The Audit Process

Control Risk assessment :

Identify risk
Risk assessment

1-1
©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN
 Internal Control Defined
“The process effected by an entity’s board of directors, management,
and other personnel designed to provide reasonable assurance
regarding the achievement of objectives in the following categories:
•Reliability of financial reporting
•Effectiveness and efficiency of operations
•Compliance with applicable laws and regulations
•Safeguarding of assets.

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-2

Internal Control Defined

The fundamental concepts :

•Internal control is a process – a series of actions that permeate an
entity’s activities.
•Internal control is effected by people – board of directors, management,
and other personnel in the entity.
•Internal control can be expected to provide only reasonable assurance,
not absolute assurance.
•Internal control is geared to the achievement of the entity’s objectives

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-3

 Five Components of Internal Control

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-4

Internal Control and Financial Reporting
tindakan, kebijakan, prosedur yang mencerminkan keseluruhan sikap
manajemen puncak, direktur, & pemilik entitas tentang pengendalian
internal & kepentingannya bagi entitas

proses untuk mengidentifikasi dan menganalisis risiko

yang dapat menghambat pencapaian tujuan.

penggunaan informasi yang relevan dan berkualitas

untuk mendukung berfungsinya pengendalian internal

kebijakan dan prosedur untuk memastikan bahwa

tindakan yang diperlukan telah diambil untuk
mengatasi risiko pencapaian tujuan entitas.

asesmen berkelanjutan atas efektivitas pengendalian internal

untuk menentukan apakah pengendalian beroperasi seperti yang
diharapkan & dimodifikasi saat diperlukan

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-5

The Pervasive Controls and Specific Controls

Internal control dapat

berdampak pervasif thd
laporan keuangan secara
keseluruhan maupun
spesifik thd transaksi &
akun2 tertentu.

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-6

Inherent Risk and Internal Controls

RMM

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-7

Inherent Risk, Pervasive Controls and Specific Controls

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-8

The Scope of Understanding of Controls

The auditor is only concerned with

understanding and evaluating those
controls that would mitigate a risk
of a material misstatement in the
financial statements.

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1-9

Procedures to Obtained and Understanding

Update & evaluate Observe the entity’s

the auditor’s previous files activities & operation

Inspect
Inquiry of documents & records
client personnel

Walkthrough of the
accountung system

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 10

Assessing Control Risk
To gain an understanding of the entity’s internal control, the auditor is
required to :
1. evaluate the design of controls; and
2. determine whether they have been implemented

Pertimbangkan apakah controls secara efektif mampu mencegah atau

mendeteksi & mengkoreksi salah saji material.
• Prevent control
• Detect and correcting control

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 11

The Four Steps Process of Assessing IC
A Risk Assessment Procedure
Risiko apa yang ada, jika tidak dimitigasi oleh IC,
dapat menyebabkan terjadinay salah saji material?

Identifikasi controls yang memitigasi risiko.

Evaluasi setiap komponen control, apakah ada
defisiensi yang signifikan?

A Risk Assessment Procedure

Pastikan controls yang diidentifikasi benar-benar
beroperasi sesuai dengan desainnya

Dokumentasikan operasi controls yang relevan,

lengkap dari awal hingga pelaporan keuangan

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 12

Step 1 : Identify What Risk Require Mitigation

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 13

Step 2 : Assess Control Design
Design of Pervasive Controls
Identify risk factor/ Control environment
control objectives Risk assessment

Identify existing Controls exist to mitigate risk factor

control design

Evaluate & form Use professional judgment to conclude whether

a conclusion the controls is sufficient to address the risk factor

Access CR Low – Medium – High (initial assessment)

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 14

Design of Pervasive Controls - Example

Key Control

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 15

Forming a Conclusion – Pervasive Control

Ketika membuat kesimpulan tentang lingkungan pengendalian, auditor harus

mengevaluasi apakah:
•Manajemen telah menciptakan dan memelihara budaya kejujuran & perilaku etis;
dan
•Kekuatan dalam lingkungan pengendalian secara kolektif memberikan landasan
yang tepat untuk komponen pengendalian internal lainnya, dan apakah komponen
lain tidak dirusak oleh defisiensi dalam lingkungan pengendalian.

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 16

Step 2 : Assess Control Design
Design of Specific (Transactions) Controls
Identify assertions for Existence (E); Completeness (C);
class of transactions Accuracy: classification-cutoff (A)

Identify
Controls that support the assertions
existing controls
1. identify existing controls
2. Identify lack of key controls
Identifiy & evaluate
3. Consider the existing of compensating control
weaknesses
4. Assess the potential misstatements as results of
lack of controls

Access CR Low – Medium – High (initial assessment)

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 17

Step 2 : Assess Control Design
Matrix to Evaluate Design of Specific (Transactions) Controls

P = prevent control
D = detect control

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 18

Concluding on Control Design

the underlying risks

have been appropriately
mitigated

some problems may exist;

potentially significant
deficiencies

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 19

Step 3 : Assess Control Implementation

Terapkan prosedur berikut untuk memastikan apakah controls diimplementasikan :

•Inquiring of entity personnel;
•Observing or re-performing the application of specific controls;
•Inspecting documents and reports; and
•Tracing one or two transactions through the information system relevant to
financial reporting (a walkthrough test)

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 20

Step 4 : Document Relevant Controls

Narrative

Flowchart

Checklists
IC
Questionaires

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 21

Communicating Deficiencies in Internal Control

Suatu defisiensi signifikan adalah defisiensi atau kombinasi defisiensi dalam

internal controls yang, menurut pertimbangan profesional auditor, penting untuk
mendapatkan perhatian dari pihak yang bertanggung jawab atas tata kelola.

Any identified significant deficiency should be

•Diskusikan dengan manajemen, dan discuss it with management, and
•Komunikasikan defisiensi signifikan tsb secara tertulis dengan pihak yang
bertanggung jawab atas tata kelola (TCWG)

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 22

Summary – Risks & Their Effects on Audit Work

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 23

Summary – Risks & Their Effects on Audit Work

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 24

 End

©2022 FAKULTAS EKONOMI & BISNIS UNIVERSITAS PADJADJARAN 1 - 25