Professional Documents
Culture Documents
Module 1: Introduction to IT Auditing
Module 1: Introduction to IT Auditing
Module 1: Introduction to IT Auditing
15
Dates @January 15, 2024
Shared
“A systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between these assertions
and established criteria and communicating the results to the interested users.” (American
Accounting Association)
auditor gathers evidence to give their opinion, on whether the management’s assertions are correct
or not or conforms with established criteria
Computerized
SYNC 1.15 1
auditing is also backwards (starting from end)
SYNC 1.15 2
Explicit Assertions
e.g. declarations made in FS (e.g. they have cash and cash equivalents of 5M)
Implicit/Implied Assertions
e.g. Management declared they have CCE of 5M, there is an implication that such cash exists
Established Criteria
Accepted Reporting Standards
if you don’t renew your accreditation, you cannot sign as independent auditor
SYNC 1.15 3
GAAS (Generally Accepted Auditing Standards)
General Standards
Standards of Fieldwork
Standards of Reporting
issued by the AASC (Auditing and Assurance Standards Council) to clarify the GAAS
issued to attain uniformity of its pronouncements with International Standards on Auditing (ISA)
issued by the Internal Auditing and Assurance Standards Board (IAASB)
in addition to these standards, practice statements (Philippine Auditing Practice Statements) are
also issued to provide practical assistance to auditors in implementing the standards and to
promote good practice in the accountancy profession
Planning
Test of Controls
Substantive Testing
IT Audit involves specialized procedures that are directed to those aspects of the client’s system where
tech plays a material role and thus injects an added degree of complexity into the audit
Phases of an Audit
SYNC 1.15 4
Test of Controls
Objective: Determine if adequate internal controls are in place and functioning properly
But why? → if processes/controls are flawed, then the FS becomes questionable, there is a high
risk of material misstatement
If controls are weak, auditor should not rely on controls → level of substantive testing is increased
inverse relationship (weak controls = high substantive testing; strong controls = substantive
testing doesn’t have to be extensive)
detects rather than prevents, and then corrective measures are taken
manual techniques
SYNC 1.15 5
if mababa ang reliance on controls (dahil mahina ang controls) = mataas ang substantive testing
(inverse relationship)
Substantive Testing
Objective: gather evidence on financial data through detailed investigation of specific account
balances and transactions
CAATTs
Management Assertions
SYNC 1.15 6
Management Assertions, Audit Objectives and Audit Procedures
SYNC 1.15 7
Audit Risk Components
Client
Inherent Risk (there is risk of material misstatement in absence of internal control structure/
due to the nature of account itself without consideration of internal control (ex. cash due to
its liquidity))
Control Risk (risk that material misstatement is not detected or prevented by internal
control)
Auditor
SYNC 1.15 8
SYNC 1.15 9