Audit Evidence

• Physical examination is the inspection or count by the auditor of a tangible asset.

• Confirmation describes the receipt of a direct written response from a third party
verifying the accuracy of information that was requested by the auditor.
• Documentation is the auditor’s inspection of the client’s documents and records to
substantiate the information that is, or should be, included in the financial statements.
• An internal document has been prepared and used within the client’s organization and is
retained without ever going to an outside party.
• An external document has been handled by someone outside the client’s organization who
is a party to the transaction being documented, but which are either currently held by the
client or readily accessible.
• Analytical procedures use comparisons and relationships to assess whether account
balances or other data appear reasonable compared to the auditor’s expectations.
• Inquiry is the obtaining of written or oral information from the client in response to
questions from the auditor.
• Recalculation involves rechecking a sample of calculations made by the client.
• Reperformance is the auditor’s independent tests of client accounting procedures or
controls that were originally done as part of the entity’s accounting and internal control
system.
• Observation is the use of the senses to assess client activities.

———————————————————————————————————————
———————————————————————

Materiality: The magnitude of an omission or misstatement of accounting information that, in the

light of surrounding circumstances, makes it probable that the judgment of a reasonable person
relying on the information would have been changed or influenced by the omission or
misstatement.
———————————————————————————————————————
———————————————————————
Internal Control

The control environment consists of the actions, policies, and procedures that reflect the overall
attitudes of top management, directors, and owners of an entity about internal control and its
importance to the entity.

1) Integrity and Ethical Values are the product of the entity’s ethical and behavioral
 standards.
2) Commitment to Competence is the knowledge and skills necessary to accomplish tasks
that define an individual’s job.
3) Board of directors and audit committee participation: The more effective this is the
better is the internal control environment.
4) Management philosophy and operating style: Such as the risk appetite, performance
targets, bureaucracy, etc, and their effects on internal control.
5) Organizational structure: Controls should be implemented taking into account the
entity’s lines of responsibility and authority.
6) Human resource policies and practices: In areas of hiring, training, promoting,
compensating, dealing with personal problems, etc.

Risk assessment for financial reporting is management’s identification and analysis of risks
relevant to the preparation of financial statements in conformity with appropriate accounting
standards.

Control activities are the policies and procedures, in addition to those included in the other four
control components, that help ensure that necessary actions are taken to address risks to the
achievement of the entity’s objectives.

1) Adequate separation of duties: Such as separation of the duties of custody of assets and
accounting, authorization of actions and custody of related assets, operational
responsibility and record-keeping responsibility, and information technology duties and
user departments.
2) Proper authorization of transactions and activities: whether it is general authorization
or specific authorization for individual actions.
3) Adequate documents and records: including prenumbering similar documents
consecutively, preparing documents as quickly as possible when transactions take place,
designing documents for multiple use, and constructing documents in a manner that
encourages correct preparation.
4) Physical control over assets and records, such as using safes, emergency alarms, and
password access.
5) Independent checks on performance: This is important in order for the other above
mentioned four to perform well and not be forgotten or neglected. An internal auditing
department is part of this function, as may be forcing employees to take vacations when
they are replaced by others.

The purpose of an entity’s accounting information and communication system is to initiate,

record, process, and report the entity’s transactions and to maintain account- ability for the related
assets.

Monitoring activities deal with ongoing or periodic assessment of the quality of internal control
by management to determine that controls are operating as intended and that they are modified as
appropriate for changes in conditions.
———————————————————————————————————————
———————————————————————
After obtaining an understanding of internal control, the auditor makes a preliminary assessment
of control risk as part of the auditor’s overall assessment of the risk of material misstatement.
This assessment is a measure of the auditor’s expectation that internal controls will prevent
material misstatements from occurring or detect and correct them if they have occurred.

Assess whether the financial statements are auditable: This includes assessing
whether there are any very significant issues that may make the financial statements in
general not auditable, such as very poor management integrity, or very poor internal
controls. In such cases, the auditor may consider quitting from this audit. If not, the auditor
proceeds to the next step.
• Determine assessed control risk supported by the understanding obtained,
• assuming the controls are being followed.
• Use of a control risk matrix to assess control risk.
• Associating controls with related audit objectives
• Identifying and evaluating control deficiencies.
• Associating significant deficiencies and material weaknesses with related audit
objectives.
• Assessing control risk for each related audit objective.

In summary, the steps for performing a preliminary assessment of control risk are as follows:
1- Identify what controls should exist in the situation
2- Identify what controls exist in the situation
3- Identify the absence of key controls
4- Consider the possibility of compensating controls
5- Decide whether there are significant deficiencies or material weaknesses
6- Determine potential misstatements in the financial statements that can result from these
significant deficiencies and material weaknesses.
This is repeated for each audit objective.
———————————————————————————————————————
———————————————————————
The procedures to test effectiveness of controls in support of a reduced assessed control risk are
called tests of controls.

1. Make inquiries of appropriate client personnel.

2. Examine documents, records, and reports.
3. Observe control-related activities.
4. Reperform client procedures.

Extent of Procedures
• Reliance on Evidence from the Prior Year’s Audit
• Testing of Controls Related to Significant Risks Significant risks are those risks that
the auditor believes require special audit consideration.
• Testing Less Than the Entire Audit Period

———————————————————————————————————————
———————————————————————

In developing an overall audit plan, auditors use five types of tests to determine whether financial
statements are fairly stated. Auditors use risk assessment procedures to assess the risk of material
misstatements. The other four types of tests represent further audit procedures performed in
response to the risk identified. Each audit procedure falls into one, and sometimes more than one,
of these five categories. The five types of audit tests are:

Risk assessment procedures: The auditor is required to obtain an understanding of the entity and
its environment, including its internal control, to assess the risk of material misstatement in the
client's financial statements.
Tests of controls: The auditor's understanding of internal controls is used to assess control risk for
each transaction-related audit objective (the assessment may be different for each objective). If the
preliminary control risk assessment is, for example, low or medium, and the auditor wants to rely
on internal controls to reduce substantive audit procedures, he has to perform tests of controls.
Tests of controls are performed to obtain sufficient appropriate evidence to support the
preliminary assessment of control risk. Tests of controls may include:
1. Make inquiries of appropriate client personnel.
2. Examine documents, records, and reports.
3. Observe control-related activities.
4. Reperform client procedures.

Substantive tests of transactions: Substantive tests are procedures designed to test for monetary
misstatements that directly affect the correctness of financial statement balances. Substantive tests
of transactions are used to determine whether all six transaction-related audit objectives
(occurrence, completeness, accuracy, posting and summarization, classification, timing) have been
satisfied for each class of transactions.
Substantive tests of details of balances: These tests focus on the ending general ledger balances
for both balance sheet and income statement accounts. Typical types of such tests include
confirming payable and receivable accounts and physical examination of tangible assets. These
tests are performed to satisfy all balance-related audit objectives (existence, completeness,
accuracy, classification, cutoff, detail tie-in, realizable value, rights and obligations) for each
significant account.
Substantive analytical procedures: Analytical procedures involve comparisons of recorded
amounts to expectations developed by the auditor. They are required by audit standards during the
stages of planning and completing the audit, but they can also be used as a substantive auditing
procedure in order to provide substantive evidence and indicate possible misstatements in the
financial statements. If auditors believe that analytical procedures indicate a reasonable possibility
of misstatement, they may perform additional analytical procedures or decide to modify tests of
details.