Professional Documents
Culture Documents
IA Reviewer
IA Reviewer
IA Reviewer
1. REPORT TITLE - the report title must include date of the audit and the addressee of the report
2. TABLE OF CONTENTS
3. INTRODUCTORY PARAGRAPH- this paragraph states the an audit has been carried out, identifies
the financial documents used to perform the audit and places the important limitations that the
company’s management team is responsible of its accuracy.
4. OTHER INFORMATION DEEMED APPROPRIATE BY THE AUDITEE
B. FINANCIAL SECTION
the auditor identified which financial statements were tested and confirmed that the audit was
conducted in accordance with generally accepted auditing standards
SCOPE PARAGRAPH
this paragraph says that audit followed the rules and methods set by the Generally Accepted Audit
Standards and was designed to provide reasonable assurances that the claims made by the financial
statements are accurate
TYPES OF EXTERNAL AUDIT OPINION
How it Works?
Two main reasons an auditor may write a qualified opinion on a company’s audit report:
1. Deviations from GAAP
2. Limitation of Scope
4. ADVERSE OPINION- when an auditor determines that the financial statements are materially
misstated, or as a whole do not conform with GAAP.
5. DISCLAIMER OPINION- the auditor does not want to or can’t give an opinion on whatever being
audited.
Spreadsheet
An application you use to perform numeric calculations and to analyze and present numeric data.
1. sort data
2. arrange data
3. calculate numeric data
4. free data
USE OF SPREADSHEET
1.FINANCE
2.FORMS
3.SCHOOL GRADES
4.SPORTS
LIST OF SPREADSHEET PROGRAM
-GOOGLE SHEETS -Lotus Symphony
iWORK NUMBERS -OpenOffice
LibreOffice -Microsoft Excel
Lotus 1-2-3
FEATURES OF SPREADSHEET
AUTOSUM – helps you add the contents of a cluster of cells
AUTOFILL – allows to quickly fill cells with repetitive or sequential data
WIZARD – guides you to work effectively by displaying tips based on your doing
Drag and Drop – helps you reposition the data and text by dragging the mouse
ADVANTAGE OF SPREADSHEET
- Calculations are correct
- Calculations are completed automatically
- data can be easily sorted and filtered
- Information is easy to edit
DISADVANTAGES OF SPREADSHEET
- Vulnerable to fraud and corruption
- Prone to human error
DATABASE APPLICATIONS
1. Bank
2. Airlines
3. Universities
4. Telecommunication
5. Sales
6. Manufacturing
7. Finance
8. Human Resource Management
ADVANTAGES
1. ELIMINATING DATA REDUNDANCY with the database approach to business event
processing, an item of data is stored only once.
2. EASE OF MAINTENANCE- because each data element is stored only once, additions,
deletions, or changes to the database are accomplished easily.
3. REDUCED STORAGE COSTS- by eliminating redundant data, storage space is reduced which
results in associated cost savings
4. DATA INTEGRITY- this advantage results from eliminating data redundancy. with only one
version of each data element stored in the database, inconsistencies are no longer a threat.
5. DATA INDEPENDENCE- the database approach allows multiple application programs to use
the data concurrently.
6. PRIVACY- the security modules available in most DBMS software include powerful features
to protect the database against unauthorized disclosure, alteration, or destruction
DISADVANTAGES
1. INCREASED COSTS- the cost of maintaining the hardware, software, and personnel required to
operate and manage a database system can be substantial.
2. MANAGEMENT COMPLEXITY- database systems interface with many different technologies and
have a significant impact on a company’s resources and culture.
3. MAINTAINING CURRENCY- to maximize the efficiency of the database system, you must keep
your system current. Therefore, you must perform frequent updates and apply the latest
patches and security measures to all components.
4. FREQUENT UPGRADE- DBMS vendors frequently upgrade their products by adding new
functionality. Such new features often come bundled in new upgrade versions of the software.
EXPERT SYSTEM
Is a Computer Program that represents and reasons with knowledge of some specialist subject
with a view to solving problems or giving advice.
Is an Intelligent computer program that uses knowledge and inference to solve problem that
are difficult enough to require significant expertise for their solution.
Risk Identification
1. Loss of information privacy
2. Loss of transaction integrity
3. Security risk
4. System Availability Risk
Audit Techniques Using Computers
Audit Software- The auditor may produce a software for audit or obtain ready made Generalized
Audit Software (GAS).
Advantages of GAS
• They are easily learned by the auditor.
• Cost Effective
Audit procedures that may be performed by generalized audit software:
1. Testing client calculations
2. Making additional calculations
3. Extracting data from the client
4. Examining records which meet criteria specified by auditor
5. Selecting audit samples
6. Comparing data that exist on separate file
7. Summarizing data
8. Comparing data obtained through the other audit procedures with client records
9. Identify weakness
10. Prepare flowcharts of client transaction cycles and of client programs
11. Prepare graphic displays of data for easier analysis
12. Correspondence
Test Data
A set of dummy transactions is developed by the auditor and processed by the client’s computer
programs to determine whether the controls which the auditor intends to rely on are functioning as
expected.
Possible problems associated with test data are that the auditor must:
• Make certain the test data is not included in the clients accounting record
• Determine that the program tests is actually used by the client to process data
• Devote necessary time to develop adequate data to test key controls
Concurrent Audit Techniques
These techniques collect evidence as transactions are processed immediately reporting
information requested by the auditor or storing it for later access.
Three Concurrent Techniques
1. Integrated Test Facility (ITF)
2. Snapshots
3. System Control Audit Review File (SCARF)
Integrated Test Facility
Introduces dummy transactions into a system in the midst of live transactions and is usually built
intosystem during the original design.
Snapshots- Auditors embed software routines at different points within an application to capture and
report images called snapshots of selected transaction as it is processed at preselected points in
programs.
System Control Audit Review File (SCARF)
Uses audit software embedded in the client’s system called an embedded audit module to gather
information at predetermined points in a system.
Parallel Simulation- This method processes actual client data through an auditor’s software program.
It verifies processing of actual transactions and allows the auditor to verify actual client results.
Limitations
1. The time it takes the auditor to build an exact duplicate of the client’s system.
2. Incompatibility between auditor and client software.
3. The time involve in processing large quantities of data.
Code Comparison
In the performance of code comparison, an auditor examines two versions of a program to
determinewhether they are identical. Code comparison can be done by visually comparing the coding
of the two programs or by using a computer program tomake the comparison.
Audit Workstation
Using a microcomputer and the necessary software, the auditor extracts the necessary data from the
client’s files and performs the desired tests directly on the microcomputer.
7 Steps in the use of an Audit Workstation
1. Determine data needed
2. Write exact routine
3. Run exact program
4. Download extract file
5. Perform Analysis
6. Prepare report
7. Workpapers
Microcomputer-based Systems
A number of auditors use commercially available software, often referred to as data manager to
download client data to the auditor’s microcomputer. after the client data have been downloaded,
the auditor uses commercially available software Using the
Microcomputer Administration Of an Audit to perform specific audit procedures
There are commercially available software and software developed by public accountingfirms that can
assist the auditor in:
1. Preparing working papers
2. Executing audit procedures
3. Research
4. Engagement management
5. Time budgeting
Some public accounting firms have placed in CD-ROM and hard disks professional standards and firm
literature that could facilitate research in the field both by professional and undergraduate accounting
students.
Among the commercially available software that Auditors have found useful one.
1. Work processors
2. Electronic spreadsheet
3. Graphic packages to present data and
4. Communication program
There are also other types of commercially available software that can assist in engagement
management, such as:
1. Audit program generators that assist in developing audit programs
2. Preparation of flowchart
3. Performance analytical procedures
4. Preparation of working papers.
Expert System
• One program designed to mimic the decision processes of an expert in the field.
• First developed to assist physicians in making informed diagnosis
• These systems are “user friendly”, asking the user for specific information and then reporting on
the decision. Some have the capacity to produce a “map” on how they reached a conclusion.
These are costly to develop and will require a substantial amount of investment to produce
result that are useful to auditors.
Specialized Audit Programs And Additional Techniques
Specialized audit programs may be developed to perform audit tasks.
For example, programs have been written to generate
computer-made flowcharts of other programs.
Another audit technique that may be use is Tagging and Tracing Transactions. This process involves
tagging or specifically markingOr highlighting certain transactions by the auditor at the time of their
input.
Electronic Commerce– Effect on the Audit of Financial Statement (PAPS 1013)
The purpose of PAPS 1013 is to provide guidance to assist Auditors of financial statements where an
entity engages in commercial activity that takes place by means of connected computers over a public
network, such as the internet (E-commerce).
Skills And Knowledge
The auditor considers whether the personnel assigned to the engagement have appropriate IT and
internet business knowledge to perform the audit.
INTERNAL CONTROL CONSIDERATIONS
SECURITY
• Effective use of firewalls and virus protection software
• Effective use of encryption
• Controls over the development and implementation of systems
• Whether the security controls in place continue to be effective as new technologies that can be
used to attack Internet security
TRANSACTION INTEGRITY
• Input validity
• Prevent omission or duplication of transactions
• Ensure the terms of trade have been agreed before an order is processed
• Distinguish between customer browsing and order placed
• Ensure a party in the transaction cannot later deny having agreed to specified terms
• Prevent incomplete processes by ensuring all steps are completed and recorded and rejecting if
not
• Ensure proper distribution of transaction details across multiple systems in a network
• Ensure records are properly retained, backed-up and secured
PROCESS ALIGNMENT
• Completeness and Accuracy of transaction processing and information storage
• Timing of recognition of sales revenues, purchases and other transactions
Computer Assisted Audit Tools and Techniques
Tool Selection
The IIA conducted an audit software analysis and reported several key recommendations for
internal auditors to consider in the selection of CAATs:
1. Determine the enterprise’s audit mission, objectives and priorities
2. Determine the types and scope of audits
3. Consider the enterprise’s technology environment
4. Be aware of the risks
Steps in using CAATs
1. Determine objectives;
2. Determine the scope;
3. Understand the operating system;
4. Understand the characteristics of the data;
5. Access the data;
6. Apply the CAAT;
7. Follow up the result.
Uses of CAATs
Creation of Electronic Work papers
Analytical Test
Continuous Monitoring