Lecture-19

Assessing risk of information technology:

When the information are provided to the auditors it can also affect the company’s overall
control risk. Many risk are reducing by manually and that cases risk are eliminated
automatically. If ignored this risk ultimately the company will be the looser. If IT systems fail,
organizations can be paralyzed by the inability to retrieve information or by the use of unreliable
information caused by processing errors. These risks increase the likelihood of material
misstatements in financial statements. So some questions will arise such as- the IT system are
controlled, IT system are effectively controlled or designed, the evidence are retained, the IT
infrastructure equipment and tools are logically and physically secured, excess and
authentication are secured, the firewall exist in the IT systems etc.

Impact of Information Technology on Audit Fees:

Audit Fee: Audit fee is the fees or amount which is charged by the auditor or auditor for
performing the audit of the accounts of the audited economic unit.

When determine the audit fees some points must be considered such as: (i) time required to
complete the works, (ii) number of the staff and the required wages, (iii) the required works and
necessary skills, (iv) direct costs of the audit process, (v) audit farms reputations and experience,
(vi) audit time required at the end of the fiscal year or at another time, (vii) the customer's ability
to pay and the importance of the auditor's report.

Types of test:

Auditors use five types of tests to determine whether financial statements are fairly stated. Five
types are:

a) Tests of controls—audit procedures to test the effectiveness of controls in support of a

reduced assessed control risk.
 b) Substantive Test of Transactions—audit procedures designed to detect material
misstatement or fraud related to transactions or account balances. Substantive test of
transactions are three categories. Such as: substantive tests of transactions, substantive
analytical procedures, and tests of details of balances.
c) Analytical Procedures—involve comparisons of recorded amounts to expectations
developed by the auditor. Analytical Procedures include comparison of financial
information with:(i)prior period information,(ii)budgets,(iii)forecasts,(iv)data from
similar programs or organizational units,(v)related non-financial information. During the
analytical producers three criteria happened: at start to better understand between the
agency and the external auditor, in the middle to obtain the evidence related between the
account balances and classes of transactions, at end overall final review of the financial
information tested.
d) Test of Details of Balance—include tracing figures to supporting documentation to
determine if transactions are valid, properly classified, accurate and complete. Tests also
include recalculating and confirming recorded information.
e) Test of Compliance—evidence with the objective of testing an organization's compliance
with control procedures.

When designing any tests, determine: test criteria to meet audit objective, audit procedures to be
applied and sample selection methodology. Also consider: sample size, items to test and timing.
 Lecture-20
Design of the Audit Program

After the auditor uses risk assessment procedures to determine the appropriate emphasis on each
of the other four types of tests, the specific audit procedures for each type of test must be
designed. These audit procedures are then combined to form the audit program. Most of the
design of audit program is three parts:

(i) Tests of controls and Substantive Test of Transactions—the tests of controls and substantive
tests of transactions audit program normally includes a descriptive section documenting the
understanding of internal control obtained during the performance of risk assessment procedures.
The program is also likely to include a description of the procedures performed to obtain an
under standing of internal control and a description of the assessed level of control risk. The
auditor uses this information to develop the tests of controls and substantive tests of transactions
audit program.

(ii) Analytical Procedures—when designing tests of controls and substantive tests of

transactions, auditors emphasize satisfying the transaction-related audit objectives. Auditors
follow a four-step approach to reduce assessed control risk which are given below:

(a) apply the transaction-related audit objectives to the class of transactions being tested,
such as sales,(b) identify key controls that should reduce control risk for each transaction
related audit objective.(c) develop appropriate tests of controls for all internal controls
that are used to reduce the preliminary assessment of control risk below maximum,(d) for
potential types of misstatements related to each transaction-related audit objective, design
appropriate substantive tests of transactions, considering deficiencies in internal control
and expected results of the tests of controls.

Because substantive analytical procedures are relatively inexpensive, many auditors perform
them on all audits. Analytical procedures performed during substantive testing, such as for the
audit of accounts receivable, are typically more focused and more extensive than those done as
part of planning.
(iii) Test of Details of Balance—to design tests of details of balances audit procedures, auditors
use a methodology oriented to the balance-related audit objectives If the auditor is verifying
accounts receivable, for example, the planned audit procedures must be sufficient to satisfy each
of the balance-related audit objectives.