Week 10 & 11

Class sessions
(April 2022)

The session will be interactive in

nature and questions are
encouraged.
The road we’ve travelled thus far…
The road we’ve travelled thus far - Recap

Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5

(including (with Chpt 1 /
“The Auditing “The Auditing
Profession” • When? • What? Profession” • What?
handout)
handout / • Who? • Who? • Why?
Chapter 4) • What? • Where? • Who?
• What?
• Why? • Who? • Where?
• What?
• Where?
• Who?
• Where?
 Chapter 5 & Bb Handouts “Quick Brief”

RISK (Handout on Bb)

The possibility of an event occurring that will have an impact on the

achievement of objectives. Risk is measured in terms of impact and
likelihood.

FRAUD (Handout on Bb ‘Irregularities)

Any illegal act characterised by deceit, concealment or violation of trust.

CONTROL (Chapter 5 ‘Greenbook’)

Any action taken by management, the board and other parties to

manage risk and increase the likelihood that established objectives and
goals will be achieved. Management plans, organizes, and directs the
performance of sufficient actions to provide reasonable assurance that
objectives and goals will be achieved.

COSO framework and its elements/components

(acronym ‘C R I M E’)
 Test your knowledge!
Q1. Who is responsible for internal controls under corporate governance
rules and COSO’s best practice:

A. The Auditor.
B.The Directors of the company.
C.The Audit Committee.
D.Internal Audit.

Q2. Residual risk is the risk that auditor not detecting a misstatement
during the audit engagement. Is this statement TRUE or False?

A. True
B.False
 Test your knowledge
Q3. Which one of the following risk concepts can be assumed to have no
mitigating controls?
A. Business risk
B. Residual risk
C. Inherent risk
D. Current risk

Q4. Which of the following describes control risk when the auditor undertakes
an assignment:
A. The risk of a misstatement due to a failure of controls.

B. The risk that the auditor fails to detect a misstatement in the financial
statements.

C. The risk inherent in that particular business or the risk in a business if

there were no controls in place.
 Test your knowledge cont…
Q5. A Control Objective tells us what the purpose of having a certain
control in place is. Is this statement TRUE or FALSE?

A. True
B. False

Q6. If the banking process should be carried out with one member of staff
counting the cash and another banking it, What is this control called?

A. Authorisation.
B. Segregation of Duties.
C. Dereliction of duty.
 Test your knowledge cont…

Q7. The policies and procedures helping to ensure that

management directives are executed and actions are taken to
address risks to achievement of objectives describes...

A. Control activities.
B. Risk assessments.
C. Control environments.
D. Monitoring.

Q8. Which of the following is an example of preventative control?

a. Bank reconciliation.
b. Trial balance.
c. Authorisation
d. Insurance
 Test your knowledge cont…
Q9. The following are examples of preventative control, except
a. Segregation of duties.
b. Pre-numbering.
c. Fire extinguisher
d. None of the above

Q10. Which of the following is not an inherent limitation of internal

control system?
a. Management override
b. Collusion among employees
c. Inefficiency of internal auditor
d. Abuse of authority
 Test your knowledge!
Q3. Which one of the following risk
Q1. Who is responsible for internal concepts can be assumed to have no
controls under corporate mitigating controls?
governance rules and COSO’s
(see pg 98 Risk assessment)
best practice: (pg 86, 91, 106)

A. The Auditor. A. Business risk

B. The Directors of the company.
C. The Audit Committee.
D. Internal Audit.
Answer: B
Q4. Which of the following describes control
Q2. Residual risk is the risk that
auditor not detecting a
misstatement during the audit
engagement.
Is this statement? (see pg 106)
A. True
B. False
Answer: B
B. Residual risk
C. Inherent risk
D. Current risk
Answer: C
risk when the auditor undertakes an
engagement: (see pg 98 Risk assessment)
1. The risk of a misstatement due to a
failure of controls.
2. The risk that the auditor fails to detect a
misstatement in the financial statements.
3. The risk inherent in that particular
business or the risk in a business if there
were no controls in place.
Answer: A
 Test your knowledge cont…
Q5. A Control Objective tells us Q6. If the banking process should be
what the purpose of having a carried out with one member of staff
certain control in place is. counting the cash and another
banking it what is this control called?
Is this statement? (see pg 91) (see pg 99)

A. True A. Authorisation.
B. False B. Segregation of Duties.
Answer: A C. Dereliction of duty.
Answer: B

Q7. The policies and procedures helping to ensure that

management directives are executed and actions are
taken to address risks to achievement of objectives
describes... (see pg 93)

A. Control activities.
B. Risk assessments.
C. Control environments.
D. monitoring.
Answer: C
 Test your knowledge cont…

Q8. Which of the following is an

example of preventative
control? (see pg 98)
Q10. Which of the following is
a. Bank reconciliation.
not an inherent limitation
b. Trial balance.
of internal control system?
c. Authorisation
(see pg 107)
d. Insurance
Answer: C

Q9. The following are examples of a. Management override

preventative control, except
a. Segregation of duties.
b. Pre-numbering.
c. Fire extinguisher
d. None of the above
Answer: C
b. Collusion among employees
c. Inefficiency of internal auditor
d) Abuse of authority
Answer: C
REVISITED - The road we’ve travelled thus far…
 Self - Test (Your knowledge)

Question: The Definition of internal auditing?

(Approved & defined by the Institute of Internal Auditors (IIA) in June 1999)

Answer: …………………………………………………………………………………………..
 Self - Test (Your knowledge)

Question: The Definition of internal auditing?

(Approved & defined by the Institute of Internal Auditors (IIA) in June 1999)

Answer:

“Internal auditing is an independent, objective assurance and consulting activity

designed to add value and improve an organization’s operations. It helps an
organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
 Week 10 & 11: Chapter 6
“The Internal Audit Process”

(NB: Also see Tools & Techniques in **Chapter 7,

BUT will be covered in
details during Week 12 or 13)
 Small class activity: Let us look at these pictures…

Picture 1

Picture 2

QUESTION: Is it acceptable?
 What is an audit?
• Audit
─ Action
─ Self–Reading: ‘Example of buying a mobile phone’
• Criteria
• Condition
• Finding
• Organisational level
─ Strategic
─ Business unit
─ Business process

(NB: see page 118 - 119)

18
Audit Methodology

Organisational objectives
E. g, To
increase profits
generated from Risk
selling goods assessment
should align
Objectives -

ID type of audit

Obtain
E.g, To evaluate understanding Risk
the areas Engagement
reasonableness objectives Planning the
of the org’s Criteria audit
sales figures Work programme engagement

NB: REFER TO STANDARDS 2200, 2300, 2400, 2500 &

19 THE SCHEMATIC REPRESENTATION OF RECOMMENDED STEPS.
 Standards
Attribute Performance

1000 – PAR 2000 – Managing the IAA

1100 – Independence & 2100 – Nature of work
Objectivity

1200 – Proficiency and DPC 2200 – Planning the audit (see pg 123)
2300 – Performing the audit
2400 – Communicating results
2500 – Monitoring results

1300 – Quality Assurance 2600 – Management’s Acceptance of Risk

Improvement program

20
Planning the
Engagement Performing the
(Std 2200) Engagement
(Std 2300)
“8 steps” The Internal “4 steps”
process Audit Process process

Types of Audit Assertions on

Engagements Financial
Statements

21
1: Obtain an 5: Identify engagement:
Understanding Objectives, Criteria &
Scope
2: Preliminary 6: Resource allocation
contact
3: Conduct (Tools) 7: Prepare
preliminary survey engagement
work programme
4: Identify risks 8: Final confirmation to
proceed
1: Identify Engagement
Information: Characteristics, Type
of evidence, Sources
2: Perform engagement procedures
3: Analyse and evaluate engagement
information
4: Document engagement
information
(NB: SUPERVISION)
 Planning IA engagement - ‘2200 Stds’
IIA Standards
Planning the engagement
2201 2210 2220 2230 2240
Planning Engage- Engagement Resource Engagemen
a) Sub- considera- ment Scope allocation t Work
standards tions Objectives Programme

b) Steps ‘1st to 4th ‘5th Step’ ‘5th Step’ ‘6th Step’ ‘7th to 8th
Steps’ in 2220 2230 Steps’
2201 2210 Engagement Resource 2240
Refer to the Steps
under each Sub- Planning Engage- Scope allocation Engagemen
standards considera- ment t Work
tions Objectives Programme
 Performing IA engagement ‘2300 Stds’
IIA Standards
Performing the engagement
2310 2320 2330 2340
Identify the Analyse and Document the Supervise the
a) Sub- information evaluate information engagement
standards information

b) Steps ‘1st and 2nd ‘3rd Step’ ‘4th Step’ ‘1st to 4th
Steps’ 2320 2330 Steps’
Refer to the Steps 2310 Analyse and Document the 2340
under each Sub-
Identify the evaluate information Supervise the
standards
information information engagement
 Types of engagement procedures
(Refer to textbook: pg 143 - 145)

Engagement procedures (How, What and Why?)

Compliance Substantive procedures

procedures
Substantive tests Substantive Analytical
(NB: Testing IC of transactions tests of procedures
adequacy, balances
effectiveness &
efficiency)

24
 TYPES OF AUDIT ENGAGEMENT and OBJECTIVES

COMPLIANCE FINANCIAL OPERATIONAL

AUDIT AUDIT AUDIT
ENGAGEMENT ENGAGEMENT ENGAGEMENT

Engagement To evaluate internal To evaluate fairness To evaluate the

objective control and of transactions and economy, efficiency
adhering to laws balances. and effectiveness
and regulations. of operations.
Example of 1 Inspect invoices 1 Reconcile the 1 Examine the
one possible for approval occupied rooms different
engagement and correct use schedule with schedules used
procedures of daily tariffs total amount of for tariffs -in
applicable. payments season and out of
banked for the season periods.
same period.
 COMPLIANCE AUDIT ENGAGEMENT…expanded

Compliance Audit Engagement Objective

To evaluate internal control and adhering to laws and

regulations.

General IC
objectives Specific IC Engagement
objectives objective

26
 FINANCIAL AUDIT ENGAGEMENT…expanded

FINANCIAL AUDIT FINANCIAL AUDIT

ENGAGEMENT ENGAGEMENT
‘Management assertions’ ‘Engagement objectives’

General engagement
Existence objectives
Completeness
Cut-off
Specific
Accuracy engagement objectives
Rights and Obligations
Classification and allocation
Valuation
Presentation and disclosure
28

OPERATIONAL AUDIT ENGAGEMENT…expanded

OPERATIONAL AUDIT OPERATIONAL AUDIT

ENGAGEMENT ENGAGEMENT
‘Management Objectives’ ‘Engagement objectives’

Business unit 3 E’s

Process level,
Operations
etc
Tasks
Activities
3 E’s
QUESTIONS?