REVIEWER
REVIEWER
REVIEWER
b. Existence or occurrence
2. CR Preliminary assessment = maximum
whether specific assets and
level
liabilities at a given point in
time existing and occurred or that the FS are misstated but that
during the recorded year. amounts are not material
d. Unqualified opinion - The auditor
c. Rights and obligations believes that no material losses or
Client has rights to existing account misstatements
assets and the claims from
Audit Risk
Liabilities and Equity are valid
Refers to the possibility that the auditors fail to
d. Completeness appropriately modify their opinion on FS that
whether all transactions that are materially misstated. For each FS account,
should have been recorded by audit risk consists of the possibility that:
the client are accurately
included in the accounts. a. a material misstatement in an assertion
about the account has occurred, and
e. Valuation b. the auditors do not detect the
whether FS elements are stated misstatement
at the proper amount in Type of Audit Risk
accordance with GAAP
1. Inherent Risk - the susceptibility of FS
3. Nature, Timing and Extent (NTE) of assertion to a material misstatement,
ST depend upon the auditor's assuming there are no related internal
assessed level of control risk and controls.
the resulting detection risk 2. Control Risk - the risk that a material
misstatement could occur in a FS
a. CR at minimum level = higher assertion and not be prevented or
acceptable detection risk, detected by the client's internal controls
therefore less extensive ST 3. Detection Risk - the risk that the auditor
procedures (ST) will not detect a MM
b. CR at maximum level = lower that exists in a FS assertion
acceptable detection risk,
therefore more extensive ST
Tools to manage or control audit risk
Issuance of Audit Report (Helpful in determining the NTE of audit
procedures)
Opinions
a. Disclaimer of opinion - the auditor Desired Audit Risk (DAR) = Inherent Risk (IR) x
is unable to reach an opinion Control Risk (CR) x Detection Risk (DR)
b. Adverse opinion - the auditor
concludes that material losses have
occurred or that the financial Since Audit Risk is a risk that the auditor gives
statements are materially misstated an inappropriate audit opinion on the F/S
c. Qualified opinion - The auditor Therefore, For Example: We can assess that:
concludes that losses have occurred
Audit Risk = 5%, Assurance level = 95% a. Lower DR level = increase the assurance
Note: As the desired level of audit risk to be provided by the ST
decreases, the auditor should design more 1. Perform more effective ST (nature)
effective substantive procedures. 2. Perform year-end procedures
(timing)
3. Using larger sample size (extent)
1. Unlike the Inherent and Control Risk, 2. Testing the Application controls, may
Detection Risk can be increased or either:
decreased by the auditor. Detection Risk
can be looked at as the component of a. Audit around the computer
ST Focusing solely on the input
documents and the CIS output. It
10% DR = ST should be 90% assurance can only be used if there is visible
of detecting MM input documents and detailed
output that will enable the auditor
2. Only the detection risk can be to trace individual transaction back
controlled by the auditor. The auditor and forth. This is also known as
can only ASSESS the IR & CR. "black box approach"
In order to control, perform
corresponding ST. therefore we can Can be used when: the auditor has
further derive the equation as ff: high reliance on the system
Examples:
2. Test of Details a. Organizational Control
a. Segregation between the CIS
Involves examining the actual details department and user
making up the various account balances department
b. Segregation of duties within
a. Test of details of balances - the CIS dept
examining directly the account
balance. Used when account
balances are affected by large
volume of relatively immaterial
transactions.
b. Systems Development and
Ex. Cash, A/R and Inventory
documentation Controls
c. Access Controls
b. Test of details of transactions -
Every computer system should have
testing the transactions that give
adequate security controls to protect
rise to the balance of an account
equipment, files and programs. Access
Used when account balances are
to the computer should be limited only
smaller volume representing
to operators and other authorized
material amounts
employees. Appropriate controls such
Ex. PPE, Intangibles, Bonds payable, and as the use of passwords must be
SHE accounts adopted
1. General Control
2. Application Controls
input data are processed accurately, and
Those policies and procedures that that the data are not lost, added,
relate to specific use of the system. excluded duplicated or change
These are designed to provide
reasonable assurance that all 3. Controls over output
transactions are authorized, and that to provide reasonable assurance that
they are processed completely, the results of processing are complete,
accurately and on a timely basis. accurate and that this output are
distributed only to authorized personnel
Stages of processing of transaction
Note: It more be efficient to review the
1. Input - capturing of mass of data design of the GENERAL controls first
2. Processing - converting the mass of before reviewing the APPLICATION
raw data into useful information Controls
3. Output stage - preparation of
information in a form useful to
Other Topics for CIS
those who wish to use it
Skills and competence - the auditor should have
sufficient knowledge of CIS to plan, direct,
Example of Application Controls (most used):
supervise and review the worked performed.
1. Control over input The auditor should consider whether specialized
a. Key verification - data are entered CIS skills are needed in the audit, (staff or
twice outside party) this needed to obtain:
b. Field check - restriction in entry, 10-
a. sufficient understanding of the
digit, numeric only, etc
accounting and IC systems affected by
c. Validity Check - input compared to
the CIS Environment
valid information
b. determine the effect of the CIS
d. Self-checking digit - mathematically
environment on the assessment of
calculated digit
overall risk and of risk at the account
e. Limit Check - check not to exceed
balance and class of transactions level,
pre-determined limit
and
f. Control totals - to ensure the
c. design and perform appropriate TOC
completeness of data through total
and substantive Test appropriate to
computation
meet the audit objective
d. if the use of other professional is
Includes:
needed and planned, the auditor should
1. Financial Total - computing the
obtain sufficient evidence that such
amount total
work is adequate of the audit, in
2. Hash Total - computing the Ref.
accordance with "using the work of an
no. total
expert"
3. Record Count - computing the
no. of entries Planning
Duties (SALOSAGCOL)