Group 5

INTERNAL AUDIT REPORT

- A formal document where an internal auditor summarizes his/her works on an audit. Provided as an
assurance service in order for the user to make decisions.
5 C’s of INTERNAL AUDIT REPORT
Condition: What is the particular problem identified?
Criteria: What is the particular problem identified?
Cause: Why did the problem occur?
Consequence: What is the risk/negative outcome because of the finding?
Corrective action: What should management do about the finding?
QUALITIES OF INTERNAL AUDIT REPORT
1. Objectivity - objective and unbiased.
2. Clarity- simple and straightforward.
3. Accuracy - information are accurate.
4. Brevity – information are concise.
5. Timeliness - released promptly immediately, within a month.
10 THINGS Not to Say in an Internal Audit Report
1. Don't say, “ Management should consider . . ."
2. Don't use weasel words.
3. Use intensifiers sparingly.
4. The problem is rarely universal.
5. Avoid the blame game
6. Don't say "management failed."
7. "Auditee" is old-school.
8. Avoid unecessary technical jargon.
9. Avoid taking all the credit.
10. If it sounds impressive, you probably need a rewrite.
COMPONENTS OF INTERNAL AUDIT REPORT
audit reports were prepared according to accepted accounting standards and adequate accounting
controls
A. INTRODUCTORY SECTION
The introduction gives an overview of your business operations, the long-term financial planning and
your cash management policies practices. (it may also contain the organizational chart of the company)

1. REPORT TITLE - the report title must include date of the audit and the addressee of the report
2. TABLE OF CONTENTS
3. INTRODUCTORY PARAGRAPH- this paragraph states the an audit has been carried out, identifies
the financial documents used to perform the audit and places the important limitations that the
company’s management team is responsible of its accuracy.
4. OTHER INFORMATION DEEMED APPROPRIATE BY THE AUDITEE
B. FINANCIAL SECTION
 the auditor identified which financial statements were tested and confirmed that the audit was
conducted in accordance with generally accepted auditing standards

SCOPE PARAGRAPH
this paragraph says that audit followed the rules and methods set by the Generally Accepted Audit
Standards and was designed to provide reasonable assurances that the claims made by the financial
statements are accurate
 TYPES OF EXTERNAL AUDIT OPINION

1. UNMODIFIED OPINION- financial statements are stated fairly

2. UNQUALIFIED OPINION- clean opinion

3. QUALIFIED OPINION- not good & not complete

How it Works?
Two main reasons an auditor may write a qualified opinion on a company’s audit report:
1. Deviations from GAAP
2. Limitation of Scope

4. ADVERSE OPINION- when an auditor determines that the financial statements are materially
misstated, or as a whole do not conform with GAAP.
5. DISCLAIMER OPINION- the auditor does not want to or can’t give an opinion on whatever being
audited.

RELATIONSHIP OF THE BOARD

Corporate social responsibilities and Good Governance
Role of Internal Auditor on Corporate Governance
 Part of the Four Pillars of Corporate Governance
- Board of Directors
- Management
- External Auditor
- Internal Auditor
Roles of the Board
 Test validity of a assumption made
 Stress test opportunity/ Risk analysis
 Test depth and breadth of management’s knowledge, understanding and analysis
 Help foster trust and confidence in management
 Stimulate innovative and creative thought
The Board expect management to:
  Accept that the Board’s role is to monitor and question
 Share in a timely manner all material information needed for decision
making
 Ask advice to the board
 Making quality informed decisions
 Overseeing, managing and holding management accountable
 Satisfying itself of the competence
 Being accountable to shareholders/members
Group 6
SOFTWARE TOOLS
- Computer programs designed to assist in examining and testing clients accounting records.

Spreadsheet
An application you use to perform numeric calculations and to analyze and present numeric data.
1. sort data
2. arrange data
3. calculate numeric data
4. free data

USE OF SPREADSHEET
1.FINANCE
2.FORMS
3.SCHOOL GRADES
4.SPORTS
LIST OF SPREADSHEET PROGRAM
-GOOGLE SHEETS -Lotus Symphony
iWORK NUMBERS -OpenOffice
LibreOffice -Microsoft Excel
Lotus 1-2-3

1. Worksheet- The electronic spreadsheet you work in.

2. Workbook- This is the file that the worksheet is contained in.
3. Name Box- Displays the active cell address.
4. Columns- Are labeled alphabetically and can contain a total of 16,384 columns
5. Row-Labeled numerically and can contain a total of 1,048, 576 rows
6. Cell- The intersection of a column and a row; can contain text, numbers, formulas, or a
combination of all three
7. Active Cell- The cell in which you are working. The cell is outlined.
8. Sheet Tab- Are located below the worksheet grid and let you switch from sheet to sheet in a
workbook. By default, workbook file contains three worksheets, but you can have as many as
255.
9. Scroll Bar- use these to move around in a document that is too large to fit on the screen at
once.
10. Range- selection of two or more cells such as B5:B14; you select a range when you want to
perform an action on a group of cells at once, such as moving them or formatting them
11. Function- A built-in formula; includes the arguments as well as cell references and other unique
information
SPREADSHEET TERMS
QUICK ACCESS TOOLBAR – displays quick access to commonly used commands
TITLE BAR – Displays the name of the application file
FILE TAB – Access options such as Open, New, Save, etc.
STATUS BAR – Displays information about the current worksheet
NEW SHEET – Add a new sheet button

FEATURES OF SPREADSHEET
AUTOSUM – helps you add the contents of a cluster of cells
AUTOFILL – allows to quickly fill cells with repetitive or sequential data
WIZARD – guides you to work effectively by displaying tips based on your doing
Drag and Drop – helps you reposition the data and text by dragging the mouse

ADVANTAGE OF SPREADSHEET
- Calculations are correct
- Calculations are completed automatically
- data can be easily sorted and filtered
- Information is easy to edit
DISADVANTAGES OF SPREADSHEET
- Vulnerable to fraud and corruption
- Prone to human error

Database Management System

DATA MANAGEMENT TASKS
◍ DATA CAPTURE
◍ DATA CLASSIFICATION
◍ DATA STORAGE
◍ DATA ARRANGING
◍ DATA RETRIEVAL
◍ DATA MAINTENANCE
◍ DATA VERIFICATION
◍ DATA CODING
◍ DATA EDITING
◍ DATA TRANSCRIPTION
DATABASE MANAGEMENT SYSTEM
- a set of integrated programs designed to simplify the tasks of creating, accessing, and managing
a database.
DBMS COMPONENTS
1. Hardware
2. Software
3. Data
4. Users
5. Procedures
FUNCTIONS OF DBMS
1. DATA DICTIONARY MANAGEMENT
-is where the DBMS stores definitions of the data elements and their relationships (metadata).
Data Dictionary is where the DBMS stores definitions of the data elements and their
relationships (metadata).
 The DBMS uses this function to look up the required data component structures and
relationships. When programs access data in a database they are basically going through the
DBMS. This function removes structural and data dependency and provides the user with data
abstraction. In turn, this makes things a lot easier on the end user. The Data Dictionary is often
hidden from the user and is used by Database Administrators and Programmers.
2. DATA DICTIONARY MANAGEMENT
-is where the DBMS stores definitions of the data elements and their relationships
(metadata).
3. DATA STORAGE MANAGEMENT
-this particular function is used for the storage of data and any related data entry forms
or screen definitions, report definitions, data validation rules, procedural code
4. DATA TRANSFORMATION AND PRESENTATION
-This function exists to transform any data entered into required data structures.
5. SECURITY MANAGEMENT
-Security management sets rules that determine specific users that are allowed to access the
database.
6. MULTIUSER ACCESS CONTROL -it enables multiple users to access the database simultaneously
without affecting the integrity of the database.
7. BACKUP AND RECOVERY MANAGEMENT- Backup management refers to the data safety and
integrity; for example backing up all your mp3 files on a disk.
8. DATA INTEGRITY MANAGEMENT -The DBMS enforces these rules to reduce things such as data
redundancy.
9. DATABASE ACCESS LANGUAGES AND APPLICATION PROGRAMMING INTERFACES
-makes it easy for user to specify what they want done without the headache of explaining how
to specifically do it.
10. DATABASE COMMUNICATION INTERFACES
-This refers to how a DBMS can accept different end user requests through different network
environments.
11. TRANSACTION MANAGEMENT
This refers to how a DBMS must supply a method that will guarantee that all the updates in a
given transaction are made or not made.

DATABASE APPLICATIONS
1. Bank
2. Airlines
3. Universities
4. Telecommunication
5. Sales
6. Manufacturing
7. Finance
8. Human Resource Management
ADVANTAGES
1. ELIMINATING DATA REDUNDANCY with the database approach to business event
processing, an item of data is stored only once.
2. EASE OF MAINTENANCE- because each data element is stored only once, additions,
deletions, or changes to the database are accomplished easily.
3. REDUCED STORAGE COSTS- by eliminating redundant data, storage space is reduced which
results in associated cost savings
 4. DATA INTEGRITY- this advantage results from eliminating data redundancy. with only one
version of each data element stored in the database, inconsistencies are no longer a threat.
5. DATA INDEPENDENCE- the database approach allows multiple application programs to use
the data concurrently.
6. PRIVACY- the security modules available in most DBMS software include powerful features
to protect the database against unauthorized disclosure, alteration, or destruction

DISADVANTAGES
1. INCREASED COSTS- the cost of maintaining the hardware, software, and personnel required to
operate and manage a database system can be substantial.
2. MANAGEMENT COMPLEXITY- database systems interface with many different technologies and
have a significant impact on a company’s resources and culture.
3. MAINTAINING CURRENCY- to maximize the efficiency of the database system, you must keep
your system current. Therefore, you must perform frequent updates and apply the latest
patches and security measures to all components.
4. FREQUENT UPGRADE- DBMS vendors frequently upgrade their products by adding new
functionality. Such new features often come bundled in new upgrade versions of the software.

Role of Database Administrator

FUNCTIONS
• Defining the schema
• Liaising with Users
• Defining Security and Integrity Checks
• Defining Backup/Recovery Procedures
• Monitoring Performance

EXPERT SYSTEM
 Is a Computer Program that represents and reasons with knowledge of some specialist subject
with a view to solving problems or giving advice.
 Is an Intelligent computer program that uses knowledge and inference to solve problem that
are difficult enough to require significant expertise for their solution.

Expert System three Components

• User Interface – Method by which the expert system interacts with a user.
• Knowledge base – It is a data base that holds specific information and rules about a certain
subject.
• Inference engine – Is the main processing element of the expert system.

Characteristics of expert system

• High Performance
• Adequate Response Time
• Reliability
• Understandable
Advantages of Expert Systems
• Availability
• Cheaper
• Permanence
• Multiple Expertise
 • Explanation
• Fast response
• Unemotional Response at all times
Expert system in auditing
 ExperTAXsm – Powerhouse Coopers – PWC
 Loan Probe – KPMG Peat Marwick
ADVANTAGES
 Increased Auditor Efficiency
 Improved Decision Consensus
 Ability to deal Effectively with large amounts of Information
 Ability to Communicate relationship as well as facts
DISADVANTAGES
• Expert System is difficult to formulate
• Modelling the decision process of “Experts” is time consuming
• True experts are often difficult to Identify
AUDITING IN THE CIS ENVIRONMENT
SCOPE OF AUDIT IN CIS ENVIRONMENT
High speed and Automatic initiation/execution of transactions
Low clerical error
Concentration of duties
Unintentional or system generated errors
Inexperienced personnel
Lack of audit trail
Internal Control Environment & management supervision
Use of CAAT

The nature of risk in CIS environment include the following:

• Lack of transaction
• Uniform processing of Transactions
• Lack of segregation of functions
• Potential for errors and Irregularities
• Initiation or Execution of Transactions
• Dependence of Other controls over computer processing
• Increased management supervision
• Use of CAAT
Audit procedures applicable to evaluating the internal controls in CIS systems:

• Review of the System

• Compliance Testing of CIS controls
• Substantive Testing of Computer-based Records
AUDIT APPROACH IN CIS ENVIRONMENT
• Auditing around the computer
• Auditing through the computer
Analyze the Statement
“Doing the audit in CIS environment is simpler since Trial Balance always tallies”
“How would you assess the reliability of Internal control system in computerized information
systems?”
Knowledge of the Business
PAPS 1013
1. Provide guidance to assist auditors
2. PSA 300: Planning
3. PSA 310: Knowledge of the business
4. PSA 400: Risk Assessments and Internal Control
Auditor should consider:
1. The entity’s business activities and industry
2. The entity’s e-commerce strategy
3. The extent of the entity’s e-commerce activity
4. The entity’s outsourcing arrangements
The entity’s business activities and industry:
 Computer Software
 Securities Trading
 Banking
 Travel Services
 Books and Magazines
 Recorded Music
 Advertising
 News Media
The entity’s e-commerce strategy
1. Supports a new activity
2. Sources of the revenue
3. Management’s evaluation and attitude
4. Management’s commitment
The extent of the entity’s e-commerce activity
 Provide only information
 Facilitate transactions
 Gain access to new markets
 Access Application Service Providers
The entity’s outsourcing arrangements
PSA 402 “Audit Considerations
Relating to Entities Using Service Organizations”

Risk Identification
1. Loss of information privacy
2. Loss of transaction integrity
3. Security risk
4. System Availability Risk
Audit Techniques Using Computers
Audit Software- The auditor may produce a software for audit or obtain ready made Generalized
Audit Software (GAS).
Advantages of GAS
• They are easily learned by the auditor.
• Cost Effective
Audit procedures that may be performed by generalized audit software:
1. Testing client calculations
2. Making additional calculations
 3. Extracting data from the client
4. Examining records which meet criteria specified by auditor
5. Selecting audit samples
6. Comparing data that exist on separate file
7. Summarizing data
8. Comparing data obtained through the other audit procedures with client records
9. Identify weakness
10. Prepare flowcharts of client transaction cycles and of client programs
11. Prepare graphic displays of data for easier analysis
12. Correspondence
Test Data
A set of dummy transactions is developed by the auditor and processed by the client’s computer
programs to determine whether the controls which the auditor intends to rely on are functioning as
expected.
Possible problems associated with test data are that the auditor must:
• Make certain the test data is not included in the clients accounting record
• Determine that the program tests is actually used by the client to process data
• Devote necessary time to develop adequate data to test key controls
Concurrent Audit Techniques
These techniques collect evidence as transactions are processed immediately reporting
information requested by the auditor or storing it for later access.
Three Concurrent Techniques
1. Integrated Test Facility (ITF)
2. Snapshots
3. System Control Audit Review File (SCARF)
Integrated Test Facility
Introduces dummy transactions into a system in the midst of live transactions and is usually built
intosystem during the original design.
Snapshots- Auditors embed software routines at different points within an application to capture and
report images called snapshots of selected transaction as it is processed at preselected points in
programs.
System Control Audit Review File (SCARF)
Uses audit software embedded in the client’s system called an embedded audit module to gather
information at predetermined points in a system.
Parallel Simulation- This method processes actual client data through an auditor’s software program.
It verifies processing of actual transactions and allows the auditor to verify actual client results.
Limitations
1. The time it takes the auditor to build an exact duplicate of the client’s system.
2. Incompatibility between auditor and client software.
3. The time involve in processing large quantities of data.
Code Comparison
In the performance of code comparison, an auditor examines two versions of a program to
determinewhether they are identical. Code comparison can be done by visually comparing the coding
of the two programs or by using a computer program tomake the comparison.
Audit Workstation
Using a microcomputer and the necessary software, the auditor extracts the necessary data from the
client’s files and performs the desired tests directly on the microcomputer.
7 Steps in the use of an Audit Workstation
1. Determine data needed
2. Write exact routine
3. Run exact program
4. Download extract file
5. Perform Analysis
6. Prepare report
7. Workpapers
Microcomputer-based Systems
A number of auditors use commercially available software, often referred to as data manager to
download client data to the auditor’s microcomputer. after the client data have been downloaded,
the auditor uses commercially available software Using the
Microcomputer Administration Of an Audit to perform specific audit procedures
There are commercially available software and software developed by public accountingfirms that can
assist the auditor in:
1. Preparing working papers
2. Executing audit procedures
3. Research
4. Engagement management
5. Time budgeting

Some public accounting firms have placed in CD-ROM and hard disks professional standards and firm
literature that could facilitate research in the field both by professional and undergraduate accounting
students.
Among the commercially available software that Auditors have found useful one.
1. Work processors
2. Electronic spreadsheet
3. Graphic packages to present data and
4. Communication program
There are also other types of commercially available software that can assist in engagement
management, such as:
1. Audit program generators that assist in developing audit programs
2. Preparation of flowchart
3. Performance analytical procedures
4. Preparation of working papers.
Expert System

• One program designed to mimic the decision processes of an expert in the field.
• First developed to assist physicians in making informed diagnosis
• These systems are “user friendly”, asking the user for specific information and then reporting on
the decision. Some have the capacity to produce a “map” on how they reached a conclusion.
These are costly to develop and will require a substantial amount of investment to produce
result that are useful to auditors.
Specialized Audit Programs And Additional Techniques
Specialized audit programs may be developed to perform audit tasks.
 For example, programs have been written to generate
computer-made flowcharts of other programs.
 Another audit technique that may be use is Tagging and Tracing Transactions. This process involves
tagging or specifically markingOr highlighting certain transactions by the auditor at the time of their
input.
Electronic Commerce– Effect on the Audit of Financial Statement (PAPS 1013)
The purpose of PAPS 1013 is to provide guidance to assist Auditors of financial statements where an
entity engages in commercial activity that takes place by means of connected computers over a public
network, such as the internet (E-commerce).
Skills And Knowledge
The auditor considers whether the personnel assigned to the engagement have appropriate IT and
internet business knowledge to perform the audit.
INTERNAL CONTROL CONSIDERATIONS
SECURITY
• Effective use of firewalls and virus protection software
• Effective use of encryption
• Controls over the development and implementation of systems
• Whether the security controls in place continue to be effective as new technologies that can be
used to attack Internet security
TRANSACTION INTEGRITY
• Input validity
• Prevent omission or duplication of transactions
• Ensure the terms of trade have been agreed before an order is processed
• Distinguish between customer browsing and order placed
• Ensure a party in the transaction cannot later deny having agreed to specified terms
• Prevent incomplete processes by ensuring all steps are completed and recorded and rejecting if
not
• Ensure proper distribution of transaction details across multiple systems in a network
• Ensure records are properly retained, backed-up and secured
PROCESS ALIGNMENT
• Completeness and Accuracy of transaction processing and information storage
• Timing of recognition of sales revenues, purchases and other transactions
Computer Assisted Audit Tools and Techniques
Tool Selection
 The IIA conducted an audit software analysis and reported several key recommendations for
internal auditors to consider in the selection of CAATs:
1. Determine the enterprise’s audit mission, objectives and priorities
2. Determine the types and scope of audits
3. Consider the enterprise’s technology environment
4. Be aware of the risks
Steps in using CAATs
1. Determine objectives;
2. Determine the scope;
3. Understand the operating system;
4. Understand the characteristics of the data;
5. Access the data;
6. Apply the CAAT;
7. Follow up the result.
Uses of CAATs
 Creation of Electronic Work papers
  Analytical Test
 Continuous Monitoring

FUNDAMENTAL PRINCIPLES OF CODE OF ETHICS

1. PRINCIPLE OF INTEGRITY
This principle imposes an obligation on all professional accountants to be straightforward and
honest in all professional and business relationship.
2. PRINCIPLE OF OBJECTIVITY
This principle imposes an obligation on all professional accountants not to compromise their
professional judgment because of bias, conflict of interest or the undue influence of others.
3. PRINCIPLE OF CONFIDENTIALITY
This principle imposes an obligation on all professional accountants to refrain from:
• Disclosing outside the firm or employing organization confidential information without proper
authority unless there is a legal or professional right or duty to disclose
• Using confidential information to their personal advantage or advantage of third party.
4. PROFESSIONAL BEHAVIOR
5. PROFESSIONAL COMPETENCE AND DUE CARE

Overview of the Accounting Profession (Philippine Scene)

Professional Regulatory Commission (PRC) Philippines
2 Important Functions:
 Licensure examinations
 Regulates and supervises the practice of the professions
Financial Reporting Standards Council (FRSC)
 Main function of FRSC: Establish generally accepted accounting principles in the Philippines
 Monitors the technical activities of the IASB.
 When finalized, these are adopted as PFRS.
  Monitors issuances of the International Financial Reporting Interpretations Committee (IFRIC) of
the IASB- adopts as Philippine Interpretations-IFRIC
 The FRSC formed the Philippine Interpretations Committee (PIC) in August 2006
Philippine Interpretations Committee
 Assists FRSC in establishing and improving financial reporting standards in the Philippines.
 Role: principally to issue implementation guidance on PFRSs
 PIC Members
Financial Reporting Standards Council (FRSC)
 Members of FRSC Composed of fifteen (15) members with a chairman and fourteen (14)
representatives from:
BOA, SEC, BSP, COA, BIR – 5 (ONE EACH)
Financial Executives Institute of the Phil (FINEX)- 1
PICPA: Public practice, Commerce and Industry, Academe/Education, Government – 8 (2 EACH)
Auditing and Assurance Standards Council (AASC)
 Stated policy of the AASC: make the International Standards and Practice Statements issued by
the International Auditing and Assurance Standards Board (IAASB) applicable standards and
practice statements in the Philippines.
 Final Philippine Standard and Practice Statements shall be submitted to the PRC through the
BOA for approval
Members of AASC
• AASC shall have 15 regular members with a term of three years, renewable
for another term, coming from the following:
Chairman-1
BOA, SEC, BSP, COA-4 (ONE EACH)
Association of CPAs in the public practice-1
PICPA: Public practice-6
Commerce and Industry, Academe/Education Government- 3(ONE EACH)
Council for Accreditation and Quality Control for Practicing CPA
1. Securities and Exchange Commission
2. Bangko Sentral ng Pilipinas
3. Insurance Commission
4. Board of Accountancy
ETHICAL THREATS IN AUDITING PROFESSION AND SAFEGUARD OF THREATS
ETHICAL THREATS
A situation where a person or corporation is tempted not to follow their code of ethics.
THREATS
 Self-interest- personal gain from situation
 Self-review- checking your own work for errors
 Advocacy- promoting the position of a client
 Familiarity - becoming too close to clients
 Intimidation- physical or other threat
SAFEGUARDS- An actions or other measures that may eliminate threats or to reduce them.
3 CATEGORIES OF SAFEGUARDS
1. PROFESSION
2. WORK ENVIRONMENT
3. INDIVIDUAL
 CASE: Accountant need to prepare/report on information fairly, objectively and honesty.
However, the accountant may be pressurized to provide misleading information.
SAFEGUARD:
 Consultation with superiors in the employing company.
 Consultation with those charged with governance
CASE:Refers to receiving incentives being offered to encourage unethical behaviors. Inducement
may include gifts, hospitality and preferential treatment.
SAFEGUARDS:
 Do not accept the inducement
 Inform relevant third parties such as senior management and professional association
(normally after taking legal advice).
CODE OF ETHICS: Institute of Internal Auditing and IFAC
1. Institute of Internal Auditors- provides internal audit professionals worldwide with
authoritative guidance organized in the IPPF as mandatory guidance and recommended
guidance.
o Researching, disseminating, and promoting to practitioners and stakeholders
knowledge concerning internal auditing and its appropriate role in control, risk
management, and governance.
o Advocating and promoting the value
o Providing comprehensive professional education and development opportunities
o Educating practitioners and other relevant audiences on best practices in internal
auditing
o Bringing together internal auditors from all countries to share information and
experiences.
“TO ENHANCE AND PROTECT ORGANIZATIONAL VALUE BY PROVIDING RISK BASED AND
OBJECTIVE ASSURANCE, ADVICE AND INSIGHTS.”
2. INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK
The IPPF provides the principles and guidance for internal auditors to discharge their responsibilities
and meet demanding stakeholders’ expectations.
3. International Federation of Accountants
The global organization for the accountancy profession.
CODE OF ETHICS
states the principle and expectations governing the behavior of individuals and organizations
conduct of internal auditing
ETHICS
Covers moral principles and norms by which human actions may be judged
ESSENTIAL COMPONENTS
1. Principles that are relevant to the profession and practice of Internal Auditors.
2. Rules of conduct that describe behavior norms expected of Internal Auditors. These rules are
an aid to interpreting the Principles into practical applications and are intended to guide the
ethical conduct of Internal Auditors.