Siklus Pengeluaran Pembelian Dan Pengeluaran Kas

Welcome to Actg 492:
Auditing
Dr. Raymond Johnson

Actg 492 Course Objectives
At the end of this course you should have a good understanding of:
1. Ethical standards and the 10 generally accepted auditing standards
2. The different types of audit reports used by auditors to communicate
with financial statement users.
3. The audit risk model and how to apply a risk based approach to
auditing.
4. How understanding the business and industry assists the auditor in
developing audit strategies and obtaining audit evidence.
5. Internal controls, the importance of the control environment, and how
information technology is used in implementing a system of internal
control.
6. How to develop audit programs for substantive testing of various
account balances.
7. How to implement audit strategies in the sales and collections cycle
MODERN AUDITING
7th Edition
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Walter G. Kell
University of Michigan
Developed by:
Dr. Raymond N. Johnson, CPA
Gregory K. Lowry, MBA, CPA
John Wiley & Sons, Inc.
http://www.sba.pdx.edu/faculty/rayj/courses.html
Grading
Points
Midterm Exams: Best 2 of 3 @ 100 200 40%
Final Exam 150 30%
Case Assignments: 2 @ 50 100 20%
Class Participation 50 10%
500 100%
Course Organization
• Unit 1: Professional Responsibilities, Audit

Overview & Evidence
• Unit 2: Audit Planning, Audit Strategies
• Unit 3: Internal Controls
• Unit 4: Directly Testing the Financial Statements
– including auditing the revenue cycle
For Tomorrow
• Reading for Chapter 3

– Get Chapter 3 off of my website
CHAPTER 1
AUDITING AND THE
PUBLIC ACCOUNTING PROFESSION
 Introduction to Contemporary Auditing

 The Public Accounting Profession: A
Historical Perspective
 CPA Vision Project
 Services Performed by CPA Firms
 Organizations Associated with the Public
Accounting Profession
 Regulatory Framework for Ensuring
Quality Services
Auditing Defined
Auditing is:
• a systematic process
• of objectively obtaining and evaluating
evidence
• regarding assertions about economic
actions and events
• to ascertain the degree of correspondence
between those assertions and
• established criteria
• and communicating the results
• to interested users.
Comparative Summary of Types of Audits
Figure 1-1
Nature of Established Nature of

Type of Audit Assertions Criteria Auditor’s Report
Financial Financial statement Generally accepted Opinion on fairness of

statement data accounting principles financial statements
Compliance Claims or data laws, Management’s Summary of findings

pertaining to policies, laws, or assurance
adherence to policies, regulations, or other regarding degree of
regulations, etc. third-party compliance
requirements.
Operational Operational or Objectives set, for Efficiency and

performance data example, by effectiveness observed;
management or recommendations for
enabling legislation. improvement
Types of Auditors
1. Independent Auditors
2. Internal Auditors
3. Government Auditors
Critical Questions
• What is the role of the following parties in
providing assurance regarding the integrity of
the financial reporting process?
– The Auditor?
– Management?
– Regulators?
– Users and Analysts?
The Accountant’s Value Chain
Figure 1-3
Transforming Vision
into Reality
Anticipating and Creating Decisions

Opportunities
Transforming Complex Knowledge
Information into
Knowledge
Information
Communicating the
Total Picture
Data
Business Events
The Accountant’s Value Chain
Figure 1-3
Transforming Vision
into Reality
Anticipating and Creating Decisions

Opportunities
Transforming Complex Knowledge
Information into
Knowledge
Information
Communicating the
Total Picture
Data
Importance of Integrity
Business Events of the Financial Reporting System
CPA Vision Project
Figure 1-2
Vision Elements
Core Values Core Competencies Core Services
Continuing Education and Communication Skills Assurance

Lifelong Learning
Strategic and Critical Technology
Competence Thinking Skills
Management Consulting
Integrity Focus on the Client and
Market Financial Planning
Attunement with Broad
Business Issues Interpretation of International
Converging Information
Objectivity
Technologically Adept
Universe of CPA Services
Figure 1-4
Consulting
Compilation
Assurance
International Technology
Audit/Attestation
Financial Planning
Services Performed
by CPA Firms
Assurance Services are independent professional
services that improve the quality of information,
or its context, for decision makers.
1. Audit / Attest services
2. Risk assessment services
3. Performance measurement services
4. SysTrust / WebTrust
5. Accounting and compilation services
Services Performed
by CPA Firms
Attest Services are ones in which the CPA firm
issues a written communication that expresses a
conclusion about the reliability of a written
assertion that is the responsibility of another
party.
1. Audit service
2. Examination
3. Review
4. Agreed-upon procedures
Organizations Associated with the Public
Accounting Profession
Figure 1-5
Private Sector Organizations Public Sector Organizations
American Institute of Certified Public State Boards of Accountancy

Accountants
Securities and Exchange Commission
State Societies of Certified Public
Accountants U.S. General Accounting Office
Practice Units (CPA Firms) Internal Revenue Service
Accounting Standard Setting State and Federal Courts
Bodies: FASB and GASB U.S. Congress

Regulatory Framework for
Ensuring Quality Services
1. Standard Setting — Quality Control
Standards
2. Firm Regulation
3. Self-Regulation
a. Division for CPA Firms
b. Quality Review Division
4. Government Regulation
Purpose of
Quality Control Standards
• To provide reasonable assurance that a firm
conforms with professional standards when
performing attest services.
Quality Control Elements
1. Independence, Integrity, and

Objectivity
2. Personnel Management
3. Acceptance and Continuance of
Clients and Engagements
4. Engagement Performance
5. Monitoring
CHAPTER 1
AUDITING AND
THE PUBLIC ACCOUNTING PROFESSION
Copyright
Copyright 2001 John Wiley & Sons, Inc. All rights
reserved. Reproduction or translation of this work
beyond that permitted in Section 117 of the 1976
United States Copyright Act without the express
written permission of the copyright owner is
unlawful. Request for further information should
be addressed to the Permissions Department, John
Wiley & Sons, Inc. The purchaser may make backup
copies for his/her own use only and not for
distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages,
caused by the use of these programs or from the
use of the information contained herein.
MODERN AUDITING
7th Edition
William C. Boynton
Raymond N. Johnson
Walter G. Kell
Developed by:
CHAPTER 2
FINANCIAL STATEMENT AUDITS AND
AUDITORS’ RESPONSIBILITIES
 Fundamentals Underlying Financial
Statement Audits
 Independent Auditor Relationships
 Auditing Standards
 Assurance Provided by an Audit
 The Auditor’s Report
 Trends Affecting Auditor Responsibilities
Relationship Between
Accounting and Auditing
Figure 2-1
Need for Financial
Statement Audits
1. Conflict of Interest
• Management and Board of Directors
• Shareholders and Creditors
2. Consequence
3. Complexity
4. Remoteness
Economic Benefits of an Audit
1. Access to Capital Markets

2. Lower Cost of Capital
3. Deterrent to Inefficiency and Fraud
4. Control and Operational
Improvements
Limitations of a
Financial Statement Audit
Following are 2 important economic
limits:
1. Reasonable Cost
2. Reasonable Length of Time
Limitations of a
Financial Statement Audit
Following are 2 important limitations
associated with the established
accounting framework:
1. Alternative Accounting Principles
2. Accounting Estimates
Independent Auditor
Relationships
1. Management
– Assumption of management honesty
– Need for professional skepticism
2. Board of Directors and Audit
Committee
3. Internal Auditors
– Not a substitute for independent auditor’s
work
4. Stockholders (and other users)
Generally Accepted Auditing Standards
Figure 2-2
General Standards
1. The audit is to be performed by a person or
persons having adequate technical training and
proficiency as an auditor.
2. In all matters relating to the assignment, an
independence in mental attitude is to be
maintained by the auditor or auditors.
3. Due professional care is to be exercised in the
performance of the audit and the preparation of
the report.
Figure 2-2
Standards of Field Work
1. The work is to be adequately planned, and
assistants, if any, are to be properly supervised.
2. A sufficient understanding of the internal
control structure is to be obtained to plan the
audit and to determine the nature, timing, and
extent of tests to be performed.
3. Sufficient competent evidential matter is to
be obtained through inspection, observation,
inquiries, and confirmations to afford a
reasonable basis for an opinion regarding the
financial statements under audit.
Figure 2-2
Standards of Reporting
1. The report shall state whether the financial
statements are presented in accordance with
generally accepted accounting principles.
2. The report shall identify those circumstances in
which such principles have not been
consistently observed in the current period in
relation to the preceding period.
3. Informative disclosures in the financial
statements are to be regarded as reasonably
adequate unless otherwise stated in the report.
Figure 2-2
Standards of Reporting
4. The report shall either contain an expression of
opinion regarding the financial statements,
taken as a whole, or an assertion to the effect
that an opinion cannot be expressed. When an
overall opinion cannot be expressed, the
reasons therefore should be stated. In all cases
where an auditor’s name is associated with
financial statements, the report should contain
a clear-cut indication of the character of the
auditor’s work, if any, and the degree of
responsibility the auditor is taking.
Assurance Provided
by an Audit
1. Auditor Independence
2. Reasonable Assurance
3. Definition of Fraud
– Fraudulent financial reporting
– Misappropriation of assets
4. Responsibility to Detect Fraud
– Assess risk of fraud
– Design plan to provide reasonable assurance
that fraud does not exist that is material to
the financial statements based on risk
assessment.
– Use due professional care in implementing
audit plan
Assurance Provided
by an Audit
5. Responsibility to Report Fraud
– Employee fraud
– Management fraud
– Confidential client information
6. Illegal Client Acts
– Direct and material
– Indirect
7. Assurance About a Going Concern
Auditor’s Standard Report
Basic Elements of Auditor’s Standard Report
Title
Addressee
Introductory
Paragraph
Scope
Paragraph
Opinion
Paragraph
Firm’s Signature
Date
Introductory Paragraph
We have audited the accompanying consolidated balance sheets of
Intel Corporation as of December 25, 1999 and December 26,
1998, and the related consolidated statements of income,
stockholders’ equity and cash flows for each of the three years in
the period ended December 25, 1999. These financial statements
are the responsibility of management. Our responsibility is to
express an opinion on these financial statements based on our
audits.
Scope Paragraph
We conducted our audits in accordance with auditing standards
generally accepted in the United States. Those standards require
that we plan and perform the audit to obtain reasonable assurance
about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis,
evidence supporting the amounts and disclosure in the financial
statements. An audit also includes assessing the accounting
principles used and significant accounting estimates made by
management, as well as evaluating the overall financial statement
presentation. We believe that our audits provide a reasonable
basis for our opinion.
Opinion Paragraph
In our opinion, the consolidated financial statements referred to
above present fairly, in all material respects, the consolidated
financial position of Intel Corporation at December 25, 1999 and
December 26, 1998, and the consolidated results of operations
and its cash flows for each of the three years in the period ended
December 25, 1999, in conformity with accounting principles
generally accepted in the United States.
Types of Auditors’ Reports
and Circumstances
Figure 2-4
Types of Auditors’ Reports
and Circumstances
Figure 2-4
Standard Report with
Explanatory Language
• Reason for Opinion
– The financial statements present fairly in all material
respects
– Used with
• Changes in accounting principles
• Material uncertainties
• Going concern matters
• Emphasis of a matter
• Form of Opinion
– 4th paragraph to explain issue and refer to note in the
financial statements
Qualified Opinion

– Material departure from GAAP
– Material scope limitation
– Except for the qualification, the financial statements
present fairly.
• Form of Opinion
– 3rd paragraph before the opinion to explain the
exception its impact on the financial statements
– 4th paragraph is opinion paragraph. “In our opinion,
except for ….
Adverse Opinion

– Departures from GAAP are so material and so
pervasive to the financial statement that the auditor
concludes that the financial statement do not present
fairly …
• Form of Opinion
– 3rd paragraph before the opinion to explain the
exception its impact on the financial statements
– 4th paragraph is opinion paragraph. “In our
opinion,… the financial statements referred to above
do not present fairly….
Disclaimer of Opinion

– The auditor is unable to obtain sufficient evidence to form an
opinion on the financial statements
– Common with client imposed scope restrictions
• Form of Opinion
– Omit 2nd scope paragraph
– 3rd paragraph before the opinion to explain the reason for the
disclaimer of opinion
– 4th paragraph is opinion paragraph. “… the scope of our work
was not sufficient to enable us to express, and we do not
express, an opinion on the financial statements.
Management Responsibility Report
Figure 2-5
Re p or t of Man ag e m e n t
The integrity and objectivity of the information presented in this Annual Report are the
responsibility of Delta management. The financial statements contained in this report have
been audited by Arthur Andersen, LLP., independent public accountants whose report appears
on page 58 of this report.
Delta maintains a system of internal financial controls which are independently assessed on an
ongoing basis through a program of internal audits. These controls include the selection and
training of the Company’s managers, organizational arrangements that provide a division of
responsibilities, and communication programs explaining the Company’s policies and
standards. We believe that this system provides reasonable assurance that transactions are
executed in accordance with management’s authorization; that transactions are appropriately
recorded to permit preparation of financial statements that, in all material respects, are
presented in conformity with generally accepted accounting principles; and that assets are
properly accounted for and safeguarded against loss from unauthorized use.
The Board of Directors pursues its responsibilities for these financial statements through its
Audit Committee, which consists solely of directors who are neither officers nor employees of
the Company. The Audit Committee meets periodically with the independent public
accountants, the internal auditors and representatives of management to discuss internal
accounting control, auditing and financial reporting matters.
Edward H. West Leo F. Mullin

Chief Financial Officer President and Chief Executive Officer
Trends Affecting Auditor
Responsibilities
1. Information Technologies
2. Assurance Services
CHAPTER 2
FINANCIAL STATEMENT AUDITS AND
AUDITORS’ RESPONSIBILITIES
Copyright
MODERN AUDITING
7th Edition
William C. Boynton
Raymond N. Johnson
Walter G. Kell
Developed by:
CHAPTER 5
OVERVIEW OF THE AUDIT PROCESS
 Overview of the Audit Process

 Knowledge of the Business and Industry
 Management’s Assertions
 Materiality
 Audit Risk
 Evidence
 Consideration of Value-Added Services
 Communication of Findings
Overview of the Audit Process
Figure 5-1
Figure 5-1
Knowledge of the
Business and Industry
1. Understand the Entity’s Business Risks
2. Developing Expectations of Financial
Statements
3. Industry Impact on Information
Systems
4. Evaluation of Reasonableness of
Accounting Estimates
5. GAAP for Specific Industries
6. Foundation for Other Value-Added
Services
Consider 2 Industries
1. Understand Business • Airline

Risk
2. Developing • Household appliance
Expectations of manufacturer
Financial Statements
3. Industry Impact on
Information Systems
4. Evaluation of
Reasonableness of
Accounting Estimates
5. GAAP for Specific
Industries
6. Foundation for Other
Value-Added Services
Figure 5-1
Proposed SAS
Audit Evidence - Assertions
• Assertions about classes of transactions
• Occurrence
• Completeness
• Accuracy
• Cutoff
• Classification
• Assertions about account balances
• Existence
• Rights and obligations
• Completeness
• Valuation and allocation
• Assertions about presentation and disclosure
• Occurrence and rights and obligations
• Completeness
• Understandability
• Accuracy and Valuation
Why are assertions
important?
Divide and Conquer
1. Assertions (and related audit objectives) guide the auditor in
the collection of evidence.
2. The auditor needs to obtain sufficient, competent evidential
matter for each assertion in the financial statements.
Figure 5-1
Materiality
FASB Concept Statement No. 2
Influence on the judgment of a
reasonable person relying on the
financial statements
Materiality
How does the concept of materiality
influence the audit process?
1. The auditor makes a judgment
about materiality while planning
the engagement in order to make
important decisions about the
scope of the audit.
2. The concept of materiality guides
the auditor when evaluating audit
findings.
Chapter 5
Part I Review
1. Explain how the auditor uses his or her understanding of the
client’s business and industry.
2. Why are financial statement assertions important?
3. Relate the following specific audit objectives to the five
financial statement assertions.
• All inventory that is present in the warehouse is counted on
inventory tags.
• Inventories are properly stated at the lower of cost or market.
• The client has legal title to inventory
• Inventories are properly classified in the financial statements.
• All inventory counted on inventory tags is present in the
warehouse.
Chapter 5
Part I Review
4. Identify two ways in which knowledge of materiality is used in
the financial statement audit.
5. Explain the relationship between materiality and the scope of
audit work.
Figure 5-1
Summary of Audit Risk Components
Figure 5-3
Audit Risk Model
AR = IR x CR x DR
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
.02 .35 .5 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
.02 .35 .5 .11
.02 .80 .5 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
.02 .35 .5 .11
.02 .80 .5 .05

Figure 5-1
Evidence
Sufficiency of Evidential Matter
1. Materiality and Risk
2. Economic Factors
3. Size and Characteristics of the
Population
Competency of Evidential Matter
Figure 5-4
Classification of
Audit Procedures
1. Procedures to Obtain an Understanding
(Of the entity and its environment,
including its system of internal control)
2. Tests of Controls
3. Substantive Tests
Evaluation of
Evidence Obtained
1. The auditor is not expected, or
required, by the third standard of
field work to have an absolute,
certain, or guaranteed basis for an
opinion.
2. The requirement of a reasonable basis
pertains to the overall level of
assurance the auditor needs at the
conclusion of the audit to express an
opinion on the financial statements.
Chapter 5
Part I Review
6. Explain the relationship between control risk and the type of
audit procedures performed.
7. Explain the relationship between detection risk and the scope
of audit work.
8. Provide examples of evidence related to the existence and
occurrence assertion that is more competent vs. evidence that
is less competent.
9. What is the purpose of a test of control?
10. What is the purpose of a substantive test?
Figure 5-1
Professional Requirements
1. Evaluate fair presentation in the

financial statements.
2. Required communications
– Internal controls
– Other required communications
Consideration of
Value-Added Services
1. Benchmarking Company Performance
and Performance Measurement
2. Business Planning
3. Risk Assessment
4. Business Valuation
5. Information System Design and
Reliability
Communication of Findings
1. The Auditor’s Report on Financial
Statements
2. Other Required Communications
3. Communication of Other Findings
CHAPTER 5
OVERVIEW OF THE AUDIT PROCESS
Copyright
MODERN AUDITING 7th Edition
William C. Boynton
Raymond N. Johnson
Walter G. Kell
Developed by:

CHAPTER 6
AUDIT EVIDENCE, AUDIT OBJECTIVES, AUDIT
PROGRAMS, AND WORKING PAPERS
 Top-Down vs. Bottom-Up Audits

 Important Decisions About Audit Evidence
 Audit Assertions
 Audit Evidence, Corroborating Information, and
Audit Procedures
 Electronic Data Processing and Audit Procedures
 Audit Programs
 Working Papers
Top-Down Versus
Bottom-Up Audits
Top-down audit evidence focuses the auditor’s attention on

obtaining an understanding of:
1. the business and industry,
2. management’s goals and objectives,
3. how management uses its resources to attain those goals,
4. the organization’s competitive advantage in the
marketplace,
5. core business processes, and
6. the earnings and cash flow that result.
Theory: Use knowledge of the business, industry and

business risks to develop expectations of financial
statements.
Top-Down Versus
Bottom-Up Audits
Bottom-up audit evidence focuses on directly testing:

1. transactions,
2. account balances, and
3. the systems that record the transactions and resulting
account balances.
Theory: The whole is the sum of the parts.

Top-Down vs. Bottom-Up Audit Procedures
Figure 6-1
Important Decision About Audit Evidence
When planning the audit, the auditor

must make 4 important decisions
about scope and conduct of the audit.
These include:
1. The nature of tests to be performed
2. The timing of tests to be performed
3. The extent of tests to be performed
4. The assignment of staff to perform
audit tests
Proposed SAS
Audit Evidence
Proposed SAS
Audit Evidence
• Audit evidence is all the information used by the
auditor in arriving at the conclusions on which
the audit opinion is based.
– Accounting records (Not Sufficient to Draw a
Conclusion!!)
– Other information
• Minutes of meetings
• Confirmations
• Analysts’ reports
• Comparable data about competitors
• Control manuals
• Information obtained by audit procedures (inquiry,
Proposed SAS
•
Audit Evidence
Assertions - Assertions are the subject about which auditors
collect evidence.
– Assertions about classes of transactions
• Occurrence: Transactions and events that were recorded for the period have
occurred and pertain to the entity.
• Completeness: All transactions and events that should have been recorded
have been recorded.
• Accuracy: Amounts and other data relating to the recorded transactions and
events have been recorded accurately.
• Cutoff: Transactions and events have been recorded in the correct accounting
period.
• Classification: Transactions and events have been recorded in the proper

accounts.
Proposed SAS
Audit Evidence
• Assertions - Assertions are the subject about
which auditors collect evidence.
– Assertions about account balances
• Existence: Recorded assets, liabilities, and equity interest
exist.
• Rights and obligations: The entity holds or controls the

rights to assets, and liabilities are the obligations of the
entity.
• Completeness: All assets, liabilities, and equity interests

that should have been recorded have been recorded.
Proposed SAS
Audit Evidence
• Assertions - Assertions are the subject about
which auditors collect evidence.
– Assertions about presentation and disclosure
• Occurrence and rights and obligations: Disclosed events
and transactions have occurred and pertain to the entity.
• Completeness: All disclosures that should have been

included in the financial statements have been included .
• Understandability: Financial information is appropriately

presented and information in disclosures is understandable
to users.
Proposed SAS
Audit Evidence
• Sufficiency is a measure of quantity of audit
evidence.
– Affected by the risk of material misstatement
– Quality of audit evidence
• Competence is a measure of quality of audit

evidence.
– Relevance – relevant to assertions
– Reliable evidence is influenced by
• Its source
Proposed SAS
Audit Evidence
• Generalizations about reliable evidence
– Audit evidences is more reliable when it is obtained
from independent sources outside the entity.
– Audit evidence that is generated internally is more
reliable when the related controls imposed by the
entity are effective.
– Audit evidence obtained directly by the auditor is
more reliable than evidence obtained indirectly or by
inference.
– Audit evidence is more reliable when it exists in
documentary form, whether paper, electronic, or
other medium.
Effects of Circulation on
Reliability of Documentary Evidence
Figure 6-5
Proposed SAS
Audit Evidence
• Audit procedures for obtaining evidence
– Risk assessment procedures: Obtaining an
understanding of an entity and its environment,
including internal control to assess risks of material
misstatement
– Tests of controls: Testing the operating

effectiveness of internal controls
– Substantive procedures: Supporting assertions or

detecting misstatements at the assertion level.
Includes tests of details of classes of transactions,
Proposed SAS:
Audit Evidence
Audit
• Inspection Procedures
of records and documents
– Vouching
– Tracing
Directional Testing —
Vouching and Tracing
Figure 6-6
Proposed SAS:
Audit Evidence
Audit Procedures
• Inspection of records and documents
– Vouching
– Tracing
• Inspection of tangible assets
• Observation
• Inquiry
• Confirmation
• Recalculation
• Reperformance
• Analytical procedures
• (Note: where the information is in electronic form the auditors
may carry out these procedures thru CAATs.)
Computer-Assisted
Audit Techniques
The auditor can use computer audit software to do the
following:
1. Perform the calculations and comparisons used in
analytical procedures.
2. Select a sample of accounts receivable for confirmation.
3. Scan a file to determine that all documents in a series
have been accounted for.
4. Compare data elements in different files for agreement.
5. Submit test data to the client’s programs to determine
that computer aspects of internal controls are
functioning.
6. Reperform a variety of calculations such as totaling the
accounts receivable subsidiary ledger or inventory file.
Important Decision About Audit Evidence
When planning the audit, the auditor

must make 4 important decisions
about scope and conduct of the audit.
These include:
1. The nature of tests to be performed
2. The timing of tests to be performed
3. The extent of tests to be performed
4. The assignment of staff to perform
audit tests
Audit Risk Model and
Decisions About Audit Evidence
• Inherent Risk: High vs. Low
• Nature: Risk assessment procedures must be performed to understand the nature of the
risk of material misstatement. No default of IR at the maximum without understand
the drivers of risk of material misstatement. However, the lower the assessed level of
inherent risk the more persuasive the evidence needs to be from risk assessment
procedures.
• Timing: Risk assessment procedures will usually be performed at interim and updated
at the end of the year.
• Extent: A lower assessed level of inherent risk will usually be supported by more
reliable evidence rather than more extensive evidence.
• Staffing: Risk assessment procedures are usually performed by more experienced

staff.
• Control Risk: High vs. Low
• Nature: When control risk is assessed as low the auditor will perform tests of controls.
A low control risk assessment for programmed controls often requires testing several
types of controls (e.g., computer general controls, application controls, and manual
follow-up).
• Timing: Tests of controls will usually be performed at interim and updated at the end
of the year.
• Extent: A lower assessed level of control risk will usually be supported by more
extensive tests of controls rather than less extensive tests of controls.
• Staffing: Some tests of controls may be performed by audit staff with relatively little
experience while other tests of controls require significant experience. Depending on
the nature of the test of controls, a computer audit specialist may be needed. Audit
staff with more experience would normally evaluate the control environment.
• Detection Risk: High vs. Low
• Nature: The auditor may choose among analytical procedures, tests of transactions and
tests of balances. The auditor would normally use more reliable evidence when when
detection risk is lower.
• Timing: If detection risk is low substantive tests are normally performed on year-end
balances. If detection risk is moderate or high, substantive tests may be performed on
balances at an interim date.
• Extent: A lower assessed level of detection risk will usually be supported by more
extensive substantive tests rather than less extensive substantive tests.
• Staffing: Assertions with a higher degree of professional judgment usually require

more experienced staff.
Audit Challenges in the
Information Technology Environment
• Accounting data and corroborating evidential

matter are available only in electronic from.
• EDI
• Image processing systems vs. documents
Electronic Data Processing
and Audit Procedures
1. Effect on Material Account Balance and Transaction

Classes: Need to identify transaction classes with
significant use of IT
2. Effect on Nature of Audit Tests: The auditor may need
to obtain evidence to support a low control risk
assessment
3. Effect on Timing of Audit Tests: The auditor may want
to inspect documents before they are destroyed.
4. Effect on Extent of Audit Tests: The auditor can use
computer technology to screen every transaction.
5. Effect on Audit Staffing: The need for computer audit
specialist as a member of the audit team.
Working Papers
SAS 41 describes working papers as the

records kept by the auditor of:
1. the procedures applied,
2. the tests performed,
3. the information obtained, and
4. the pertinent conclusions reached in
the audit.
Working Papers
Working papers provide:

1. The principal support for the auditor’s
report.
2. A means for coordinating and
supervising the audit.
3. Evidence that the audit was made in
accordance with GAAS.
Integrated Working Papers for Cash
Figure 6-11
Preparing Working Papers
The following essential techniques of good working paper

preparation should always be observed:
1. Heading Each working paper should contain the name
of the client, a descriptive title identifying the content
of the working paper, and the balance sheet date or the
period covered by the audit.
2. Index number Each working paper is give an index or
reference number, for identification and filing
purposes.
3. Cross-referencing Data on a working paper that is
taken from another working paper or that is carried
forward to another working paper should be cross-
referenced with the index numbers of those working
papers.
Preparing Working Papers
4. Tick marks Tick marks are symbols (or numbers) that

are used on working papers to indicate that the
auditor has performed some procedure on the item to
which the tick mark is affixed, or that additional
information about the item is available elsewhere on
the working paper.
5. Signatures and dates Upon completing their
respective tasks, both the preparer and reviewer of a
working paper should initial and date it.
Copyright

CHAPTER 9
UNDERSTANDING INTERNAL
CONTROLS
Winter 2004
Introduction to Internal Control

What is it
What are the auditors’ responsibilities
Components of Internal Control
(COSO)
Obtaining an Understanding of
Internal Control
Documenting the Understanding
What is Internal Control?
COSO Definition: The processes

implemented by the BOD and management
to help ensure:
1. Effectiveness and efficiency of operations.*
2. Reliability of financial reporting.
3. Compliance with applicable laws and
regulations.
* This is not included in the SOX definition of IC

Why is internal
control SO
important?
KPMG Fraud Survey: Large and
Midsize Companies 2003 report
– Interviewed executives from 459 public
companies with revenues > $250 million
– Types of fraud
– How fraud was caught
Why is internal control SO
important?
1. The businesses we audit rely on
numerous reports and analyses to control
operations. These controls are often IT
related.
2. Good system reduces the possibility that
errors or irregularities will occur.
3. Audit more efficiently and effectively if
rely on the client’s system of internal
control.
4. Professional standards and laws require
that the auditors’ consider it.
GAAS on Internal Control
• Identify types of potential misstatements

• Consider factors that affect the risk of material
misstatement
• Design substantive tests to provide reasonable
assurance of detecting misstatements related to
specific assertions
• Could decide to not rely on controls and assess CR at
maximum, but you must understand why control risk
is assessed at the maximum
• There may be times when substantive tests alone do
not reduce control risk to a sufficiently low level.
Internal Control & SOX for Public
Companies
• Requires auditors to attest to
Certification of Disclosure and
Managements’ Internal Controls and
Procedures (Rule 404)
• Internal control framework to follow is
COSO
• Provides assistance on:
– Internal control over financial reporting.
– One material weakness = adverse report on
internal controls
Roles and Responsibilities (COSO)
1. Management: establish effective IC
2. BOD and audit committee: governance and oversight
responsibilities of mgmt
3. Internal auditors: periodically examine and evaluate the
adequacy of an entity’s IC and make recommendations
4. Other entity personnel: “blow whistle”
5. Independent auditors. Any significant IC deficiencies discovered,
communicate to mgt and BOD with recommendations for
improvement. For public companies, must attest to management’s
assertion about IC
6. Legislators and regulators: establish minimum statutory and
regulatory requirements
Limitations of Internal Control
No matter how well designed and operated,

an I/C can provide only reasonable
assurance regarding achievement of an
entity’s control objectives because:
1. Mistakes in judgment.
2. Breakdowns.
3. Collusion.
4. Management override.
5. Cost versus benefits.
Components of Internal Control
The COSO report identifies 5 interrelated

components of internal control which are:
1. Control environment
2. Risk assessment
3. Information and communication
4. Control activities
5. Monitoring
Control
Environment
Sets the tone of an organization, influencing
the control consciousness of its people.
1. Management philosophy & operating style

2. Organizational structure
3. Integrity and ethical values
4. Board of directors and audit committee
5. Assignment of authority & responsibility
6. Human resource policies and practices
7. Commitment to competence
8. External Influences
9. Information Technology
Risk Assessment
An entity’s identification and analysis
of risks that could affect whether the
financial statements that are fairly
presented in conformity with GAAP.
Business Risk Internal

Inherent Risk Controls
Fraud Risk
Information and Communication
Ensures pertinent information is identified, captured
and communicated throughout the organization in
a timely manner. Requires the system:
1. Identify and record only valid transactions occurring in the
current period (existence or occurrence).
2. Identify and record all valid transactions occurring in the
current period (completeness).
3. Ensure recorded assets and liabilities are result of
transactions that produced entity rights to, or obligations for,
those items (rights & obligations).
4. Appropriately measure the value for recording their proper
monetary value in the f/s (valuation or allocation assertion).
5. Capture sufficient detail of all transactions to permit their
proper presentation in the f/s incl. proper classification and
required disclosure (presentation and disclosure assertion).
Authorize
Execute
Risk of Misstatement
Record
Consideration
Control Activities
1.Authorization
2.Segregation of Duties
3.Information Processing
Controls
• General Controls
• Application Controls
• Controls over the Financial
Control Activity - Authorization
• Every transaction needs appropriate

general or specific authorization of
commitment of resources as
transactions are initiated.
Control Activity –
Segregation of Duties (Figure 9-1)
IT Functions Requiring Segregation
Figure 9-2
Information Processing Controls
Computer General Controls

• Organization & operation controls (prior slide)
• Systems development & documentation controls
• Users, accounting & IA should be involved in design
• Testing joint effort between users & IT
• Proper approval before placing into use
• Changes properly approved and tested
• Hardware and system software controls
• Access controls: Prevent unauthorized use of:
• IT equipment,
• Data files
• Programs
Computer General Controls continued

• Data and procedural controls
• Receiving and screening all data to be processed
• Accounting for all input data
• Following-up on processing errors
• Verifying the proper distribution of output
• Adequate back-up and safeguarding procedures
Application Controls
• Input (computer editing) controls
– Missing data check - Check digit
– Valid character check - Valid sign check
– Limit or reasonableness test - Valid code check
• Processing controls
– Control totals - Before & after report
– File identification labels - Sequence tests
– Limit & reasonableness tests - Processing tracing data
• Output controls
– Reconciliation of totals
– Comparison to source documents
– Visual scanning
Spreadsheets
Accounting SQL Financial

Database Statements
Strong Weak or No Weak or No

Controls Controls Controls
Physical Controls
• Important issue of physical security

– Limit direct physical access to assets
• Lock boxes, fireproof safes, locked storerooms
– Limit indirect physical access through the
preparation or processing of documents
that allow access to assets
Performance Reviews
• Management review and analysis of –

– Reports that summarize the detail of account
balances
• aged trial balance
• report of cash disbursements by department
• reports of sales and gross margins by customer or region
– Actual performance vs. budget or forecast
– Balanced scorecard type measures with ability to
drill down to department level
• Financial, customer, business process, innovation
Ensures pertinent information is identified, captured
and communicated throughout the organization in
a timely manner. Requires the system:
1. Identify and record only valid transactions occurring in
the current period (existence or occurrence).
2. Identify and record all valid transactions occurring in
the current period (completeness).
3. Ensure recorded assets and liabilities are result of
transactions that produced entity rights to, or
obligations for, those items (rights & obligations).
4. Appropriately measure the value for recording their
proper monetary value in the f/s (valuation or
allocation assertion).
5. Capture sufficient detail of all transactions to permit
their proper presentation in the f/s incl. proper
classification and required disclosure (presentation and
disclosure assertion).
Monitoring
Assesses the quality of internal control performance
over time. It involves assessing the design and
operation of controls on a timely basis and taking
necessary corrective actions including reporting all
deficiencies to higher authorities within the
organization.
This should occur through:

– Ongoing activities and
– Separate periodic evaluations.
Responsibilities:
– Management & Acct Officers
– Board of Directors
Purpose of Understanding
Internal Control
• The understanding of internal control should
be used to:
– Identify types of potential misstatements
– Consider factors that affect the risk of material
misstatement
– Determine where controls should be tested. For
public companies, necessary to attest to
management’s assertions about the effectiveness
of their internal controls.
– Design substantive tests to provide reasonable
assurance of detecting misstatements related to
specific assertions, taking into account what
relevant tests of controls are being performed if
any.
Understanding and Testing
Internal Control
1. Understand the design of policies and
procedures related to each component of
internal control.
2. Determine whether the policies and
procedures are operating as you expected,
where are attesting or relying on controls.
• Reviewing previous experience with the client
• Inquiring of appropriate management,
supervisory, and staff personnel
• Inspecting documents and records
• Observing entity activities and operations
This often will take the form of a “walk through” of
the system
How Much Depth of Understanding
Do You Need???
• Minimum Understanding
– Control environment
– Risk assessment
– Information and communication
– Control activities (may need very little
knowledge when a primarily substantive
approach is followed).
– Monitoring
Depth: Control Environment
• Obtain sufficient knowledge to

understand the attitude and actions of
management and the BOD concerning
the control environment.
• Consider both the substance of control
environment and the collective effect on
other aspects of internal control.
Depth: Risk Assessment
• Determine how management:

– identifies risks relevant to fair presentation in the financial
statements
– the care with which it assesses the significance of those
risks, and
– how it decides on control activities to address those risks.
Business Risk Internal

Inherent Risk Controls
Fraud Risk
Depth: Control Activities
Level of understanding is directly

related to preliminary audit strategy.
– If the auditor is planning a primarily
substantive approach the auditor may not
additional knowledge of need to control
activities in order to assess control risk.
– If the auditor plans to use a lower assessed
level of control risk approach or is attesting
to management’s IC, will need to obtain a
significant understanding of control
activities.
Depth: Information and
Communication Systems
Need to understand the transaction trail. This
includes understanding:
– Transaction classes significant to the f/s.
– How transactions are initiated
– The accounting records, supporting documents, and specific
accounts in the f/s involved in the processing and reporting of
transactions.
– The accounting processing involved from initiating a
transaction to its inclusion in the f/s, including electronic
means used to transmit, process maintain, and access
information.
– Cash receipt or disbursements
– The financial reporting process used to prepares financial
statements, estimates and disclosures
Depth: Monitoring
• It is important to understand the types

of activities used by the entity, top
management, accounting management,
and internal auditors to monitor the
effectiveness of internal control.
• Knowledge should also be obtained
about how corrective actions are
initiated.
Documenting the Understanding
Documenting the understanding of internal

control is required in all audits.
- The form and extent of documentation is
influenced by the size and complexity of the
entity, and the nature of the entity’s IC.
- There are 4 forms of documentation
commonly used by auditors.
- Questionnaires
- Decision Tables
- Flowcharts
- Narrative Memos
- Will also need to document the results of
any testing of the system.

Siklus Pengeluaran Pembelian Dan Pengeluaran Kas

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Siklus Pengeluaran Pembelian Dan Pengeluaran Kas

Enviado por

Direitos autorais:

Formatos disponíveis

Welcome to Actg 492:

Dr. Raymond Johnson

• Unit 1: Professional Responsibilities, Audit

• Reading for Chapter 3

 Introduction to Contemporary Auditing

Nature of Established Nature of

Financial Financial statement Generally accepted Opinion on fairness of

Compliance Claims or data laws, Management’s Summary of findings

Operational Operational or Objectives set, for Efficiency and

Anticipating and Creating Decisions

Anticipating and Creating Decisions

Core Values Core Competencies Core Services

Continuing Education and Communication Skills Assurance

Private Sector Organizations Public Sector Organizations

American Institute of Certified Public State Boards of Accountancy

Practice Units (CPA Firms) Internal Revenue Service

Accounting Standard Setting State and Federal Courts

Bodies: FASB and GASB U.S. Congress

1. Independence, Integrity, and

1. Access to Capital Markets

• Reason for Opinion

• Reason for Opinion

• Reason for Opinion

Edward H. West Leo F. Mullin

 Overview of the Audit Process

1. Understand Business • Airline

.02 .35 .5 .11

.02 .35 .5 .11

.02 .80 .5 .05

1. Evaluate fair presentation in the

John Wiley & Sons, Inc.

 Top-Down vs. Bottom-Up Audits

Top-down audit evidence focuses the auditor’s attention on

Theory: Use knowledge of the business, industry and

Bottom-up audit evidence focuses on directly testing:

Theory: The whole is the sum of the parts.

When planning the audit, the auditor

• Classification: Transactions and events have been recorded in the proper

• Rights and obligations: The entity holds or controls the

• Completeness: All assets, liabilities, and equity interests

• Completeness: All disclosures that should have been

• Understandability: Financial information is appropriately

• Competence is a measure of quality of audit

– Tests of controls: Testing the operating

– Substantive procedures: Supporting assertions or

When planning the audit, the auditor

• Inherent Risk: High vs. Low

• Staffing: Risk assessment procedures are usually performed by more experienced

• Control Risk: High vs. Low

• Detection Risk: High vs. Low

• Staffing: Assertions with a higher degree of professional judgment usually require

• Accounting data and corroborating evidential

1. Effect on Material Account Balance and Transaction

SAS 41 describes working papers as the

Working papers provide:

The following essential techniques of good working paper

4. Tick marks Tick marks are symbols (or numbers) that

Copyright 2001 John Wiley & Sons, Inc. All rights

Introduction to Internal Control

COSO Definition: The processes

* This is not included in the SOX definition of IC

• Identify types of potential misstatements

No matter how well designed and operated,

The COSO report identifies 5 interrelated