Internal Audit Process/

Phases
MCMROMERO
Internal Audit Process

Audit Execution/
Audit Planning &
Assessment
Preparation
(Fieldwork)

Recommendation
Audit Reporting
and Follow –up
Audit Execution/ Assessment
(Fieldwork

– Conduct interviews & Observation

– Sampling and testing of processes &
procedures
- Risk Assessment
- Drafting Initial audit findings
Audit Execution/ Assessment
(Fieldwork)
 Preliminary Audit Conference (Pre-AC)

Execution of the pre audit conference is required in

an engagement. The agenda includes the contents
of the engagement letter such as but not limited to
audit objectives, scope, timeline, requirement,
responsibilities of both parties and other concerns
related to audit engagements. Some Pre-Acs were
documented thru a minutes of the meeting. but
other considered the engagement letter as the
contract that both parties met on the same details
of the engagements.
Audit Execution/ Assessment
(Fieldwork)
 Conducting Interviews and Observations

Interviews
 Is a data gathering technique aimed obtaining quantitative

and qualitative information.

 It can be used to elicit facts/opinions of the persons involved

in a particular programme regarding its context,

implementation, results or impact.
 It is an excellent way to gather evidence for audit

assignments.
 The objective of the interview is to acquire all the needed

information as quickly and as effectively as possible.

 The interview should be as stress-free as possible and must

be conducted in a business-like manner.

Audit Execution/ Assessment
(Fieldwork)
 Conducting Interviews and Observations

Observation is a non-judgmental statement about a product or process.

Observations are typically made during a quality inspection or audit and are used
to identify potential quality issues or areas for improvement.

Severity of observation resulting to audit findings

 A critical observation would result in a failure of the quality system that would

have an effect on the finished product quality or may result in not achieving
management system certification.
 A major observation would result in a failure of one or more quality system

processes that may have an effect on the finished product quality or may result
in problems achieving management system certification.
 A moderate observation would result in a failure of a process in the quality

system that may have an effect on the finished product quality or may cause
delays in achieving management system certification.
 A minor observation would not have an effect on the finished product quality or

may not have any effect on achieving management system certification.

Audit Sampling and Testing
Audit Sampling -
 the application of suit procedures to less than

100% of the items within the account balance

or class of transactions such that all sampling
units have a chance of selection.
 It is performed on the assumption that the

sample selected for testing is representative of

the population.
Selective testing – testing particular significance
during testing (e.g. all items over the certain
amount or a sample period)
Sampling Risk
1. Alpha Risk – Auditor performing audit procedures more than what is
neccessary, thus affecting audit efficiency
 Underreliance – Internal control is not reliable when In fact it is effective

and can be relied upon.

 Incorrect Rejection – the material misstatement exists in an account balance

or transaction class when in fact such misstatement does not exist.

2. Beta Risk – Auditor performing audit procedures less than what is

neccessary, thus affecting audit effectiveness
 Overreliance – Internal control is reliable when in fact it is not effecive and

cannot be relied upon.

 Incorrect Acceptance – the material misstatement does not exist when in

fact material misstatement does not exist.

 Non- Sampling Risk – human errors, inaapropriate procedures, failure to

recognize the errors in the samples tested or misinterpretation of evidence
obtained.
Controlling the Risks
Sampling Risk
The only way to eliminate the entire sampling risk is to
examine the entire population, howver, this may not be
feasible because of the time and cost constraints, so
auditors control sampling risk by:
 Increasing the sample size
 Using appropriate samples selection method.

Non Sampling Risk

These cannot be eliminated even the entire population is
examined. But these can be minimized
 Proper Planning
 Adequate direction, review and Supervision of the audit

team
Sampling Approaches
1. Statistical Sampling
 Random based selection
 Use statistics to measure sampling risk and

evaluate results (law of probability)

2. Non-statistical Sampling
Purely uses auditors judgement estimating
risks and sample sized to evaluate sample
results.
Audit Sampling Plans
Audit Sampling may be used when performing tests of
controls or sunstantive tests when statistiscal sampling is
used, the auditor may use either:
a. Attribute Sampling – sampling plan used to estimate the
frequency of occurrence of a certain characteristic in a
population ( Occurrence Rate). It is generally used when
performing tests of controls to estimate the rate of
deviation from the prescribed internal control policies or
procedures.
b. Variable Sampling – sampling plan used to estimate a
numerical measurement of a population such as peso
vale. It is generally used in performing substantative tests
to estimate the amount of misstatements in the financial
statements.
 Basic Steps in Audit Sampling
Summarize the CL Results & conclude AR
balance is materially misstated or either there
is additional procedure to be done.
A computer
software that Evaluate the results
produces random
numbers that match Apply the procedures
with the customer
numbering system Sends out CL to
Select the sample
Sending out selected
confirmation customers
letters (CL) Determine the sample size
to Examine only 100 out of
customers total 5,000 customer accounts
Determine the procedures in order to draw the conclusion
whether the total AR balance
Define the Objectives re actually existing as of the
Balance Sheet date.
Accounts receivable – To determine
whether AR balances exist as of the
financial statement date.
Sampling for Tests of Controls

Test of Controls – are performed to obtain evidence

about the effectiveness of the design of the
accounting and internal controls system or
operation of the Internal controls throughout the
period.
Audit sampling for tests of control is generally
appropriate when application of the control leaves
evidence of performance. For those controls that
leave no documentary evidence of performance, non
sampling procedures such as inquiries &
observation would be more appropriate.
Determination of sample size
Factors affecting the determination of sample size
for tests of controls.
1. Acceptable Sampling Risk the size of the sample
is affected by the level of sampling risk the
auditor is willing to accept.
2. Tolerable Deviation Rate - the maximum rate of
deviation the auditor is willing to accept without
modifying the planned dergee of reliance on the
internal control.
3. Expected Deviation Rate – rate of deviation the
auditor expects to find in the population before
testing begins.
Determination of sample size
Sample Acceptable Tolerable Deviation Expected
Size Sampling Risk Rate Deviation Rate
The smaller the Tolerable deviation
sampling risk the rate is inversely
larger the sample related to the sample
size size, a decrease in
the tolerable
deviation rate will
cause sample size to
increase
Small High High Low
Large Low Low High
Audit Execution/ Assessment
Three principal methods of selecting samples:
(PSA 530)
A. Random Selection
B. Systematic Selection
C. Haphazard Selection
Auditor may encounter the ff situations:
 Voided Documents – cancelled documents in a sample. If

properly voided documents should be replaced by

another sample
 Missing Documents – missing or unable to determine

whether the control has been properly performed such

items should be treated as deviation for the purpose of
evaluating sample results.
Other Sampling Applications for
Tests of Controls
 Sequential Sampling – when auditor expects
very few deviations within the population

 Discovery Sampling – This form of attribute

sampling is most appropriate when no
deviations are expected in the population and
therefore even one deviation would cause
concern.
Evaluation of the results
1. Determine the sample deviation rate
Sample deviation rate is computed by dividing the number
of deviations found in the sample by the sample size.
2. Compare the sample deviation rate with the tolerable
deviation rate and draw an overall conclusion about the
population.
 Sample deviation > tolerable deviation rate – sample

results do not support the auditors planned degree of

reliance on internal control. Control risk will be assessed
at a high level and more extensive substantive tests
should be performed.
 Sample deviation < Tolerable deviation rate – the auditor

should consider the allowance for sampling risk.

Sampling for Substantive Tests
 Substantive test – are audit procedures
designed to substantiate the account or to
detect material misstatements.
Factors when determining sample size
1. Acceptable Sampling Risk
2. Tolerable Misstatement
3. Expected Misstatement
4. Variation in the Population
Sampling for Substantive Tests
Sample Selection Method
 Stratified Sampling – process if dividing a

population into sub- populations each of

which is a group of sampling units which
have similar characteristics.
 Value weighted selection – allows each items

in the population to have an opportunity to

be selected
Audit Execution/ Assessment
(Fieldwork)
 Updating Audit Work Program (as necessary)
Unaccounted Cash
Cash counted conducted on Auditee
September 9, 2023, shows a Response Process
Owner
discrepancy of P1,000. to wit:
Teller
Per Cashier Per Auditor
romero
Record Cash count
150,000 149,000
Discrepancy 1,000

Per count, 1 pc of 1000 peso bill

was missing or unaccounted
Risk:
 Temporary booking

 Unaccount shortage