Chapter I – INTERNAL

AUDITING
By: Dennis F. Gabriel
 Different types of Audits:
1.1 Overview of 1. External (Financial) Audits
Auditing 2. Internal Audits
3. Fraud Audits
  Independent attestation performed by an expert (ex. CPA) who
expresses an opinion regarding the fair presentation of financial
statements.
 Required by Securities and Exchange Commission for all publicly
traded companies annually.
External  Key concept is INDEPENDENCE
(Financial) Audits  Similar to a judge in a trial
 Auditor collects and evaluates evidence and renders an
opinion
 Reason of public confidence in financial statements
  Strict rules must be followed that have been defined by:
1. Securities and Exchange Commission (SEC)
2. Financial Accounting Standards Board (FASB)
External
3. American Institute of Certified Public Accountants
(Financial) Audits (AICPA)
4. Sarbanes-Oxley Act of 2002 (SOX)
  Attest Service – engagement in which a practitioner is engaged
to issue, or does not issue, a written communication that
expresses a conclusion about the reliability of a written
assertion that is the responsibility of another party.
 Requirements to attestation services:
Attest Service vs
 Written assertions and practitioner written report
Advisory Service
 Formal establishment of measurement criteria or
description in the presentation
 Levels of service in attestation engagements are limited to
examination, review and application of agreed upon
procedures.
  Advisory Services – offered by public accounting firms to
improve their client organizations’ operational efficiency
and effectiveness. It includes:
 Actuarial advice
Advisory Services  business advice
 fraud investigation services
 information system design and implementation
 internal control assessments with SOX compliance.
  SOX greatly restricts types of non-audit services that auditors may
render audit clients:
 Bookkeeping/accounting record services
 Financial information systems design and implementation
 Appraisal or valuation services, fairness opinions or
contribution-in-kind reports
 Actuarial services
Advisory Services  Internal audit outsourcing services
 Management functions or human resources
 Broker or dealer, investment adviser, or investment banking
services
 Legal services and expert services unrelated to the audit
 Any other services that the board determines, by regulation, is
impermissible
  Internal auditing – independent appraisal function established
within organization to examine and evaluate its activities.
 Internal auditor perform financial audits, examining
operation’s compliance with policies, reviewing
Internal Audits compliance with legal obligations, evaluating operational
efficiency, and detecting and pursuing fraud within the
firm.
 Internal auditors self-impose independence to perform their
duties effectively, representing the interest of organization.
  External Auditor:
 Represents outsiders
 Performing aspects of financial audits

External vs  Internal Auditor:

Internal Auditors  Represents interest of organization
 Cooperates and assist external auditor in financial
audits
 Adds value to the audit process
  Fraud Audit – intentional act of management or
employee resulting to anomalies in the organization
 Objective of fraud Audit:
Fraud Audits  Investigate anomalies
 Gather evidences
  Audit Committee
 Formed by Board of directors under publicly traded
companies
 Subcommittee that has special responsibilities
 Usually consist of 3 people
1.2 Role of Audit  Per SOX, at least 1 member should be financial
Committee expert
 Serves as independent “check and balance” for
internal audit function and liaison with external
auditors
 Must willing to challenge internal auditors and
management to look for ways to identify risk
  Auditor’s report expresses an opinion as to whether the
1.3 Financial financial statements are in conformity with GAAP.
Audit  Auditors are guided in their professional responsibility
Components by GAAS.
Table 1.1. Generally Accepted Auditing Standards
General Standards
The auditor must have adequate
technical training and proficiency.
The auditor must have independence
of mental attitude.
The auditor must exercise due
professional care in the performance
of the audit and the preparation of
the report.
Standards of Field work Reporting Standards
The auditor must state in the report
whether financial statements were
Audit work must be adequately
prepared in accordance with
planned.
generally accepted accounting
principles.
The report must identify those
The auditor must gain a sufficient
circumstances in which generally
understanding of the internal control
accepted accounting principles were
structure.
not applied.
The report must identify any items
The auditor must obtain sufficient,
that do not have adequate
competent evidence.
informative disclosures.
The report shall contain an
expression of the auditor’s opinion
on the financial statements as a
whole.
  SAS (Statements on Auditing Standards) – Authoritative
interpretations of GAAS.
 SAS 1 – issued by AICPA in 1972
 SAS provides auditors:
 Guidance on a spectrum of topics
Auditing  includes method of investigating new clients
Standards  Procedures for collecting information from attorneys
regarding contingent liability claims against client.
 Techniques for obtaining background information on
the client’s industry
  Important in audit settings.
A Systematic  Systematic approach is particularly important in IT
Process environment.
  Management Assertions – organization‘s financial
Management statements
Assertions and  Audit Objectives – Auditor expresses whether the
Audit Objectives financial statements are fairly presented
 1. Existence or occurrence – all assets and equities in balance
sheet and all transactions in income statements actually
occurred.
2. Completeness – declares no material assets, equities, or
transactions have been omitted from financial statements
3. Rights and Obligations – maintains that assets appearing on
5 General the balance sheet are owned by the entity and liabilities are
Categories of reported as obligations

Assertion 4. Valuation or allocation – states that assets and equities are

valued in accordance with GAAP and that allocated amounts
such as depreciation expense are calculated on a systematic
and rational basis
5. Presentation and disclosure– maintains that assets
appearing on the balance sheet are owned by the entity and
liabilities are reported as obligations
 2 General 1. Transactions and accounts balances that directly impact
Categories of financial reporting.
Audit Objectives 2. Pertains to the information itself
1.2. Audit Objectives and Audit Procedures Based on Management Assertions

Management Assertions Audit Objectives Audit Procedure

Existence or occurrence Inventories listed on the balance sheet exist Observe the counting of physical inventory

Compare receiving reports, supplier

Accounts payable include all obligations to invoices, purchase orders, and journal
Completeness
vendors for the period. entries for the period and the beginning of
the next period.

Plant and equipment listed in the balance Review purchase agreements, insurance
Rights and obligations
sheet are owned by the entity. policies, and related documents.

Review entity’s aging of accounts and

Accounts receivable are stated at net
Valuation or allocation evaluate the adequacy of the allowance for
realizable value.
uncorrectable accounts.

Obtain information from entity lawyers

Contingencies not reported in financial
Presentation and disclosure about the status of litigation and estimates of
accounts are properly disclosed in footnotes.
potential loss.
 Obtaining Evidence
 Auditor seeks evidential matter that corroborates
management assertions.
 Collected by performing test of controls and substantive
Obtaining Evidence test
and Ascertaining Ascertaining Materiality
Materiality  Auditor must determine whether weaknesses in internal
control and misstatements found in transaction and
balances are material.
 Auditor judgement.
 Communicating Results
 Must communicate results to interested users
 Independent auditor reports to audit committee of the
Communicating Results board of directors or stockholders.
 Audit opinion contains reports, among other thing and
distributed along with the financial report to the
interested parties.
  Audit Risk – Auditor expresses an inappropriate audit
opinion then the financial statements are materially
misstated.
 Material misstatements may be cause by error or
1.4 irregularities or both.
Audit Risk
 Errors – unintentional mistakes
 Irregularities – intentional misrepresentations associated
with fraud
  Auditor’s objective is to achieve a level of Audit risk that is
acceptable to Auditor.
 Acceptable audit risk (AR) is estimated based on ex ante
value of the components of the audit risk.
Audit Risk  Ex ante means forecast
Components  Audit risk model are:
1. Inherent risk
2. Control risk
3. Detection risk
 Inherent Risk
 Risk associated with the unique characteristics of
business or industry of the client.
Control Risk
 Likelihood that the control structure is flawed because
Audit Risk controls are either absent or inadequate to prevent or
Components detect error in the accounts.
Detection Risk
 Risk that auditors willing to take that errors not detected
or prevented by the control structure will also not be
detected by the auditors.
  Financial auditors use audit risk components to
determine the scope, nature and timing of substantive
test.
Audit Risk Model
 AR = IR x CR x DR
  Test of control and substantive test are auditing
techniques to reduce audit risk to an acceptable level.
Relationship between  Stronger internal control thru test of controls, the lower
Test of Controls And the control risk and less substantive testing
Substantive Test  Weaker internal control structure, greater control risk and
more substantive testing.
END THANK YOU!