactions and events have been
recorded appropriately, and related disclosures have been appropriately measured and described.
4. Cut-off-transactions and events have been recorded in the correct accounting period.
5. Classification-transactions and events have been recorded in the proper accounts.
6. Presentation-transactions and events are appropriately aggregated or disaggregated and clearly
described, and related disclosures are relevant and understandable in the context of the
requirements of the applicable financial reporting framework.
Assertions about account balances and related disclosures at the period end
1. Existence assets, liabilities and equity interests exist.
2. Rights and obligations-the entity holds or controls the rights to assets, and liabilities are
the obligations of the entity

Completeness all assets, liabilities and equity interests that should have been recorded have been
recorded and all related disclosures that should have been included in the financial statements
have been Included.
Accuracy, valuation and allocation-assets, liabilities and equity interests have been included in
the financial statements at appropriate amounts and any resulting valuation allocation
adjustments have been appropriately recorded and related disclosures have been appropriately
measured and described.
5. Classification assets, liabilities and equity interests have been recorded in the proper accounts.
6. Presentation-assets, liabilities and equity interests re appropriately aggregated or disaggregated
and clearly. Described, and related disclosures are relevant and understandable in the context of
the requirements of the applicable financial reporting framework
Business risk-A risk resulting from significant conditions, events, circumstances, actions or
inactions that could adversely affect an entity’s ability to achieve its objectives and execute its
strategies, or from the setting of Inappropriate objectives and strategies
Audit sampling (sampling) - The application of audit procedures to less than 100% of items
within a population of audit relevance such that all sampling units have a chance of selection in
order to provide the auditor with a reasonable basis on which to draw conclusions about the
entire population,
Sampling risk-The risk that the auditor's conclusion based on a sample may be different from the
conclusion if the entire population were subjected to the same audit procedure. Sampling risk can
lead to two types of erroneous
conclusions:
(1) In the case of a test of controls, that controls are more effective than they actually are, or in
the case of a test of details, that a material misstatement does not exist when in fact it does. The
auditor is primarily concerned with this type of erroneous conclusion because it affects audit
effectiveness and is more likely to lead to an inappropriate audit opinion..
In the case of a test of controls, that controls are less effective than they actually are, or in the
case of a test
of details, that a material misstatement exists when in fact it does not. This type of erroneous
conclusion
affects audit efficiency as it would usually lead to additional work to establish that initial
conclusions were
incorrect.
Non-sampling risk-The risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk.

Written representation - A written statement by management provided to the auditor to confirm

certain matters or to support other audit evidence.
The date of the written representations shall be as near as practicable to, but not after, the date of
the auditor's report on the financial statements.
The written representations shall be in the form of a representation letter addressed to the auditor
If the auditor has concerns about the competence, integrity, ethical values or diligence of
management, or about its commitment to or enforcement of these, the auditor shall determine the
effect that such concerns may have on the reliability of representations (oral or written) and audit
evidence in general in particular, if written représentations are inconsistent with other audit
evidence, the auditor shall perform audit procedures to attempt to resolve the matter.
If management does not provide one or more of the requested written representations, the auditor
shall:
(a) Discuss the matter with management;
(b) Revaluate the integrity of management and evaluate the effect that this may have on the
reliability of representations (oral or written) and audit evidence in general; and
(c) Take appropriate actions, including determining the possible effect on the opinion in the
auditor's report
Information obtained from outside of the ledger
Financial statements may contain information that is obtained from outside of the general and
subsidiary ledgers. Examples of such information may include:
Information obtained from lease agreements disclosed in the financial statements, such as
renewal options or future lease payments.
Information disclosed in the financial statements that is produced by an entity’s risk management
system (such as disclosures about credit risk, liquidity risk, and market risk)
Fair value information produced by management’s experts and disclosed in the financial
statements.
Information disclosed in the financial statements that has been obtained from models, or from
other calculations used to develop estimates recognized or disclosed in the financial statements,
including information relating to the underlying data and assumptions used in those models, such
as assumptions developed internally that may affect an asset’s useful life
Information disclosed in the financial statements about sensitivity analyses derived from
financial models that demonstrates that management has considered alternative assumptions.
Information recognized or disclosed in the financial statements that has been obtained from an
entity’s tax returns and records
Information disclosed in the financial statements that has been obtained from analyses prepared
to support management’s assessment of the entity’s ability to continue as a going concern, such
as disclosures, if any, related to events or conditions that have been identified that may cast
significant doubt on the entity’s ability to continue as a going concern.
Internal audit is defined as “An appraisal activity established within an entity as a service to the
entity. Its functions include, amongst other things, examining, evaluating and monitoring the
adequacy and effectiveness of internal control”
Types of internal audit
There are numerous different types of audit that internal auditors can be involved in such as
efficiency and effectiveness audits. For THE ADVANCED AUDIT & ASSURANCE EXAM the
two most important are compliance and operational audits.
Compliance audits: Audit checks intended to determine whether the actions of employees are in
accordance with company policy, laws and regulations.
Operational audits: Audits of the operational processes of the organization to check not only
compliance with controls, but also the effectiveness of controls as part of the risk management
process.
There are two broad categories of Computer Aided Audit Techniques:
1. Audit software; and
2. Test data.
Audit software
Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf
software or it can be purpose written to work on a client's system. The main advantage of these
programs is that they can be used to scrutinise large volumes of data, which it would be
inefficient to do manually. The programs can then present the results so that they can be
investigated further.
Specific procedures they can perform include:
Extracting samples according to specified criteria, such as:
Random;
O Over a certain amount:
O Below a certain amount;
O At certain dates.
Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e.
benchmarking);
Check arithmetical accuracy (for example additions);
Preparing reports (budget vs actual);
Stratification of data (such as invoices by customer or age);
Produce letters to send out to customers and suppliers, and
Tracing transactions through the computerised system.
These procedures can simplify the auditor's task by selecting samples for testing, identifying risk
areas and by performing certain substantive procedures. The software does not, however, replace
the need for the auditor's own procedures.
Test data
Test data involves the auditor submitting 'dummy' data into the client's system to ensure that the
system correctly processes it and that it prevents or detects and corrects misstatements. The
objective of this is to test the operation of application controls within the system.
To be successful test data should include both data with errors built into it and data without
errors. Examples of
errors include:
Codes that do not exist, e.g. Customer, supplier and employee;
Transactions above pre-determined limits, e.g. Salaries above contracted amounts, credit above
limits agreed
with customer;
Invoices with arithmetical errors; and
Submitting data with incorrect batch control totals.
Data maybe processed during a normal operational cycle ('live' test data) or during a special run
at a point in time outside the normal operational cycle ('dead' test data). Both has their
advantages and disadvantages:
Live tests could interfere with the operation of the system or corrupt master files/standing data;
Dead testing avoids this scenario but only gives assurance that the system works when not
operating live. This
may not be reflective of the strains the system is put under in normal conditions.
Other techniques
There are other forms of CAAT that are becoming increasingly common as computer technology
develops, although the cost and sophistication involved currently limits their use to the larger
accountancy firms with greater resources.
These include:
Integrated test facilities this involves the creation of dummy ledgers and records to which test
data can be sent. This enables more frequent and efficient test data procedures to be performed
live and the information can simply be ignored by the client when printing out their internal
records; and
Embedded audit software this requires a purpose written audit program to be embedded into the
client’s accounting system. The program will be designed to perform certain tasks (similar to
audit software) with the advantage that it can be turned on and off at the auditor’s wish
throughout the accounting year. This will allow the auditor to gather information on certain
transactions (perhaps material ones) for later testing and will also identify peculiarities that
require attention during the final audit.
Public oversight committee
Earlier, the accountancy profession was self-regulated. However, due to globalisation and the
failure of big organisations such as Enron the effectiveness of self-regulation came into doubt
and a need for external regulation emerged.
A public oversight committee is an independent body created to oversee the governance and
financial reporting
Of public organisations. Its main role is:
To protect the interests of investors and the public at large.
To give investors and others confidence that an organisation’s activities are not detrimental to the
public interest.
To ensure that the audit report is fair and independent, providing all the essential information.
To ensure that registered public accounting firms maintain high professional standards so as to
improve the quality of audit services offered.