Audit Tutorial

6-1) What are management's incentives for establishing and maintaining strong
internal control? What are the auditor's main concerns with internal control?
The controls that are relevant to the entitys ability to initiate, record, process and report
financial data consistent with managements assertions are the auditors main concern.
The auditor needs assurances about the reliability of the data generated within the entitys
internal control system in terms of how it affects the fairness of the financial statements and
how well the assets and records of the entity are safeguarded.
The auditor uses this understanding of internal control to identify the types of potential
misstatements, ascertain factors that affect the risk of material misstatements and design
teats of controls and substantive procedures.

6-6) Why must the auditor obtain an understanding of internal control?

Auditing standards require the auditor to obtain an understanding of each of the
five components of internal control in order to plan the audit. This understanding
includes knowledge about the design of relevant controls and whether they have
been placed in operation by the entity. The auditor uses this knowledge to:
1. Identify the types of potential misstatement
2. Identify factors that affect the risk of material misstatement
3. Design tests of controls and substantive procedures
6-15)
(a) After understanding the new system, the auditor would need to test the
system to determine if the system is working effectively. If so, the auditor
is more likely to use the reliance strategy.
The auditor should also consider whether the frauds knowledge of IT system
is sufficient to allow the use of a reliance strategy.
Else, a substantive strategy may be more appropriate. The auditor should
however be aware that there may be risk involved, for which substantive
procedures alone does not provide enough appropriate evidence.

b) Before deciding whether to hire an IT expert, the auditor need to take into
consideration a few factors.
1. Complexity of the new system
2. The extent to how relevant the audit evidence is available in the electronic
form.
Example: Auditor can consult the IT specialist on how IT controls are
designed and how the respective data and transactions are recorded and
reported.
c) 5 Components of internal control
1) Control environment: IT basic accounting require investment,
therefore it will increase the commitment and willingness to improve
controls.
2) Entitys Risk assessment: New system will create unknown risk
Eg. Loss of data, untrained users, suitability of system
3) Control activities: Controls need to be implemented to ensure
that the IT based accounting system (AS) is running properly
eg. Password, firewall, backup faculty (offsite)
4) Monitoring of controls: Ensuring that internal auditors have the
relevant knowledge and experience to ensure effective monitoring of
employees compliance to the entitys policies.
5) Information system: External auditor has to verify system to
ensure that all valid transactions are recorded on a timely basis to
provide sufficient information to prepare accurate and complete
financial statement.