Professional Documents
Culture Documents
of Audit
Lesson 1
AUDIT
2. Completeness assertion -
declares that no material assets,
equities, or transactions have been
omitted from the financial
statements.
Management
Assertions
3. Rights and Obligations - assertion
and Audit maintains that assets appearing on the
Objectives balance sheet are owned by the entity and
that the liabilities reported are obligations.
In the IT environment, this process involves gathering evidence relating to the reliability
of computer controls as well as the contents of databases that have been processes by
computer programs.
The audit report contains, among other things, an audit opinion. This opinion is
distributed along with the financial report to interested parties both internal and
external to the organization. IT auditors often communicate their findings to internal
and external auditors, who can then integrate these findings with the non-IT aspects of
the audit.
DIFFERENT TYPES OF AUDIT
Internal audit is an
IT audit is associated with
independent appraisal
auditors who use technical
function established within
skills and knowledge to audit
an organization to examine
through the computer
and evaluate the activities as
system.
a service to the organization
DIFFERENT TYPES OF AUDIT
External/Financial audit is
Fraud audit arises out of associated with auditors
rampant employee theft or who work outside or
major financial frauds independent of the
organization being audited.
• AUDIT RISK is the
probability that the
auditor will render
AUDIT an unqualified
opinion on financial
RISK statements that are,
in fact, materially
misstated.
Audit Risk Components
4. To measure
compliance with
3. To promote efficiency
management’s
in the firm’s operations.
prescribed policies and
procedures.
• Attempts at unauthorized access to the
firm’s assets (including information)
• Fraud perpetrated by persons both in
and outside the firm
UNDESIRABLE • Errors due to employee incompetence,
EVENTS faulty computer programs, and
WITHIN AN corrupted input data
ORGANIZATION • Mischievous acts such as unauthorized
access by computer hackers
• Threats from computer viruses that
destroy programs and database
Weakness in
Internal Control 1. Destruction of assets
may expose the (both physical assets
firm to one or more and information)
of the following 2. Theft of assets
types of risks:
3. Corruption of
information or the
information system
4. Disruption of the
information system
MODIFYING
ASSUMPTIONS
1. Management Responsibility - this
concept holds that the establishment
and maintenance of a system of
internal control is a management
responsibility.
2. Reasonable Assurance - that the
four broad objectives of internal
control are met. This means that no
system of internal control is perfect
and the cost of achieving improved
control should not outweigh its
benefits
MODIFYING
ASSUMPTIONS
3. Methods of Data Processing - the
techniques used to achieve these
objectives will vary with different
types of technology.
MODIFYING
ASSUMPTIONS
4. Limitations
(1) the possibility of error – no system is perfect
(2) circumvention – personnel may circumvent
the system through collusion or other
means
(3) management override – management is in a
position to override control procedures by
personally distorting transactions or by
directing a subordinate to do so
(4) changing conditions – conditions may
change over time so that existing controls
may become ineffectual.
END OF LESSON 1