1.

What is auditing
- Audit: the accumulation and evaluation of evidence about information to determine and
report on the degree of correspondence between the information and established criteria.
The audit findings will be communicated to the user though the auditor’s opinion
- Auditing:
o A process to ensure whether the information disclosed by the auditor is fairly
presented, in accordance with the established criteria
o Sebuah proses yang sistematis dan objektif dengan mengumpulkan bukti-bukti
untuk dievaluasi mengenai asersi manajemennya dengan standar yang berlaku,
untuk selanjutnya auditor bertugas untuk mengkomunikasikan hasil tersebut pada
pengguna (pihak yang berkepentingan)
 Sistematis: proses audit harus dilakukan secara berurutan sesuai dengan
tahapan yang telah ditetapkan
 Harus selalu urut karena jika tidak urut akan berpotensi menghasilkan
kesalahan auditor berupa opini yang tidak akurat
2. Why should be audited?
- Ada information risk
o Remoteness (keterbatasan): pengguna memiliki akses terbatas sehingga ada
kemungkinan informasi salah diberikan
o Bias penyedia informasi: sengaja/tidak sengaja disesuaikan dengan kemauan
penyedia
o Volume yang besar: kemungkinan kesalahan tidak terdeteksi
o Complex transaction: meningkatkan kesalahan pencatatan
- Information risk dapat diatasi dengan pengguna memverifikasi sendiri, manajemen
menanggung resiko, dan melakukan audit untuk memberikan assurance
3. Purpose of auditing
- Manfaat: audit digunakan sebagai sarana memberikan reasonable assurance atas LK bahwa
LK sudah disajikan dengan wajar, bebas dari salah saji material dan dapat digunakan sebagai
dasar pengambilan keputusan bagi pengguna
- Tujuan: untuk memberikan opini atas laporan keuangan berdasarkan bukti-bukti yang
diperoleh dari client bahwa LK telah disajikan dengan wajar, bebas dari salah saji material
dan sudah sesuai dengan strandar yang berlaku
4. Accounting vs Auditing
- Accounting:
o the recording, classifying, summarizing of economic events in a logical manner for
the purpose of providing financial information for decision making
o provide financial information to the user
- Auditing:
o focus on determining whether recorded information properly reflects the economic
events occurred during the accounting period
o ensure that financial information is fairly presented and already in accordance with
established criteria
5. Audit phase MEMORISE!!
1. Plan and design an audit approach
a. Accept client and perform initial audit planning
b. Understanding the client’s business and industry
c. Perform preliminary analytical procedures
 d. Set preliminary judgment of materiality and performance materiality
e. Identify significant risks due to fraud or error
f. Assess inherent risk (IR: risks of material misstatements before considering internal
control  risks due to the nature/industry of the business)
g. Understand internal control and assess control risk (CR: the likelihood that material
misstatement will not be caught by the internal control)
h. Finalize overall audit strategy and audit plan
2. Perform TOC and STOT
a. Plan to reduce the assessed level of control risk
b. Perform TOC
c. Perform STOT
d. Assess likelihood of misstatement in financial statements
3. Perform analytical procedures and TODB
a. Perform SAP (not mandatory)
b. Perform tests of key items
c. Perform additional TODB
4. Complete the audit and issue an audit report
a. Perform additional tests for presentation and disclosure (analytical procedure)?
b. Accumulate final evidence
c. Evaluate results
d. Issue audit report
e. Communicate with audit committee and management

6. Audit cycle MEMORISE!!

- Sales and collection cycle
o Journal: sales and cash receipts
o Account: sales, sales return, cash, AR, bad debt, allowance for uncollectible
- Acquisition and payment cycle
o Journal: acquisition, cash disbursement
o Account: cash, inventory, asset, AP, Tax payable, depreciation, selling expense, adm.
Expense, income taxes
- Payroll and personnel cycle
o Journal: payroll
o Account: tax payable, pph, tax expense
- Inventory and warehouse cycle
o Journal: sales, acquisition
o Account: inventory, cogs
- Capital acquisition and repayments cycle
o Journal: acquisition, cash disbursement
o Account: notes payable, capital stock, RE, dividend, interest expense
7. Asersi
- PCAOB:
1. Occurrence/existence
2. Completeness
3. Valuation/allocation
4. Rights & obligation
5. Presentation & disclosure
 - AICPA:
a. Transaction-related assertion
1. Occurrence
2. Completeness
3. Accuracy
4. Classification
5. Cut-off
b. Balance-related assertion
1. Existence
2. Completeness
3. Valuations & allocation
4. Rights & obligations
c. Presentation and disclosure
1. Occurrence & rights and obligations
2. Completeness
3. Accuracy & valuation
4. Classification & understandability
8. Type of test
- Risk assessment procedures
- Test of Controls
o Inquiries
o Inspection
o Observe control-related activities
o Reperform client procedures
- Substantive test of controls
o Substantive test of transactions
 Used to determine whether the audit objectives for transaction-related have
been satisfied
 More efficient to perform TOC with STOT
 Evidence: CAAT (?), inquiry, recalculation, reperformance, inspection
o Substantive analytical procedure
 Comparisons of recorded amounts to expectations developed by the auditor
 Required in planning and completion
 Not required but performed to audit account balance
 To indicate possible misstatements in the FS and to provide substantive
tests
 Results a reasonable possibility of misstatements, may perform additional
procedures or decide to modify TODB
 When indicate the account appear reasonable and meet the expectation of
auditor, no need to perform TODB
o Test of details balances
 Focus on the ending GL balances for both balance sheet and income
statement accounts
 Confirmation, inspection, physical examination, recalculation
 To the extent of these tests depends on the results of TOC, STOT, SAP
 Help to establish the monetary correctness of the account they relate to and
therefore are substantive tests
9. Hubungan TOC & STOT & TOD
- An exception in a TOC only indicates the likelihood of misstatements affecting the dollar
value of the financial statements, whereas an exception in a STOT or a TODB is a financial
statement misstatement. Exceptions in tests of controls are called control test deviations.
- TOC: the process of FS, if u select 25 samples and have 1 exception (one-off: likelihood of
misstatement is lower or significant deficiency: )
- Auditors are most likely to believe material dollar misstatements exist in the financial
statements when control test deviations are considered to be significant deficiencies or
material weaknesses  basically bcs the control fails. Auditors should then perform
substantive tests of transactions or tests of details of balances to determine whether
material dollar misstatements have actually occurred.
- Example:
o Assume that the client’s controls require an independent clerk to verify the quantity,
price, and extension of each sales invoice, after which the clerk must initial the
duplicate invoice to indicate performance. A test of control audit procedure is to
inspect a sample of duplicate sales invoices for the initials of the person who verified
the information. If a significant number of documents lack initials, the auditor should
consider implications for the audit of internal control over financial reporting and
follow up with substantive tests for the financial statement audit. This can be done
by extending tests of duplicate sales invoices to include verifying prices, extensions,
and footings (substantive tests of transactions) or by increasing the sample size for
the confirmation of accounts receivable (substantive test of details of balances).
Even though the control is not operating effectively, the invoices may still be correct,
especially if the person originally preparing the sales invoices did a conscientious
and competent job.
o On the other hand, if no documents or only a few of them are missing initials, the
control will be considered effective and the auditor can therefore reduce
substantive tests of transactions and tests of details of balances.
- Trade-off TOC & ST
o TOC untuk mendukung penilaian resiko:
Jika CR rendah didukung TOC, maka PDR dapat dinaikkan dan ST dapat dikurangi
o Jika control kelas tidak efektif, TOC dilakukan dalam jumlah minimal dan perbanyak
ST
10. Resiko
- Audit risk: resiko audit dimana masih terdapat salah saji material saat auditor telah
mengeluarkan opini WTP
- Risk assessment procedures: inquiries, analytical procedure, inspection, observation, diskusi
dengan engagement team, other procedures
- AR = IR x CR x DR
o AR: audit risk
o IR: inherent risk: resiko yang ada pada bisnis tanpa mempertimbangkan keeffektifan
internal control
o CR: control risk: resiko internal control gagal mendeteksi/mencegah salah saji
o DR: detection risk: resiko bukti audit gagal untuk menemukan salah saji material
- DR = AR/(IR x CR)
o Auditor ingin AR yang rendah (roleransi pada kesalahan opini kecil)
o IR & CR perusahan tinggi
 o Maka, DR akan rendah. Resiko bukti tidak bisa mendeteksi salah saji kecil sehingga
bukti harus diperbanyak
- PDR = AAR/(IR x CR)
o PDR: Planned detection risk
 A measure of the risk that audit evidence for a segment will fail to detect
misstatements that could be material, should such misstatement exist
 PDR determines the amount of substantive evidence that the auditor plans
to accumulate, inversely with the size of PDR. If PDR is reduced, the auditor
needs to accumulate more evidence to achieve the reduced planed risk
o AAR: Acceptable audit risk
 A measure of how willing the auditor is to accept that the FS may be
materially misstated after the audit is completed and WTP is issued
 When lower AAR is decided, auditor want to be more certain that FS are not
materially misstated
 Direct relationship of AAR and PDR, inverse with planned evidence
 If AAR decrease, PDR reduce, therefore planned evidence need to be
increased
 Auditors decide engagement risk before setting AAR
11. Standar audit (international & indo)
- Audit standar: Generally Accepted Auditing Standards (international)
- Standar Professional Akuntan Publik (SPAP) dibuat oleh IAPI (Institut Akuntan Publik
Indonesia)
- Standar audit:
o Standar umum: harus dimiliki oleh pribadi auditor/kualitas personal
 Harus mengikuti pelatihan agar memiliki kecakapan teknis (kompetensi)
 Independent, objektif, integritas
 Melakukan audit dengan prinsip due case (kehati-hatian, professional
skeptism)
o Standar pekerjaan lapangan: aksi auditor dalam pengumpulan bukti dan aktivitas
lainnya
 Perencanaan dan pengawasan cukup
 Mengerti lingkungan dan industry klien
 Mengumpulkan bukti secara appropriate (relevance & reliable) dan
sufficient (representative)
o Standar pelaporan
 Meyakinkan bahwa LK sudah sesuai dengan standar
 Mengungkapkan adanya inkonsistensi dalam LK
 Mengungkapkan LK (disclosure)
 Membuat opini berdasarkan bukti-bukti audit dan memberikan alasan
mengenai opini yang diambil
12. Materialitas, bukti audit, audit risk
- Hubungan antara resiko dan bukti audit:
o Jika audit beresiko, selain memperbanyak bukti dan tes, auditor dapat meningkatkan
jumlah staf professional dan review dilakukan dengan lebih hati-hati
o IR, CR, dan DR serta akan berbeda untuk tiap segmen (unit transaksi, saldo,
disclosure, akun) dan objectives
 - Materialitas biasanya ditentukan untuk setiap akun, bukan untuk transaction, balance,
disclosure objectives
- Resiko dinilai secara subjektif sehingga ada kemungkinan salah/tidak tepat (over- / under-
auditing)
- Resiko dan materialitas, dan bukti
o Tidak ada hubungan langsung
o Resiko adalah ukuran ketidakpastian, materialitas adalah ukuran dalam angka
(ukuran ketidakpastian pada nilai tertentu)
o Model resiko tidak menggunakan materialitas tapi penentuan bukti menggabungkan
aspek keduanya
o AR, IR, dan CR dapat berubah jika auditor menemukan bukti bahwa resiko lebih
besar dari penilaian awal
13. Audit evidence:
- Physical examination
- Confirmation
- Inspection
- Analytical procedure
- Inquiry
- Recalculation
- Reperformance
- Observation
14. Independence/ethic
- Audit should be done by someone who is competent and independent
o Independent: keep the confidence of users in relying on their reports, don’t pick
sides
o Competent: know the types and amount of evidence to accumulate in order to reach
the proper conclusion after examining the evidence
o Qualified: understand the criteria
- Independence-in-fact: auditor berperilaku independent dalam tugasnya
- Independence-in-appearance: persepsi orang lain/public bahwa auditor telah independen
15. Opini dan kriterianya
- Standard unqualified
o Four conditions have been met:
 All statements are included in the financial statement
 Sufficient appropriate evidence has been accumulated
 FS are presented in accordance with US GAAP, or appropriate accounting
framework
 No circumstances requiring the addition of explanatory paragraph
- Unqualified with explanatory paragraph
o A complete audit took place with satisfactory results and financial statements are
fairly presented, but the auditor believes that is important or is required to provide
additional information (masih sesuai standar tapi butuh penjelasan tambahan)
 Lack of consistent and comparability application of GAAP
 Substantial doubt about going concern
 Auditor agrees with departure from a promulgated principle
 Ex: there is circumstances that hasn’t been clearly explained in
standards such as satellite department
  Emphasis of other matters:
 The existence of material related party transactions
 Important events occurring subsequent to the balance sheet data
 Material uncertainties disclosed in the footnotes
 The description of accounting matters affecting the comparability of
FS with those of the preceding year
 Report involving other auditors
- Qualified
o The auditor concludes that overall FS are fairly presented, but the scope of the audit
has been materially restricted or applicable accounting standards were not followed
in preparing the financial statements
o Departures from qualified audit report
 The scope of the audit has been restricted, so not sufficient evidence
accumulated
 The FS have not been prepared in accordance with GAAP
 The auditor is not independent
- Adverse
o The auditor concludes that the financial statements are not fairly presented
o Overall materiality misstated dan tidak sesuai dengan standar. Auditor sudah
mengumpulkan bukti untuk memberi opini materially mistated
- Disclaimer
o The auditor is unable to form an opinion as to whether FS are fairly presented or the
auditor is not independent
o Tidak bisa mengumpulkan bukti/tidak independen
16. Jasa atestasi selain audit
- Assurance: untuk meningkatkan kualitas informasi, dilakukan professional yang independent
untuk membuat keputusan
o Attestation (ada laporannya)
 Audit laporan keuangan (apakah sudah sesuai standar)
 Internal control pada laporan keuangan
 Review laporan keuangan (moderate level of assurance, untuk perusahaan
kecil)
 IT assurance untuk perusahaan
 Assurance untuk pinjaman
o Non-attestation (tidak ada laporan)
 Pemberian saran, rekomendasi
 Accounting services, tax services, konsultasi manajemen
17. Reasonable assurance
- Not a guarantee
- Free from material misstatement
- Indicate that an audit cannot be expected to completely eliminate the possibility that a
material misstatement will exist in the financial statements. In other words, an audit
provides a high level of assurance, but it is not a guarantee.
- Assurance yang diberikan auditor bersifat reasonable bukan absolut. Audit yang dilakukan
sesuai standar pun masih memiliki kemungkinan gagal mendeteksi salah saji
o Penyebab: audit dilakukan dengan sampling, adanya estimasi dalam pencatatan
akuntansi, fraud tidak selalu bisa/susah dideteksi
18. Laporan audit bentuknya tiap opini
- Standard Unqualified Audit Report
1. Report Title
2. Audit Report Address
3. Introductory paragraph
a. Simple statement that CPA firm has done an audit
b. Lists the FS that were audited
c. Management’s responsibility & auditor’s responsibility
4. Scope paragraph: factual statement about what the auditor did in the audit
5. Opinion paragraph
6. Explanatory paragraph (for unqualified with explanatory paragraph)
7. Name and address of CPA firm
8. Audit report date
19. Pertanggalan di audit
20. Izin KAP
- Diberikan oleh Kemenkeu sesuai UU No. 5 Tahun 2011 tentang Akuntan Publik
21. Internal control system (what, tujuan, kalo uda bagus gimana?, hubungan sama TOC?)
- Internal Control: kebijakan dan prosedur yang dibuat untuk memberikan reasonable
assurance bagi manajemen bahwa perusahaan mencapai tujuannya
- Tujuan: reliability of financial reporting, operasi yang efektif & efisien, kepatuhan dengan
hokum dan peraturan
- Kalau IC sudah bagus apa perlu TOC?
o Perlu, karena hal yang bagus itu perlu diverifikasi. -> professional skepticism
22. COSO
1. Control Environment
o Sikap & pandangan manajemen dan perusahaan terhadap IC dan pentingnya IC bagi
perusahaan
2. Risk assessment
o Identifikasi dan penilaian resiko yang ada  inquiries of management, observation,
inspection, analytical procedures.
3. Control activities
o Prosedur yang digunakan untuk memastikan bahwa respons atas resiko telah
dilakukan
4. Information & communication
o Sistem informasi akuntansi perusahaan yang digunakan untuk memproses dan
mencatat transaksi
5. Monitoring
o Evaluasi atas IC yang dilakukan berkala, untuk memastikan IC sudah terjalan dan
dimodifikasi jika ada perubahan
23. Triangle fraud
- Pressure
- Opportunities
- Rationalization
24. Audit perusahaan start-up
Untuk mengaudit perusahaan berbasis finansial teknologi, auditor harus memahami
pengendalian internal, baik tentang pengetahuan umum ataupun pengendalian aplikasi serta
memahami aplikasi dan teknologi yang digunakan. Auditor juga harus memahami proses
 transaksi yang masuk dan keluar dari fintech, informasi yang dimasukkan ke dalam komputer
yang sudah diotorisasi (pengendalian input), mencegah, mendeteksi kesalahan yang mungkin
terjadi ketika data transaksi diproses (pengendalian pemrosesan), dan review kelayakan data
(pengendalian output). Semakin kompleks teknologi yang digunakan, kemampuan auditor dalam
menguasai pengendalian harus semakin ditingkatkan untuk mengidentifikasi kesalahan dalam
sistem.
25. Audit di non-profit organization