SYNC 1.

15
Dates @January 15, 2024

Type 📒 Lesson 🤝 Introduction

Status Done

Shared

Topic Module 1: Intro to IT Auditing

Module 1: Introduction to IT Auditing

Financial Auditing
An independent attestation performed by an independent CPA to express an opinion regarding the
fairness of the presentation of financial statements (James Hall, AIS 10th Edition)

“A systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between these assertions
and established criteria and communicating the results to the interested users.” (American
Accounting Association)

auditor gathers evidence to give their opinion, on whether the management’s assertions are correct
or not or conforms with established criteria

established criteria = PFRS, IFRS, GAAP

then they communicate results with interested users

How are FS prepared?

Manual

auditing is done backwards: from the FS to the source documents

balance of GL must match balance of subsidiary ledger?

Computerized

SYNC 1.15 1
 auditing is also backwards (starting from end)

Hybrid (partly manual, partly computerized)

What are Management Assertions?

SYNC 1.15 2
 Explicit Assertions

e.g. declarations made in FS (e.g. they have cash and cash equivalents of 5M)

Implicit/Implied Assertions

existence, rights and obligations, completeness, valuation & allocation

e.g. Management declared they have CCE of 5M, there is an implication that such cash exists

explicit and implicit assertions go hand-in-hand

Established Criteria
Accepted Reporting Standards

GAAP (Generally Accepted Accounting Principles)

IFRS (International Financial Reporting Standards) / PFRS (Philippine Financial Reporting

Standards)

Independent Auditor/External Auditor

the one performing the audit

in the PH: CPA with BOA Accreditation to do public practice

if you don’t renew your accreditation, you cannot sign as independent auditor

Auditing as a Systematic Process

Follows prescribed auditing standards

SYNC 1.15 3
 GAAS (Generally Accepted Auditing Standards)

General Standards

Standards of Fieldwork

Standards of Reporting

Philippine Standards on Auditing (PSAs)

prescribed process on auditing (not established criteria)

issued by the AASC (Auditing and Assurance Standards Council) to clarify the GAAS

issued to attain uniformity of its pronouncements with International Standards on Auditing (ISA)
issued by the Internal Auditing and Assurance Standards Board (IAASB)

in addition to these standards, practice statements (Philippine Auditing Practice Statements) are
also issued to provide practical assistance to auditors in implementing the standards and to
promote good practice in the accountancy profession

The Structure of an Audit

The Conceptual Phases

Planning

Test of Controls

Substantive Testing

IT Audit involves specialized procedures that are directed to those aspects of the client’s system where
tech plays a material role and thus injects an added degree of complexity into the audit

Phases of an Audit

SYNC 1.15 4
 Test of Controls

Objective: Determine if adequate internal controls are in place and functioning properly

But why? → if processes/controls are flawed, then the FS becomes questionable, there is a high
risk of material misstatement

If controls are weak, auditor should not rely on controls → level of substantive testing is increased

If controls are strong and functioning → risk that FS is misstated is low

inverse relationship (weak controls = high substantive testing; strong controls = substantive
testing doesn’t have to be extensive)

detects rather than prevents, and then corrective measures are taken

How are evidence gathered?

manual techniques

CAATTs (Computer-Assisted Audit Tools and Techniques)

How the results of tests of controls affect substantive testing

SYNC 1.15 5
 if mababa ang reliance on controls (dahil mahina ang controls) = mataas ang substantive testing
(inverse relationship)

Substantive Testing
Objective: gather evidence on financial data through detailed investigation of specific account
balances and transactions

How are evidence gathered?

physical activities: cash count, physical count

CAATTs

Management Assertions

SYNC 1.15 6
 Management Assertions, Audit Objectives and Audit Procedures

SYNC 1.15 7
 Audit Risk Components
Client

Risk of Material Misstatement

Inherent Risk (there is risk of material misstatement in absence of internal control structure/
due to the nature of account itself without consideration of internal control (ex. cash due to
its liquidity))

Control Risk (risk that material misstatement is not detected or prevented by internal
control)

Auditor

Detection Risk (risk that misstatement is not detected by the auditor)

Audit Risk = risk of an auditor to issue inappropriate opinion

RMM + Detection Risk

Audit Risk Model

SYNC 1.15 8
SYNC 1.15 9