Professional Documents
Culture Documents
Overview of Auditing
Overview of Auditing
Overview of Auditing
The auditor assesses the quality of internal that are in fact, materially misstated because of
control by assigning a level of control risk. undetected errors or irregularities or both.
3. Substantive Testing Errors – are unintentional mistakes.
Auditors get samples. Irregularities – are intentional
The third phase of the audit process focuses on misrepresentations associated w/the
gathering evidence pertaining to financial data. commission of fraud, such as misappropriation
It involves detailed investigation of specific of physical asset or attempts to deceive FS
account balances and transactions through users.
Substantive test. Audit Risk Components
Substantive tests tend to be physical, labor The auditor’s objective is to achieve a level
intensive activities ex. Counting cash. of audit risk that is acceptable to the
auditor.
Management Assertions The auditor estimates the acceptable audit
Management assertions are claims made by risk based on EX ANTE VALUE of the
management regarding the content of their components of the audit risk model: 3 (ICD)
issued financial statements. 1. Inherent risk
Implicitly management asserts that their 2. Control risk
account balances and underlying transactions 3. Detection risk
are free from material errors and complete, 1. Inherent Risk (IR) – associated with the unique
valid and accurate. characteristics of the business or industry of the
Through substantive procedures auditors gather client. (Higher risks)
evidence to test the validity of management Auditors cannot reduce the level of
assertions w/c fall in the general categories inherent risk.
below: 2. Control Risk (CR) – is the likelihood that the
1. Assertions about classes of transactions and control structure is flawed because of controls are
events of the period under audit: 5 (OCACC) either absent or inadequate to prevent or detect
Occurrence errors in the account.
Completeness Auditors assess the level of control risk by
Accuracy performing test of internal controls.
Cutoff 3. Detection Risk (DR) – is the risks that the auditors
Classification are willing to take that errors not detected or
2. Assertions about account balances at the prevented by the control structure will also go
year-end: 4 (CREV) undetected by the auditor as he or she performs
Completeness substantive tests.
Rights and obligations Planned Detection Risk – predetermined by
Existence the auditor as an acceptable level of
Valuation and allocation detection risk which influences the level of
3. Assertions about presentation and disclosure: substantive test that they must perform.
4 (COCA) The more reliable the internal controls, the
Classification and Understandability more planned detection risk the auditor can
Occurrence & Rights and Obligation assume and less substantive testing is
Completeness required.
Accuracy and Valuation
The auditors develop audit objectives and Audit Risk Model
design audit procedures to gather evidence Auditors used the audit risk component in the
corroborates (attests/support) or refutes audit risk model to determine the scope, nature
management assertions. and timing of substantive test.
AR = IR x CR x DR
Audit Risks The stronger the internal control structure, as
Audit Risk – it is the probability that the auditor determined through test of controls, the lower
will render unqualified (clean) opinion on FS the control risk the lower the less substantive
test the auditor must perform.
CHAPTER 15 –AUDITING IT CONTROLS PART 1: SARBANES-OXLEY & IT GOVERNANCE