You are on page 1of 26

BA 120.

2: Auditing Theory and Practice II


Eirene Tinitigan
August 15, 2015
Learning
Objectives

Audit and the


Audit Process

Internal Control
and COSO
Framework

Audit and Internal Control


BA 120.2: Auditing Theory and Practice II
August 15, 2015
Learning objectives

Gain further understanding of the ff:


Audit and the audit process
Attest and advisory services
Internal control and the COSO Framework
Sarbanes-Oxley Act (SOX)
General Controls, Application Controls and
Financial Data Integrity
Learning
Objectives

Audit and the


Audit Process

Internal Control
and COSO
Framework

Audit and Internal Control


BA 120.2: Auditing Theory and Practice II
August 15, 2015
Governing bodies
International Local
International Accounting Standards Financial Reporting Standards
Board (IASB) issues IFRS Council (FRSC ) adopts IFRS into
PFRS
International Auditing and Assurance Auditing and Assurance Standards
Standards Board (IAASB) issues Council (AASC) issues PSA
ISA
American Institute of Certified Public Philippine Institute of Certified Public
Accountants (AICPA) Accountants (PICPA)
Public Company Accounting Oversight
Board
nonprofit org that oversees..
Governing bodies
International Local
Securities and Exchange Commission Securities and Exchange Commission
(SEC) (SEC)
Institute of Internal Auditors (IIA) Institute of Internal Auditors (IIA)
Board of Accountancy (BOA)
professional regulatory board of
accountants under Professional
Regulation Commission (PRC)
examiners,new set per year
What is audit?

A systematic process of objectively


obtaining and evaluating evidence
regarding assertions about economic
actions and events to ascertain the degree
of correspondence between these
assertions and established criteria and
communicating the results to interested
users. basically assertions are tested to check if they correspond to established criteria tapos
communicate mo
Types of audit

External audit Financial audit


Internal audit
Fraud audit
Why are audits performed?

Management stewardship
Credibility
Independent examination

Enron case
Business Model : trading of derivatives/ energy derivatives
sobrang laki so nagka PRC but purpose was defeated because nagpapataasan ng kita
pressure on higher income because bullish din market nun
tacics used: exploited mark to market (high paper profits)
sila nagpepredict ng values, nagtetrade sila ng long term contracts without a ready market
may related party SPEs din
(2001) business risl out of control, energy prices at a low
why need audit?
arthur andersen 2nd largest client Enron
so di na sila nagtetest ng assumption
criminal liab: bad faith na kasi working papers destroyed before
turning point of profession
Objective of audit
To enable the auditor to express an opinion about
whether the financial statements are prepared, in all
material respects, in accordance with an
applicable financial reporting framework and that
the financial statements are presented fairly in all
material respects.

primary output: audit report


bakit usually unqualified? kasi pag may mali, sinasabi mo na agad kay client so if wala lang compromise, dun ka
lang magissue ng modified opinion

maam's example: sometimes kulang accounting expertise ni client company so ikaw talaga magpopropose what
to do
Attest vs Advisory

none limited reasonable absolute

0 L R A
never
Level of Assurance mangyayari
*cost benefit
analysis

Advisory services
Compilation
Review
engagements Audit
engagements
Agreed-upon
procedures

in agreed upon, si client na


bahala magconclude based
on the report
Financial statement assertions

Classes of transactions (P&L)

Completeness lahat ng dapat marecord


narecord

Occurrence lahat ng narecord


nangyari

Classification sa tamang account

tama amount
Accuracy
tamang period
Cutoff

COCAC
Financial statement assertions

Balances at period end

Completeness
Valuation
Presentation & disclosure especially sa current
noncurrent

Rights & obligations


Existence

CVPRE
Financial statement assertions fs level as a whole

Presentation and disclosure


Completeness
Occurrence and rights and
obligations
Classification and
understandability
Accuracy and
valuation
Audit risk model

AR = IR x CR x DR
audit risk - mali pala
pero auditor deemed
inherent risk
- susceptibility to
control risk
- risk that a misstatement
detection risk
- risk na di madetect
as tama (what we a misstatement could occur even ni auditor
want to avoid) with existing IC - only one we have control
- risk na di madetect/control of
ng ic
Stages of an audit wala dito yung ACCEPTANCE

I. Planning and Risk Identification


II. Obtaining Evidence audit proper
key ganaps: TOC -> to rely or not?
SP (ap & tod)
1. Strategy and Risk Assessment minsan ap lang ok na
tod example: sales, aside from red
Test of Controls flags, you have to check for
existence
2. Execution
Substantive Procedures
a. Analytical Procedures
b. Test of Details
III.Conclusion and Reporting
PLANNING
> FS level
key ganaps: checking of disclosures,
now auditors arent really dapat
impt to address risk & affects effectiveness & efficiency
supposed to make FS
key ganaps: understamding
amount of planning factors: size or complexity, initial or continuing audit
Learning
Objectives

Audit and the


Audit Process

Internal Control
and COSO
Framework

Audit and Internal Control


BA 120.2: Auditing Theory and Practice II
August 15, 2015
Internal control
Internal control is a process effected by
an entitys board of directors,
management and other personnel,
designed to provide reasonable
assurance regarding the achievement of
objectives relating to operations, reporting
and compliance.
Internal control
Objectives:

Effectiveness Reliability, Adherence to


Operations

Reporting

Compliance
and timeliness, laws and
efficiency of transparency regulations
entitys in internal or
operations external
Operational financial and
and financial non-financial
performance reporting
goals
Safeguarding
assets
against loss
SOX of 2002
Summary of Section 302
Periodic statutory financial reports are to include
certifications that:
The signing officers have reviewed the report
The report does not contain any material
untrue statements or material omission or be
considered misleading
The financial statements and related information
fairly present the financial condition and the
results in all material respects
SOX of 2002
Summary of Section 302
Periodic statutory financial reports are to include
certifications that:
The signing officers are responsible for internal
controls and have evaluated these internal
controls within the previous ninety days and have
reported on their findings
A list of all deficiencies in the internal controls
and information on any fraud that involves
employees who are involved with internal activities
Any significant changes in internal controls or
related factors that could have a negative impact
on the internal controls
SOX of 2002
Summary of Section 404
Issuers are required to publish information in
their annual reports concerning the scope and
adequacy of the internal control structure and
procedures for financial reporting. This statement
shall also assess the effectiveness of such
internal controls and procedures.

The registered accounting firm shall, in the same


report, attest to and report on the assessment
on the effectiveness of the internal control
structure and procedures for financial reporting.
Modifying principles
Management responsibility
Methods of data processing
Limitations
Reasonable assurance
Types of controls

Source: Ernst & Young Global Audit Methodology


COSO framework
Components and Principles

1. Demonstrates commitment to integrity and ethical values


2. Board of Directors demonstrates independence from
management and exercises oversight responsibility
1. Control
Environment 3. Management, with Board oversight, establishes structure,
authority and responsibility
4. The organization demonstrates commitment to competence
5. The organization establishes and enforces accountability
6. Specifies relevant objectives with sufficient clarity to enable
identification of risks
7. Identifies and assesses risk
Principles
2. Risk Assessment 8. Considers the potential for fraud in assessing risk in the
9. Identifies and assesses significant change that could impact
system of internal control
framework
10. Selects and develops control activities
3. Control Activities 11. Selects and develops general controls over technology
12. Deploys through policies and procedures
13. Obtains or generates relevant, quality information
4. Information & 14. Communicates internally
Communication
15. Communicates externally
16. Selects, develops and performs ongoing and separate
5. Monitoring evaluations
17. Evaluates and communicates deficiencies