Professional Documents
Culture Documents
19
LO # 4 - Auditing procedures
• Describe the types and classifications of auditing
procedures that may be used in an audit.
20
SUMMARY
• Materiality is considered at both the financial statement and account balance levels, and may be
expressed in either quantitative or non-quantitative financial statement terms. There is an inverse
relationship between materiality levels and the level of evidence needed.
• In conducting the audit, different strategies can be adopted. After understanding the entity and its
environment (including its internal control) in order to assess the risks of material misstatement,
the audit strategy can be developed. The two ends of the spectrum of audit strategies are the
predominantly substantive approach and combined approach (lower assessed level of control risk).
• The auditor achieves the overall objective of rendering an opinion on general purpose financial
reports by collecting and evaluating evidence relating to numerous specific audit objectives. These
objectives are derived from the management assertions contained in the components of the
financial statements. In performing the audit, the auditor exercises professional judgement in
selecting from a variety of auditing procedures and types of evidence to meet the numerous
specific audit objectives.
• The auditor also exercises judgement at the conclusion of the audit in evaluating whether sufficient
appropriate evidence has been obtained to afford a reasonable basis for the opinion on the
financial statements overall.
Review Question
Control activities are detailed policies and procedures that
management establishes to help ensure that its directives are carried
out.
• List the four different categories of control activities and give an
example of each.
Attempting the question
There are four categories of internal controls:
• information processing controls
• segregation of duties
• physical controls
• performance reviews.
•
• Lets deal with the first one.
1. Information processing controls
• Definition - are used to check. accuracy, completeness, and authorization of transactions.
• Acceptable examples would include:
• general controls (organisational controls, systems development and maintenance controls, access
controls or data and procedural controls) or
• application controls (input controls, processing controls or output controls) that are specific to a
computerized system.
•
Attempting the question cont..
2. Segregation of duties
• Definition - is a basic building block of sustainable risk management and internal
controls for a business. The principle of SOD is based on
shared responsibilities of a key process that disperses the critical functions of
that process to more than one person or department.
• Acceptable examples should adhere to the following principles:
• Responsibility for executing a transaction, recording the transaction and maintaining
custody of the assets resulting from the transaction should be assigned to different
people.
• The various steps involved in executing a transaction should be assigned to different
individuals or departments.
• Responsibility for certain accounting operations should be segregated.
Attempting the question cont..
Physical controls
• Definition: - is the implementation of security measures in a defined structure
used to deter or prevent unauthorized access to sensitive material.
• Acceptable examples would include:
• direct or indirect controls that physically limit access to assets and important records.
Performance reviews
• Definition - a formal assessment in which a manager evaluates an employee’s
work performance, identifies strengths and weaknesses, offers feedback, and
sets goals for future performance.
• Acceptable examples include:
• management reviewing reports, considering actual performance compared to expected or past
performance, or
• analyzing the relationships of different sets of data.