8/29/2022

PRINCIPLES OF AUDITING

1

Textbook(s)
• Arens, A.A, Elder, R.J and Beasley, M.S. (2012)
Auditing and Assurance Services, An
Integrated Approach, 14th edition, Prentice
Hall
• Messier Jr, W.F., Glover, S.M. and Prawitt, D.F.
(2008) Auditing and Assurance services: A
Systematic Approach, 6th edition, McGraw Hill
• International Auditing Standards (ISAs)
2

Contents
Chapter 1: Introduction to Auditing and Assurance
Services
Chapter 2: Professional Ethics and Auditor Legal
Liability
Chapter 3: Client Acceptance and Management
Assertions
Chapter 4: Internal Control and Control Risk
Chapter 5: Audit Planning
Chapter 6: Audit Evidence and Audit Procedures
Chapter 7: Completing the Audit
Chapter 8: Audit Reports
3

1


8/29/2022

CHAPTER 1
Introduction to Auditing
and Assurance Services

4

Chapter 1
1.1. Auditing
1.2. Assurance

5

Audit Definition
“Auditing is the accumulation and evaluation of
evidence about information to determine and
report on the degree of correspondence
between the information and established
criteria. Auditing should be done by a
competent, independent person”.
(Arens, A.A, Elder, R.J and Beasley, M.S.,2012)

6

2



8/29/2022

Types of Audits
1. Operational Audit
2. Compliance Audit
3. Financial Statement Audit

7

Types of Audits
Operational audit
• An operational audit evaluates the economy,
efficiency and effectiveness of any part of an
organization’s operating procedures and methods in
order to improve the operation of auditee.

8

Types of Audits
Compliance audit
• A compliance audit is conducted to determine
whether the auditee is following specific
procedures, rules, or regulations set by some
higher authority.

9

3



8/29/2022

Types of Audits
Financial statement audit
• A financial statement audit is conducted to
determine whether the financial statements (the
information being verified) are stated in accordance
with specified criteria.

10

Types of Auditors
* Internal Auditor (IA) => O.A
* State Auditor (SA) => C.A
* External Auditor / Independent Auditor
(CPA) => F.A

11

International Public Accountancy Firms
•
•
•
•

Big Four international firms
National firms
Regional and large local firms
Small local firms


12

4


8/29/2022

Assurance Engagement
An assurance engagement is one in which a
practitioner expresses a conclusion designed to
enhance the degree of confidence of the
intended users other than the responsible party
about the outcome of the evaluation or
measurement of a subject matter against
criteria.
International Framework for Assurance
Engagements, 2005, para.7
13

Levels of Assurance
The International Framework for Assurance
Engagements identifies two types of
assurance engagement:
Reasonable assurance engagement
Limited assurance engagement

14

CHAPTER 2

Professional Ethics and
Auditor Legal Liability

15

5


8/29/2022

Chapter 2
2.1. What Are Ethics?
2.2.The IFAC Code of Ethics for Professional
Accountants
2.3. Auditor’s Legal liability

16

2.1. What Are Ethics?
• Ethics can be defined broadly as a set of moral
principles or values.

17

18

6


8/29/2022


2.2.The IFAC Code of Ethics for Professional
Accountants
2.2.1. IFAC code of conduct (Fundamental
principle of ethics)
2.2.2. Threats to compliance with fundamental
ethical principles and the safeguards

19

2.2.The IFAC Code of Ethics for Professional
Accountants
2.2.1. IFAC code of conduct (Fundamental
principle of ethics)
(a) Integrity
(b) Objectivity
(c) Professional Competence and Due Care
(d) Confidentiality
(e) Professional Behavior
20

2.2.The IFAC Code of Ethics for Professional
Accountants
2.2.2. Threats to compliance with fundamental
ethical principles and the safeguards
(a) Self-interest threats
(b) Self-review threats
(c) Advocacy threats
(d) Familiarity threats
(e) Intimidation threats


21

7


8/29/2022

2.2.The IFAC Code of Ethics for Professional
Accountants
2.2.2. Threats to compliance with fundamental
ethical principles and the safeguards
Safeguards that may eliminate or reduce such
threats to an acceptable level fall into two broad
categories:
(a) Safeguards created by the profession,
legislation or regulation;
(b) Safeguards in the work environment
22

2.2.The IFAC Code of Ethics for Professional
Accountants
2.2.3. Independence-Assurance Engagements
• Independence of Mind
• Independence in Appearance

23

2.3. Auditor’s Legal liability
2.3.1. What is Legal Liability of Auditors?

2.3.2. Sources of Legal Liability for an Auditor
2.3.3. The Legal Liability of Auditors to Third
Parties

24

8


8/29/2022

CHAPTER 3
Client Acceptance and
Management Assertions

25

3.1. Evaluate the Client’s Background
1. The auditor decides whether to accept a new
client or continue serving an existing one.
2. The auditor identifies why the client wants or
needs an audit. This information is likely to affect
the remaining parts of the planning process.

26

3.2. Management assertion and
assertion classification
• Management assertion: are implied or expressed
representations by management about classes of

transactions and the related accounts and
disclosures in the financial statements
• International
auditing
standards
classify
assertions into three categories:
– Assertions about classes of transactions and events
for the period under audit
– Assertions about account balances at period end
– Assertions about presentation and disclosure
27

9


8/29/2022

28

Connect between management
assertion and audit objective
• Transaction-related audit objectives
• Balance-related audit objectives
• Presentation and disclosure-related audit
objectives
(Chapter 6 – Arens, 6.7-6.9)

29


30

10


8/29/2022

31

32

Audit Risk
• Audit risk is the risk that the auditor gives an
inappropriate audit opinion when the financial
statements are materially misstated.
• Audit risk has three components: inherent risk,
control risk and detection risk.

33

11


8/29/2022

34

Audit Risk Model

• Auditors consider these risks in planning

procedures to obtain audit evidence primarily
by applying the audit risk model

35

Audit Risk Model


PDR = ì
ã Where:
PDR = planned detection risk
AAR = acceptable audit risk
IR = inherent risk
CR = control risk

36

12


8/29/2022

37

MATERIALITY
• FASB Concept Statement 2 defines materiality as: The
magnitude of an omission or misstatement of
accounting information that, in the light of
surrounding circumstances, makes it probable that
the judgment of a reasonable person relying on the

information would have been changed or influenced
by the omission or misstatement.
(Chapter 9, Arens)

38

MATERIALITY

39

13


8/29/2022

CHAPTER 4
Internal Control and Control Risk

40

Chapter 4
4.1. Definition of Internal Control and purpose of
designing Internal Control
4.2. Management responsibility and CPA
responsibility regarding Internal Control
4.3. Components of Internal Control
4.4. Internal Control limitation and Internal
Control in SME

41


4.1. Definition of IC and purpose of designing IC
Internal
control:
The
process
designed,
implemented and maintained by those charged with
governance, management and other personnel to
provide reasonable assurance about the
achievement of an entity's objectives with regard to
reliability of financial reporting, effectiveness and
efficiency of operations and compliance with
applicable laws and regulations. The term "controls"
refers to any aspects of one or more of the
components of internal control.’
=>Purpose of designing IC
42

14


8/29/2022

4.2. Management responsibility and CPA
responsibility regarding IC
• Management responsibility about IC
• CPA responsibility

43


The COSO internal control components
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring

44

COSO Components of Internal Control
INTERNAL CONTROL
Component

Description of Component

Further Subdivision (if applicable)

Control environment

Actions, policies, and procedures that
reflect the overall attitude of top
directors, and owners of an entity
about internal control and its
importance

Subcomponents of the control environment:
• Integrity and ethical values
• Commitment to competence
• Board of director and audit committee

participation
• Management’s philosophy and operating style
• Organizational structure
• Human resource policies and practices

Risk assessment

Management’s identification and
analysis of risks relevant to the
preparation of financial statements in
accordance
with
appropriate
accounting frameworks such as GAAP
or IFRS

Risk assessment processes:
• Identify factors affecting risks
• Assess significance of risks and likelihood of
occurrence
• Determine actions necessary to manage risks
Categories of management assertions that must
be satisfied:
• Assertions about classes of transactions and
other events
• Assertions about account balances
• Assertions about presentation and disclosure

45


15


8/29/2022

COSO Components of Internal Control
INTERNAL CONTROL
Component

Description of Component

Further Subdivision (if applicable)

Control
activities

Policies and procedures that management
has established to meet its objectives for
financial reporting

Types of specific control activities:
• Adequate separation of duties
• Proper authorization of transactions and
activities
• Adequate documents and records
• Physical control over assets and records
• Independent checks on performance

Information and
communication


Methods used to initiate, record, process,
and report an entity’s transactions and to
maintain accountability for related assets

Transaction-related audit objectives that must be
satisfied:
• Occurrence
• Completeness
• Accuracy
• Posting and summarization
• Classification
• Timing

Monitoring

Management’s ongoing and periodic
assessment of the quality of internal
control performance to determine whether
controls are operating as intended and are
modified when needed

Not applicable

46

4.4. Internal Control limitation and
Internal Control in SME
• Internal Control limitation
• IC in SME


47

CHAPTER 5

Audit planning

16


8/29/2022

Chapter 5
5.1. The Overview of Audit Process
5.2. Planning the Audit
5.3. Audit Strategy and Approaches
5.4. The Audit Program

•
•
•
•

The Overview of Audit Process
Client Acceptance/Continuance
Preliminary Engagement
Planning the Audit
Performing the Audit (Evidence collection and evaluation)
o Perform Tests of Controls
o Perform Substantive Procedures

 Completion the Audit
 Audit Report





Planning the AUDIT
Audit strategy: The formulation of the general strategy for
the audit, which sets the scope, timing and direction of the
audit and guides the development of the audit plan.
Audit plan: An audit plan is more detailed than the strategy
and sets out the nature, timing and extent of audit
procedures

17


8/29/2022

Audit Strategy and Approaches
 Substantive strategy/approach
 Reliance strategy/approach

•

The Audit Program

Audit programs containing specific audit procedures are also prepared.
Exhibit 3–2 presents a partial audit program for substantive tests of accounts

receivable

AUDIT EVIDENCE AND AUDIT
PROCEDURE
Chapter 6

18


8/29/2022

Chapter 6
6.1. Audit Evidence
6.2. Two categories of Audit Procedures
6.3. Audit Documentation

6.1. Audit evidence
6.1.1. The Concept of Audit evidence
6.1.2. The Appropriateness of audit evidence
6.1.3. The Sufficiency of Audit evidence

Concept of audit evidence
Audit evidence is the information used by the auditor
in arriving at the conclusions on which the audit
opinion is based, and it includes the information
contained in the accounting records underlying the
financial statements and other information.

19



8/29/2022

The Appropriateness of audit
evidence
The appropriateness means the quality of evidence
obtained when the evidence is relevant and reliable
(relevance and reliability)

The Sufficiency of Audit evidence
• The sufficiency is the quantity of audit evidence
needed depending on the risk of material
misstatement and the quality of the audit
evidence gathered.

Types of Audit Procedures for Obtaining Audit Evidence
∙ Inspection of records or documents.
∙ Observation.
∙ Physical examination of tangible assets.
∙ Inquiry.
∙ Re-performance.
∙ Recalculation.
∙ Confirmation.
∙ Analytical procedures.

20


8/29/2022


6.2. Two categories of Audit
Procedures
6.2.1. Tests of Controls
6.2.2. Substantive Procedures

61

Tests of Controls
Tests of controls: Audit procedures designed to evaluate
the operating effectiveness of the entity's internal
controls in preventing, or detecting and correcting,
material misstatements.

Substantive Audit Procedures
• Substantive procedures are tests performed to obtain
audit evidence to detect material misstatements in the
financial statements.

21


8/29/2022

6.3. Audit Documentation

64

6.3. Audit Documentation
• Audit documentation (working papers) is the record of
procedures performed, relevant evidence obtained and

conclusions reached.

65

Completing the audit
Chapter 7

22


8/29/2022

Chapter 7

7.1. Overview of Completing the audit
7.2. Review for Contingent Liabilities
7.3. Review for Discovery of Subsequent Events

67

Overview of Completing the audit
•
•
•
•
•
•
•

Design and perform audit tests related to presentation and

disclosure audit objectives
Review for contingent liabilities
Review for subsequent events
Final evidence accumulation
Evaluate results
Issue the audit report
Communicate with the audit committee and management

Review for contingent liabilities
 A contingent liability is a potential future obligation to an
outside party for an unknown amount resulting from activities
that have already taken place. Material contingent liabilities
must be disclosed in the footnotes.

23


8/29/2022

Review for Subsequent Events
The third part of completing the audit is the review for
subsequent events.
The auditor’s responsibility for reviewing subsequent events is
normally limited to the period beginning on the balance sheet
date and ending with the date of the auditor’s report.

Review for Subsequent Events
Two types of subsequent events require consideration by
management and evaluation by the auditor:
– Those that have a direct effect on the financial statements and

require adjustment
– Those that do not have a direct effect on the financial statements
but for which disclosure may be required

Audit reports
CHAPTER 8

24


8/29/2022

Chapter 8
 Basic Elements of the Auditor’s Report.
 Types of Reports Expressing Audit Opinions
 The conditions required to issue the standard unmodified
opinion audit report.
 Five circumstances when an emphasis-of-matter
explanatory paragraph or nonstandard wording is
appropriate to include in an unmodified opinion audit
report.
 The types of audit reports that can be issued when an
unmodified opinion is not justified

Basic Elements of the Auditor’s
Report
1.
2.
3.
4.

5.
6.
7.
8.

Report title
Audit report address
Introductory paragraph
Management’s responsibility
Auditor’s responsibility
Opinion paragraph
Name and address of CPA firm
Audit report date

TYPES OF REPORTS
EXPRESSING AUDIT
OPINIONS

25