AUDITING IN CIS ENVIRONMENT Module 1

REVIEW IN AUDITING

LEARNING OBJECTIVES:

After studying this lesson, the learner should be able to:

 Define auditing
 Identify and define the types of audit
 Discuss the auditing standards
 Enumerate and define the FS assertions
 Enumerate and discuss the Audit procedures
 Discuss the Audit Risk

INTRODUCTION

Information Technology throughout the world has revolutionized and dramatically changed the manner in which
the business is conducted today. Computerization has a significant effect on organization control, flow of document
information processing and so on. Auditing in CIS environment even though has not changed the fundamental
nature of auditing, it has definitely caused substantial changes in the method of evidence collection and evaluation.
This also requires auditors to become knowledgeable about computer environment and keep pace with rapidly
changing technology, even to the extent of using sophisticated Audit software.

BODY

OVERVIEW

AUDITING DEFINED

The Philippine Standards on Auditing defines auditing by stating the objective of a financial statement audit, that
is, to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects,
in accordance with an identified financial reporting framework.

American Accounting Association definition:

“An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between these assertions and established
criteria and communicating the results to interested users.”

Types of Audit

1. Financial Statement audit (External) – conducted to determine whether the financial statements of an
entity are fairly presented in accordance with an identified financial reporting framework.
 Independent attestation performed by an expert (i.e. CPA)
 Required by SEC for all publicly-listed companies.
 Key concepts:
 Similar to a trial by a judge.
 Auditors collects evidences and renders opinion
 Basis of public confidence in financial statements

Attest Service vs. Advisory Service

 Requirements of attestation services:
 Written assertions and practitioner’s written report.
 Formal establishment of measurement of criteria
 Limited to examination, review, and application of agreed upon procedures.
 Advisory services are offered to improve client’s operational effectiveness and efficiency.

AudCIS-Mod-1|1
 2. Operational audit (Internal) – a study of a specific unit of an organization for the purpose of measuring
its performance.
 Also known as performance audit or management
 An independent appraisal function to examine and evaluate activities within, and as a service to, an
organization.
 Internal auditors perform a wide variety of activities including financial, operational, compliance
and fraud audits.
 Auditors may work for the organization or task may be outsourced
 Independence is self-imposed, but auditors represent the interests of the organization

External vs. Internal Auditors

 External auditors represent outsiders while internal auditors represent organization’s interests.
 Internal auditor often cooperate with and assist external auditors in some aspects of financial
audits.
o Extent of cooperation depends upon the independence and competence of the internal
audit staff.
 External auditors can rely in part on evidence gathered by internal audit departments that are
organizationally independent and report to the board of directors’ audit committee

3. Compliance audit – involves a review of an organization’s procedures to determine whether the

organization has adhered to specific procedures, rules and regulations.

Fraud Audits
 Recent increase in popularity as a corporate governance tool.
 Objective to investigate anomalies and gather evidence of fraud that may lead to criminal
convictions
 May be initiated by management who suspect employee fraud or the board of directors who
suspect executive fraud.

 Fraud – refers to intentional act by one or more individuals among management, those charged with
governance, employees, or third parties, involving the use deception to obtain an unjust or illegal
advantage. The auditor is primarily concerned with the fraudulent acts that cause a material misstatement
in the financial statements

 Types of Fraud
a. Fraudulent financial reporting (management fraud) – intentional misstatement or omissions of
amounts or disclosures in the financial statements to deceive financial statement users. This may
involve:
 Manipulation, falsification or alteration of records or documents
 Misrepresentation on or intentional omission of the effects of transactions from records or
documents
 Recording of transactions without substance
 Intentional misapplication of accounting policies
b. Misappropriation of assets (employee fraud) – theft of an entity’s assets committed by the
entity’s employees. This may include
 Embezzling receipts
 Stealing entity’s assets such as cash, marketable securities, and inventory
 Lapping of accounts receivable
 Fraud involves motivation to commit it and a perceived opportunity to do so.

SPECIFIC ROLE OF THE AUDIT COMMITTEE

 Serves as the subcommittee of the board of directors

o Usually three members who are outsiders
o At least one member must be a ‘financial expert’
 Serves as independent “check and balance” for the internal audit function.
 External auditors report to the audit committee
o The committee hires and fires auditors and resolves disputes.

AudCIS-Mod-1|2
AUDITING STANDARDS

 Standards are established to measure the quality of performance of individuals and organizations.
 The Board of Accountancy promulgated ten generally accepted auditing standards (GAAS) that establish
required level of quality for performing financial statement audits.
 Philippine Standards on Auditing (PSAs) are issued to clarify the meaning of these ten GAAS
 Conducting an audit is a systematic and logical process that applies to all forms of information systems.

Generally Accepted Auditing Standards (GAAS)

This represent measures of the quality of the auditor’s performance. These standards should be looked at as a
minimum standard of performance that auditors should follow. These ten GAAS are grouped as follows:
GENERALLY ACCEPTED AUDITING STANDARDS (GAAS)

General Standards Standards of Fieldwork Standards of Reporting

TIP PIE GIDO

1) The auditor must have an 4) Audit must be adequately 7) The auditor must state in
adequate technical training planned. the report whether financial
and proficiency. statements were prepared in
accordance with generally
5) The auditor must gain a accepted accounting
2) The auditor must have sufficient understanding of principles.
independence of mental the internal control
attitude. structure.
8) The report must identify
those circumstances in which
3) The auditor must exercise 6) The auditor must exercise GAAP were not applied
due professional care in the due obtain sufficient, (Inconsistency)
performance of the audit and competent evidence.
the preparation of the report
9) The report must identify
any items that do not have
adequate informative
disclosures.

10) The report shall contain

an expression of the auditor’s
opinion on the financial
statements as a whole.

Financial Statements Assertions

Management is responsible for the fair presentation of financial statements that reflect the nature and operations
of the entity. In representing that the FS is in accordance with the applicable financial reporting framework,
management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and
disclosure of the various elements of financial statements and related disclosures.

These assertions may fall in the following categories:

 Assertions about classes of transactions and events for the period under audit:
 Occurrence – transactions and events that have been recorded have occurred and pertained to the
entity.
 Completeness – all transactions and events that should have been recorded have been recorded.
 Accuracy – amounts and other data relating to recorded transactions and events have been
recorded appropriately.
 Cut-off – transactions and events have been recorded in the proper accounts.

AudCIS-Mod-1|3
  Assertions about account balances at the period of time:
 Existence – assets, liabilities, and equity interests exist.
 Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the
obligations of the entity.
 Completeness – all assets, liabilities, and equity interests that should have been recorded have
been recorded.
 Valuation and allocation – assets, liabilities, and equity interests are included in the financial
statements at appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded.

 Assertions about presentation and disclosure:

 Occurrence and rights and obligations – disclosed events, transactions, and other matters have
occurred and pertain to the entity.
 Completeness – all disclosures that should have been included in the financial statements have
been included.
 Classification and understandability – financial and other information is appropriately presented
and described, and disclosures are clearly expressed.
 Accuracy and valuation – financial and other information are disclosed fairly and at appropriate
amounts.

Audit Procedures

The auditor should use assertions to form a basis for the assessment of risks of material misstatements and the
design and performance of further audit procedures.

Selection of the appropriate procedures is affected by a number of factors including the auditor’s assessment of
materiality and risk. The procedures selected should enable the auditor to gather sufficient appropriate evidence
about a particular assertion.

The following are some audit procedures used by auditors:

 Inspection – involves examining of records, documents, or tangible assets.
 Observation – consists of looking at a process or procedure being performed by others.
 Inquiry – consists of seeking information from knowledgeable persons inside and outside the entity.
 Confirmation – consist of the response to an inquiry to corroborate information contained in the
accounting records.
 Computation – consist of checking the arithmetical accuracy of source documents and accounting records
or performing independent calculations.
 Analytical Procedures – consist of the analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationships that are inconsistent with other relevant information or
deviate from predicted amounts.

Evidence
 Auditors seek evidential matter that corroborates assertions.
 Audit Evidence – refers to the information obtained by the auditor in arriving at the conclusions on
which an audit opinion is based.
 Auditors must determine whether internal control weakness and misstatements are material.
 Auditor must communicate the results of their test, including an audit report

MATERIALITY

“Information is material if its omission or misstatements could influence the economic decision of users taken on
the financial statements” – FRSC, “Framework for the Preparation and Presentation of Financial Statement”

The concept of materiality recognizes that some matters are important for the fair presentation of financial
statements while other matters are not important. Materiality may be viewed as:
 The largest amount of misstatement that the auditor could tolerate in the financial statements, or
 The smallest aggregate amount that could misstate the financial statements.

Materiality is a matter of professional judgment and necessarily involves quantitative factors (amount of the items
in relation to the financial statements) and qualitative factors (the nature of misstatement)

AudCIS-Mod-1|4
AUDIT RISK
 Refers to the risk that the auditor gives an inappropriate audit opinion on a financial statement.
 Occurs because the auditor believes that the FS are fairly stated when the fact the FS are materially
misstated.
 If the auditor is willing to accept a 5% audit risk, he must design the audit to have a 95% assurance or
confidence level that his opinion is correct.
 The stronger the internal structure, the lower the control risk and the less substantive testing the auditor
must do.
o Substantive tests are labor intensive and time consuming.
o Management’s best interests are served by a strong internal control structure.

The Audit Risk Model

Audit Risk = Inherent Risk x Control Risk x Detection Risk

 Inherent Risk – the susceptibility of an account balance or class of transactions to a material misstatement
assuming that there were no related internal control.
o it is associated with the unique characteristics of clients’ business or industry (see PSA 315)
 Control Risk – the risk that a material misstatement that could occur in an account balance or class of
transactions will not be prevented or detected and corrected on a timely basis by accounting and internal
control systems.
o It is the likelihood that the control structure is flawed because controls are either absent or
inadequate to prevent or detect errors.
 Detection Risk – the risk that the auditor’s substantive procedures will not detect a material misstatement.
o It is the risk when auditors are willing to take the error not detected or rec=vented by the control
structure will not be detected by the auditor.

LEARNING ACTIVITIES

Modular Activities and Assessments: (Google forms)

References:
 Hall, James A., IT Auditing and Assurance 4e
 Salosagcol, J.G., et. al., Auditing Theory 2018e

AudCIS-Mod-1|5