CPA101 - Author: Laikwan

Page_
DESCRIPTION Q# M1:1-10, M2:11-22, M3:23-33, M4:34-45, M5:46-59, M6:60-73, M7:74-83,

M8:84-95 RELATED PAGE# Corp Act/STD
Assurance engagement-expresses conclusion to enhance confidence of intended users Assurance engagement 1.03 AUS108.07
Reasonable assurance engagement objective: reduction engagement risk to acceptably low level Assurance engagement 1.05 AUS108
Limited assurance engagement objective to reduction in assurance engagement risk to acceptable
level Assurance engagement 1.05 AUS108
Engagement circumstance: 1.terms 2 subject matter characteristic 3 criteria used 4. Intended users
need Assurance engagement 1.05 AUS108.11
Reasonable & limited assurance: positive form conclusion (reasonable assu) & negative form
(limited assu); evidence limited (limited assu) & sufficient evidence (reasonable assurance) Assurance engagement 1.05 AUS108.02
Reasonable assurance-reducing risk to acceptable low level for expression a positive conclusion Assurance engagement 1.05-1.06 AUS110.02
Limited assurance engagement reducing assurance risk to acceptable level for negative conclusion Assurance engagement 1.06 AUS110.02
IFAC: Int'l Auditing & Assurance Std Board 1. Related services; 2 Audits 3 others than audits or Assurance engagement: IFAC Figure
review types 1.06-1.07 1.1
Audit: enable auditor express opinion whether financial statements accordance identified financial Reasonable assurance:
rept Audits 1.07 IFAC 2004
Review engagement: enable auditor do not provide all evidence required in audit in negative form Assurance engagement 1.07 IFAC 2004
Assurance engagement others: 1 Prospective financial info 2 Non-financial performance 3
Systems or processes (Internal controls) 4 Behaviour (Compliance or effectives) Assurance engagement 1.07
Related services: 1.engagements to perform agreed-upon procedures 2.Compilations of financial
info 3.Tax returns 4. Consulting engagements Assurance engagement 1.07-1.08 AUS108.12
Assurance engagement element: 1.third party relationship 2.subject matter 3.suitable criteria
4.appropriate evidence 5.written assurance report Assurance engagement 1.08 AUS108.20
Practitioner broader than the term 'auditor' Assurance engagement 1.08 AUS108
Responsible party: 1.direct reporting engagement responsible for subject matter 2.assertion-based Direct reporting / Assertion-
engagement responsible for subject matter information. based engagement 1.08 AUS108.21
Intended users as the person, persons/class of person for practitioner prepares the assurance report Assurance engagement 1.08 AUS108.27
Practitioner : 1 responsible for determining nature, timing & extent of procedures 2 to pursue any
matter the practitioner becomes aware that leads practitioner to question material modification
made Assurance engagement 1.09 AUS108.29
Subject matter 5 categories: 1 contents of financial rept 2 key indicators of efficiency &
effectiveness of non-financial performance 3 Physical characteristics 4 Systems & processes
effectiveness (internal control) 5 Behaviour (Corp gov,compliance&HR) Assurance engagement 1.09 AUS108.31
Financial performance or conditions incl historical or prospective fin info content so of fin rept Subject matter 1.09 AUS108.31
Non-fin performance indicators of efficiency & effectiveness: #or train require to trans @100K
passengers Subject matter 1.09 AUS108.31
Physical characteristics related factors as capacity of a facility, consumption of fuel, or ability
conditions Subject matter 1.09 AUS108.31
Subject matter-Internal AUS108.31
Systems & processes about effectiveness. E.g.. Internal control system for benefit of mgt control 1.09 s404
Behaviour: corp governance, compliance with regulation & HR Practices. E.g. establishment of
committees Subject matter-Committees 1.09 AUS108.31
Criteria (benchmarks to evaluate/measure subject matter): engagement sensitive are vary in diff
engagement Assurance engagement 1.10 AUS108.34
Criteria: characteristics 1.Relevance 2.Completeness 3.Reliability 4.Neutrality
5.Understandability Assurance engagement 1.10-1.11 AUS108.36
Relevance: relevant conclusion decision-making by intended user.E.g.Rail performance audit incl
timeliness Criteria 1.10 AUS108.36
Completeness: context of circumstances not omitted:. E.g. rail performance audit incl on-time
running incl # of times train miss station Criteria 1.10 AUS108.36
Reliability: reasonably e.g. measuring # of trains late using sample of 1 day every 3 months. Criteria 1.10 AUS108.36
Neutrality: free fm bias. E.g. obj info prov by outside independent organisation or internal auditor Criteria 1.11 AUS108.36
Understandability: Publicly e.g. IAS or COSO, sub matter info 3.throuth assu rept 4.by general
understand Criteria 1.11 AUS108.36
Criteria can be established (law or regulations) or specifically dev (designed for purpose of
engagement) Criteria 1.11
Evidence: sufficient appropriate evidence. Partition plans & performs assurance engagement Assurance engagement 1.11.12 AUS108.39/42
Professional scepticism: practitioner need critical assessments with a questioning mind Assurance engagement 1.11-1.12 AUS402.18
Sufficiency & appropriateness of evidence: quantity & quality of evidence Assurance engagement 1.12 AUS108.43
Materiality: when practitioner determines nature, timing & extent of evidence-gathering
procedures Assurance engagement 1.12-1.13 AUS108.47
Nature: type of evidence, timing: when collected evidence & extent: quantity of info collected & Evidence-gathering
tested procedure 1.13 AUS108.50
Reasonable assurance: less than absolute assurance: 1.limitation of internal control 2.selective
testing 3.nature of evidence collected 4.pervasiveness of judgment Assurance engagement 1.13 AUS108.52
Reasonable assurance: 1.less than absolute assurance 2.limited evidence in limited assurance 3.
procedures gathering appropriate evidence limited vary with subject matter for intended users Assurance engagement 1.13 AUS108.52-53
Reviews-limited procedures
Reviews: not involve a. internal a/c control b tests of a/c records c test of responses to inquiries by inquiries HR &analytical
obtaining corroborating evidence through c1. inspection c2.observation c3.confirmation proc 1.13 AUS902.07
Reviews: evidence refers to obtaining certain info, discussion with mgt & inquires. Does not
require tests Reviews 1.14 AUS902.23-33
Assurance rept: practitioner conclusion positive form for reasonable & negative form for ltd
assurance Assurance engagement 1.14 AUS108.56/58
Risk the practitioner expresses inappropriate conclusion when subject matter info materially
misstated Assurance engagement risk 1.15 AUS108.48
Risk: 1.Inherent risk: no related controls 2.Control risk: inherent ltd in internal control
3.Detection risk: will not detect material misstatement Assurance risk 1.15 AUS108.49
Inherent risk-susceptibility of subject matter info to a material misstatement, assuming no related
controls Risk component 1.15 AUS108.49
Page 1 of 116
Page_
Control risk-material misstatement not be prevented, or detect & corrected on timely by internal
Detection risk-practitioner not detect a material misstatement Risk component 1.15 AUS108.49
Inherent risk-1.external factor 2.entity nature (selection accounting policies) 3.Obj & strategies &
business risks 4.Measurement & review financial performance. Control risk: Internal control Risk component 1.16 AUS402.20
Fin statement audit: a 3-party relationship b subject matter c criteria d audit evidence e written
audit rept Assurance engagement 1.16-18 AUS702
Assertions categories 1.classes of transactions & events 2.a/c bal 3.presentation & disclosure of
events Financial statement audit 1.17 AUS502.17
Evidence sufficient appropriate: 1. risk assessment procedures 2.test of controls 3.substantive Evidence-sufficient
proc appropriate 1.17 AUS502.19
Risk assessment procedures: understand entity & environment to assess RMM at fin rept & Evidence-sufficient
assertion level appropriate 1.17 AUS502.19
Tests of controls: test operating effectiveness of controls in preventing or detecting & correcting Evidence-sufficient
RMM at assertion level.. Only carry out test if they decide to rely on internal control sys appropriate 1.17 AUS502.19
Substantive procedures: tests of details of transactions, a/c bal & disclosure & substantive ana Evidence-sufficient
procedures appropriate 1.17 AUS502.19
Evidence audit rept: use of judgment, selective testing, inherent limitation of internal control of
persuasive rather than conclusive evidence. Therefore, audit can't guarantee all material
misstatements detected Evidence in audit rept 1.17
Audit rept: 1 except for 2.adverse 3.inability to form opinion A unqualified B qualified (emphasis
of matter) Audit rept 1.17
Public sector perspective: financial statement audits, compliance audits & performance audits Assurance engagement 1.18 AUS108
Public sector auditing commenced as an external review of stewardship function. Assurance engagement 1.19
Public expenditure & financial control: 1 parliament authorising annual expenditures 2 treasurer
adm fin mgt & control 3 auditor-general responsible to parliament 4 Public a/c committees set up
by commonwealth 5 Other committees assist parliament pertaining to financial matters 6 Public
service boards adm financial matter in HR & dept operations 7 audit acts detail the general a/c
practices Assurance engagement 1.19-20 AUS806/808
Government components: relationships between the component of gov't in AU jurisdiction Components of gov't 1.21 Figure 1.2
Auditor-general appointed by the governor of state on advice of executive council Governor 1.21
Auditor-general's primary client is parliament Parliament 1.21
Minister: Parliament charged portfolio oversees operation of depr, authorities & institution Gov't ministers 1.22
Gov't dept managed by head of dept similar to GM. Auditor rept to dept heads & authority boards Gov't agencies 1.22
Treasury: set corp plan serve treasurer ensure gov't 1 financial target as budgets 2 comply adm
requirement such as 1 effective internal control 2 effective internal audit function 3 regular
reconciliation 4 rept & performance accordance to prescribed format Public sector 1.22
Public sector auditor to ensure bdg accurately recorded & complied with internal control &
procedures Auditor-general 1.22
Private sector accounting firm used to 1.perform peer reviews 2.obtain opinion concerning
3.provide expertise for audit in specialised industries 4.perform assignment on a sub-contract Auditor-general 1.23
Mandate of Auditor-general statutory office by Auditor-General Act appoint audit & rept to Auditor-general-Act by Auditor-Gen
Parliament ANAO 1.23 Act
Judgment examples in: 1.understanding entity 2.assessing RMM 3.internal controls
4.consideration of fraud & error 5.audit evidence 6.analytical procedures 7.audit sampling 8.audit
rept Judgment examples 1.23
Judgment & decision-making audit research (JDM audit research) 1.judgment consensus,
accuracy & consistency 2.continual improvement in judgment 3.test theories of cognitive process JDM to understand &
4.test decision aids aimed at improving judgments. Common method examining judgment use an improve individual & group
experiment. auditor judgments 1.24-25 Appendix 1.1
Criteria establishing. Financial rept audit for IFRS other not clear. Internal control COSO Assurance engagement 1.26 COSO
COSO 1994-Internal control; COSO2004-Internal control & risk mgt assu. Internal control 1.26 COSO
Internal control sys designed: 1.reasonable assu an entity meet goals & obj 2.reliability of fin rept Internal control reasonable
3.efficiency & effectiveness of operation 4.compliance with law & regulations assu 1.27
Internal control objective in entity: effectiveness of operations. Auditor concern prevention or
detection of errors in recording a/c data Internal control 1.27
Internal control assurance: process designed, implemented & monitored by governing body.
Audit no responsibility to review & evaluation Internal control structure unless specific regulatory
& add'l Reasonable assurance 1.27
Internal control make disclosures on effectiveness of internal control auditor audit mgt assertions. Mgt disclosure effective of
Auditor to audit mgt's assertions Auditor primary concern "prevention or detection of errors in internal control & auditor ICAA &
recording a/c data. audit 1.27 ASCPA
Internal control evaluation: Sarbanes-Oxley requires reasonable assurance on mgt rept on internal
control. AU audit to in Corp internal control evaluation either part of financial audit or separate Sarbanes-Oxley & ASX ASX &
assurance recommended amend rule 1.28 Sarbanes-Oxley
Internal control 1 effectiveness & efficiency of operation 2 reliability of fin rept 3 compliance
with laws COSO Internal control 1.28-1.29 COSO 1994
Internal control 5 components 1 control environment 2 risk assessment 3 control activities 4 info
& communication 5 monitoring Internal control components 1.29-30 COSO 1994
Control environment: set tone of organisation Internal control components 1.29 COSO 1994
Risk assessment: identification & analysis relevant risk to achievement of objective & how to mgt
risks Internal control components 1.29 COSO 1994
Control activities: Policies & procedures ensure mgt directive carried out Internal control components 1.29 COSO 1994
Info & communication: occur in broader sense, flowing down, across & up the organisation Internal control components 1.29 COSO 1994
Monitoring: process assess the quality of system's performance over time Internal control components 1.30 COSO 1994
Internal control features: 1 a process of a means to an end rather than an end in itself 2 control
environment & risk assessment key elements 3 people are most important factor 4 only reasonable
assurance not absolute assurance on internal control 5 internal control spans entire organisation 6 Internal control framework
not ensure success important features 1.30 COSO
Judgment material weakness illustrate examples: 1 formal code 2 lack of integrity mgt 3 IT
warranty no estimate warranty reserve 4 new risks absence mechanism 5 no training on staff 6 Internal control deficiency
review reliability software judgment 1.31 COSO 1994
Page 2 of 116
Page_
Risk Mgt 4 categories obj: 1 Strategic-high level goal, aligned with & supporting its mission 2
Operation-effective & efficient use of resources 3 Reporting-reliability of rept 4 Compliance Risk mgt framework 1.33 COSO 2004
Risk Mgt 8 components: 1 internal environment-tone of entity 2 objective setting-consistent with
risk appetitive 3 event identification-internal & external event for obj between risk &
opportunities 4 risk assessment-ana likelihood & impact 5 risk response-avoid; accepting, reduce
or sharing risk 6 control activities-police & procedures 7 info & communication 8 monitoring-
ongoing monitored Risk mgt framework 1.33 COSO 2004
Code of ethics characteristics 1 particular intellectual training & education skill 2 common code Code of ethics
of values 3 acceptance duty to society as a whole characteristics 1.35 IFAC 2004
Code of professional conduct joint code Professional statement 1 independence of mind:
individual act integrity 2 independence in appearance: safeguard of firm's integrity Code of ethics 1.35 CPA AU
Independence threats safeguards 3 categories: 1 created by profession, legislation or regulation 2 Safeguards for independence
within assurance client 3 within firm's own systems & procedures threats 1.36
Independence regulation resulted in chg to Corp Act 2001 as part of CLERP 9 & Sarbanes-Oxley Corp
Act 2002 Regulation for independence 1.36 Act&Sarba
Independence in KPMG & PWC: Policies & procedures on independence conflict resolution &
quality control to external scrutiny. PWC established ASOB monitoring quality control KPMG & PWC
independence & professional edu in publicly listed co fin statement audit independence 1.37 PWC & KPMG
ISQC 1 Quality controls impact on public practice firm particularly conducting ass engagement.
Emphasis on documenting quality-control procedures & communicating them to the firm's Quality controls for audit IFAC
personnel firm 1.37 2004/ISQC
ISQC 1 Quality control elements 1 leadership quality 2 ethical requirement 3 relationships & Quality controls for audit IFAC
specific engagement 4 HR 5 Engagement performance 6 Monitoring firm 1.37 2004/ISQC
Quality controls for audit IFAC
Leadership: culture within firm. Ultimate responsibility with CEO or Mgt board of partners firm 1.37 2004/ISQC
Ethical requirements: 1 policies & procedures designed 2 notified breaches of independence 3 Quality controls for audit IFAC
confirmation of compliance with independence policies from all HR 4 rotation of partner policies firm 1.38 2004/ISQC
Acceptance & continuance of client relations & specific engagements: 1 client integrity consider 2 Quality controls for audit IFAC
competent to perform engagement 3 concluded comply with ethical requirements firm 1.38 2004/ISQC
HR: policies include recruitment, performance evaluation, prom & compensation, training, Quality controls for audit IFAC
experience firm 1.39 2004/ISQC
Engagement performance policies 1 engagement support material 2 supervision & review process Quality controls for audit IFAC
3 consultation 4 engagement quality control review firm 1.39 2004/ISQC
Monitoring: 1 risk reviews 2 compliance reviews 3 financial statement desktop review 'cold
review' 4 quality review programe on engagement level 4 quality review progRMM on practice Quality controls for audit IFAC
unit 5 global operational risk mgt review 6 global independence review 7 peer reviews firm 1.40-41 2004/ISQC
Judgment examples: .35-criteria evaluation .37-relative characteristic .46-evaluation quantity &
quality of evidence .47-materiality & quantitative & qualitative factor .52-from conclusion based AS108.35/.37/.
on evidence .60-not express unqualified conclusion Judgment SA1.01 46/.47/.52/.60
Gov't prog efficiency & effectiveness factors: 1.improved edu std 2.increase size of public sector
& scope & extents 3.increased media coverage to reviews & criticism 4.shrinking revenue based
in economic downturn 5.value for gov't dollar 6.public sector 'bottom line' with private sector Efficiency & effectiveness
7.use private sector mgt technique attributable for Gov't prog SA1.03
Enterprise risk mgt framework (ERMF) diff: COSO 2004 explains: 1.internal control as integral
part 2.broader than internal control 3.1994 place entities at internal control by itself 3.2004 adds 4
category of obj 5.internal control framework defined reliability of fin statement in ERMF, cover
by fin & non-fin info. Incl rept used internally by mgt & to external parties.6.incl concept of risk Enterprise risk mgt
appetitive & risk tolerance 7.risk assessment 4 elements 8.interrelated risk how single event create framework-diff between COSO
multiple risks 9.risk response 4 categories COSO 1994 & 2004 SA1.04 2004/1994
Enterprise risk mgt framework 4 obj: 1.strategic (high level than other) 2.operations 3.reporting Enterprise risk mgt
4.compliance framework SA1.04 p.3 COSO 2004
Enterprise risk mgt
Risk appetitive is broad-based amt of risk an entity willing to accept in pursuit its mission/visions. framework SA1.04 p.6 COSO 2004
Risk tolerance: acceptable level of variation relative to achievement of obj, by risk response 4 Enterprise risk mgt
categories framework SA1.04 p.6 COSO 2004
Risk assessment component 4 element: 1.obj setting 2.event identification 3.risk assessment 4.risk Enterprise risk mgt
response framework SA1.04 p.7 COSO 2004
Risk response by enterprise risk mgt framework 1.avoid 2.reduce 3.share 4.accept. Aim to Enterprise risk mgt
achieve residual risk level aligned with entity's risk tolerances & risk appetite framework SA1.04 P.9 COSO2004
Quality of fin rept impacted on confidence the mkt concerning: 1.audit is 'experience good' Quality of fin rept-corp
2.delivery professional service ultimate purchase fully experience service delivered when it is collapses impacted Houghton &
delivered confidence SA1.05 Trotman 2003
Quality review prog attributes: 1 independent 2 senior & experienced auditors 3 set out guidelines
4 set maximum period review partner 5 strategy planning memorandum review approved 6
documentation for unsatisfactory performance 7 involvement of overseas reviewers 8 training for
reviewers 9 consistency criteria 10 preparation summary rept 11 follow-up action by senior Houghton &
partners 12 communication on general problem 13 training reinforce finding & correct problems Quality controls for audit Trotman's for
14 relationship in outcome & reward firm attributes SA1.06 KPMG
Corp failure-HIH Royal
HIH Royal commission: accounting standard failure, no finding on AA breach a duty comm 2.04 HIH 2003
Enron risk factor: 1 entrepreneurial culture 2 emphasis earning growth 3 individual competition
reward 4 young/inexperienced manager, rapid prom 5 no checks & bal, hands-off mgt, yes man Corp failure-Byrne, France Byrne, France
culture 6 rapid turnover 7 performance incentives & Zellner 2.06 & Zellner
Enron risk: 1 aggressive earning target 2 sophisticated personnel 3 form over substance
transacting Corp failure-US Senate R 2.06 US Senate R
Raptor transactions: SPE established to protect itself from mark-to market losses in growing
equity investment business. No "appropriate people and process' implemented response to audit Enron-Special Investigative
risks. Comm for Enron Corp 2.06
Enron: AA engagement partner was 'client pleaser' Enron removed audit clash over accounting
method Corp failure-Vinten 2002 2.06 Vinten 2002
Enron: final straw "Rebuilding Public confidence in Financial Rept" Enron confirmed 'significant'
financial rept shortcomings Corp failure-IFAC 2003 2.07 IFAC 2003
Enron: Independent Audit review: corp governance responsibilities of directors & mgt & financial
rept. Senior executive abdicate responsibility for financial situation when 'large remuneration
package' paid. Corp failure-JCPAA 2.07 JCPAA 2002
Page 3 of 116
Page_
National Australia Bank analysis responsibility: Board ultimate responsible for financial loss Corp failure-PWC rept 2.08 PWC 2004
Audit risk project to increasing audit quality due to better risk assessment & improved ASB review core auditing
performance of audit procedures reasons to risk instigated by IAASB and USASB standards 2.08 IAASB
Auditing standard keep review to ensure appropriate to link with business environment changes AuASB of AARF 2.09 AARF
Audit Risk standards: 1 AUS202 Objective & general principles governing an audit of a financial
rept 2 AUS402 Understanding the entity & its environment & assessing the RMM (Inherent risk) AuASB audit risk of
3 AUS406 Auditor's procedures in response to assessed risks (control risk) 4 AUS502 Audit financial report misstatement AUS202/402/40
evidence due to fraud 2.09 6/502
Audit risk standards trio (AUS210, AUS402 & AUS406) complementary risk std (AUS202 & Audit's responsibility to AUS210/402/40
502) fraud 2.09 6
Obj & general principles governing an audit of a financial rept: 1 overlooking suspicious
circumstances 2 over generalising when drawing conclusion 3 using faulty assumption 4 not AUS202/AUS2
questioning honesty of mgt 5 accepting mgt representation in absence audit evidence. AUS202 Audit risk reduce to 02.15.02/.13-.
not 'core' audit risk std. acceptably low level 2.10 23
Audit risk model: 1 inherent risk 2 control risk 3 detection risk RMM-are 'Inherent risk' and RMM are inherent risk & AUS202/202.16
'control risk' faced by entity & independent of audit of financial rept. control risk 2.10 /202.20
AUS210/402/40
Audit risk: greater identified audit risk, the lower level of detection risk the auditor can accept Detection risk and audit risk 2.10 6
RMM occur overall financial rept at assertion level incl class transactions, a/c bal or disclosure Assertion level-RMM 2.11 AUS202.18
Inherent risk mitigated by internal control reduce opportunity to commit fraud or dysfunctional
behaviour Assertion level-Inherent risk 2.11 AUS202.20
Control risk is a function of effectiveness of design, implementation & execution of internal
control Internal control 2.11 AUS202.20
Detection risk minimise by auditor plan & design, incl determine nature, timing & extent of audit
procedure Audit risk 2.11 AUS202.23
Inherent risk can mitigated by internal controls; Control risk: effectiveness of execution internal
control Control risk 2.11 AUS202.20
Audit risk std: AUS210 Auditor's Responsibility to consider fraud in an audit of a fin rept 2 Audit std trio-Assessment of
AUS402 Understanding the entity & its environment & assessing RMM & AUS406 Auditor's risk of fin rept could contain AUS402/406/21
procedures in response to assessed risks material misstatement 2.11 0/502
Fraud: dishonestly obtaining goods, services or cash advances either through the deceptive use of Fraud & Fraudulent
chq/credit card facilities, false injury claims, or refund/return policies. behaviour 2.12 AIC 2004
Employee fraud-misappropriation of asset, corruption, fraudulent fin statement & use of co
property Fraud & Fraudulent behavior 2.12 AIC 2004
Fraud: AUS210.12 elaborates & sets out guidance on implementing AUS202 & audit risk model
within 'fraud triangle' 1 opportunity 2 motivation 3 rationalization. AUS210 not relevant in all Audit risk model with fraud
factors are significant triangle 2.12 AUS210/202
Inherent limitation: 1 fraud hampered by collusion 2 mgt manipulate a/c records AUS210.17- Audit risk AUS210.33-56 AUS210.33-56
19/202 add risk proce 2.13 pr
AUS202/210.33
Risk assessment procedures reduce detect in risk to lowest acceptable level Procedure to -
discussion with mgt those charged with governance & responsibilities. Determine process risk of 47procedure/40
fraud identified Audit risk 2.13 2
Fraud of employee detecting(.40-41) by inquiries of mgt (.39) incl: 1 not directly involved in fin Risk assessment inquiries
rept process 2 initiate, process or record complex 3 employees at varying levels of authority 4 mgt (.39)- detecting
internal audit personnel 5 in-house legal counsel 6 charged with dev & implementing policies employee fraud but futile of
ethical behaviour & allegations of fraud mgt fraud(.40-.41) 2.14 AUS210.39-.41
Fraud of mgt: Risk assessment procedures to oversight responsibilities incl attending meeting & Professional scepticism: mgt
reading minutes of meetings issues of internal control & fraud detection procedure & responses in best position perpetrate
discussed fraud 2.14 AUS210.42-.47
Fraud risk factors will vary with size, complexity & characteristics of entity (.50-.52).
Understanding knowledge client's internal & external environment may alert auditor(.49) Risk assessment procedures 2.14 AUS210.48-.52
Understanding of client's internal & external environment: weak or ineffective control Risk factor internal and
environment 2.mgt, media or analyst expectations 3. Performance-bases rewards external environments 2.14 AUS210.49
Fraud: unusual or unexpected relationships & other information fm analytical procedures & others
sources Risk assessment procedures 2.14 AUS210.53-.56
RMM focus at fin rept level & assertion level. Evaluation internal controls & control activities. Earning mgt risk selection
At fin rept level, auditor presume premature revenue by recognition or recording fictitious a/c policies on complex
revenue (earnings mgt) transaction 2.15 AUS210.57-.73
Earnings mgt to deceive the users of financial rept. Auditor consider significant accounting
policies & unpredictability in nature, extent a& timing of audit procedures Risk assessment procedures 2.15 AUS406
Mgt override of controls: audit process review & evaluation the manual & automated steps &
procedures & related controls for financial rept. Risk assessment procedures 2.15 AUS210.74-.82
Audit evidence evaluation subject to change in response to info or insights arising during the
course. AUS406 implementation of add'l or audit procedures. Analytical procedures determining RMM risk assessment
financial rept consistent with trends. procedure 2.15 AUS210
Audit evidence evaluation on ongoing process at all stage fm beginning to conclusion (.83-.89) Cumulative & iterative (.84) 2.15 AUS210.83-89
Unique identifying characteristics of inappropriate or fraudulent journal entries & other adj, & a/c Manual &automated steps
applied bk 2.15 AUS210.78
Analytical procedures determining fin rept with unusual or uncharacteristic trend (.83) for event &
relationship occurring near year end in judgment, misstatement indicative of fraud are identified, RMM evaluation audit AUS210.90-
auditor reconsider RMM incl specific locations & mgt representations (.90-.92) evidence 2.15 92/.83/406
Misappropriation of assets depends on organisational position involved nature & extent of activity Risk assessment procedure 2.16 AUS306/702
Documentation with all aspects of audit for legal or regulatory response corp failure, scandal or
dispute with mgt : 1 Auditor's understanding of entity 2 Communication with mgt 3 Conclusions AUS210.107-
reasons of absence of misstatement due to fraud related to revenue recognition Risk assessment procedure 2.16 111
Legal advice for circumstances warrant disclosure of info to regulatory or enforcement authorities. AUS210.102-
In exceptional circumstance(.102), auditor may withdraw from the audit engagement (.103-106) Risk assessment procedure 2.16 106
Judgment in determining appropriate level to rept finding or suspicions. Auditor aware of nature
& magnitude of fraudulent activity as well as likelihood of collusion AUS710 Risk assessment procedure 2.16 AUS210.93-111
Understanding of audit entity & environment within operates & concomitant risk factors. Audit risk model 2.16 AUS402
Page 4 of 116
Page_
Internal control components: 1 control environment 2 entity's risk assessment process 3 info sys
related business process relevant to fin rept & communication, control procedures & monitoring Understanding entity & its
of controls environment 2.17 AUS210/402
Risk assessment combine assess of inherent & control risk, auditor may combined or separate Audit risk std-risk
assessments. assessment 2.17
Audit team discuss susceptibility of entity to fraud or error, encourage team to share info & idea Understanding entity & its
with collective wisdom of team brought to bear on risk identification process environment 2.17 AUS210/402
Internal control understanding by auditor, evaluation by design & implementation of controls Internal control
address significant risks & controls relate to assertion for substantive procedures alone not understanding entity &
sufficient environment 2.17 AUS210/402
Internal control
Risk assessment auditor required: 1 assess RMM at assertion level 2 identify significant risk in understanding entity &
auditor's judgment 3 identify assertion substantive procedures alone will not be sufficient. environment 2.17 AUS210.39-.41
Auditors understanding entity & environment incl internal control, sufficient to identify & assess Understanding entity & its
RMM of fin rept due to fraud or error & sufficient to design & perform audit procedures environment 2.18 AUS402.02
Business risk incl risk from corp objective & strategies may predispose entity to fraud by mgt,
employees (.01-.02). Support by evidence (502) to discovery of fraud, error or irregularities to Understanding entity & its AUS402.01-
form an audit opinion environment 2.18 02/502
Business risk broader than and incl RMM. Risk fm corp obj & strategies to fraud by mgt and/or
employees Risk assessment-go concern 2.18 AUS402.31
Risk at fin rept level & assertion level for classes of transaction, a/c bal & disclosures & audit AUS402.100-
response Risk identify & assessment 2.18 107
Risk on specific assertions & more pervasive risk impact on fin rept as a whole & on assertions,
diff responses apply to specific risk to risk arising fm a number of potential sources Significant risk 2.18 AUS402.102
Significant risks: require special audit consideration arising fm business risk may give rise to AUS402.108-.
multiple misstatement may preclude from internal control. Risk assessment 2.18 114
Red flags fin rept misstatement due to fraud & risk: AUS406 obj: 1.formulate audit responses of
RMM 2.design & perform audit procedure 3.consider audit evidence 4.document audit responses
of RMM Risk assessment procedure 2.19 AUS406.02
Risk-fin rept & assertion level, incl nature, timing & extent test of control & substantive Risk-fin rept & assertion
procedure level 2.19 AUS406.01
Audit evidence: all info used in arriving the conclusion on audit opinion Risk assessment 2.19 AUS502.03
Audit evidence sources of info & procedures: 1.inspection records/documents 2.inspection of
tangible assets 3.observation 4.inquiry 5.confirmation 6.recalculation 7.reperformance 8.analytical Sufficient appropriate audit
procedures evidence 2.20 AUS502.26-.38
Audit evidence: measure quantity & quality dictated by nature & scope of RMM fin rept & Fin rept level & assertion
assertion level level 2.20 AUS502.07
Audit procedure designed response to assessed risk & specific types of potential misstatements Audit evidence 2.20 AUS502.16
Audit evidence stage 1.classes of transaction/event 2.a/c bal at period end 3.presentation & Sufficient appr audit
disclosure evidence 2.20 AUS502.17
Audit procedures add'l to test effectiveness of controls to prevent or detect & correct misstatement
at assertion level & perform substantive procedures for classes of transactions, a/c bal & Substantive procedures for
disclosures add'l audit procedures 2.20 AUS502.19-25
Regulatory framework strengthen fm procedural perspective: e.g. 1.National Companies &
Securities Commission 2.ASIC AASB and statutory backing for approved a/c standards Corp failure response 2.20
Auditing reforms CLERP 9, ASIC regulation & ASX guidance; Sarbanes-Oxley Act. Not
specifically risk Corp failure response 2.20
Auditor form an opinion financial rept accordance with Corp Act compliance with a/c std. Corp Act 2.21
Audit of annual fin rept of a co, registered scheme or disclosing entity in D3 deals with content &
preparation of the audit rept Audit annual fin rept 2.21 s301 D3
Auditor form an opinion whether the fin rept prepared with Corp Act, compliance with a/c std &
fin rept provide sufficient info to show true & fair view of fin position & performance of the
entity Conduct of audit 2.21 s307
Auditor take opinion there is evidence of non-compliance with a/c std, defect or irregularities in
fin rept, or deficiencies, failures or shortcoming arising fm failure to comply with corp act Auditor's rept 2.21 s308
Auditor obligations: auditor rept ASIC 1. Contraventions of corp act 2.undly influence, coerce,
manipulate or mislead person involved in the conduct of audit 3.attempts to interfere proper Auditor obligation-rept to
conduct ASIC 2.21 s311
Auditor obligations: action to fraudulently influence, coerce, manipulate or mislead any
independent Sarbanes-Oxley Act 2.21 s303 US
Audit independence: ethical ruling by CPA AU & ICAA and codified in Professional statement
F.1 Auditor independence 2.22 CPAA & ICAA
Auditor's rept on material inconsistencies between director's rept & fin rept & consider impact
material misstatement of fact in directors' rept Director's rept 2.22 s308(3A)
Audit independence: Individual auditor/audit co contravenes if 1.engages audit activity at
particular time 2.conflict of int exists 3. Individual/audit co aware conflict 4.they don't aware take
reasonable step Auditor independence 2.22 s324CA
Conflict of int situation: 324CA-CC exists audited body at particular time in a Auditor/audit co
not capable exercising obj & impartial judgment in audit b audit team not exercising obj &
impartial judgment in audit. Auditor independence 2.22-23 s324CD:CA-CC
Maximum hours test whereby a 10 hours of non-audit services provided in 12 months audit relates Audit independence 2.23 s324CE-CG
Auditor independence: 324CB-member general independence 324CC-audit director general
independence 324CD-conflict of int 324CE-individual auditor specific independence 324CF-
audit firm specific independence 324CG-audit co specific independence 324CH relevant
relationships 324CI retiring director 324CJ-retiring member 324CK multiple former 324CL
officers for audit purposes Auditor independence-others 3.23 s324CD-CL
Independence test: relationship between auditor & audit entity such as influence, participation in
business or professional activities of audit practice & absence of fin arrangements. Add'l
independence guidelines in professional literature Auditor independence 2.23 s324CF(7)
Professional Statement F.1: 1 Independence of mind-individual act integrity 2 Independence in
appearance-avoidance of facts & circumstances significant a reasonable & informed third party Auditor independence 2.23 Professional stat
Independence compromised identifies potential threats: 1.personal & business relationships
2.conflicts 3.commission 4.fees 5.goods & services fm clients 6.loans to or fm clients
7.professional help Auditor independence 2.24 Professional stat
Page 5 of 116
Page_
Threats to independence: 1.self-int threats-auditor could benefit 2.self-review threats-auditor re-

evaluate own work 3.advocacy threats-auditors to promoting client's point of view 4.familiarity
threats-sympathetic to client's int 5.intimidation threats-deterred fm acting obj by actual or
perceived threats Auditor independence 2.24 Professional stat
Safeguards overcome threats: 1.created by profession, legislation or regulation 2.within the
assurance firm 3.within assurance client Audit independence threats 2.24 Professional stat
Independence principles 1.integrity 2.objectiviity 3.professional competence & due care Audit independence
4.confidentiality 5.professional behaviour requirements 2.24 IFAC 2004
Non-audit services identified by IFAC posing threat to independence: 1.Preparing a/c records &
fin statements 2.valuation services 3.internal audit services 4.IT sys services 5.Temporary staff
assignments 6.Acting for or assisting an assurance client in the resolution of a dispute or litigation
7.legal services 8.recruiting senior mgt for an assurance client 9.corp finance & similar activities Auditor independence T2.1 2.25-26 IFAC
AWA v. Daniel: Familiarity threat-sympathetic to cline's int, close relationship with client,
director, officers. FX rept deficiencies reflected badly on AWA Familiarity threat 2.26-27 Familiarity
Rothwells: self-review threat-past or anticipated future relationship with client. Auditor aware
year-end adj to fraudulently eliminate or reduce chairman borrowings fm Rothwells Self-review threat 2.26 Self-review
Cambridge credit case: 1. Advocacy threat-compromise obj by subordinate judgment to client
2.Intimidation threat-perceived or actual threats to obj & exercise of professional judgment
3.Familiarity threat-a protective mgt b ignored partners c not frank & honest d diff position to Advocacy, Intimidation &
audit practice e loss client heavy blow Familiarity 2.26 Advocacy
3.Familiarity threat-a protective mgt b ignored partners c not frank & honest d diff position to Intimidation, Advocacy &
audit practice e loss client heavy blow Familiarity 2.26 Intimidation
3.Familiarity threat-a protective mgt b ignored partners c not frank & honest d diff position to Familiarity, Advocacy &
audit practice e loss client heavy blow Intimidation 2.26-27 Familiarity
KPMG and Short Term Investments Trust (STIT) case: Self-interest threat a SEC censure KPMG
violate independence b KPMG inv more than US$25M in STIT Self-review threat 2.27 Self-review
Arthur Andersen (AA), HIH and FAI case: 1.Self-review threat a AA partner former HIH
directors b FAI a/c (window-dressed) auditor 2. Intimidation threat-auditor not try hard prov info
on FAI Self-review & Intimidation 2.27 Self-review
on FAI Intimidation & self review 2.27 Intimidation
Arthur Andersen (AA) and Enron case: 1 Self-review 2.Self-interest 3.Familiarity 4.Advocacy
threats a audit for 10 years b partners 'intimately involved' in a/c decisions c US$25M + US$27M Familiarity, self-review,
fees d audit team over ruled allow Enron hide debt & inflate earnings advocacy & self-int 2.27 Familiarity
threats a audit for 10 years b partners 'intimately involved' in a/c decisions c US$25M + US$27M Self-review, familiarity,
fees d audit team over ruled allow Enron hide debt & inflate earnings advocacy & self-int 2.27 Self-review
threats a audit for 10 years b partners 'intimately involved' in a/c decisions c US$25M + US$27M Advocacy, familiarity, self-
fees d audit team over ruled allow Enron hide debt & inflate earnings review & self-int 2.27 Advocacy
threats a audit for 10 years b partners 'intimately involved' in a/c decisions c US$25M + US$27M Self-int, familiarity, self-
fees d audit team over ruled allow Enron hide debt & inflate earnings review & advocacy 2.27 Self-interest
Sarbanes-Oxley Act provision incompatible with independence: 1.related to fin statement 2.fin
info systems design 3.appraisal or valuation services 4.actuarial services 5.internal audit
outsourcing services 6.mgt function or HR 7.broker or dealer 8.legal services & non-audit expert
services 9.other services Public Co A/C Oversight Board is impermissible Auditor independence & US 2.27-28 s210(g) US
Auditor independence: proscribes employment by audit client of former audit team members Ernst & Young (Moret)
CEO & CFO… penalty 2.28 s206 (US)
Audit duties & responsibilities reforms: 1.fin records, disclosing entity registered with s286 2.fin
statement, & notes comply with a/c std. s295 3.fin statement give true & fair view s297 4.other Directors declaration by
matters complied s295 CEO & CFO 2.28-29 s286/295/297
Director rept must:1.contain review operation & results of it 2.detail significant changes 3.state
entity's principal activities 4.details matter or circumstance may significantly affect 5.likely dev in Auditor's duties incl director
operations in future 6.operation subject to particular & significant environmental regulation rept 2.29 s299(1)
Auditor's report: principal executive officer(s) and principal financial officer(s) to certify
reviewed rept Sarbanes-Oxley Act 2002 2.29 s302 US
Principles of good corp governance & best practice recommendation to impose code of conduct to ASX & Best Practice
promote ethical & responsible specifically addresses of insider-trading. Recommendations 2.29-30
Fraud fin rept &
Fraud triangle: 1 incentives/pressures 2 opportunities 3 attitudes/rationalisatins misappropriate 2.30 AUS210
ASX recommendation strengthen CEO & CFO 'sign-off' prov of Corp Act introducing Sarbanes-
Oxley ASX & Best Practice 2.30 s295A
ASX listing rule disclosed in annual rept based on s299 neither the format nor content prescribe
review ASX 2.31 s299 ASX
Review of operation & fin condition 1.co objective & how achieved 2.main activities 3.discussion
& analysis of key fin & non-fin performance 4.dynamics of business (opportunities & risks) ASX review positive &
5.investment & fin activities 6.discussion capital structure & treasury policy 7.compliance with negative aspects for ASX Group of
a/c std 8.comply with law 9.co's risk profile 10.corp governance policies short/long term prospect 2.31 100
Auditor registration & other issues: 1.registration as authorised audit co 2.use power to approve
an auditing competency std 3.logement of annual statement by registered co auditors 4.general sys
& procedures for registration process Auditor registration 2.32 ASIC PS 180
Auditor registration 1.fit & proper person 2.recognised qualification 3.relevant experience Auditor registration 2.32 ASIC PS 180
Audit competency std on Minco rept: external & internal environmental factors CPA AU & ICAA 2.33 ICAA 2004
Audit competency Internal environmental factors 1.a/c records making audit trail 2.business &
other activities engaged by entity 3.liquid assets, long-term assets & values 4.funding internally
generated, secured & unsecured borrowings & funds provided by owners & third parties 5.internal Internal environmental
control structure 6.mgt pressures 7.nature of entity factors 2.33 CPAA & ICAA
Audit competency std external factor incl legislation 1 Corp Act 2superannuatinindustry act 3 External environmental
state & territory fin institution codes factor 2.33 CPAA & ICAA
Page 6 of 116
Page_
Audit competency Other environmental factors 1.audit plan, expected audit scope, risk
assessment& materiality 2.audit procedure 4.evidence Other environmental factors 2.33 CPAA & ICAA
AUS406 & 502 response to
AUS 402 builds on prov of AUS202/210 prov guidance on procedures to followed by auditor in assessed risked with AUS202,210,40
gaining an understanding of the entity, it environment & risk exposure. evidence 2.34 2,406,502
Corp failures & scandal, Fin rept unreliable 1 HIH rept 2 JCPAA-Review of Independent
Auditing by Registered Company auditors 3 Enron collapse-US Senate rept in the Role of the
Board in Enron's Collapse; Byrne, France & Zellner; Vinten 4 IFAC-Rebuilding Public Regulatory reform-Corporate HIH,JSCPAA;
Confidence in Fin Rept; An Int'l Perspective failures SA2.01 US;IFAC
Core audit risk std: AUS210 AUS402 & AUS406; complementary audit risk std AUS202 & AUS210,402,40
AUS502 Audit risk standards SA2.02 6
Audit risk proj instigate by IAASB & conducted in conjunction with USASB for fraudulent fin
rept effect Audit risk standards SA2.02 IAASB/USASB
Reasonable assurance-limitation of audit exercise of due care & skill, material fin rept Reasonable assurance
misstatement not detected in audit (detection risk) concept SA2.03
Risk associated with audit entity's external & internal environment (inherent risk) & design,
implementation & execution internal controls (control risk), & design audit accordingly detection
risk is minimised to an acceptably low level Inherent risk & control risk SA 2.03
Inherent risk: understanding internal & external environment of audit client to uncover incentive
or pressure, opportunities & attitudes or rationalisation to engage in fraudulent activity or
misappropriation Inherent risk SA2.04
Fraud triangle: 1.incentive or pressures-personal circumstances or unrealistic expectation of mgt,
often asso with fin goals set by entity or mkt expectations 2.opportunity-absece of adequate or
effective internal controls 3.rationalisation-process of neutralising or justifying fraudulent
activities or misappropriation of assets Individual fraud triangle SA 2.04 AUS210.12
Professional scepticism identification & assessment of risk e.g. mgt integrity & internal control. Risk assessment procedure SA2.05
Professional scepticism requires obtain evidence for reasonable assurance on presence
inconsistence Risk assessment procedure SA2.05
AUS210.48-
Mgt sign-off prov of Corp Act & ASX recommendation 7.20 as mgt assertions tested during audit 52/.57-.73/.74-.
by mgt override controls & directly or indirectly manipulate a/c records & fin rept Mgt Assertion in audit SA2.06 82
Audit risk-review of operations & fin conditions overlaps, AUS202.13-23 & .06 with professional AUS202.13-
scepticism Audit risk overlaps SA2.07 23/06
Fraud drivers to categories risk , review of operation & fin conditions provide starting point for AUS210.33-
auditor's risk assessment procedures Risk assessment procedures SA2.07 47/.50-.56
Business risk identity's environment such as declining mkt & chg in IT Business risk for chg in IT SA2.07 AUS402.30-36
Business risk have fin consequence prov mgt & boards of director with incentive to manipulate
fin info Business risk for mgt SA2.07 AUS402.35-40
Significant risks: special risk impact not immediately apparent/confined to discrete transactions,
a/c bal, disclosures or assertion, obtain sufficient appropriate audit evidence fin statement not AUS402.100-
materially misstated Specific business risk SA2.07 118
Audit process stages: 1.Audit planning a. planning b risk evaluation 2.evidence gathering a.
principle: evidence gathering b evidence gathering in IT environment 3.Audit reporting-rept
providing a reasonable assurance b limited assurance c.no assurance Audit process stages 3.03
Acceptance & continuance of client relationship considering 1.integrity of principal owners, key
mgt & charge with governance 2.engagement team competent 3.engagement team comply ethical Acceptance & continuance
requirements of client 3.05 AUS206.16
Audit engagement: auditors to record in writing terms of audit engagement agreed & copy to
auditee Audit Engagement 3.07 AUS204
Engagement letter: may not
Audit engagement letter factors (.10): 1. Indication entity misunderstands objective & scope of send new engagement letter
audit 2.revised or special terms 3.recent change of senior mgt/governing body/ownership on recurring engagement
4.significant chg nature or size of entity's business 5.legal requirements each yr 3.07 AUS204.09-10
Planning initial incl visits to client take place prior to any detailed testing being carried out.
Existing client audit planning should performed soon after completion of previous year's audit, Planning purpose before
experiences with audit & ideas for improvements still fresh detailed testing 3.08 AUS302
Planning function 1.outlining scope & objective 2.budgeting & controlling conduct 3.identifying
evidence required to form opinion 4.choosing audit procedures 5.basis for co-coordinating others Planning purpose ensure
experts efficient & effective audit 3.08 AUS302
Planning auditor ensure efficient & effective audit. Reflect bal factor 1.bal potential conflict CAAT for Planning reflect a
between need adequate evidence 2.cost obtaining evidence 3.need to provide timely audit opinion balance of three factors 3.08 CAAT
Planning process steps 1.identify audit obj 2.obtain knowledge of client's activities 3.unalytical
procedure 4.assess audit risk 5.determine materiality 6.dev overall plan 7.dev audit prog 8.dev
audit bdg Planning audit steps 1-8 3.09
Identifying audit objective: primary objective a fin rept audit obtain sufficient, appropriate
evidence Planning audit steps 1 3.09
Obtaining knowledge of client's activities: identify high-risk areas & departure from normal
industry Planning audit steps 2 3.09 AUS302.06
AUS512.8/402.
Analytical procedures: understanding organisation's activities & identifying potential area of risk Planning audit steps 3 3.10 10
Audit risk: prov preliminary info determine general approach on audit risk assessment Planning audit steps 4 3.10 AUS202.09-12
Audit risk on fin rept contain material error: 1.material error 2.internal controls fail 3.audit
procedure fail Planning audit steps 4 3.11
Business risk: transaction or event affect entity's to achieve its obj & never be zero. Planning audit steps 4 3.11
Risk mgt considered the application of mgt policies & procedures in identify, assessment &
control of risk Business risk 3.11
Risk mgt process: 1.identify risk-threats 2.assess likelihood & consequences 3.compare risk to
related objective(s) & set risk priorities 4. Minimise/avoid likelihood or consequences Planning audit steps 4 3.12
Risk factors: external factors (economic & industry-level factors) internal factors examples Planning audit steps 4 3.13 Table 3.01
Risk analysis techniques: 1.SWOT analysis 2.value-chain analysis 3.PEST analysis 4.risk
matrices, hazard indices & questionnaires 5.fault & event trees 6.computer modeling & expert sys Risk identification &
7.hazard & operability studies 8.checklist & systematic reviews analysis 3.14 AUS402
Page 7 of 116
Page_
Risk identified short-term tactical, operational plan & long-term strategic plans. Risk to strategic
corp plan need to translated or operationalised in terms on actual business function & activities
(e.g. sales, R&D) Business risk 3.14
Assertions of financial rept under categories 1.classes of transaction & events 2.a/c bal
3.disclosure Audit evidence 3.14 AUS502
RMM at assertion level consideration: 1.significance of risk 2.likelihood a material misstatement

3.characteristics of class of transactions, a/c bal or disclosure 4.nature of specific control 5.audit
evidence to determine if entity's control are effective in preventing or detecting & correcting error Assertion level - Risk 3.15 AUS406.07
Audit procedures natures refer to purpose: test of controls or substantive procedures Purpose of audit procedures 3.15 AUS406.10
Audit procedures natures refer to types: inspection, observation, inquiry, confirmation,
recalculation, reperformance or analytical procedures Types of audit procedures 3.15 AUS406.10
Audit procedures timing refers to when performed or the period or date to which the audit
evidence applies Timing of audit procedures 3.15 AUS406.14
Audit procedures: 1.control environment 2.relevant inf is available 3.nature of risk 4.evidence
relates period Risk analysis techniques 3.15 AUS406.16
Audit procedures extent: 1. Judgment of auditor after considering materiality 2. Assessed risk
3.degree of assurance of auditor plans to obtain. Audit procedures increase as RMM increases. Risk analysis techniques 3.16 AUS406.18
Audit procedures std to evaluate sufficiency & appropriateness of evidence "if auditor not Audit evidence if not
obtained sufficient appropriate audit evidence as to a material fin rept assertion, auditor should sufficient -auditor express
attempt to obtain further audit evidence. If unable should express a qualified opinion or a qualified opinion or
disclaimer of opinion disclaimer opinion 3.16 AUS406.72
Audit procedures guidelines to documentation kept by auditor in response to assessed RMM RMM documentation 3.16 AUS406.73
SWOT ana: 1.strength-co internal competitive advantage 2.opportunity-external condition
significantly improve 3.threat.external condition significantly undermine 4.weakness-co internal
lacks or does poorly Risk analysis techniques 3.16-17 Table 3.02
Value-chain approach (value-creating activities all the way to end-user): 1.understand client's
strategic advantage 2.understand risks threaten client 3.key processes & related competencies to
realise strategic 4.measure & benchmark process performance 5.document the understand client's
ability create value & cashflows 6.comprehensive business knowledge decision from to dev
expectation in fin rept 7.compare rept fin result to audit test Risk analysis techniques 3.18 Bell et al 1997
Competitive forces influence by:1.threat of new entrants 2.intensity of rivalry 3.bargining power
of suppliers 4.bargaining power of buyers 5.threat of substitutions Risk analysis techniques 3.18 Porter 1985
Non-financial measures effectively to monitor & control activities without a/c input. 1.complaints
2.warranty rates 3.proportion of repeat bookings 4.customer waiting times 5.% of on-time
deliveries Risk analysis techniques 3.18
Non-fin & fin measures four perspectives: 1.fincial 2.customer 3.internal 4.innovation & learning Risk analysis techniques 3.19 Kaplan&Norton
PEST analysis: 1.Political risk-chg of gov't or political policy 2.economic risk-trend in economic
conditions (e.g. ex/int rate) 3.social risks-cultural & lifestyle attitude, demographic factor
4.technological risk-innovation of IT Risk analysis techniques 3.19 Table 3.03
Materiality: 1.amt equal to or >10% of base amt 2.amt equal >5% base not to be material Planning audit steps 5 3.21 AASB1031
Appropriate base amt: 1.P&L & income or exp amt 2.average P&L & average income or exp Risk analysis techniques 3.21 AASB1031
Rule-of thumb approach: a.5-10% of income b.0.5-1% of revenue c.0.5-1% of assets Materiality planning 3.21
Rule-of thumb depends on value judgment about relevance, stability & predictability. Income Materiality-Size-related
bases for co with publicly traded securities. Size-related bases, stability total assets or total bases (ttl assets or ttl
revenue are preferred. revenue prefer) 3.21
Materiality concerned factors: 1.nature of 'material' 2.financial limits-e.g. borrowing limits in trust
deeds Materiality-misstatement 3.22
Materiality need acceptable level lowered then audit risk increased by 1.reducing assessed level of Audit risk (increase):
control risk 2.reducing detection risk by modifying nature, timing & extent of planned substantive reducing control risk &
procedures detection risk 3.23 AUS306.25
Materiality assessment to plan audit procedures regards to: 1.reliability of mgt info 2.any factor Audit procedures-
may deviation fm normal activities 3.qualitative factors (select benchmark enable quantitative preliminary assessment of
evaluation) material 3.23 AUS306.10
Qualitative factor impact on materiality of individual misstatements: 1.significance of
misstatement to particular entity 2.pervasiveness of misstatement 3.effect of misstatement on Materiality impact of
financial rept as a whole individual misstatement 3.23 AUS306.18
Audit plan documents auditor's initial assessment of evidence necessary to form an opinion &
method Audit planning - first stage 3.23
Audit plan major factors: 1.scope of engagement 2.materiality levels 3.internal controls 4.factors
indicating special attention in particular areas. Actual content of audit plan will vary. Audit planning steps 6 3.24 AUS302.09
Audit progRMM central working document audit. Detailed list of planned audit procedures,
document of work required & control execution of audit. Audit prog tailored fill variables in
particular audit engagement Audit planning steps 7 3.24
Audit budget time & cost saving achieved through prepare sch & an of a/c for use auditor. Client
HR need by obtain access client facilities, records & documents. Bdg may incl as part of plan or
separate document. Audit planning steps 8 3.25
Earnings mgt alert auditor between earnings mgt & fraud, how earning may manifest itself Audit risk 3.25 AAA (AuASB)
Earnings mgt occurs judgment in fin rept & structuring transaction to alter fin rept to influence the
perceptions of stakeholders about economic performance & outcomes on rept a/c #. Earnings mgt Earning mgt risk selection
affect transparency of underlying economic reality & stakeholder decision in allocation of scare a/c policies on complex
resources transaction 3.25 AAA (AuASB)
Behavioral-political consideration to 'avoid regulation or enhance eligibility for concessions' Earnings mgt 3.25 AAA (AuASB)
Market-based incentives-pressure to maintain excessive dividend payout rate' mgt transition 'clean
up' Earnings mgt 3.25 AAA (AuASB)
Earning mgt categories: 1.intentional violations of a/c std & other rept requirements
2.inappropriate revenue recognition 3.charges under the guise of restructuring 4.'imporoper
accruals & estimation of liabilities' Earnings mgt 3.26 AAA (AuASB)
Earning mgt: behaviours eg: 1. A/c philosophy-real 2. Conservative a/c-a. over recognition prov
or reserves b.overstatement of restructuring charges & assets write-offs c.delaying sales
d.accelerating r&d 3. Neutral a/c 4.Aggressive a/c-a. understatement prov bad debt b.drawing
down prov or reveres 5 fraudulent a/c-a.not realisable sales b. fictitious sales c.backdate sales
d.record fictitious inventory Earnings mgt 3.26 AAA 10
Page 8 of 116
Page_
Fraud involve 1.manipulation, falsification or alteration of alteration of records or documents

2.suppression or omission of effects of transaction 3.recording of fictitious transactions
4.intentional misapplication of a/c policies Audit risk of fraud 3.27
Fraud risk increased, auditor modify the nature, timing or extent of audit procedures to detecting Audit procedures modify for
fraud. Signal highlight need for mgt to effective monitoring mechanisms in internal controls fraud risk increased 3.27 AUS210
Illegal act: auditor may seek advice from expert. Auditor not expected have all legal knowledge Non-compliance with law 3.28 AUS218.02
Reporting fraud-duty to rept fraud regardless of materiality to appropriate level of mgt after seek
legal advice. Directors involved fraud, rept to ASIC in writing not only auditor's rept or notice
director Fraud reporting 3.29 AUS210; s311
Reporting fraud: Auditor may be guilty if knows an offence fails to rept. Auditor reluctant being Crimes Act
1.confidentiality to client 2.protected by qualified privilege Fraud reporting 3.29 1914
Kingston Cotton Mill Co: auditor is a 'watchdog, but not a bloodhound' that auditors unduly
downgraded the 'detection' objective Fraud reporting 3.29 Kingston case
BGJ Holding Pty Ltd & Anor v. Touche Ross & Co and Ors: auditor's duty to rept mgt breach of
policy Reporting fraud-mgt breach 3.30 AUS210
Reporting fraud-auditor
WA Chip & Pupp v. Arthur Young & Co: auditor liable for not uncovering an immaterial fraud liable 3.30 AUS210
Computer crime: 1.an object of fraud, destruction of computer hardware, software & support
facilities 2.an environment or site for fraud to take place 3.an instrument of a fraud (gain Computer fraud-four ways
unauthorised access to data) 4.a symbols to deceive (falsely offering fictitious services): commit computer crime 3.30
Computer sys to criminal abuse 1.poor control over manual input/output handling 2.lack of
physical access control 3.weaknesses in computer & terminal operation 4.poor control over Computer fraud-criminal
computer programs 5.lack of operating sys access controls & integrity 6.weak library controls abuse common reasons 3.31
Trojan Horse: Unauthorised function concealed in utility progRMM & operating sys in
application prog. Illegal instruction may automatically inserted at prog execution & afterwards
removed with no evidence. Detection by prog comparison, parallel simulation & test data method
(same as Logic bomb) Computer fraud techniques 3.31
Salami techniques: taking'thin slice' off financial transaction & accumulating the results in
favoured a/c. Detect by conducting prog logic review, printing out internal prog table & check Computer fraud techniques 3.31
Data diddling techniques: most common non-prog-based chg data to computer. Detected by
1.batch control checks 2.hash control checks 3.access checks 4.field entries & record checks Computer fraud techniques 3.31
Superzapping: IBM 'superzap' powerful utility may dangerous unauthorised usage is not
prevented. Detected by comparing file with historical copies, examining computer usage or
activity rept Computer fraud techniques 3.31
Trap doors: breaks prog code and insertion add'l codes during prog dev stages used to hide
instruction in sys not even the operating sys detect manipulation. Detected by comparison of
output of specification & exhaustive testing or specific testing (all are inefficient detection) Computer fraud techniques 3.31
Asynchronous attacks: gain unauthorised access by parallel execution of two prog. Detached by
reprocessing a job under controlled conditions & systems testing Computer fraud techniques 3.31
Scavenging: info left in wastepaper baskets, buffer storage area of main memory and on tapes &
disk Computer fraud techniques 3.32
Logic bomb: unauthorised prog executes at appropriate or periodic. Detected using source prog
comparison, parallel simulation & test data methods. (Method same as Trojan Horse) Computer fraud techniques 3.32
Going concern factors: 1.lack of liquidity 2.general economic & industry trends 3.chg in
legislation 4.inability to adapt prod to mkt conditions 5.poor mgt decisions 6.specific industrial
relation difficulties Going concern 3.33-34 AUS708
Related party connection: 1.fin rept framework disclosure of related party relationship &
transaction AASB124 2.fin rept existence of related parties or transactions under Corp Act 3.
Audit evidence reliability (greater degree of reliance on unrelated third parties) 4.initiation of
related party transaction motivated by ordinary business condition 5.greater potential for error
documentation less scrutiny AUS518.05 Related party connection 3.35-36
Understanding of client's business obtain info: a. inquiry of mgt & others within entity b.analytical
procedures c.observation & inspection. Auditor form opinion on financial rept representation as a Planning-knowledge of AUS402.07/08.
whole. organisation's activities SA3.01 13
Detection risk inversely related to substantive tests Substantive test MCQ3.10
Audit engagement first step after engagement perform to tour client's facilities & review general
records Audit Engagement MCQ3.06
Internal control is a process designed & effected by those charged with governance, mgt & other
personnel to provide reasonable assurance about achievement of entity's objectives. Internal control 4.05 AUS402.42
Internal control components: 1.control environment 2.risk assessment process 3.info sys including
related business process, relevant to fin rept & communication 4.control activities 5.monitor of
Control environment include governance & mgt function & the attitudes, awareness & actions chg
with governance & mgt concerning internal control & importance in the entity, set tone of Control environment-
organization. Internal control 4.05 AUS402.67
Risk assessment process obtain an understanding of entity's process of identifying business risks Risk assessment process 4.05 AUS402.76
Info sys to fin rept obj, incl a/c sys, consist procedure & record & maintain a/c of assets, liabilities
& equity Internal control 4.05 AUS402.80
Control activities are policies & procedures: 1.authorisation 2.performance reviews 3.info
processing 4.physical controls 5.segregation of duties Internal control 4.05 AUS402.90
Internal control at fin rept level is to reduce possibility of material misstatement due to error or
fraud Financial reporting level 4.06
Monitoring of control is process to assess effectiveness of internal control performance over time Internal control 4.06 AUS402.97
Accuracy & reliability of transaction recording of 1.validity (authorised) 2.completeness
3.accuracy Internal control 4.06
Internal control segregation of duties 1.authorising a transaction 2.recording a transaction
3.maintaining custody of assists 4.comparing assets 5.sys of authorisation, recording &
procedures 6.sound practices in performance of duties & functions 7.procedures ensure persons Internal control in reasonable
competence assurance 4.06-07
Evaluation & review of internal controls first step is gathering of information. Audit review
previous year's audit files & update note not review the controls from scratch every years as part
of evaluation process. Internal control 4.07
Page 9 of 116
Page_
Inherent limitations: substantive procedures required to test human error, override of controls by
mgt Internal control 4.07
Internal control evaluation: 1.has organisation adopted all recommendation 2.adopted
recommendation effective 3.why not adopt recommendation 4.other change in a/c sys 4.changes
in key personnel 5.amendment to a/c or manual 6.particular areas relation to internal controls
covered in audit Internal control 4.07
Evidence during review & evaluation of internal controls: 1.copies of organisation's
documentation 2.manuals 3.job descriptions 4.questionnaires a.internal control questionnaires
b.flowcharts Internal control 4.07
Internal control questionnaire: 1.narrative approach consists description of internal control
2.flowchartes enable auditor succinctly record relationship & document flow. Internal control 4.08
Control procedure prevent or detect 1.goods dispatched but not invoiced 2.goods dispatched to a
poor credit risk 3.sales invoiced but not recorded 4.invoices containing clerical errors Internal control 4.08
Internal auditing: 1.review reliability & integrity of fin & operating info 2.review of sys
established to ensure compliance 3.review of safeguarding assets 4.appraisal of economy &
efficiency 5.review of operations & prog. External audit view internal audit is component of Internal audit-control
control environment (AUS104). environment 4.10 AUS104
Internal audit function: examining, evaluation & monitoring effectiveness of internal control;
integral to risk mgt, control & governance processes of an entity. Recognise role plays in corp
governance process. Internal control function 4.10
Internal control survey: 45% CEO perceive main role of internal audit to be independent appraisal
of internal control 28% perceived main role to be independent review of operational efficiency &
7% an independent evaluation of mgt effectiveness Internal control 4.10 Matthews et al.
Internal audit framework includes of issuance std & interpretation as well as a peer review process Internal audit: Independent
& dev specialist internal audit group & objective assurance 4.10 IIA
Internal audit is independent & obj assu & consulting activity to add value to improve an
organization's operations. Help accomplish its obj by bringing a systematic, mgt, control &
governance processes. Internal audit 4.11 IIA
Public sector Internal audit function by 1.internal audit division, employing permanent staff Internal audit in public
2.outside auditor, coming from either private a/c firms or a gov't internal audit agency sector 4.11
Internal audit dept is a component of client's control environment-auditor understanding of
internal control, assess internal audit &effect on control risk to assist in planning audit & dev
effective audit approach Internal audit dept 4.11 AUS604.12
Risk assessment procedures understanding client's internal control 1.inquiries of mgt & others in
entity 2.analytical procedures 3.observation & inspection Internal control 4.12 AUS402.07
Understanding of client entity 1.industry, regulatory, & other external factors (fin framework)
2.nature of entity (a/c policies) 3.objective & strategies & business risks may RMM
4.measurement & review entity's fin performance 5.internal control RMM assessing 4.12 AUS402.20
RMM at financial rept level & assertion level: 1.identifies risk by considering entity environment Fin rept & assertion level-
2.identified risks can go wrong at assertion level 3.consider significance & likelihood of the risks RMM 4.13 AUS402.03
IT significant impact of IT on internal control factors 1.breakdown traditional division, ensure
reliability of IT outputs 2.loss human involvement, lack of visible evidence 3.concentration of
system expertise & control 4.loss of traditional audit trail 5.access to IT prog increases Internal controls & control
unauthorised access 6.poor prog may result occurrence of systematic error 7.permit single procedures on IT
transaction update 8.data stored may loss environment 4.13-14 AUS402.03
IT system in Corp elements 1.PC 2.Batch processing sys 3.Online systems 4.database systems IT systems - incorporate
5.Distributed processing systems 6.EDI systems 7.EFT systems 8.E-commerce elements 4.14-15
PC stand-alone workstation or part of a network (AGS 1018) IT systems 4.14 AGS1018
Batch processing systems input data or records collected into group IT systems 4.14
Online systems how data entered into sys & how processed, when results available to user IT systems 4.14 AGS1020
Database sys components of 1.database mgt software 2.data definition language 3.data
manipulation language 4.data query language 5.data dictionary. Centrally control series related
data of files combine IT systems 4.15 AGS1022
EDI process of sending business transactions via electronic impulse IT systems 4.15
EFT as computer-based network enable payment sys transaction. Lack an audit trail of fund T/R IT systems 4.15
E-commerce extension of EDI & EFT via Internet. New business risk with significant audit
implications IT systems 4.15
General controls-overall control over IT "reasonable level of assurance" overall objective internal
control IT sys-reasonable level assu 4.15
Application controls to control specific individual a/c application. Provide "reasonable
assurance" transactions are authorised & recorded & processed completely, accurately & on a IT systems-Reasonable
timely basis assurance 4.16
General controls 1.Organisational & mgt control 2.sys dev & prog R&M controls 3.IT operation
controls 4.system software & hardware controls 5.data entry & prog controls IT systems 4.16 T4.1
Applications control: 1. Data

Applications controls categorised as preventive, detective & corrective controls input 2. Process 3.output 4.16 T4.1
Organisation & mgt control establish 1.organisatinal structure of IT activities 2.policies &
procedures to performance duty 3.segregation of incompatible function. Factor 1.IT independent
2.segregate duty General controls 4.16-17
IT function segregated 1.sys analyst 2.application prog 3.operator 4.data control & file library
5.quality control over dev new sys & maintenance of existing sys 6.control group 7.data security
8.database adm 9.network technician Segregated IT function 4.17
Organisation & mgt control 1.HR policies a. competence & trustworthiness b.security check HR
c.bonding d.staff performance evaluations e.rotation operators f.mandatory vacations g.operation
schedule 2.documentation covering operation,prog & sys dev life cycle & prog changes General controls 4.17
Sys dev & prog R&M controls: control over authorisation & approval new or rev IT. Steering
committee of mgt may established to formulate strategic plan & appraise & approve dev of sys General controls 4.17
Sys dev & prog maintenance controls: 1.formal sys design methodology 2.dev life cycle 3.control
prog chg General controls 4.18
Formal sys design methodology established monitor & control the dev process. Include defined
phases with measurable end prod, appropriate rev & control point overall evaluation sys. General controls 4.17-18
Page 10 of 116
Page_
Dev life cycle noted 1.a/c control 2.testing procedure involve users, IT, DBA &auditor
3.implementation procedure include user 4.documented sys dev 5.restricted documentation access
6.document prepared & retain for a.prog to maintain & modify b.user to prepare input, correct &
understand output c.operator to run, and restart prog d.control group identify error General controls 4.18
Sys dev life cycle point: 1.a/c controls review by users & auditor 2.testing procedure involve user,
IT, DBA & auditor 3.implementation incl user 4.documented all aspect 5. Documentation access
only authorised 6.documentation prepared & retained for a.programmer to maintain & modify
prog b.users to prepare input, correct errors & understand out rept c. operator to run & restart prog
d.control group identify error Sys dev life cycle 4.18
ProgRMM chg control: chg to prog approved & authorised, authorised chg completed tested &
correctly implemented. Users participate in authorising, testing & approving the implementation
of prog chg General controls 4.18
ProgRMM chg: 1.estimated cost & expected utilisation of resources 2.summary cost & benefits
3.sys components affected 4.applicable, reference to particular problem 5.two mandatory General controls-common
signatures. way of initiating chg 4.18
Computer operation controls: ensure proper operation of systems by operators & IT sys used for
authorised only. Access to computer operations restricted to authorised personnel & errors General controls: using 1.std
detected. procedures 2.file controls 4.19
Standardised procedures: 1.daily operations 2.prob handling 3.backup & recovery 4.activity
logging General controls 4.19
File controls: files under control of librarian. 1.data rec'd not processed is not lost 2.data
processed is not reprocessed 3.files not corrupted by partial processing 4.users promptly to verify
accuracy of data General controls 4.19
Sys software control: sys software relate to operating sys designed to translate prog languages into
machine readable & mgt job sch & multiprocessing. Operating sys protect fm user & each other General controls 4.20
Data entry & progRMM controls timely reviewed 1.data & prog to authorised personnel 2.
Terminal & computer hardware to authorise staff, computer operator & supervisor 3. File &
library 4.documentation General controls 4.20
Data entry & progRMM controls: password 1.not simple 2.private & not disclosed 3.not printed
or displayed on terminal when entered by users 4.chg periodic bases 5. Password file protected
against access by unauthorised users 6.rept of security violations or irregular access prov to user
for follow-up 6.users educated ensure sign off before leaving terminal 7.terminal idle
automatically logged out 8.protection of dial-in lines thought modem password & call-back
facilities 9.encryption is used 10.warranted, personal identity authentication equip is used. General controls 4.20
Other critical general IT controls: 1.maintain continuity of operations, mgt ensure adequate
backup & recovery procedure, physical safeguards against loss or destruction & contingency plans General controls 4.20
Backup & recovery implemented 1.copies of data/files/software 2.well-defined documented &
tested procedures for performing recovery, disaster recovery team 3.offsite storage arrangement
4.emergency contact & callout procedure 5. Automated transaction login & recovery capability
6.automated control of copy recovery procedures 7.regular ana of major prod files to detect
corruption 8.verification of usability of recovery files & procedures General controls 4.21
Physical safeguards: 1.strong wall, ceiling & floor, in room w/o windows & restricted access
2.fire detection & suppression equip 3.alarms for detection of problem concerning air-con
4.voltage regulator, surge protection batteries & generators to power supplies 5.adequate dust
control procedures 6.backup facilities for problem assoc with air, power 7.protection of remote
communication facilities 8.definition & testing of emergency prod 9.disaster recovery procedures
update with copy stored offsite 10.location of computer centre to minimise the effect of natural
disasters. General controls 4.21
Contingency plans: 1.assessment of application to identify critical sys & sustainable outage period
2.dev user fall-back procedure for critical sys 3.written agreement for prov of alternative
replacement computer facilities 4.documented disaster recovery plan 5.ana impact of failure of
particular components 6.assignment of responsibility for contingency planning 7. initiation of
project to assess exposure of critical application, dev computer centre recovery plan 8.adequate
ins coverage General controls 4.22
Viruses & mgt significance: 1.antiviral prog preventive & detection mechanism. Mgt aware new
viruses continually dev. 2.Mgt need ensure preventive & detective control procedures &
compliance with procedures 3.use backup & recovery procedures are vital of viral attack 4.Mgt
use write-protected disk & internal volume label, assess weakest computer link. General controls 4.22
Application controls: 1. Input 2. Processing & computer files 3. Output. Application controls 4.23
Input controls: transactions are 1.Authorised 2.Accurately 3. Completely convert machine-
readable form. Incorrect transaction are rejected, corrected & resubmitted Application controls 4.23
Authorisation proper: 1.duties are segregated 2. access controls , data entry & prog controls are
used 3.transactions are authorised 4.transactions are approved Application controls 4.23-24
Accurate conversion: 1.adequate document design (standardisation) 2.adequate training &
supervision 3.data entry manuals 4.appropriate chart of a/c 5.transcription controls (dual
verification) Application controls 4.24
Transcription control (dual verification): 1.key verification 2.parity checks 3.dual read 4.dual
circuitry 5.echo check 6.diagnostic routines 7.boundary protection 8.interlock Application controls 4.24
Completeness of data: 1.turnaround documents-document produced by computer later resubmitted
into sys 2.control total 3.check digits Application controls 4.24-25
Control totals: 1. Record counts 2.batch total 3.hash totals-(e.g. sales inv# total) Application controls 4.25
Error correction & data resubmission: 1.responsibility for error correction 2.error log 3.review &
approval of corrections 4.prompt re-entry of correction into sys Application controls 4.25
Processing controls ensure accuracy & reliability of data processing. Authorised trans processed
are accurate, complete, reasonable & correct in all material respects Application controls 4.25
Completeness & accuracy of data: 1.control total 2.run to run control-batch control totals 3.field
size test 4.field sign test 4.transaction codes ensure processing step 5.check-digit test 6.valid
character test 7.sequence test 8.validity test 9.overflow test 10.crossfooting test 11.audit trail
12.completeness test 13.rounding test 14.per cent error test-# of error in a batch exceed std or
error is indicated Application controls 4.25-26
Reasonableness of data: 1.limit test-not greater or less than limit 2.range test 3.reasonableness
(logic) test e.g. sales discount exceed 10%? Application controls 4.26
Updating correct files: 1.training & supervision 2.file run & control instructions 3.internal label-
header label (first record) & trailer label (last record) 4.external labels-identifies file contents Application controls 4.26-27
Page 11 of 116
Page_
Maintaining accuracy during processing: 1. Control total 2. Console message-reduce operator

errors 'prompt' to take action 3.error log 4.limit test 5.reasonableness tests Application controls 4.27
Output controls ensure processing reliable, distributed to authorised personnel . Reconcile output
control ttl with input & processing control ttl by control groups. Users scan exception & unusual
items Application controls 4.27
Online processing control incl: 1.access controls 2. control over assignment & maintenance of
passwords 3.sys dev & maint control 4.prog control 5.transaction logs 6.application control Control for IT 4.28
Database systems controls 5 characteristics: 1. database adm (DBA) 2.std sys dev & maint
procedures 3.data ownership 4.access to the database 5.segregation of duties Control for IT 4.29
Database adm (DBA) 1.definition, creation & retirement of databases 2.prov info to user
3.coordination computer operations 4.maint database integrity, security & completeness
5.monitoring operations & assessing performances Control for IT 4.29
Distributed sys controls: e.g. 1.acquisition & modification of hardware & software 2.distributed
sys cause inadequate segregation of duties 3.multiple-site storage increases data-file losses
4.create the need for audit trail Control for IT 4.30
Distributed sys control: 1.branches std physical access controls 'weak link' target of
fraud/collapse. 2.communication controls preserve integrity of data transmitted 3.transmitted data
distorted or lost in noise (random electrical impulses). 4.use transaction logs at processing nodes Noise: random electrical
5.comunication method impulses 4.30
Distributed sys communication controls: preserve the integrity of data is transmitted via
communication lines or telecommunication facilities Communication controls 4.30
Distributed sys potential of transmission error, loss or distortions: 1. use transaction logs at
processing 2.beinging & end message indicators 3.loop (echo) message checks. Bldg redundancy Distributed sys input error
message (I.e. inserting control info in message) error & omissions may detected. detected 4.30
Distributed sys choice of modern communication lines or methods, communication software & Distributed sys overall
network typology affect overall network reliability network reliability 4.30
EDI 'paperless trading' increased efficiency & saving for just-in-time/quick response investor
control EDI control 4.31-32
EDI: 1.communication protocols & message structure 2.security & audit procedures 3.maint of Business risk on EDI-
records 4.transmission handling procedures & deemed signature 5.confidentiality 6.dispute- 1.economic interdependence
handling procedures 7.severance & termination of arrangements & total sys dependence 4.32
EFT: switching facilities allow message to be divided into small package for transmission EFT control 4.33
Segregation of function: IT personnel not access to identification cards & personal identification #
are issued to customers. IT personnel should not involved in customer service function. Sys dev IT personnel not involved
carried out by a team segregated responsibly ensure no programmer has knowledge of sys customer service function 4.33
Transaction initiation: sys 1.check validity of customer's a/c 2.not permit withdrawals in excess
bank limited or customer a/c bal Transaction initiation 4.33
Security & integrity controls: audit trail of transaction, error rept & operating info Uniformly std,
ATM in-built security. Communication control encryption. Maint backup Integrity control & security 4.33-34
PC factors 1.PC less structured & undisciplined 2.hardware & software not subject to same level
of control with larger computer 3.1 or more persons may responsibility for prog, operating &
controlling application 4.little processing knowledge, increasing error 5.user may authorised &
initiate transactions, enter data, operate PC, retrieve & use output & control assets 6.hardware &
storage media are portable 7.reliance on third-party dev software 8.access control limited to
hardware & storage media PC control 4.34
General control &/or application controls partially effective, auditor assess RMM at less than high
level PC control 4.34
Outsourcing control: 1 written contract 2 data ownership 3.backup copies control & maintain
documentation in recovery procedures Computer service centers 4.36 AUS404
E-commerce risks: 1.customers identity 2.suppliers identity 3.integrity of transactions
4.agreement terms 5.pay't & credit facilities 6.goods rtn 7.product warranties 8.privacy & info AAA8/AGS105
protection 9.tax & regulatory Business risk in e-commerce 4.37 6
E-commerce risks pervasive: 1.need for resources to integrate the sys support e-commerce with
other business & rept sys 2.unknown amt of investment required in IT 3.prevention & detection of
computer crime & enforcement of legislation over jurisdiction 4.entity's dependence on IT & AAA8/AGS105
business planning Business risk in e-commerce 4.37 6
E-commerce risk impact consideration: 1.customer-supplier in value chain 2.verification of elect
identities of customers & suppliers 3.integrity of transactions 4.security & authenticity of elect Business risk on e-
documents 5.ISP 6.IT & need for secure, reliable sys 7.integration of operations & fin rept 8.new commerce & Audit risk in e-
mkt forces on future direction 9.disaster recovery planning commerce 4.37-38
E-commerce: use public network e.g.internet identify significance of e-commerce to activities,
monitoring on assessment of risk & dev audit strategies in response to diff risks E-commerce audit 4.38 AGS1056
E-commerce: audit procedures, evaluation of audit evidence & impact of e-commerce on going E-commerce audit-going
concern may engage an IT expert in e-commerce activities deemed significant concern 4.38 AUS206/606
AUS402AGS10
Outsource e-commerce operation to third party ISP & ASP or data hosting co Control risk fm outsourcing 4.39 42
E-commerce risk: 1.loss of transaction integrity 2.security risk 3.improper a/c policies 4.entity
acting as principal or agent 5.how revenues determined where another entity uses the same web
site 6.treatemetn of volume discount & introductory offers 7.sales cut-off 8.non-complicance with
legal, & tax require in int'l transaction 9.reliance on e-commerce 10sys & infrastructure failures Business risk in e-commerce 4.39
E-commerce risk measures: 1.verify identify of transaction 2.ensure integrity of transaction AGS1056.19-.
3.agreement on trading terms 4.pay't/secure credit facilities 5.privacy & info protection Business risk in e-commerce 4.39 21
E-commerce control: 1.alignment of e-commerce activities with entity's strategy 2.e-commerce

improves efficiency of existing activities or new activity/mkt 3.sources & chg in revenue 4.effect
of e-commerce on earnings 5.mgt attitude to risk 6.opportunities & risks documented strategy by Control environment of e-
control or dev on ad-hoc basis 7.mgt's commitment to best practice & web seals of approval commerce strategy 4.39
E-commerce controls: 1.security 2.transaction integrity 3.process alignment, R&M ongoing
control integrity & audit & entity access to records. Risk can mitigated by internal control, Fin rept assertion of e-
evaluate control environment commerce 4.40 AUS402
Security involves infrastructure & related control: security policy, risk assessment, physical &
logical measures, technical safeguards, std & practices & procedures, user identifiers, passwords
& firewalls E-commerce risk mitigated 4.40
Page 12 of 116
Page_
Security: 1.firewalls & virus software protection 2.encryption & authorisation & control of
decryption keys 3.controls over E-commerce risk mitigated 4.40
Transaction integrity controls: 1.validate input 2.prevent duplication or omission 3.agreement of

terms of trade with customers 4.distinguish customer browsing & ordering 5.prevent incomplete
processing 6.ensure transaction details 7.adequate record retention & secure backup E-commerce risk 4.40 AUS1056.31
Transaction integrity depend on reliability of sys used for info capture & execution. Sys controls
ensure accuracy, completeness, timeliness & authorisation of fin info used for recording &
processing the fin records E-commerce integrity 4.40 AGS1056.29-31
Process alignment: IT sys linked to internal rept sys integrated impact of completeness & accuracy
of transaction processing & storage, timing of revenue recognition & identification & record of
disputed transaction E-commerce 4.40-41 AGS1056.32-34
Process alignment: security infrastructure & related controls. Test automated controls adopted
within security infrastructure. Determination of materiality thresholds, assessment going concern
assume & impact of future use of web sites E-commerce 4.41
Database systems control & audit 5 characteristics (4.29) incl: 1.likelihood correct through use
common edit & validation routines 2.control over access to data stored in central location
3.documentation std for 1 database than multiple files 4.complexity of databases mitigate some
advantages or make it difficult to achieve them 5.error result in cascade of errors throughout the
database 6.privacy problem for multiple users 7.data redundancy create diff in reconstruction of Database sys control & audit
data records incl in 5 characteristics SA4.1
Internal controls of
Distributed data processing sys impact internal controls of IT sys: 1.large# of (nodes) geographic Distributed data processing
locations make it difficult to control assess to prog sys SA4.2
Distributed data processing sys impact internal controls of IT sys: 2.local nodes or processing Distributed data processing
centers may be small, making it difficult to achieve on adequate segregation of duties sys SA4.2
centers may not have automatic transaction logging and audit trail capabilities sys SA4.2
Distributed data processing sys impact internal controls of IT sys: 4.easier to enforce common Internal controls of
prog std & maintain common software in distributed sys in decentralised sys where each node is Distributed data processing
completely independent of each other sys SA4.2
Distributed data processing sys impact internal controls of IT sys: 5.distribution of databases may Internal controls of
improve security & privacy by significantly reducing the amt of data stored at any one location Distributed data processing
(node) sys SA4.2
Internal control in understanding of entity & environment, undertake risk assessment procedures Risk assess
& RMM procedures/RMM CS4.1a AUS402
Internal control sys understanding & review by documented through 1.use internal control Internal controls sys
questionnaires 2.narrative memorandums 3.flowcharts understanding CS4.1b
Narrative memorandums-designed & tailored for each particular engagement detailed ana of Internal controls sys
specific internal control sys understanding CS4.1b
Internal control questionaired-assure no important aspect of internal control overlooked Internal controls CS4.1b
Flowchart-bird's eye view of document & info flows of sys between dept or function. Allow
auditor w/o undertake a detailed ana of narrative description Internal controls CS4.1b
Internal control inherent limitation: 1.people involved, may subject to misunderstanding of
instruction, mistake of judgment, carelessness, employee errors or personal factors Internal control limitation CS4.1c
Internal control inherent limitation: 2.segregation of duties can circumvented through collusion Internal control limitation CS4.1c
Internal control inherent limitation: 3.mgt intentionally circumvent control procedures to
execution & recording of transaction & estimated & judgment in fin rept Internal control limitation CS4.1c
Internal control inherent limitation: 4.judgment in future operation of effective control subject
risk. procedures may ineffective or redundant because of chg conditions & deterioration of
compliance Internal control limitation CS4.1c
Internal control sys subject to cost/benefit in dev & implementation. May absence of controls to
outweigh benefit from mgt's point of view Internal control limitation CS4.1 end
Internal auditor affect role in external audit of a large co: 1.size & structure of entity 2.governing
body 3.related legislation Internal auditor role MC4.01
Internal auditor role play in external audit exam entity statues of internal auditor: 1.internal audit
function limit 2.internal audit head free fm operational responsibility 3.internal audit direct access
CEO Internal auditor exam MC4.02
Online computer sys type: 1.batch processing 2.memo update 3.downloading/uploading
processing Online computer system MC4.03
General Purpose financial
Internal control primary consideration in GPFR affects mgt's fin rept assertions rept MC4.04
Database mgt sys audit process: 1.test access controls 2.generate test data 3.check integrity of Audit process of database
database mgt MC4.05
Independence of internal auditor, external auditor determine organisational level to the internal Internal auditor
auditor rept independence MC4.06
Database mgt sys is integrate computer prog facilitate creation, manipulation & querying of
integrated files Integrated set computer prog MC4.07
Online, real-time database sys & batch processing sys may use both processing modes Batch processing sy & on-
concurrently line MC4.08
Communication protocol: two nodes (devices) in a data communication network are
communication there be agreement on how data & control info are packaged. Communication network MC4.09
Hard disk drives has a larger storage capacity can be access more quickly PC control MC4.10
Sufficient appropriate audit evidence: 1.assertion of mgt reflected in fin rept 2.evidence available
to support or contradict assertions 3.select method obtaining necessary evidence 4.collect &
evaluate evidence required to form opinion on validity of the assertions Audit Evidence 5.05 AUS502.02
Sufficiency & appropriateness are interrelated & apply to evidence obtained fm test of control &
substantive audit procedures Audit Evidence 5.05 AUS502.07
Sufficiency: quantity of audit evidence obtained, required enough evidence to provide reasonable
assurance ensure financial rept free fm material misstatements Audit Evidence 5.06
Appropriateness relates to relevance & reliability of audit evidence. Audit evidence must assist in
achieving audit objective & reliable it must have credibility Audit Evidence 5.06
Page 13 of 116
Page_
Reliability of audit evidence is influence source & nature: 1.external evidence reliable than
internal 2.directly fm auditor reliable than fm entity 3.internal evidence reliable when internal
control is satisfactory 4.documents & written representation reliable than oral Audit Evidence 5.06 AUS502.09
Transactions assertions: 1.occurrence 2.completenes 3.accuracy 4.cutoff 5.classification Fin rept assertions 5.06 AUS502.17
Account balances: 1.existence 2.rights & obligations 3.completeness 4.valuation & allocation Fin rept assertions 5.06 AUS502.17
Presentation & disclosure: 1.occurrence & rights & obligations 2.completeness 3.classificatin &
understandability 4.accuracy & valuation Fin rept assertions 5.06 AUS502.17
Occurrence: evidence transaction/event took place relate entity during period (similar-existence).
Vouching Transaction & presentation 5.06
Completeness: evidence all amount s/b included are included. Study & evaluation of a/c control,
sequence check of pre-numbered documents; search transaction in next period relate to a/c period Transaction & presentation
under audit & disclosure assertions 5.06
Accuracy concerned details of transactions under review completely correct - valuation Valuation under presentation
(presentation & disclosure). Using subsequent settlement for existence & valuation & disclosure assertions 5.07
Cutoff concerned transaction under review are recorded in the correct period. Sales & cos related
stk count Transactions & event classes 5.07
Classification concerned correct account is used in recording transactions included
understandability. Presentation assertions assert 5.07
Understandability presentation and disclosure grouping, concerned disclosures are clearly Presentation & disclosure
expressed asser 5.07
Existence obtaining evidence of validity & propriety of recorded amt. Asset/liability exists at
given date. Method: 1.Substantiation existence of physical assets stk & FA. 2.Bank confirmation
& Debtor/Creditor confirmation. 3.Sebsequent settlement Account balances assertion 5.07
Rights & obligations concerned assets are future economic benefits controlled by entity, liabilities
are future sacrifices of economic benefit that presently obliged to make, result of past transactions
event Account balances assertion 5.07-08
Valuation: conformity of bal with generally accepted a/c principles. Objective with audit Account bal & presentation
judgment. Asset/stk realisable value. Depreciation allocation method. & disclosure assertion 5.08
Allocation assertion related to valuation assertion ensuring valuation or allocation adj are
recorded Fin rept assertions 5.08
Working papers: self-contained & s/b constructed in a manner to be readily understandable by an
experienced auditor Fin rept assertions 5.08
Working papers format: std format & checklist facilitate consistent organisation & presentation of
audit evidence & reduce potential for omissions Fin rept assertions 5.09
Working papers: Permanent file for ongoing nature 2.current file for current audit period Fin rept assertions 5.09
Working papers custody & retention: 1.confidential property of auditor not to client 2.Client
awareness procedure might assist potential fraud or concealment of error or misstatement
3.disclosure not compromise effectiveness or independence of the audit 4.supplied copies must
authorised representative & approved by client Fin rept assertions 5.09
Working papers access: working paper not disclose info about a client to third party without
specific authority form client unless legal/professional duty to disclose (.04) procedures maint
confidentiality (.13) Fin rept assertions 5.09 AUS208.04/13
Working papers access when 1.controlling entity's auditor wish review entity s328B 2.potential
purchaser review assist client in investment/lending 3.accountant to facilitate preparation of AGS1038.03-.
prospectus of info memo 4.new auditors help next audit. Fin rept assertions 5.09 04/s328b
Control risk high, no reliance placed on controls no testing of controls & more substantive testing
need Substantive test-control risk 5.10
Internal controls test objectives 1.operated as documented during risk assessment process
2.controls functioned effectively throughout the period of intended reliance Control test-Obj 5.10
Internal controls types 1.visible record of operating of control-PO checked & signed 2.not
provide a visible record of existence-gate security no audit trail 3.controls on computer prog used
to process a/c info used to test data techniques Control test 5.10
Test data technique used to independently assess the existence, effectiveness & continuity of prog
controls 1.use of data to test application controls 2.computer-assisted audit techniques (CAAT) Control test 5.11 AGS1060
Test data approach designed to test the prog controls include valid & invalided (illogical,
incorrect & incomplete) transactions. Test data & test programmed controls Control test 5.11
Evidence-gathering techniques for use on manual controls, inspection, observation & inquiry don't Control test-not evidence
provide direct evidence for programmed controls direct for prog controls 5.11 AUS502
Test data approach 1.control sequence of submission 2.performance of test runs containing small
amt of test data 3.compare test data with actual 4.confirm computer prog currently used by client Control test-auditor ensure
4.reasonable assurance prog ensure controls in place for entire period adequate control 5.12
Integrated test facility (ITF): similar to test data approach but one more step is 'dummy entity'.
Compare dummy with actual determine the effectiveness of prog controls. ITF data not affect
output of client sys. ITF-Control test 5.13
Integrated test techniques advantage: 1.live transactions greater assurance 2.ITF data as part of
normal processing also testing controls in normal environment 3.permit random entry of ITF
transaction & continuous entry throughout a/c period ITF-Control test 5.14
Integrated test techniques disadvantage: 1.need detailed knowledge & understanding the
application 2.ITF data must removed avoid corruption of client sys ITF-Control test 5.14
Processing client data: test data approach & ITF use simulated transactions to test controls 1.
controlled processing 2.controlled reprocessing 3.parallel processing Control test 5.15
Controlled processing: control activities assoc with input. Auditor take control over a batch &
calculate input compare with output Processing client data 5.15
Controlled reprocessing: only in processing isn't live. control over previously processed
transaction tested appropriate version of progRMM & comparing result of original processing &
reprocessing Processing client data 5.15
Parallel processing/simulation: comparison of transaction through two programs and compare Processing client data 5.15
Non-processing approaches by specialised software: 1.progRMM code review 2.review job a/c
data. Control test 5.15
ProgRMM code review (detailed review)-review progRMM documentation & the source code.
Goes over code line by line & processing steps & control procedures are properly coded &
logically correct Non-processing approaches 5.15
Review of job a/c data (higher-level review)-auditor reviews printed log produced as jobs are run
& considers error or abnormal halts. (does not test client's progRMM but achieve similar
objective) Non-processing approaches 5.15
Page 14 of 116
Page_
Computer-assisted techniques: 1.IT knowledge & experience to audit team 2.impracticality of AGS1060.07-.
manual test of control, if no hard copy, should test control 3.efficiency & effectiveness 4.timing Control test of IT system 5.16 16
Sampling techniques: test less 100% items within a/c bal or transaction, enable auditor to obtain
evaluate evidence & assist conclusion Control test for sampling 5.16
Sampling concern gather evidence: 1.100% examination (not an option for large# transaction)
2.selective exam of high-value or key items (related to substantive testing) 3.audit sampling
4.analytical procedure or proof in total Control test for sampling 5.17 AUS514
Sampling selection: 1.random selection 2.systematic selection 3.haphazard selection Control test for sampling 5.17
Random selection: whereby sampling unit making up a/c bal has know chance, equal chance Sample selection-equal
selection chance 5.17
Systematic selection on 'n' item in population, interval dividing the # of items by sampling size &
selecting a random starting point. It is a practical approach closely approximate random sampling Sample selection-nth item 5.17
Haphazard sampling selecting without any conscious bias. Involve more judgment prove
appropriate Sample selection-more judge 5.17
Substantive procedure test of transactions & bal & other procedures such as analytical procedures, Analytical procedure/tests of
seek to provide audit evidence to completeness, accuracy & validity of info contained in a/c details-Substantive
record on fin rept. 2 categories: 1.analytical procedures 2.Tests of details procedure 5.18
Analytical procedures to compare a/c bal & transactions with fin & non-fin info to identify
unusual fluctuations or value. E.g. ratio analysis indicate potential error Substantive procedures 5.18
Tests of details obtain direct evidence support a/c bal in fin rept. Then drawing conclusion fm
sample Substantive procedures 5.18
Analytical procedure nature analysis significant ratios & trends & investigation of fluctuation & Analytical procedure used at
relationships inconsistent with other info deviate fm predicted amt, identify high risk. Planning planning stage & final
stage-identify high risk; final review-evaluate reasonableness of a/c review 5.18
Analytical procedures factors affecting: Major factors-availability of reliable data. Sources of info
1.fin rept, mgt a/c & bdg, non-financial data & external sources such as industry data. Analytical procedure 5.18
Analytical procedures at aggregation of data, more appropriate at division or subsidiary level than
at corp level, when info aggregated produce conso a/c, strength of relationship decreased
effectiveness Analytical procedure 5.19
Simple techniques 1.simple comparisons 2.ratio analysis 3.common size statements 4.trend
statement 5.time-series analysis. Analytical procedure 5.20
Complex techniques: such as regression analysis & modeling techniques powerful predictive
numeric measure of accuracy. Disadvantage is time-consuming & complex to use. Require
sophisticate equip. Analytical procedure 5.20
Analytical procedures used as reasonableness test computations calculate an expected amt using
fin or operating data as independent variables Analytical procedure 5.20
Comparison balance identify significant fluctuations or relationships are inconsistent with
auditor's knowledge or evidence. Auditor investigate & obtain explanations & appropriate
corroborative evidence Analytical procedure 5.21
Tests of details play a central role in external auditor's exam of fin rept to obtain direct evidence
support substantive audit objective for particular a/c depend on type of a/c being audited Analytical procedure 5.22
Test of bal prov reliable evidence 1.directly test end bal supported by list of individual items 2.test
individual transaction cause a bal increase or decrease. More than 1 procedure to satisfy objective Analytical procedure 5.23
External confirmations considers 1.materiality 2.assessed level of inherent risk 3.assessed level of
control risk 4.evidence fm other planned audit procedure will reduce audit risk External confirmation 5.24 AUS504.02
External confirmations procedures 1.designing external confirmation request 2.performing

external confirmation procedures 3.evaluation the result of the external confirmation procedures External confirmation 5.24 AUS504.06
External confirmations factors 1.control the auditor exercises over confirmation request &
responses 2.characteristics of respondents 3.restrictions included in response or imposed by mgt External confirmation 5.24
Positive confirmation provide reliable form of evidence for a/c bal large or inherent or control risk
assessed as high, if receive no response, auditor apply alternative procedure. If alternative
procedures not performed s/b treated as errors External confirmation 5.24
Negative confirmation less reliable but used where a large number individual a/c bal are relatively
small inherent or control risks where assessed at a reduced level External confirmation 5.24
Bank confirmation used for knowledge of client's business & audit planning to understand nature
& extent of client's banking & treasury operations External confirmation 5.24 AGS1002
Bank confirmation features 1.confirmed related to 'normal banking activities' 2.for client's
treasury & treasury mgt instruments 3.recognition confirmation letters may not sufficient 3.assist
auditors discharging responsibilities 5.guidance indicating evaluate adequacy of bank's reply
relating to bank relationship 6.explanation of impact a disclaimer in favor of bank, will not affect
level of assurance External confirmation 5.25 AGS1002
Physical inventory counts matter 1.inherent, control & detection risk, & materiality related to
inventory 2.adequate procedure are expected to established & proper instructions issued 3.count
timing 4.location at which inventory is held 5.expert's assistance is needed Audit evidence 5.25 AUS506.08
Physical inventory counts consist 1.reviewing count instruction 2.observing instruction for
counting process 3.test counts as checking mechanism to ensure accurate Audit Evidence 5.26
Audit software 1.generalized audit software (GAS) 2.purpose-written prog 3.utiltiy prog & sys
mgt prog Substantive testing 5.26 AGS1060
Generalized audit software (GAS) 1.extract data fm files based on criteria specified by auditor
2.test calculations 3.compare data 4.select & print audit samples 5.summarise data for audit
analysis 6.format & print outputs Audit software 5.27
Generalized audit software (GAS) advantages 1.access to a wide variety of client records &
applications 2.utilise the speed & accuracy of computer as audit tool 3.easy to use 4.hight degree
of independence 5.promote understanding of client's IT Audit software 5.27-28
Generalized audit software (GAS) disadvantages 1.not compatible all systems 2.std routines
disregard efficiency considerations 3.processing limitation regarding # of files 4.not able to access
& retrieve complex data structure Audit software 5.28
Purpose-written prog advantage A.only viable option open to auditor B.dev with processing
efficiency consideration in mind C.deal more effectively large # data D.designed access retrieve
data fm complex E.useful for more than 1 application, 1 audit or 1 client F.dev to handle complex
logic & calculation Audit software 5.28
Page 15 of 116
Page_
Purpose-written progRMM disadvantage 1.higher degree of computer expertise 2.costly & time
consume Audit software 5.28
Utility programs used by entity to perform common data processing function such as sort, creat &
print computer may used by auditor in original or modified state. Not for automatic record counts
or control ttl. Audit software 5.29
Utilities & systems mgt programs: 1.easy to use, well documented 2.reliable 3.readily available &
efficient Audit software 5.29
Utilities & systems mgt programs disadvantages 1.limited application 2.could corrupt files if
incorrectly use Audit software 5.30
Sampling techniques in substantive procedure dividing population into discrete sub-populations
have an identifying characteristic. Sampling unit need to determined in dollar unit (DUS) will
easy to measurable level of risk. Substantive procedures 5.31 AUS514.36-38
Dollar unit (DUS) usually result smaller sample sized expect no errors. DUS is inappropriate
when auditor testing for understatement, it understated has less chance of selection than if
correctly stated (1000 in 10) Sampling techniques 5.31
Sampling unit determined in dollar unit sampling easy to use & measurable level of risk of
making decision error. Benefit give each item in population a chance selected is proportional to
dollar size. Direct attention to larger a/c bal produces stratified sample. Disadvantage to testing
understatement Substantive procedures 5.31
Substantive sample result evaluation steps 1.analysis the deviation detected 2.porject errors found
3.assess risk of incorrect conclusion Sampling unit 5.32
Analysing deviation, auditor qualitative aspect of discovered deviations, that the nature & cause
of the deviation . Diff identified either issues of timing or errors Substantive sample results 5.32
Projecting most likely errors from a sample depends on method by sample selected, each
population dollar had a roughly even chance of selection, sample of 100 items as really being a
selection of 100 individual dollars out of population is error Substantive sample results 5.32
Audit procedures for going concern: 1.review after-bal-date event 2.analyse latest interim fin rept,
cash-flow statement & profit forecast 3.read minutes 4.review terms of debenture & loan Going concern issues-
agreement 5.info fm entity's solicitors 6.effect of unfilled customer order proactive & reactive role 5.33
Going concern used analytical procedures, ratio analysis 1.current ratio 'worried at critical value
above 0.7', 2.earning ratios 3.cashflow ratios Analytical procedures 5.33
CAATs used to aid in final evaluation of weight different ratios come up overall score. Higher
scores indicate lower financial health.
Score=(0.012 x working capital/total assets) + (0.014 x retained
earnings/total assets) + (0.033 earnings before interest & tax/ttl assets) + (0.006 x market value of
capital/ttl debt) + (0.999 x sales/ttl assets). Goings concern 5.33-34
Bdg/interim fin info & forecasts reviewing given int in survival of entity, might to tempted to
state more optimistically than is warranted. Activity level, price chg, profit margins, int rates, AR
& loan commitments Goings concern 5.34
Debenture trust deed/loan agreements determine entity is in danger of non-compliance with them
& should ensure loan repayment commitments properly reflected in cash forecast Goings concern 5.36
Mitigating circumstances should aware & evaluate the effect serve offset the conditions which
raised doubts going concern. Written confirmation s/b obtained fm third parties, such as banks as
existence commitment to add'l lending Going concern 5.36 AUS708.22
Confirmation & evaluation of existence, legality & enforceability of arrangement made with third
parties to maintain or prov add'l financial support to entity Going concern 5.37
Comfort letter basic characteristics: 1.letter of support-chief entity prov fin asst to subsidiary for Going concern-Chief entity
fixed period 2. Letter of subordination-chief entity agree not to demand repayment of debts the support subsidiary 12m fin
subsidiary owes diff 5.38
Letter of support/subordination consider following issues: 1. Agreement intended legally
enforceable 2.agreement binding on chief entity 3.agreement detail minutes in books of subsidiary
co 4.agreement drafted permits termination by chief entity or subsidiary, no termination in fact Comfort letter-chief entity
occurred 5.subsidiary unable to pay creditors appears 6.chief entity capable offering support support subsidiary 12m fin
purport to offer in agreement diff 5.38
Other auditors by principal auditor: 1.regarding professional competence 2.advise other auditor of
independence requirements 3.advise other auditor use to be made of the work & rept 4.areas
requiring special consideration, procedures & timetable for audit completion 4.a/c, auditing &
rept requirements 5.significant audit findings by other auditor Experts & other auditors 5.39-40 AUS602
Experts consider 1.materiality item audited 2.nature & complexity items (risk of error)
3.assumption & methods used 4.availability of corroborative evidence 5.result of expert's work in
light of auditor's overall knowledge of client's & results of audit procedures 6.reasonable
assurance as to expert's skill & professional competence 7.expert objectivity affect the quality of
audit evidence Other auditors & experts 5.40
Actuary relationship with auditors at general principle level & not confined exclusively to life ins
environment. Should use the work of the other & interact in carrying out respective
responsibilities may be disclosed to users of fin rept Experts & other auditors 5.40 AUS524
Actuary guidance "reporting" & "specialist" matters 1.evaluation specialist professional's
qualification, competence, integrity & objectivity 2.use the work of specialist professional
3.reasonableness of specialist professional's assumptions, findings & opinion. Mgt disclose roles
of auditor & actuary. Experts & other auditors 5.40 AUS524
E-commerce: tests of controls 1.security infrastructure, 2 firewalls 3.encryption controls. Controls test on e-commerce 5.41
E-commerce: business-to-business-testing of authorisation sys as part of general control review Business-to-business testing 5.41
E-commerce vs business to consumer diff "authorisation through pay't sys, auditor ensure control
check are undertaken. Authorisation control ensure authenticity of transaction. Other control
verify transaction between trading partners & use audit trails Business-to-consumer 5.41
E-commerce audit: auditor understand business & assess the RMM must evaluation control
environment E-commerce environment 5.41
Authorisation controls test by integrity checks, electronic date stamps, digital signatures & version AGS1056.35-.
controls when evaluation integrity of electronic evidence E-commerce environment 5.41 36
Substantive testing depend upon extent to test of controls undertaken. E.g.subsequent pay't E-commerce environment 5.42
CAAT's increase level of integration of e-commerce sys with other operating sys, complexities of
sys in use, assessment of risk & availability of audit trails. Ensure access all data in the database E-commerce environment 5.42
Audit of small business: unincorporated business & sole traders not subject to audit under Corp
Act. A/c sys unsophisticated 2.uncomplicated activities few sources of revenue Small business 5.44 AGS1048
Page 16 of 116
Page_
Small business internal controls unique characteristics 1.concentration of ownership 2.limited

segregation of duties 3.override internal control 4.limited a/c knowledge 5.inactive/ineffective
policy-making body 6.easy access to assets 7.record-keeping sys informal 8.inadequate Internal controls for small
documentation business 5.44
Small business owner/manager controls 1.control reliance placed adequately designed meet
control objective 2.ascertain control procedure, performed by owner/manager represents an Internal controls for small
incompatible function 3.assess risk of mgt override control business 5.45
Small business particular attention 1.unrecorded revenues & exp 2.over/understated assets &
liabilities 3.related party transactions 4.large complex transaction near bal date. Tax minimisation Internal controls for small
(ensure a/c std) business 5.45
Small business audit approach: substantive approach frequently taken. Sampling techniques not
cost-effective. Alternative substantive procedure include analytical techniques. Use stratification Audit approach in small
test business 5.46-47
Small business going concern: trading loss occurs or investment in assets must be written down, Going concern in small
question whether co able to payee its debts when they fall due will require special attention business 5.47
Subsequent event: Directors have duty to consider & disclose matter arising fm bal date to date of Directors duty on subsequent AASB110/AUS
signing the directors' statement when prejudices the truth & fairness of a/c. event 5.48 706
Subsequent event favourable/unfavorable, occur after period end & define event occurring after
bal date as 1.circumstance that arisen or 2.info that become available after bal date, but prior to Auditor responsibilities on
time of completion. subsequent event 5.49 AASB110
Auditor's responsibilities on subsequent events: 1.discovery material effect 2.determian final rept
need to amended 3.facts after fin rept issued Subsequent event 5.49 AUS706.04-18
Auditor's responsibilities: 1.discovery & evaluation subsequent events have material effect on fin
rept Subsequent event 5.49 AUS706.04-07
Auditor's responsibilities: 2.facts discovered after date of audit rept before financial rept issued &
determined fin rept to amend a.mgt responsible for amending fin rept b mgt refuses to amend rept
auditor should qualify c.otherwise actions to prevent reliance placed on audit rept issued in
original fm Subsequent event 5.49 AUS706.08-12
Auditor's responsibilities: 3.Fact discovered after fin rept issued-mgt responsibility to revise fin
rept, new fin rept & audit rept issued, auditor indicate 'emphasis of matter' re-issued rept the
reason revision previously issued fin rept. Mgt not revise fin rept, auditor take action prevent
reliance on audit rept Subsequent event 5.49 AUS703.13-18
Subsequent to bal date audit procedure general procedure ensure proper cut-off: 1.exam inv &
goods movement record processed subsequent to bal date, 2.subsequent disposition of o/s items Cut-off of subsequent to bal
validly in a/c reconciliation date 5.50
Subsequent to bal date audit: 1.review debit/credit notes 2.review pur inv, movement in a/p to
supplier Cut-off of subsequent bal 5.50
Subsequent event specific procedures 1.review procedure by mgt 2.read minutes 3.read interim fin Auditor responsibilities on
rept 4.inquiring entity's lawyers 5.inquiring mgt for subsequent events occurred affect fin rept subsequent event 5.51
Subsequent event inq of mgt for specific matter: 1.current status of items preliminary or
inconclusive data 2.new commitment 3.sales of assets occurred or planned 4.issue of new shares
5.any assets destroyed 6.any dev regarding risk & contingencies 7.unusual a/c adj made 8.events Auditor responsibilities on
occurred right a/c policy subsequent event 5.51
Audit review two levels:1.detailed review all audit working paper by auditor-in charge 2.Higher
level review by individual responsibility audit who signs the rept (Audit manager) Review audit 5.52
Audit review objective: 1.auditor's internal policy & professional auditing std complied with
conduct in working paper 2.audit procedures completed 3.queries raised cleared 4.evidence
collected support the audit opinion 5.control weakness & other concern communicated to mgt &
appropriately documented Review audit 5.52
Signing auditor determine the extent & nature of assignment & size of office: 1.participation in
planning 2.review & approval audit plan 3.review & approval of audit progRMM 4.review &
clearance of matters raised by audit manager 5.approval & signing of mgt letters, rept &
correspondence issued by auditor Review audit 5.52
Signing auditor: 1.review queries raised by audit manager/director to ensure finalized 2.review
working paper 3.review critical area particular in "a. analytical procedures b.adequacy of prov
d.contingent matters e.post-bal date events f.going concern" 4.discussion with audit manager all
contentious matter & problem with mgt 5.Being satisfied , evidence the a/c checked, review the Audit review-No adverse
draft fin rept & related rept circumstances 5.53
Signing auditor undertake the work with working paper record and: 1.record of queries raised in
review & their clearance 2.evidence of review by audit manager with notes cover discussion &
disposal of significant matter raised by signing auditor (initial by signing auditor) 3.signed audit
rept Audit review 5.53
Electronic work-paper in compute red form, aids the completion & review process in check & bal
in sys Audit review 5.53
Mgt Representation letter purpose 1.impresses upon mgt its ultimate responsibility for fin rept Mgt representation letter-
2.confirm in writing the representation made by mgt during the conduct of audit. Use completion director declaration Corp
checklist in IT Act 5.53
Analytical procedures asset in overall review fin rept & corroborate conclusion formed during
audit Completion-ana procedure 5.54
Mgt letter: add'l to audit opinion in audit rept to cover broad range issued concern to organisation
for 1.weaknesses in internal controls 2.inefficiencies observed 3.potential area of risk Completion-mgt letter 5.54 AUS710
Communication to mgt at planning phase with nature & role of such rept in audit engagement
letter to improving corp governance of entity. Guidance address expectation gap no significant
matter to rept Mgt letter 5.55 AUS710
Working papers: records kepts by auditor of procedure applied, test performed, information
obtained & pertinent conclusion readied in audit. Provide principal support for auditor's rept,
evidence conducted in accordance with ASD & coordinating & supervising the audit Working paper SA5.1
Working papers: 1.planning & performance of audit 2.direction & review of audit work 3.prov
evidence of audit work performed to support the auditor's opinion Working paper SA5.1 AUS208.04
Hotel revenue: occupancy rate x # of rooms x room rates = estimated revenue Substantive testing SA5.2
Completeness: inventory items out on consignment & not counted during physical inventory Assertion account balance CS5.1 Inventory
Existence: physical count, client's employees mistakenly counted some items twice Assertion account balance CS5.1 Inventory
Assertion present &
Accuracy & valuation: Basis of inventory not included in draft financial report disclosure CS5.1 Inventory
Page 17 of 116
Page_
Rights & obligations: included in inventory counts were some items held on consignments Assertion account balance CS5.1 Inventory
Valuation & allocation: inventory items listed at cost, bust realisable value was lower Assertion account balance CS5.1 Inventory
Fictitious inventory by adding false count sheet to inventory count: overstates inventory, reduces
cost of goods sold, increase. Check pre-number stock count sheet, observe physical stocktake & Audit procedures & a/c
compare count sheet with perpetual inventory records impact CS5.5
Sales bring for first 10 days subsequent year forwards:overstates sales & profit. List sales
transactions a few days before & after the fin year-end & check accounting entries associated with Audit procedures & a/c
them are recorded in correct period; check debtors' confirmations impact CS5.5
Postpone recognition of suppliers' inv until subsequent period: understates liabilities & COS,
increase profit. Examine subsequent pay't to suppliers; examine orders not matched with vendor Audit procedures & a/c
inv. impact CS5.5
False claims for credit on gds rtn & volume discounts2/5/2006 understates liabilities & COS, Audit procedures & a/c
increases profit. Examine creditors' confirmations; examine subsequent pay't to suppliers impact CS5.5
Debt/equity ratio = Total Liabilities/Shareholders equity Directors valuation CS5.7
Accounts receivable turnover = sales/accounts receivable, debtors slower paying =credit policy Debtor paid
relaxed 2.96('04)to2.63('05) CS5.7
Net profit ratio = Net profit / sales (sales increase but maybe cost increasing at higher rate) Ratio CS5.8
Gross profit ratio = Gross profit / sales (gross profit ratio should sufficient to cover operating exp,
maybe sales price is heavily discounted to compete with market) Ratio CS5.8
Working capital ratio = Current assets / current liabilities Liquidity ratio CS5.8
Quick asset ratio = Debtors (Current assets - inventory) / Creditors (60% better than 64%) Liquidity ratio CS5.8
Gearing ratio = Current liabilities (debt) / Total equities (96% better than 98% - higher reliance
company on debt compared to equity given much of investment has been in unproductive assets) Ratio CS5.8
Debtors turnover = Debtors / sales (5.32 times better than 4.14 times) Liquidity ratio CS5.8
Inventory turnover = Cost of goods sold / Inventory (4.44 times better than 4.16 times) Liquidity ratio CS5.8
Noise-messages rec'd over transmission line: Echo checks & parity checks Echo checks & parity checks WS6a
Lost data on transmission line: echo checks & parity checks. Message sequence# determine
messages lost Echo checks & parity checks WS6b
Messages delayed: intruder intercepting messages may tampering by sequence # & request Sequence# & request
response response WS6c
Messages alters by intruder before rec'd by user: Data encryption & message sequence # Encryption & message # WS6d
Fin rept assertion: valuation AUS502.17/19-
Audit procedure 1.inspection 2.observation 3.confirmation AUS502.19-.25 .17 MC5.1 25
Evidence-gathering procedures of physical inventory count is observation. Analytical procedures MC5.3
Substantive test: 1.analytical procedures 2.test of bal 3.confirmation (substantive test & Compliance & substantive
compliance test) test MC5.3
Analytical procedures undertaken at planning & overall review stages Planning & review stages MC5.5 AUS512.02
Substantive test: comparison
Analytical procedures: study relationship between payroll exp & #of employees for a month payroll exp with time card
2.coparison of GP with competitors 3.comparison recorded amt of selling exp to bdg amt info MC5.6
Sample size decreasing on test of sales invoice on increase in the rate of deviation fm control
procedure of authorisation that auditor willing to accept. Control procedure increase MC5.8 AUS514
SAP of enterprise resource planning *ERP) sys characteristics: 1.multi functional in scope Control risk assessment of Norris et al.
2.integrated in nature 3.modual in structure. SAP R5.2 1998
Moderate level = limited AUS108
High level of assurance = reasonable assurance assu 6.03 revised
Audit=reasonable assu (.05); Review=limited assu (07); (.08) not cover 'other services' Review=limited assu 6.03 AUS106.05-08
Rept to shareholder by auditor: 1.auditor form opinion concerning s307 a.fin rept accordance with
corp act b.info, explanation & assist required to undertake audit c.entity kept fin record sufficient
d.entity kept register by corp act 2.fin rept compliant with a/c std & give true & fair view s308(1) s307-rept
3.fin rept not drawn up a/c std must quantified find effect s308(2) 4.audit rept describe defect or require
irregularity in fin rept any deficiency, failure or shortcoming in s307. no rept requirement in Fin rept audit rept /308(1)-no rept
s308(1) responsibilities 6.06 requirement
Director prov info & explanation give a true & fair view s296. Fin rept prepared in a/c std s297 Fin rept audit 6.07 s296/297
Unqualified opinion expressed when auditor satisfied GPFR presented fairly with a/c std & UIG General purpose fin rept
view GPFR 6.07 AUS702
Auditor opinion fin record keep adequate std throughout relevant fin period, not only half-year/fin General purpose fin rept
year-end GPFR 6.07 s307
Rept to ASIC for 1.contravention or failure to comply with corp act 2.matter not adequately dealt
with comment in auditor's rept/notifying the directors. ASIC not expect auditor search for Auditor's obligation to rept
contraventions ASIC 6.07 s311
Rept to operational mgt & mgt: on a timely basis with significant matters need attention. Pacific Acceptance Corp Ltd 6.08 AUS710
Mgt-governing body, audit committee & other person responsibility for planning & directing
activities AWA case 6.08 AUS710
Operational Mgt-responsibility for supervision of day-to-day activities of entity AWA case 6.08 AUS710
Communication with operational mgt: fin rept prepared by operational mgt & approved by
governing body (mgt). A/C policies or disclosure proposed differ materially but auditor believe
appropriate, either an alternative presentation must agreed on or the auditor must express a
qualified opinion Operational mgt 6.08 AUS710
Communication with audit committee: effective audit committees expected to inquire auditor the
extent to which executive mgt has been aggressive in its choice of a/c policies, auditor is
independent of mgt Audit Committee 6.09 AUS710 App1
Mgt letter: further written communication between auditor & mgt is mgt letter, issue at conclusion
audit Mgt letter-response & follow 6.09
Rept by external auditor in public sector types: audit opinion accompanying fin rept depend on
legislative Public sector 6.09
Auditor-General's: A.Parliament 1.commentary on operation & fin results 2.audit opinion
3.concern & int. B. make recommendation to mgt but auditor no power to ensure acted upon.
Decision to implement or ignore remain the prerogative of mgt Public sector 6.10
Qualified opinion 1.except for 2.adverse opinion 3.inability to from an opinion. Audit rept on GPFR 6.10
Page 18 of 116
Page_
Modified audit opinion referred to all qualified opinion plus unqualified opinion to add'l info
added to emphasis specific matter. Modified rept contain clear description of all material matters
auditors reservation Emphasis of matter 6.10 AUS702
Unqualified opinion for accordance A.a/c std & UIG consensus views B.Relevant statutory &
other requirement. C.consistent with auditor understanding of entity's fin rept, operation result &
cashflows Audit opinion 6.11 AUS702.26
Unqualified opinion rept not to be standarised. Rept obligation of CLERP 9, fundamentals of
requirements of scope in (.17), chg in word & styles of audit rept. (.12) measure of uniformity in
form & content desirable Audit opinion 6.11 AUS702.12/17
Independence declaration no contravention of auditor independence require of corp act or code of
professional conduct. Copy of auditor's declaration incl in directors' rept s298(1)c. Failure to Directors' rept incl auditor's
declaration is strict liability offence. S307c(7) provide indemnity safeguards declaration of independence 6.11 s307C/s298(1)C
Disclosure non-audit services: s300(11b) listed co director prov statement in annual rept identifier
non-audit services by audit firm & fees for non-audit services. Why non-audit service not
compromise independence by S300(11d) listed co audit committee made statement accordance
with advice for non-audit services. Non-audit services 6.12 s300(11)B/D
Except for opinion-except for material nature e.g. specific reservation, deficiency, shortcoming or
scope limitation, the financial rept is fairly presented. Most common form of qualification Qualified audit opinion-
observed in practice common form 6.13
Adverse opinion-disagreement with mgt or material departure fm applicable fin rept framework
which is misleading or of little use to intended user. Auditor 'be careful in placing any reliance on Qualified audit opinion-less
fin rept' than 1% form 6.14 AUS702.28
Inability to form an opinion-auditor no evidence to resolve uncertainty by scope limitation &
possible effect of adj might be required large, pervasive or fundamental that potentially affect the Qualified audit opinion-less
entire fin rept than 1% form (Scope limit) 6.15 AUS702.30
Qualified opinion express for following matters: 1.disagreement with mgt regarding fin rept Qualified audit opinion-
2.conflict between applicable fin rept frameworks 3.limitation on scope of audit. circumstances 6.16 AUS702.42-.56
Disagreement with mgt-appropriateness of a/c policies selected, method of application and
adequacy of disclosures in fin rept 1.departure fm a/c std 2.departure fm relevant statutory &
requirements Qualified audit opinion 6.16 AUS702.44
Departure from a/c std &/or UIG consensus view, audit rept cite specific std and/or UIG subject to
depart Qualified audit opinion 6.16 AUS702.45
Emphasis of matter on add'l disclosures 1.absence of add'l disclosure, users would be misled in
evaluation or decision 2.add'l disclosure contain all, and only, relevant & reliable info, & are Qualified audit opinion
presented in a manner to ensure the fin rept as a whole the objectives of general purpose financial exception on departure fm
rept (GPFR) a/c std 6.16 AUS702.47
Departure from relevant statutory & other requirements-entity complied with statutory & other
requirement affect the form & content of fin rept. Auditor's responsibility bring attention to ASIC Qualified audit opinion 6.17 s311
Conflict between fin rept frameworks-e.g. IAS & AUS but not yet harmonised. 1.meeting other
requirement not accordance with a/c std (unqualified opinion with e.g. IAS). But qualified opinion
with AAS & UIG consensus view (AUS702.51). 2. A/c policy contrary to statute or other
requirement, qualify to presentation with requirements (AUS702.52). e.g. legislation require
present fin rept not with a/c std or UIG. no examples in AU. Qualified audit opinion 6.17 AUS702.51-52
Scope limitation-evidence restriction placed on evidence gathering procedure employed, e.g. by
audit mandate or procedures not provide required evidence, scope limitation exist. When scope
limitation during, auditor has choice of 'except for' or inability to form an opinion Qualified audit opinion 6.17 AUS702.53-56
Emphasis of matter 5 specific circumstances: 1.add'l disclosure 2.inherent uncertainty
3.inconsistency with other info 4.subsequenet event rendering going concern basis inappropriate Unqualified opinion with
5.revised fin rept emphasis of matter 6.18-21 AUS702.57-64
Add'l disclosure-fin rept accordance with a/c std but departure fm std is appropriate 1.draw
attention in add'l disclosures 2.auditor's opinion application to particular a/c std/UIG resulted in
fin rept being misleading 3.reason for add'l disclosure necessary to ensure fin rept as a whole is
not misleading 4.add'l disclosure are relevant & reliable in meeting obj of general purpose fin rept
(GPFR) Emphasis of matter-rare 6.18 AUS702.58
Inherent uncertainty-disclosure of uncertainty (AGS1028) & reliability of all amt & disclosure
affected by it Emphasis of matter-common 6.19 AUS702.62
Inconsistency with other info is materially with fin rept e.g. significant profit before extraordinary
loss Emphasis of matter-rare 6.20 AUS702.63
Subsequent event for going concern-highly improbable event after rept data prov new info not
relate to condition existing at the rept date & adequate disclosure in fin rept. Disclosure
inadequate, 'except for' or adverse opinion issued arising fm disagreement with mgt Emphasis of matter-rare 6.20 AASB110
Revised fin rept as result of discovery of a material event after fin rept & audit rept issued, audit
rept incl 'emphasis of matter' to draw attention to note why rept revised Emphasis of matter-rare 6.21
Modified audit opinion-refer to qualified & unqualified opinion. Circumstances results in
modified rept Qualified & unqualified 6.21 Table 6.01
Materiality: 'of such a magnitude' assessing materiality guidance: 1.asset or liability-compare with
class total 2.equity item-compare with amt of equity 3.revenue or expenditure-compare AUS702/.39;.27
appropriate amt for rept period & average result/amt for # of period including current period. /AUS306.31
Material = or more than 10% Materiality appropriate bases 6.22 AASB1031
Materiality: auditor assess uncorrected misstatement during assu are material, individually or Qualified opinion if mgt
aggregate. Error identified in individual a/c plus misstatement as result of extrapolating sample refuses adj auditor conclude
result (projected error). material 6.22 AUS306
Fin rept of prior not audited, incoming auditor not able to comparative for amt, auditor would
qualify audit rept on basis comparative are unedited & no opinion of them is expressed, still need
to required AUS510 Comparative & implications 6.24 AUS510
Fin rept incoming auditor obtain sufficient evidence to comparative, If material misstatement
should add'l procedures as appropriate to the circumstances Comparative consistent 6.24 AUS602
Fin rept continuing audit reference to comparatives only when prior period qualified & unresolved
or current opinion on prior period fin rept is diff fm originally expressed. Comparative consistent 6.24 AUS704
Going concern question not satisfactorily resolved, significant uncertainty "emphasis of matter".
Highly improbable "adverse opinion" Going concern consideration 6.25 AUS708
True & fair override by director not believe fin rept resulting fm obligation asso std are true &
fair, must add info in note to fin rept. Director believe add'l note is necessary, auditor issue Fin rept in true & fair view.
"emphasis of matter" s296-a/c std, s297-fin rept 6.25-26 s297/296
Page 19 of 116
Page_
General rept requirement for other than GPFR A.fin rept accordance with fin rept other than a/c
std & UIG (a special purpose rept) B.fin info not constitute a fin rept not contain fin performance Audit rept-other rept (use
& statement of financial position (other fin info) C.summarised fin rept derived fm audited fin "correct" not "present fairly AUS802/AGS1
rept accordance a/c framework") 6.26 044
Audit rept not accept amended, auditor should rpt in prescribed from & if inappropriate, decline
issue rept Special purpose fin rept 6.27 AGS1044
Special purpose fin rept likely mislead intended user, auditor A.take steps to determine fin rept Audit rept-other rept
framework is appropriate to the need of users B.identified likely user & possibility fin rept will be(identify fin rept is special
purported to be GPFR C.disclosure conventional terminology in rept needs to modified or purpose fin rept who
embellished responsible for rept) 6.27 AUS802.19/21
Audit rept-other rept
Other fin info example:1.components of fin rept 2.externally managed assets & income of (agreed-upon procedures not
superannuation fund 3.calculation of net tangible assets 4.abridged 'p&l' info 5.outgoings for audit also concept of
leased property 6.calculation of employee bonuses 7.details of share price movements materiality) 6.28 AUS802-22/27
Summarised fin rept-auditor s/n rept on summarised fin unless it is derived fm a GPFR has been Audit rept-other rept(opinion
audited or special purpose rept. Auditor qualified if summarised fin rept misleading on info consistent with
understanding of rept. GPFR) 6.28 AUS802.14-21
Audit rept-not mandate
Concise fin rept separate engagement form GPFR. Add'l procedure required inclusion discussion specific discussion AUS702/AASB
& ana principal factor affect fin performance, fin position & financing & investment activities . disclosure 6.29 1039
Review-limited assurance engagement concerning comprising inquiries of co personnel & Limited assurance
analytical procedures : 1.a/c principles 2.procedures for recording, classifying & summarising engagement involve limited
transaction, info for disclosure & prepare in fin rept 3.material assertion procedure 6.30 AUS902.27b-d
Analytical procedures in limited assurance identify relationship & individual items appear unusual
incl 1. comparison of fin rept for prior period 2. comparison with anticipated result & fin position
3. relationship of fin info expected to conform a predictable pattern based on experience or Limited assurance analytical
industry norm procedures 6.30 AUS902.27e
Review rept on fin rept similar to GPFR titled" Independent Review Rept".Opinion as negative
statement Fin rept-emphasis of matter 6.30 AUS702
Review of half-year fin rept with 1.fin performance, fin position & cashflow 2.notes to fin
statement 3.director declaration 4.directors' rept (incl auditor's declaration of independence)
5.auditor's review rept Half-year fin rept 6.31 s320/303&306
Review of half-year fin rept , non-disclosure of relevant & reliable info constitute misleading
omission. Lack of disclosure or inappropriate info cause to issue qualified rept. Half-year fin rept 6.31 AASB134
Audit or review-ASIC not requirement to distribute half-yearly fin rept to attach audit or review,
most disclosing entities elected have review. Auditor encourage distribute half-yearly with
review rept Half-year fin rept 6.31-32 AGS1016.30
Continuous disclosure-add'l to half-year rept, Corp act introduced continuous disclosure regime. Continuous disclosure 6.32 s674-678
Compilation engagement use a/c expertise. Rept incl 1.title 2.an addressee 3.statement the Compilation engagement-
engagement was performed accordance with APS9 4.identification of compiled fin rept, must contain a ref
indicating it based on fin info provided by client 5.statement the client is responsible for fin rept "Unaudited" or "Compiled
6.statement for no audit/review carry doubt and no assurance express 6.identification the member w/o audit or review"& have
rept on a special purpose fin rept & specific purpose for which prepared 7.when relevant, a "refer to compilation rept"
statement the member is not independent of entity 8.appropriate disclaimer of liability 9.name, on each page - Without audit
address & signature of the member 10date or review 6.33 APS9
Agreed-upon procedure is not an assurance but is part of audit & audit related services, designed
to reflect individual circumstances of clients & meet the need of users to have clear understanding Agreed-upon procedure 6.34 AUS904.09
Agreed-upon procedures rept: 1.title 2.addressee 3.identification of specific info 4.statement of
procedures performed 5.engagement statement with audit std 6.engagement purpose 7.recipient
take responsibility 8.specific procedures performed 9.aduitor's factual finding 10.procedures
performed not constitute an audit or review, no assurance express 11.audit or review performed,
matter to attention 12.rept restricted those parties agreed procedures 13.rept related only info not
extent fin rept 14.date Agreed-upon procedure 6.35 AUS904
Internal audit rept depend on obj set for internal audit. Good rept design, author maintain,
satisfies message obj and need of audience. Readers prefer message-first structure & consistency Internal auditor rept-aids of Cutler 2001/IIA
among rept effective communication 6.35 perf std
Unqualified opinion for lawsuit for 20M or 2M or prov 0.1M, disclosure to show nature & amt of Audit opinion-sale100M,P
claim. 50M SA6.1
Qualified opinion for under-prov material long serv leave - except for Except for audit opinion SA6.2
Qualified opinion for disagreement with mgt for magnitude or pervasive to fin rept. Fin rept
unreliable Adverse opinion-materiality SA6.2
Unqualified opinion for satisfied all disclosures contain for interco transactions on after bal-date
event Audit opinion SA6.3
Qualified opinion for consolidated entity have a/c of subsidiary. Scope limitation SA6.3
Qualified opinion for unavailability of sufficient appropriate audit evidence Scope limitation SA6.4
Qualified opinion for under-prov for inventory write-off by 30%. Disagreements with mgt
materially diff. Disagreement with mgt SA6.4
Qualified opinion for audit engagement undertake audit after year-end. E.g. unable to physical stk. Scope limitation SA6.4 AUS702.55
Audit engagement for agreed upon procedure measures could be (.09) 1.comparing the procedures
to be applied 2.discussing the procedures to be applied 3.reviewing correspondence fm recipients.
(.13)engagement letter listing of procedures to be performed as agreed upon & attaching a draft
rept Agreed-upon procedure SA6.5 AUS904.09/.13
Emphasis of matter with unqualified opinion-concerns going concern, but satisfied adequate
disclosure of uncertainty in notes to accounts Unqualified opinion CS6.2
Disagreement with mgt, inadequate disclosure-concerns going concern, no adequately disclosed in
notes Qualified opinion CS6.2
Adverse opinion-highly improbable entity continue going concern Qualified opinion CS6.2 AUS708
Inability to form an opinion (scope limitation): Mgt refusal to furnish a written representation on
any matter Qualified opinion MC6.01
Except for or inability to form an opinion: unable to determine amt asso with illegal acts
committed Qualified opinion MC6.02
Except for: client inappropriately applied AASB has a material financial effect on fin rept Qualified opinion MC6.03-04
Page 20 of 116
Page_
Except for: refuse to disclose directors remuneration although it is not material Qualified opinion MC6.05
Emphasis of matter with unqualified opinion-significant litigation claim with adequately
disclosed in a/c Unqualified opinion MC6.06
Emphasis of matter with unqualified opinion-supplementary info in fin rept inconsistent in
audited rept Unqualified opinion MC6.07
Inability to form an opinion-civil unrest Qualified opinion MC6.08
Unqualified opinion - going concern mitigating factors adequately disclosed Unqualified opinion MC6.09
Adverse opinion-high probability not continue as going concern Qualified opinion MC6.10
Emphasis of matter with unqualified opinion: going concern uncertainty adequate disclosure Unqualified opinion MC6.11
Inability to form an opinion (scope limitation): 1.mgt unwilling to sign mgt rep letter 2.unable
determine amt 3.client refuses confirm certain AR or apply alternative procedure to verify AR bal Qualified opinion MC6.16
Except for or adverse onion for unjustified a/c chg which disagreement with mgt Qualified opinion MC6.16
Performance audit - more traditional 'watchdog' audit role, suggest improvement to public adm
based on wide-ranging audit activities. Greater efficiency & effectiveness particular Auditor-General annual rept
accountability 2002-2003 7.03 ANAO 2003
SAI-supreme audit in
INTOSAI apply public
INTOSAI-Int'l organization of supreme audit institution has 170 supreme audit institution (SAI). sector: fin
SAI operate within legal mandate provided by legislatures, they are independent. INTOSAI work rept/compliance/performanc
together with IFAC review ISA & write new ISA applicable to private & public sector audit. e 7.04 INTOSAI/SAIs
Performance audit-core
Performance audit objective-auditor express opinion whether all material respect on entities' definition relates to
activities carried out economically and efficiently and effectively. Direct rept audit, obj incl prov economy, efficiency &
relevant & reliable info about performance effectiveness 7.05 AUS806
Performance audit defines-independent exam of efficiency & effectiveness of gov't undertaking,

progRMM or organizations, with due regards to economy, & the aim of leading to improvements INTOSAI performance audit 7.05 INTOSAI 2004
Performance audit is concerned economy, efficiency & effectiveness: A. audit of economy of adm
activities B. audit the efficiency of utilisation of human, fin & other resources incl exam of info
sys, performance measures & monitoring arrangements, & procedures followed by audit entities
for remedying identified deficiencies C.audit of effectiveness of performance in relation to
achievement of obj of entity & audit of the actual impact of civilities compare with intended INTOSAI audit std &
impact practical experience 7.05 INTOSAI 2004
Performance audit key idea 1.starting point is assess economy, efficiency, & effectiveness in gov't
activities 2.important have reliable & independent info represent the public interest 3.overview
gov't activities & ability to influence & improve performance. competent examiner to fulfill this
role INTOSAI performance audit 7.05 INTOSAI 2004
Performance audit means entities' activities to assess economy & efficiency & effectiveness: A
adequacy internal control B.extent to resources managed economically & efficiently C.extent to
activities effective Performance audit definition 7.06 AUS806.02
Economy: acquisition quality & quantity of fin, human, physical & info resources right time at
lowest cost Performance audit 7.06 AUS806.03-05
Effectiveness means achievement of obj or intended effects of activities Performance audit 7.06 AUS806.03-05
Performance audit evaluate effectively meeting its obj & using resources economically & Victorian
efficiently. Performance audit rept prov independent assessment of public sector activity & seeks Auditor-
to improve resource mgt & add value to agency through recommendation on improving operation Victorian Auditor-General's General office
& procedures Office 7.06 2003
Performance audit as review designed to determine how efficiently & effectively an agency is
carrying out its functions. May review a gov't progRMM affect whole public sector & make
recommendation for improvement relation to the functions. 1.independent ass 2. improve NSW audit
efficiency & effective 3.accountability NSW audit office 7.06 office 2003
Value for money (VFM): a systematic, purposeful, organized & objective exam of gov't activities.
Scope incl exam economy, efficiency, cost-effectiveness & environmental effect of gov't
activities; procedures to measure effectiveness; accountability relationships; protection of public OAG - value for money
assets & compliance (VFM) 7.07 OAG 2002
Performance audit key themes: 1.concept of economy, efficiency & effectiveness are important
2.audit may be for a program, a gov't agency or single issue 3.goal is improvement in performance OAG - value for money
4.audit refer to independent assurance 5.audits assist the accountability process (VFM) 7.07 OAG 2002
Performance audits, auditor seeks to 1.improving value for money & control 2.auditee have
internal control 3.internal control structure operate satisfactorily 4.audit coverage regards to value
for money 5.exam evidence & examples of unsatisfactory economy, efficiency & effectiveness to Performance audit - auditor
establish improvements 6.focus mgt attention on critical activities seeks to 7.07 AUS806/808
Performance audit results incl recommendation for improvement in 1.economy & efficiency in
use of resources 2.effectiveness in achieving progRMM obj 3.service delivery & quality 4.mgt Performance audit -
planning & control 5.accountabiliity. Suspected poor or wasteful practices allegation of fraud, recommendations for
misuse resource. improvement 7.07-.08 AUS806/808
Performance auditing: 1. Understanding entity, prog or activity subject to audit 2.What to audit Judgment critical in
3.How to audit 4.What & how to rept performance audits F7.1 7.08
Performance audit judgment: AUS806.13 judge in evidence, time nature & extent & draw
conclusion AUS806.27 evidence gathered predominantly qualitative immature AUS806.39
judgment effect of material AUS806.10 professional scepticism throughout may materially Judgment critical in AUS806.13/27/
misstated performance audits 7.08 39/10
Performance audit diff between fin statement audit is "performance" substantially from audit to Performance audit diff with
audit fin 7.09
Performance audit guidelines (not possible applicable to all types performance audit) 1.practices
between communities vary considerably in mandate, organisation & methods use 2.guidelines Performance audit for public
can't incl all approaches, methods or techniques as this incl everything in social sciences sector. No bottom-line
3.performance audit cover a large range of topics & perspectives measure to guide action 7.09 INTOSAI 2004
Performance audit obj improve public sector performance & accountability. Written rept prov
relevant & reliable info & opinion for fin, HR, physical, info & natural resource are managed Performance audit ob &
economy, efficiency & effectiveness. Performance audit "reasonable assu the inf to performance auditor rept-Reasonable
is free fm material misstatement". assurance 7.09 AUS806.11-14
Page 21 of 116
Page_
Accountability defined as obligation to answer for a responsibility that has been conferred at least
tow parties: one allocate responsibility and one accept it. Third party is auditor (usually auditor-
general). "Client" is parliament which conferred or allocated responsibility to manager.
Responsible to parliament for efficient, effective & economical use of resource is carrying out
responsibilities conferred. Auditor carries a process is superimposed on accountability Performance audit serves
relationship accountability concept 7.10
Parliament control over public purse for principle 1.execurtive no income otherwise sanctioned by Performance audit - control
parliament 2.executive no expenditure except approved by parliament public money 7.10
Parliament approve fund expect 1.revenue properly assessed & collected 2.spent for purpose
specified 3. Expended with economy, efficiency & effectiveness 4. Effectiveness of gov't prog
measured & reported 5.operation carried out in compliance Accountability 7.10
Performance audit concept two principles of mgt 1.public sector undertaking conducted make the
best possible use of public funds 2.accountable for prudent & effective mgt of resources entrusted Accountability 7.10
Accountability improvement e.g. 1.accountability to parliament for expenditure by agencies OAG 2002,
2.format of a/c 3.external control & monitoring by gov't dept 4.better and accurate performance Auditor-
indicators 5.comparison between similar organisation 6.greater info on sector performance General of
7.clearer & info presentation of info Performance audit 7.11 Canada
Independence-auditor-general removing the issue dependence between auditor & public sector
clients. Diff relationship to experienced in private sector and audit independence provided under
auditor-general act is recognised explicitly as key to ANAO effectiveness Public sector independence 7.11 ANAO 2004
Auditor-General prepare annual plan & present to parliament, consultation with Public A/C &
Committee Audit Act s7A 7.12 VAGO 2004
Policy issues by auditor-general 1.policy obj determined, decision taken with appropriate
authority 2.quality of info & policy advice to gov't by official 3.existence & effectiveness of adm
machinery 4.extent, stated prog obj 5.economy, efficiency & performance chosen implement a
prog 6.inteded & unintended direct & indirect prog effect 7.cost of alternative strategies
8.subsequent decisions 9.resultant instruction to staff accord approved policy obj 10.decision Auditor-general determined
clearly understood obj & pursued by official 7.12
Performance audit coverage 1.goverance following AU & int'l experience of corp. failures 2.prog
to meet the needs of communities in rural AU following drought 3.defence heightened threat
environment 3.health & well being of AU through employment prog 5.environmental issues Performance audit judgment
6.economy by auditor-general 7.13 ANAO
Performance audit identified: 1.governance & public sector mgt 2.dev & managing state's
infrastructure 3.sustainability of natural resources & environment 4.dev economy, sectors &
region 5.protecting community 6.fostering skilled, creative & learning community & servicing Add value from parliament's
well being community & community's perspective 7.13 VAGO
Performance audits by example for NSW auditor-General, Victorian auditor-general 2004 ANAO Performance audits
2005 examples 7.14-17
Economy refers to acquisition of appropriate quality & quantity of fin, human, physical & info
resources at appropriate times & lowest cost: 1.sound procurement practices 2.appropriate type,
quality & amt of resources when needed at lowest cost. E.g. new photocopier given certain level
of capacity Performance audit 7.18 AUS806.03
Efficiency to productive use of fin, human, physical & info resources to maximising output & Efficiency compare: 1.fin
outcomes or maximising input. Efficiency is relationship between resource inputs & output. (cost /output) 2.HR
E.g.avoid dup, avoided overstaff 3.minimum amt of resources 4.employed adequate sys. (staff/output) 3.physical
Efficiency indicator relate resource input to output. Prof efficiency in authority produced output. (assets employed / outputs)
Not relevant internal mgt/operational efficiency info 4.time (time/output) 7.18
Effectiveness refer to achievement of obj or intended effect of a prog, an operation or activity Performance audit 7.19 AUS806.05
Effectiveness audit incl: 1.particular prog or activity to determine effective 2.ana appropriateness
or relevance of activities 3.review entity & mgt arrangement for prog evaluation & effectiveness
measurement function 3.review to rept on effectiveness measurement are used Performance audit 7.19
Effectiveness indicators scale or magnitude: 1.level of outcome & level achieved 2.size of target
group & proportion reached or served 3.mkt size & mkt share. Effectiveness-complex.
Efficiency-use dollars 0 Performance audit 7.20
Economy: reduction in costs through better contracting, bulk buying 2. Keep costs lower through
hedging Performance audit 7.20
Efficiency: 1.greater output fm same inputs 2.remedying dup of effort or lack of co-ordination Performance audit 7.20 T7.2
Effectiveness: 1.improved quality of services a shorter waiting list b response time... 2.imporved
planning, control & mgt a improve plan b clearer target c better control manpower, asset d Performance audit-example
improve fin sys in T7.3 7.21 T7.3
Mismanagement or waste indicator: 1.Fin resources-overspend bdg; dup pay't 2.HR-high staff
turnover; dup role 3.Physical resources-under used, unused or obsolete equip 4.Info resources- Water or mismanagement
proliferation of equip type 5.Operations -backlog of complaints… indicators-examples in T7.4 7.21 T7.4
Criteria are central roles 1.bais for communication with mgt 2.inication of scope of audit 2.dev
audit prog & questionnaires 4. Focus so findings can generated & observations can formulated &
structured Performance audit 7.22 AUS806.24
Criteria may range fm general to specific. Former 'broad statements of acceptable & reasonable
performance' specific criteria 'more closely related to entity's legislation, obj, prog, sys & controls Performance audit 7.22 AUS808.28
Criteria in planning stage for "auditor to assess matter subject to audit". Specific criteria in audit Performance audit - plan
process stage 7.22 AUS808.29
Criteria characteristics: 1.reliability 2.objectivity 3.usefulness 4.understandability 5.comparability
6.completeness Performance audit 7.23 AUS808.31
Criteria may dev fm A.regulatory bodies, legislation or policy statements B std of gd practice
C.statistics or practices dev among similar entities D.criteria identified in similar circumstances Performance audit 7.23 AUS808.32
Criteria for performance (VFM) 1.controls 2.standards 3.measures 4.result commitments 4.target
adopted Performance audit-VFM 7.23 OAS 2002
Criteria examples: 1. Adequacy of sys & practices sys 2.compliance with authority Performance audit criteria
3.Accountability information 4.adequacy of results… examples T7.5 7.23-24
Evidence key issues (OAG): 1.dev observation & concluding audit obj 2.audit observation, Performance audit-evidence
conclusion & recommendation in audit rept 3.relevant, reliable & valid 4.sufficient 5.collection of or nature forming conclusion OAG
interrelated facts & strength of collection of facts 6.think forward to rept stage & prov conclusion of qualitative nature 2002/AUS806.2
& recommendation AUS806.27 7.24-25 7
Evidence type: 1.physical-fisheries patrol 2.testimonial-enquiry 3.documentary-files 4.analytical Performance audit 7.25-26 OAG - VFM
Page 22 of 116
Page_
Effect-quantifiable
Cause is reason why happened may prevent by identify the cause conclusion 7.26
Cause-and-effect chain consider: 1.interrelated & knowledge of one assists understanding Performance audit-
2.problem-solving oriented by logical & value judgment 3.adverse effect of control weakness s/b determined in Audit conduct
quantified when practical 4.cause or effect isolated occurrence or part of pattern indicating stage: 9 Carry out audit
breakdown of internal control sys 5.casues may be external to sys or organisation subject to audit procedures as defined in the
& effect extend beyond sys audit prog 7.26
Attribution: assessing effectiveness problem, that is contribution of a specific prog to a particular Cause & effect-problem
outcome. assess 7.27
Attribution: gov't prog outcomes make diff in meeting obj. The contributed outcomes citizens Cause & effect-problem
value. assess 7.27 Mayne 1999
Attribution: activity measured influence by action can attributed to entity. S/B clear Cause & effect-problem
accountability lies. assess 7.27 HM Treasury
Significance factors: 1.$ value 2.public int 3.significance of prog 4.visibility of prog 5.inherent
risk 6.potential for savings 7.environmental 8.socioeconomic 9.safety 10.resources 11.risk of poor
mgt 12.history of lack of due regards 13.quality of controls 14.deterrent value 15.ethic, integrity & Performance audit -
compliance 16.inaction on previously rept items significance factor 7.28
Significance making decision 1.info needed to support the audit conclusion 2.info need or Performance audit -
required by organisation to fulfill its responsibilities significance decision making 7.28
Efficiency & effectiveness relationship. Economy is easies to tackle, effectiveness auditing raises
problem in defining obj & measuring performance & risk of auditor becoming involved in policy
issues Performance audit 7.28-29 Figure 7.02
Economy, efficiency & effectiveness: Economy: actual input & planned input; Efficiency: process
& planned process; Effectiveness: actual output & planned outputted Performance audit 7.29 Figure 7.02
Efficiency: 1.inputs/output review "costs reduced for same output" 2.sys-based review
3.comparisons Performance audit 7.29
System-based review 1.obj for review & how to measure 2.sys & organisational structure prov
right background & info all proper control 3.pricing policies calculated & review 4.review activity Input/output based review
"why is work done?" 5.can costs reduced by same work 6.what would be effect chg service levels using system-based review 7.29
Comparisons basis 1.service expenditure level 2.usage of service or measure of client population Economy & efficiency-
served 3.united cots of services 4.employment levels 5.performance indicators Performance audit 7.29
Comparison of cost or statistics between individual faculties of organisation useful for knowledge
the auditor has reasons why diff may occur. Comparison between diff but similar cost centre e.g. Economy & efficiency-
schools Performance audit 7.30
Comparison of previous year is helpful to distinguish trend: 1.nature & purpose of
function/activity 2.cost 3.organisational structure 4.operation of procedures 5.individual duties of Economy & efficiency-
staff 6.record kept of activity 7.activity level of dept/service Performance audit 7.30
Comparison methods obtaining info 1.exam existing record 2.written questionnaires 3.interview Economy & efficiency-
& discussion 4.direct observation or including, activity sampling Performance audit 7.30
Effectiveness: 1.obj s/b clearly defined 2.responsibilty for achieving obj set with organisational
structure 3.performance indicators set in terms enable comparison or benchmarking with internal Performance audit-most
& external norms 4.sys place to prod info enable recipient to compare performance with norms important element 7.31
Effectiveness reviews data sources: 1.citizen surveys 2.trained observer ratings-photographic std
by trained observers as street cleansing 3.comparison of similar prog 4.internal records-occupancy
rate Performance audit 7.32
Effectiveness for garbage disposal 1.pleasing aesthetics 2.health & safety 3.minimum citizen Performance audit T7.6
inconvenience example 7.32-33
Mgt performance assessing: 1.policies, prog & strategic 2.prod & services 3.budgetary mgt sys & Performance audit T7.7
practices 4.mgt structure, skill & process 5.Technology 6.People example 7.34-35
Reform for performance indicator:1.reduction extent of central agency control over mgt process
of individual agency, freedom for manager to set priorities & manage risk 2.manager focus on obj,
results & outcome & evaluate prog performance indicators 3.prom of devaluation of responsibility Performance audit-reform in
to mgt of authority recent years 7.36
Indicators derives from 'indicate': to point out; to show to give some notion of; or to give ground
for inferring. Performance indicators do not, have the precision & comprehensive coverage of fin
rept Performance indicators 7.37
Performance info 1.type of performance measure dev 2.measure cover also efficiency &
effectiveness issues, incl quality of performance 3.measures validity data 4.info applied in mgt Performance audit
decision-making application of indicators 7.37
Performance assess comparing achievement 1.performance relative to target/goals 2.performance
relative to previous performance 3.performance relative to performance of similar authorities or Performance audit-
prog comparing achievement 7.37
Performance indicator application: 1.ongoing-focusing on inputs outputs & individual process 2.
periodic-through in-depth studies focusing on policy environment Performance audit 7.37
Performance indicator : economy, efficiency & effectiveness are impact by inputs, outputs & Performance information
outcomes. F7.3 7.38
Input indicators are designed to rept amt of resources, either fin or non-fin for specific service or
prog. E.g.# student per teacher, $ spent per pupil, $ spent for capita on police or fire service & #
police per people Performance indicators 7.38
Service effort indicators (input indicators) for specific service or prog measured current $ or CPI- Performance indicators:
adjusted $ input 7.38
Output indicators list units produced or services provided by a service or prog to service
population. E.g.mt of waste water treated, # of student days, # of passenger trips for transport & Performance indicators:
tones of solid waste output 7.39
Performance
Outcome indicators designed to rept results (incl quality) of service by gov't prog indicator:outcome 7.39
Efficiency measures relationship between input & output Input & output measures 7.38
Effectiveness measures actual output & outcomes Output & outcomes 7.38
Cost-effectiveness indicators: compared outcome with input. E.g.decline in road toll/incidence or
crime Outcome indicators 7.38
Page 23 of 116
Page_
Cost-effectiveness indicators is important have ongoing monitoring: 1.sys costs comprehensive &
accurate? 2.measure use meaningful & appropriate to organisation? 3.measures used clearly
explained to service user? 4.indiect costs, overheads on reasonable basis? 5.costs & benchmarked
against others entity? 6.Private sector comparators considered? 7.overseas public sector
comparators considered? 8.performance compared from year to year? 9.service del through more National audit
than one outlet? Performance indicators 7.39-40 Office UK 2003
Performance indicators user: 1.parliamnet 2.public 3.media 4.client groups 5.research groups Performance indicators users 7.40
Performance indicators: 1.relevant 2.quanitfiable 3.verifiable 4.free from bias 5.appropriate 6.a
fair presentation 6.balanced 7.cost-effective Performance indicators 7.40
Performance indicators: 1.outcome (effectiveness) 2.level of service (effectiveness) 3.productivity Performance indicators
(efficiency) 4.output indicator (activity level) 5.cost-effectiveness (effectiveness)… examples examples T7.8 7.41
Performance audit 5 stage: 1. Project identification 2.Planning 3.audit conduct 4.rept 5.follow-up Performance audit process 7.42 Figure 7.04
Performance audit process
Project identification stage: 1.select entity, prog/activity 2.idnetify audit topic 1&2 7.42/43 Figure 7.04
Planning stage: 3.understanding the entity 4.preliminary study on fundamental issues
5.preliminary study rept 6.preliminary study rept with mgt 7.dev audit criteria 8.dev audit plan Performance audit process 3-
incl audit prog 8 7.42/44-45 Figure 7.04
Audit conduct stage: 9.audit procedures defined in audit prog 10.ana evidence, finings to dev Performance audit process 9-
conclusion 11 summary of draft finding & proposed recommendations 11 7.42/46-47 Figure 7.04
Reporting stage: 12.rept to head of organisation, the minister & parliament 12 7.42/48-49 Figure 7.04
Follow-up stage: Follow-up & rept on conclusions & recommendations 13 7.42/49 Figure 7.04
Planning stage topics: 1.audit mandate 2.knowledge of business 3.audit obj 4.audit scope
5.materiality & risk 6.skills, competence & knowledge 7.criteria 8.audit evidence 9.audit plan & Performance audit process 3-
audit prog 8 7.43 AUS806.18/808
Select entity, prog or activity for audit-identify potential performance audit topic, determine
significant (incl materiality) & identify risks to good mgt. E.g. examine treasurer's public a/t & Project identification-
rank all agencies expenditure process 1 7.43 ANAO 2003
Identify potential audit topics based on significance, risk to good mgt & potential benefits: review Project identification-
significance of prog or activity to gov't agency, resources committed) or risk to good mgt process 2 7.43
Planning stage involves 1.identification of significant issues 2.sub matter 3.expected benefit fm
audit 4.audit obj 5.audit scope 6.timing 7.audit criteria 8.audit approach & methodology 9.skill & Performance audit-process
knowledge 10.liaison with mgt subject to audit 11.coordination with field auditor 3-8 7.43-44 AUS808
Gain an understanding of the organisation, prog or activity subject to audit: obtain knowledge of
business Planning stage - process 3 7.44 AUS808.06-08
Undertake preliminary study by identifying fundamental issues, key mgt sys & controls; dev audit
obj, general criteria, scope, approach & expected benefits from the audit: gather & evaluate info
need for decision-making & for conduct, control & rept of an audit Planning stage - process 4 7.44
Preliminary study rept incl: 1.audit topic 2.reasons for audit 3.overview aim 4.descript & ana
entity's operations 5.relationship of audit to previous internal & external review 6.preliminary
evidence Planning stage - process 5 7.44
Preliminary study rept focus: 1.obj & scope of audit 2.audit criteria for matter of significance
3.audit approach used 4.expected benefit fm audit 5.preliminary estimate of time for audit Planning stage - process 5 7.44-45
Discuss the preliminary study rept contents with mgt of organisation subject to audit. Planning stage - process 6 7.45
Dev detailed audit criteria: base mgt of organisation has no difficulty with the results of
preliminary study, attempt to refine audit criteria from a general level to more detailed level Planning stage - process 7 7.45
Dev the audit plan incl the audit prog: performance audit dev & adaptation as audit progresses Planning stage - process 8 7.45 AUS808.38
Audit conducting involves 1.collecting, testing & analysing evidence that is relevant &
appropriate in quality & quantity based on audit obj, criteria & methodology dev in planning Audit conduct stage-process
phase 9-10 7.45 AUS808.09-15
Ana evidence & evaluate finding to dev conclusions & recommendations: 1.confirm or modify
planning decision & assessments 2.dev conclusion relative to audit objectives 3.confidence in Audit conduct stage-process
audit conclusions 10 7.46
Carry out audit procedures as defined in the audit prog: gathering & evaluation info to compare
actual practices against criteria & obtain relevant, reliable, sufficient , obj & timely evidence to Audit conduct stage -
support conclusion reached & recommendations made. Underlying cause & effect determined process 9 Cause & effect
during this phase determined during this phase 7.46
Ana evidence & evaluate finding to dev conclusions & recommendations undertake: 1.assess
deficiency is isolate 2.identify fundamental cause of deficiency 3.quantify effect of problem 4.
consider significance of conclusion 5.dev example of conclusion 6.determine mgt/parliament Audit conduct stage-process
aware deficiency 10 7.46-47
Recommendations take into a/c 1.circumstance help or hinder the entity in meeting criteria Causes & effects fm criteria,
2.feasibilty & cost of adopting a recommendation 3.alternative courses for remedial action recommendation then
4.effect, positive & negative may arise if recommendation adopted prepared 7.47
Recommendations dev to ensure 1.flow fm auditor's observation & asso. 2.respons to underlying
cause the deficiencies 3.clear, succinct & stand alone 4.state need to be done but not specific on
how 4.positive in tone & content 5.capable of implemented in reasonable timeframe 6.cost-
effective 7.able to followed up 8.consistent & coherent with other recommendations Performance audit 7.47 OAG2002
Recommendation communicate summary of draft finding & proposed to the head of organisation
& minister: auditor maintains contact during audit with mgt: 1.assists in maintain mgt
commitment 2. Useful tool auditor can test findings with mgt more familiar with entity & prog. Audit conduct stage -
Ensure 'no surprises' in audit rept process 11 7.47
Report to head of entity, the minister & parliament matter 1.nature & significance warrants
attention 2.represented concisely, completely, fairly, objectively & timely manner. Rept to CEO,
Minster & treasurer Reporting stage - process 12 7.48 Audit Act
Report: auditors should 1.delineate the obj & scope 2.identify criteria 3.rept significant matter,
whether positive or negative 4.describe context 7 background of rept matter only necessary
8.present audit conclusion in concise, complete, fair & obj 9.recommendation 10.mgt comments
on recommendations Reporting stage - process 12 7.48
Performance audit report 1.table of content 2.exectuive summary 3.description of audit
4.summary of recommendations 5.detailed finding 6.appendices Reporting stage - process 12 7.49
Page 24 of 116
Page_
NSW audit
Interview to ensure report are accurate & recommendations are appropriate. Reporting stage - process 12 7.49 office
Performance audit report: 1.direcort rept audits 2.attest rept audit (audit mandate embodied
legislation) Direct & attest audit reports 7.49 AUS806.29-38
Direct rept audit: auditor rept mgt performance & presents finding, conclusion & overall opinion
on extent to mgt performed with regard for economy, efficiency & effectiveness. Reporting stage - process 12 7.49 AUS806.29-38
Attest rept (assertion based): auditor attest to assertions prepared by mgt to demonstrate mgt's due
regards for economy , efficiency & effectiveness in discharging its responsibilities.
Responsibility by mgt Reporting stage - process 12 7.49
Follow-up and rept on conclusion & recommendation: some time after parliament , the minister &
mgt presented with a final rept, it is sound practice to follow up recommendation contained within
the audit rept Follow-up stage - process 13 7.49
Performance audit & fin statement common features: 1.clear audit obj 2. Appropriate & accepted
criteria 3.collection of evidence 4.obj evaluation 5.conclusion rept about matter 6.professional Fin statement & performance
judgment audit common features SA7.1
Performance audit diff in fin statement: greater variability in sub matter 2.suitable criteria not Fin statement & performance
always available 3.greater variety of methods to collect evidence 4.non-recurring basis audit key diff SA7.1
Effectiveness - A.output measures:1.# of RBTs 2.# of drunk drivers detected B.outcome measures Performance audit - RBT
1.chg in attitudes to drink driving 2.# of drunk drivers still driving 3.reduction in road toll road SA7.2
Economy indicators: 1.cost of buses 2. Cost of hourly maintenance service Performance audit - Buses SA7.3
Efficiency indicators: 1.cost per bus services 2.cost per client service 3.cost per bus hour Performance audit - Buses SA7.3
Effectiveness indicators: 1.proportion of target population needs have been met 2.proportion of
clients satisfied with the services 3.service reliability & on-time running Performance audit - Buses SA7.3
Gov't schools literacy std improvement obj add the effectiveness: 1.students participate in literacy
improvement 2.current resource allo for literacy improve prog are appropriate 3.literacy
proficiency data collected at Yr 2,3,5&7 is complete, accurate & appropriately used for decision- Effectiveness on Gov't
making & rept school SA7.4
Economy: correct equip & HR in least 1.cost a.cost of equip & HR 2.comparison with Performance audit - Fire
jurisdictions or desirable std in terms of capacity protection SA7.5
Efficiency: protection afforded at least cost 1.population protected per person-year 2.inspection Performance audit - Fire
per year 3.response time protection SA7.5
Effectiveness: fewer fires occur & no fire damage & injury 1.deaths per population 2.ins rating Performance audit - Fire
awarded 3.response time protection SA7.5
Performance audit -
Economy: Right resources at right costs 1.HR 2.pur practice for food Hospitals SA7.5
Efficiency: necessary services at least 1.dietary services=cost per meal 2.laundry & linen=cost per Performance audit -
kilo Hospitals SA7.5
Effectiveness: patients properly fed, bedded & clothed 1.adherence to established std 2.patient Performance audit -
complaints Hospitals SA7.5
Efficiency: 1.gross/net cost per hour/day 2.gorss/net cost per user 3.labour hours per visitor
4.labour hour per available hour/day Performance audit - Park SA7.6
Effectiveness: 1.total attendance/capacity 2.total days used/avoidable days 3.% increase in ticket
revenue 4.increase in # attending 5.increase in hours/days used 6.# of injuries/accidents per 'x'
participants 7.# of criminal incidents per days used, participants or attendees 8.% of user
households rating: cleanliness, attractiveness, condition of equipment, safety facilities, hours of
operation & variety activities satisfactory Performance audit - Park SA7.6
Performance audit - Home
Effectiveness & economy & efficiency; evidence through care CS7.1
Accountability, audit obj, audit criteria, economy, efficiency, effectiveness, recommendations Performance - Defence force CS7.2
Other assurance services not
Recommendation for assurance services 1.FRC dev corp governance std force of law 2.ASX covered by CLERP9:
listing rules cover commentary on internal control/risk mgt, managerial discussion & ana, key 1.internal control sys,
judgments, key performance indicators & mgt appraisal sys 3.ASIC should review 'performance 2.performance measures CLERP9/JCPA
audits' in private sector & evaluate costs of assurance on continuous rept 3.Corp governance 8.03 A
Objective of assurance
Assurance engagement framework: practitioner to express 'a conclusion designed to enhance engagement increase
degree of confidence of intended users other than responsible party about the outcome of credibility of info on subject
evaluation or measurement of a subject matter against criteria' matter 8.04 AUS108.07
Level of assurance involve
Assurance engagement key elements: 1.three-party relationship 2.Subject matter a. data b.sys & 1.subject matter 2.criteria &
process c.behaviour 3.criteria 4.evidence collection 5.written assurance rept for subject matter - quantity & quality of
level of assurance involves relationship subject matter, criteria & quantity & quality of evidence evidence 8.05
Independence-cornerstone on assurance function is based. Professional reputation add value to Professional reputation-
assu. critical 8.05
Expertise: professional services require competence to complete, exercise due care with plan &
evidence Quality of professional judge 8.06
Assurance services survey other ser: 1.prospective fin info 2.non-fin info 3.sys & process
4.behaviour Assurance services-others 8.06 IFAC 2002
Assurance services other than assurance on historical fin info prov internationally: 1. Future
orientated fin info 84.2% 2. Non-financial info: environmental performance 48.2% 3.sys & Assurance services-others
processes-internal control sys 57.1% 4.behaviour-compliance 46.4% example T8.1 8.07 IFAC 2002
Prospective fin info-prov on forecast & similar types of info in prospectuses that entity is raising Assurance services-others
equity from the public. Prospective fin info based on assumption about event may occur Most common assu services 8.07-08 AUS804
Prospective fin info obtain sufficient audit evidence to: 1.mgt best-estimate 2.info prepared on
assumption 3.properly presented & material assumption disclosed incl clear indication whether
best-estimate or hypothetical 4.prepared on consistent basis with historical fin rept using
appropriate a/c principles Assurance services-others 8.08 AUS804.02
Forecast defined "prospective fin info prepared on basis assumption to future event & mgt expect Prospective-best estimate
to take" assu 8.08 AUS804.04-05
Projection "prospective fin info prepared on hypothetical assumption about future event & mgt
not necessarily expected take place. (mix best-estimate & hypothetical assumption). When entities
in start-up phase or major chg in nature of operations Prospective fin info 8.08 AUS804.06
Page 25 of 116
Page_
Prospective fin info guidance 1.regard prospective fin info 2.acceptace of engagement
3.knowledge of the entity's business 4.period of coverage 5.audit procedures 6.presentation of
prospective fin info 7.form & content of audit rept Prospective fin info 8.08 AUS804
Prospective fin info audit evidence a.best-estimate assumption based are reasonable b.properly
prepared on basis of assumptions c.properly presented & material assumption disclosed Audit evidence for
d.prepared on consistent basis with historical fin rept using a/c principles prospective fin info 8.08 AUS804.02
Prospective fin info rept: A.limited assurance not imply limit procedure performed to review
b.does not express opinion on hypothetical assumption. No opinion for results achieved
AUS804.09 Prospective fin info assu rept 8.09 AUS804.09-10
Prospective fin info rept: a.actual result likely diff fm prospective fin info. there can be no
assurance actual result fall within range B.projection, prospective fin info prepared for purpose,
using assumption incl hypothetical assumption for future event, reader are cautioned info ought
not be used for purpose other that described Prospective fin info assu rept 8.09 AUS804.32
Prospective fin info-
Prospective fin info: primary fin statement & elements, extract & summaries of such statements & guidance concerned external
fin disclosure draw upon date in the future. 1.relevant 2.understandable 3.reliable 4.comparable purpose 8.10 ICAEW PFI
Relevant for PFI: A.Relevant 1.ability to influence economic decision of investors 2.prov in time
to influence economic decision of investors 3.predictive value or helping to confirm or correct
past evaluations/assessment, has confirmatory value. B.form & content reflect judgment useful to
investors Prospective fin info 8.10 ICAEW PFI
Understandable of PFI: 1.degree of uncertainty asso determine complexity of disclosure.
Disclosure should reasonable & understood/used by investors 2.need sufficient info make
judgment on disclosure a.sources of uncertainty b.assumption relating to uncertainties
c.determining factors affect assumption will be borne out in practice d.alternative outcomes, being
consequence of assumption not borne out. Prospective fin info 8.10 ICAEW PFI
Reliable of PFI: 1.supported by ana 2.incl need for info 'free from deliberate or systematic bias
intended to influence' decision-maker 3.free of material error 'reflects ana accurately, not ana will
be materially same as actual outcome' Prospective fin info 8.10 ICAEW PFI
Comparable of PFI: 1.capable of subsequent validation by comparison with outcomes in historical
fin info 2.fin info comparable a.compare with similar info for other period & entity b.consistency
of preparation & presentation c.supported by disclosure of a/c policies used Prospective fin info 8.11 ICAEW PFI
Non-fin info 3 main types: 1.environmental & sustainability 2.performance measures 3.value-for-
money Assurance on non-fin info 8.11 IFAC 2002
Sustainability rept-
Environmental & sustainability assurance: sustainability rept refer to rept environmental environment,social&econom
performance, social performance & economic performance referred to 'triple bottom line rept' ic 8.11
Sustainability info rept stakeholder incl: 1.investors, ana & rating agencies 2.employees
3.business partners in supply chain 4.communities Sustainability info rept 8.12 ICAEW 2004
Credibility importance support by GRI: stakeholder expect to trust sustainability rept, entity
enhance credibility bldg trust to improvement in quality of rept sys & processes Sustainability info rept 8.12 GRI
Sustainability rept std issues: 1.credibility of assu 2.likelihood 3.understand of conclusion
4.compare Std for sustainability rept 8.12 ICAEW
Sustainability rept key issues: 1.enhancing trust in info environmental & social impact for
effective sys & internal controls 2.supported by suitable rept criteria & strengthened by dev
principles 3.a/c profession playing important role in independent assu 4.a/c expand knowledge &
expertise to prepare challenges fm increase expectations 5.assu on social & environmental rept Sustainability info rept 8.13 ICAEW
Assurance called auditing & verification. Assurance is an evaluation against principles & std, of
quality of specified public rept & sys, processes & competencies deliver asso inf & underpin rept
entity performance Assurance definition 8.13 CPA AU
Triple bottom line rept benefit: 1.credibility of entity's mgt processes 2.assuring mgt resources
utilized effectively 3.ongoin improvement of external rept 4.environmental risks effectively
managed 5.improved environmental performance, regulatory compliance & corp governance
practices commitment TBL Assurance statement 8.14 CPA AU
TBL Assurance
Triple Bottom line assu factors: 1.no requirement on corp legislation stipulated qualification of statement:add'l 1.surveys
auditors 2. Lack conceptual framework, ambiguity asso with third-party statements 3.substantial 2.expert commentary 3.
variation in breadth of material covered & rept format & contents. Stakeholder panel advise 8.14 CPA AU
Sustainable assu evidence-gathering techniques: 1.inquiry 2.observation 3.inspection
4.comptation 5.confirmation 4.analytical procedures Assurance procedures 8.14-15 Wallage 2000
GRI 2001-std
Sustainable assu evidence, consider reliability of diff types of info & sources. Info used fm exam for sustainable
of records & documents, field or facility observation, test & enquiries, mgt & external Assurance procedures 8.15 assu
Sustainability assurance example: 1. Subject matter 2.criteria 3.key performance indicators
4.criteria for KPI 5.evidence-gathering 6.reporting a conclusion Shell Report-using GRI std 8.16-18
Performance measurement 'focuses on prov assur use fin & non-fin measures to evaluate
effectiveness & efficiency of its activities. Increasing guidance for public & private sector
practitioner dev performance measures (e.g. HM Treasury) Performance measurement 8.19 AAA 1997
Performance measurement type 1.assessing reliability of info reported 2.relevance of performance
measures, how well they info mgt & outsider about performance Performance measurement 8.19 AAA 1997
Performance measures relevance examples: entity increase mkt share, CPA dev strategy has
reasonable chance accomplishing obj. Obj chg activities to increase satisfaction mkt campaigns, Performance measure
dev new prod. relevance 8.20 AAA 1997
Performance measures by mgt: 1. Sys are properly measuring activities that relevant & consistent
with strategic obj 2.evaluate employees 3.measure actual performance with obj 4.identify
activities, processes, or function provide best opportunities for improvement in performance Performance measurement 8.21 AAA 1997
Performance measurement criteria: 1.relevant 2.avoids perverse incentives 3.attributable 4.well
defined 5.timely 6.reliable 7.comparable 8.verificable Performance measurement 8.21-23 HM Treasury
Relevant-aiming to achieve 1.easy to fall in trap of targeting easily measured process' 2.often try Performance measurement
& measure important obj imperfectly ignore them altogether Criteria 8.21 HM Treasury
Avoids perverse incentive: s/n encourage unwanted or wasteful behaviour 1.uses data put may Performance measurement
cause perverse incentive 2.ensure measure do not 'leave out important dimension of performance' Criteria 8.22 HM Treasury
Attributable: capable of being influenced by actions can be attributable to organisation 1.entity
reasonably be expected to influence 2.reflect more than one aspect of services 3.degree to entity's Performance measurement
activities create desired outcomes will not be clear Criteria 8.22 HM Treasury
Page 26 of 116
Page_
Well defined: clear, unambiguous definition so that data will be collected consistently, & measure
is easy to understand & use 1.easy to understand & unambiguous need to be bal 2.need Performance measurement
elaboration for 'those collecting the data' Criteria 8.22 HM Treasury
Timely: produced frequently enough to track progress & quickly for data still to be useful 1.up-to- Performance measurement
date info require 'a short time lag 2.'trade off between accuracy & timeliness Criteria 8.22 HM Treasury
Reliable: faithfully represent it purport to represent 1.accurate for intended use & responsive to
chg 2.statistically valid 3.measures of customer satisfaction not only yes/no 4.statistics dev by Performance measurement
outside independent can be useful 5.independent review of performance info Criteria 8.22 HM Treasury
Comparable: compared either past or similar data/prog 1.minimise the chg in definition over time Performance measurement
2.use std definition if exist Criteria 8.22 HM Treasury
Verifiable: clear documentation' processes produce the measure can be validated 1.collect &
document in a way allow people to check or validate the measure 2. Documentation help to Performance measurement
promote confidence measures Criteria 8.22 HM Treasury
Internal control assurance: Emphasis internal controls worldwide, high level of assu (reasonable
assu) only be provided on operation not on design of sys & use of narrative rept support
conclusion Internal control assurance 8.24 COSO 1994
Internal control structure-Special purpose rept to mgt or other specified parties restricts, today,
can be an audit, review or agreed-upon procedure. Special purpose rept 8.24 AUS810
Inherent limitations on special purpose rept: 1. internal control sturcture, possible fraud,
error/non-compliance may occur & not detected 2.not designed to detect all weakness in control
procedures as if not performed continuously & test on sample basis 3. project of control procedure
to future is subject risk procedures become inadequate of chg or degree of compliance with
compliance my deteriorate Internal control assurance 8.24 AUS810.67
Internal control assu rept under Sarbanes-Oxley Act is COSO framework: 1.annual rept incl
assessment of effectiveness of internal control over fin rept 2.auditor attest mgt's internal control
assessment Internal control assurance 8.25 COSO 1994
Internal control sys meet std deemed effective on 3 categories 1.understand extend operation obj
are achieved 2.published fin statement prepared reliably 3.complied with law & regulations Internal control assurance 8.25 COSO 1994
Control environment factor on positive control environment: 1. Integrity & ethical values
2.commitment to competence 3.board of directors or audit committee 4.mgt philosophy &
operating style 5.organizational structure 6.assignment of authority & responsibility 7.HR policies
& practices Internal control assurance 8.26 COSO 1994
Integrity & ethical value 1.code of conduct & other policies 2.dealing with employees, suppliers,
customers, investors for mgt ethical conduct 3.mgt pressure to meet unrealistic performance Control environment-
targets Positive control environment 8.26
Commitment to competence: 1.job description or other means of defining task comprise particular Control environment-
jobs 2.ana of knowledge & skill need ed to perform jobs adequately Positive control environment 8.26
Board of director or audit committee: 1.independence fm mgt 2.frequency & timeliness meeting
3.sufficiency & timeliness info prov to board or committee 4. Sufficiency & timeliness with board Control environment-
of committee apprised of sensitive info, investigating & improper acts Positive control environment 8.26
Mgt philosophy & operating style 1.nature of business risks accepted 2.frequency of interaction Control environment-
between mgt & operating mgt 3.attitudes & actions toward fin rept, incl disputes on a/c treatments Positive control environment 8.26
Organizational structure 1.entity structure and ability to prov necessary info flow to manage
activities 2.adequacy of definition of key managers' responsibilities 3.knowledge & experience of Control environment-
key managers in light of responsibilities Positive control environment 8.26
Assignment of authority & responsibility 1.assignment & delegation of authority to deal with goal
& obj, operating function & regulatory requirement 2.control-related std & procedures, incl job Control environment-
description 3.# of people, respect to data processing & a/c function, requisite skill level Positive control environment 8.26
HR policies & practices 1.policies & procedures for HR 2.remedial action taken 3.employee Control environment-
background checks 4.employee retention & prom criteria & info gathering techniques Positive control environment 8.26
Risk assessment: 1.entity-wide obj 2.activity-level obj 3.risks 4.managing chg Internal control assurance 8.28 COSO 1994
Entity-wide obj 1.extent prov sufficiently broad statement & guidance to achieve 2.effectiveness
communicate to employee & mgt 3.relation & consistency of strategies with obj 4.consistency
plans & bdg Risk assessment process 8.28
Activity-level obj: 1.linkage of activity obj to entity obj 2.consistency of activity to entity obj
3.relevance to significant business processes 4.specificity of activity obj 5.adequacy of resource
relative to obj 6.identification of obj to achievement to entity obj 7.involvement all level mgt in
obj setting Risk assessment process 8.28
Risks: 1.identify risk from external sources 2.risk from internal sources 3.significant risk for each
significant activity 3.thoroughness & relevance of risk ana process, incl estimating & significance
of risk Risk assessment process 8.28
Managing chg 1.anticipate, identify & react to event or activities affect entity or activity obj
2.identify & react to chg have dramatic & pervasive effect Risk assessment process 8.29 COSO 1994
Control activities evaluated in context of mgt directives to add risk with obj for significant
activity. Internal control assurance 8.29 COSO 1994
Information & communication: A.Info 1.external & internal 2.to right people 3.dev/revision of
info sys 4.mgt support B.Communication1.effectiveness & control responsibility communicated
2.channel 3.receptivity suggestions 4.adequacy of communication 5.openness & effectiveness of
channel 6.aware ethical std 7.timely & appropriate follow-up Internal control assurance 8.29 COSO 1994
Monitoring: A. Ongoing monitoring B.separate evaluations C.rept deficiencies Internal control assurance 8.30 COSO 1994
Internal control guidelines: 1.category of control addressed 2.statement of inherent limitation

3.statement of existence of mechanism for sys monitoring & responding to identified deficiencies
4.identification of criteria against internal control sys is measured 5.date 6.name of rept signers Internal control assurance 8.31 COSO 1994
Risk mgt assur: 1.aligning risk appetite & strategy 2.enhancing risk response decisions 3.reducing
operational surprises & losses 4.idnetifying & managing multiple & cross-enterprise risks
5.seizing opportunities 6.improving deployment of capital Risk mgt assurance 8.32 COSO 2004
Risk defines 'threat an event or action will adversely affect organization's ability to achieve
business obj & execute its strategies successfully" Risk mgt assurance 8.32 AAA 1997
Business risk classify useful way: 1.strategic environment risks 2.operating environment risk
3.info risk Risk mgt assurance 8.32-33 AAA 1997
Strategic environment risk: external threats, chg in customers tastes & preferences, creation of
substitute prod, or chg in competitive environment, political areans, legal/regulatory rules, &
capital availability Risk assessments 8.32 AAA 1997
Page 27 of 116
Page_
Operating evnironment risk: threats fm ineffective business process, loss of physical, fin, info,
intellectual or market-based assets, loss mkt or mkt opportunities & loss of reputation Risk assessments 8.32 AAA 1997
Information risk: threats fm poor quality inf for operational, fin or strategic dicision making prov
misleading inf to outsiders Risk assessments 8.33 AAA 1997
Outsourcing business risk "chg in IT & dev" led to other chg incl reduced time to react to Risk mgt assurance-
environment chg, streamlined design process & increased outsourcing. Outsourcing increase Outsourcing increases
business risk because of potential for key trading partner to fail to perform business risk 8.33 AAA 1997
Risk assessment services can improve quality of risk info for internal decision makes, prov
context services to assist mgt, direcotrs & outsider users in evaluating risk info relate to overall
obj & strategies of entity Assurance services for risk 8.33 AAA 1997
Risk assessment services incl: 1.identification & assessment risk faced by busies 2.independent
assessment of risks 3.evaluation of entity's sys for identifying & limiting risks Risk mgt assurance services 8.33 AAA 1997
Risk assessment services: auditors have experience identifying & evaluation risk faced by fin
statement, experience undesigning internal control sys, & experience in evaluating ability of
organisation to remain going concern & mgt mitigate the business risk.. Conduct audit for Big 4
firms Risk mgt assurance 8.33 Bell & Solomon
Risk assessment benefit group 1.owner of small business & mgt of larger co 2.director
3.shareholders 4.outsiders incl trading partners, creditors & regulators Risk mgt assurance 8.33 AAA 1997
Risk assessment 4 categories of obj: 1.strategic 2.operations 3.reporting 4.compliance; 8
components: 1.internal environment 2. Obj setting 3.event identification 4.risk assessment 5.risk
response 6.control activities 7.info & communication 8.monitoring Enterprise Risk Mgt 8.34 COSO 2004
Risk mgt std AU/NZ: 1.confident & rigorous 2.identification of opportunities & threats 3.gain
value fm uncertainty & variability 4.pro-active not re-active 5.effective allo resources 6.improved
mgt & reduction loss & cost of risk 7.improve stakeholder confidence & trust 8.compliance
9.corp governance Risk mgt assurance 8.34 AS/NZ4360
Risk mgt 5 steps:1.establish context 2.identify risks 3.ana risks 4.evaluate risk 5.treat risks Risk mgt assurance 8.34 AS/NZ4360
Systems reliability: Obj for assurance reliability on SysTrust 4 principles: 1.availability 2.security AICPA &
3.integrity 4.maintainability SysTrust & WebTrust 8.36 CICA
AICPA &
WebTrust new assu concern by Internet customers, AICPA & CICA dev principle & criteria Systems reliability 8.36 CICA
WebTrust & SysTrust: 1.security 2.availability 3.processing integrity 4.online privacy SysTrust&WebTrust AICPA &
5.confidentiality principle 8.37-38 CICA
WebTrust & SysTrust principle across areas: 1.policies 2.communications 3.procedures SysTrust&WebTrust AICPA &
4.monitoring principle 8.37-38 CICA
Privacy assurance: part of sys reliability, privacy is defined as 'the rights & obligations of
individual & organisations with respect to the collection, use, retention, & disclosure of personal AICPA &
info' Systems reliability 8.39 CICA
Privacy assessment on fin & non-fin info for many decades (& resulting business & professional
experience), the 'professional characteristics required same key element would enable accountant AICPA &
to 'prov solutions to privacy issues' Systems reliability 8.39 CICA
Privacy framework 10 components: 1.mgt 2.notice 3.choice & consent 4.collection 5.use &
retention 6.access 7.disclosure to third parties 8.security 9.quality 10monitoring & enforcement.
Privacy components are relevant, obj, complete & measurable criteria for evaluating an entity's Systems reliability-privacy AICPA &
privacy policies, communication & procedures & controls components 8.39-40 CICA
Collection privacy component 'the entity collects personal info only for the purposes identified in AICPA &
the notice': criteria used in 1.policies & communications 2.Procedures & controls Privacy framework 8.40-41 CICA
Privacy framework: 1. Privacy assurance rept covers 10 privacy components 2.perform at
reasonable rather than limited assurance 3.scope of engagement cover (a)either all personal info AICPA &
(b) all business segments & locations 4.cover a period of time Systems reliability 8.40 CICA
Compliance audit 2 main forms 1.express opinion on entity complied with specific requirement
2.rept instances of non-compliance with relevant requirement observed Assurance on behaviours 8.42
Compliance audit common in private sector examples 1.compliance with corp governance
policies 2.veracity of mgt assertion regarding impartiality 3.carbon statements for emission
trading Assurance on behaviours 8.42 PWC 2004
Compliance engagement exits public & private sector, usually relation to public sector auditing. Compliance audit is an
Reason is gov't & public sector operate in legislation set out direction, conditions & limitation integral part of
over source, allocation & use of public resources accountability process 8.42
Corp disclosure audit incl: 1.assessing scope of sys design 2.review reliability of sys fm info
collated 3.systematically review info collated 4.review data aggregation for incl in rept Assurance on behaviours 8.43 PWC 2004
Compliance audit express an opinion must clearly determine the scope of by identifying the entity
& specify requirement against which compliance is being rept. Instances of non-compliance with
requirement are discovered, a qualified rept will be issued Assurance on behaviours 8.43 Deloittes 2004
Compliance audits: 1. Non-compliance with a specified authority s/b rept by auditor. non-
compliance regarded to material issue a qualified audit rept. 2.materiality applies to compliance
audit in same way as with other exam. the auditor exercise professional judgment as to Assurance on behaviours-
materiality of non-compliance. This made up quantitative & qualitative factors & requires users judging materiality
identified & info needs assessed difference view 8.43
Corp governance assumed new level of importance: big 4 a/c firms provide a substantial # of
services related to corp governance & best practices in board rept Corp governance assurance 8.43
Corp governance principles: 1.lay solid foundations for mgt & oversight 2.structure board to add
value 3.promote ethical & responsible decision-making 4.safeguard integrity in fin rept 5.timely
& bal disclosure 6.rights of shareholders 7.manage risk 8.enhanced performance 9.remunerate
fairly & responsibly 10.recognise the legitimate int of stakeholders Corp governance assurance 8.44 ASX
Continuous auditing key to produces audit results simultaneously with short period of time after,
the occurrence of relevant events. Apply to assurance on fin info, non-fin info, sys reliability &
behaviours, treated under a separate heading. Require independent assu on reliability of info Continuous auditing 8.45 CICA 1999
Continuous audit are viable, prov certain, interrelated conditions are met: 1.high degree of
automation 2.automated highly reliable 3.highly automated audit procedure implemented required
audit evidence 4.need quickly info of automated procedures 5.produced automatically &
safeguarded against unauthorized chg 6.technically proficient handle circumstances of
engagement Continuous auditing 8.45-46 CICA 1999
Continuous audit important: 1.empirical research to identify specific circumstances in 2
conditions (I) continuous info is vital to decision-making (ii) users perceive independent
continuous audit by obj party improve reliability & usefulness of info 2.auditor chg mindset to
embrace continuous rept Continuous auditing 8.46 CICA 1999
Page 28 of 116
Page_
Continuous audit scenarios example: 1.specific fin info 2.compliance with published policies &
practices 3.completeness & accuracy of frequently updated key info 4.fin statement available on
demand 5.effective operation of controls over specified sys Continuous auditing 8.46-47 CICA 1999
Continuous audit subject matter relate to performance indicators: 1.mkt/customer indicator Continuous auditing:
2.internal business process 3.HR 4.competitior 5.physical environmental 6.financial performance indicators 8.47 CICA 1999
Continuous financial statement audit, suitable criteria would be 1.generally accepted a/c principles
(GAAP) 2.relevance 3.reliability Continuous auditing criteria 8.47 AUS108
Continuous audit engagement obj is to determine the nature, timing & extent of audit procedures Continuous audit-risk of
in order that risk of not detecting a material instance of non-comparability of the subject matter professional judgment by
with suitable criteria is reduced to an appropriately low level reasonable or limited assu 8.47 CICA 1999
Continuous audit need to rept soon: 1.subject matter need suitable characteristics 2.sys provide
subject matter are reliable 3.audit evidence highly automated audit procedures 4.reliable means
exist for obtaining result of audit procedures on timely basis 5.timely availability & control over
auditor rept 6.high degree of audit proficiency in IT & audited subject matter Continuous auditing 8.47 CICA 1999
Continuous auditing mgt would automated warning to: 1. controls functioning as intended &
identifier an error requires investigating & correction by mgt 2.controls not appear to functioning
as intended, based on pre-determined indicator or anomalies in info being generated. alarm
trigger used by auditor Continuous auditing 8.48 CICA 1999
Continuous audit can either 1.indirect reporting: provide opinion using suitable criteria, on mgt's
written assertion 2.direct reporting: auditor's rept prov an opinion on subject matter for mgt is
responsible Continuous audit reporting 8.48 Elliott; CICA
Continuous audit need overcome: 1.not necessarily the case assu prov enough feedback to justify
the cost 2.exist alternative to using assu as a way of reducing transaction costs 3.not mandated
services 4.problem of free riding 4.start-up cost high 5.independence question 6.issue of pay't 7.IT Alles, Cogan &
start-up cost Continuous need overcome 8.48 Vasarhelyi 2002
Continuous audit need to overcome: assu is' beneficial whenever decision are made' 2.'there may
already exist alternative to using assu reducing transaction cost' 3.assu not mandated & greatest
use involves transactions not widely used before 4.problem of free riding as 'fact that assu has
undertaken as informative as knowing results of assu 5.start-up cost can extremely high
6.'independence question 'with design of enterprise sys..involvement of assu providers Hunton, Wright
components is unavoidable' 7.issues of pay't 8.'will assuror or assure absorb the start-up cost Continuous auditing 8.49 & Wright 2003
Assurance-specific competencies skills incl: 1.customer focus 2.migration to higher value-added Competencies for potential
info activities 3.IT 4.pace of chg & complexity 5.competition assu services 8.50-51 SCAS
Migration to higher value-add info activities: 1.analytical skills 2.business advisory skills
3.business knowledge 4.model bldg 5.understanding client's business processes 6.measurement Competencies for potential
theory & performance assu services 8.51-51
Sustainability important aspect: 1.increased transparency & pressure of responsibility 2.supply
chain std 3.recognise potential stakeholder influence on co value 4.dev voluntary codes
5.benchmakring require 6.understanding new requirement 7.use tradable permits & certificates Sustainability: accountants
8.require rept info 9.credibility of in by assurance processes. role R8.1 ICAEW
Sustainability assurance-
Child labour assurance: 1.accuracy 2.comleteness 3.relevance 4.neutrality 5.understandability Child CS8.1 Wallage 2000
Hospital performance: 1.relevant 2.avoid perverse incentive 3.attributable 4.well defined 5.timely Performance measure-
6.reliable 7.comparable 8.verifiable hospital CS8.2
Advantages of a/c profession offering assurance & main obstacles facing profession Assurance services SA8.1
Disclosure cover: 1.sources of uncertainty 2. Assumption uncertainties 3.factors affect
assumptions 4.alterhntive outcome of assumption Forecast assurance SA8.2 ICAEW 2003
ICAEW report: 1.PFI presented to make it understandable 2.projection value presented for sales
in 5 yrs time, summary & disclosure assumption 3.presented info uncertainties Heroic assumptions SA8.3 ICAEW 2003
Environmental audit diff fin statement: 1.no verifiable assertion (no record) 2.no std 3.lack of
generally accepted procedures 4.expressed as detailed rept of finding & deficiencies than Environment audit diff fin
conclusion state SA8.4
Profession prov sustainability assu: 1.skills in review effectiveness of sys 2.training in evidence
collection 3.assur std (AUS110/ISAE*3000) on same framework in audit of fin statement
4.sustainability info incl in fin statement 5.profession's ethical guidelines, incl integrity, obj &
compliance with ethical std are important Sustainability assurance SA8.5
Review control procedures involve reperformance on a test basis to prov evidence to base an Internal control procedure
opinion audit SA8.6 AUS810.17
Inherent limitation in internal control sys 1.HR judgment 2.HR misunderstand/carelessness 2.Mgt Internal control sys
ability to override 3.controls relative costs & benefits 4.collusion limitation SA8.7
AICPA &
Sys reliability 1.procedures 2.communication 3.monitoring Sys reliability SA8.8 CICA
Briefing paper by mgt: assu prov 1.sys generate briefing paper 2.content; Difficulties 1.time
2.future-oriented 3.costly 4.independence concerns concern Assurance services SA8.9
Page 29 of 116
Description

relaxed 2.96('04)to2.63('05) CS5.7
Assertion present &
Page 30 of 116
Description
AUS512.8/402.

Page 31 of 116
Description
phase 9-10 7.45 AUS808.09-15
Page 32 of 116
Description
502) fraud 2.09 6
AUS210/402/40
Page 33 of 116
Description
Page 34 of 116
Description
Effect-quantifiable
Page 35 of 116
Description
Page 36 of 116
Description
Page 37 of 116
Description
database mgt MC4.05
(node) sys SA4.2
Page 38 of 116
Description

Performance audit -
Page 39 of 116
Description
Page 40 of 116
Description

Page 41 of 116
Description
Fraud fin rept &
Page 42 of 116
Description
assu. critical 8.05
Page 43 of 116
Description
Page 44 of 116
Description

NSW audit
Page 45 of 116
Description

Page 46 of 116
Description
AUS210.48-
Page 47 of 116
Description
Performance
AUS402AGS10

audit fin 7.09
Page 48 of 116
Description
2005 examples 7.14-17
outcomes. F7.3 7.38
Page 49 of 116
Description
audit prog 8 7.43 AUS806.18/808
inv. impact CS5.5
Page 50 of 116
Description

Page 51 of 116
Description
Page 52 of 116
Description
Enterprise risk mgt
Internal control
AUS202/210.33
Page 53 of 116
Description

Page 54 of 116
Description
framework is appropriate to the need of users B.identified likely user & possibility fin rept will be (identify fin rept is special
Page 55 of 116
Description
GRI 2001-std
AICPA &
Page 56 of 116
Description

TBL Assurance
Page 57 of 116
Description
claim. 50M SA6.1
AICPA &
Jessica 23322774
Page 58 of 116
Related

Page 59 of 116
Related


Assertion present &
Page 60 of 116
Related

GRI 2001-std
Page 61 of 116
Related
phase 9-10 7.45 AUS808.09-15
claim. 50M SA6.1
inv. impact CS5.5
Page 62 of 116
Related
database mgt MC4.05
AUS202/210.33
Page 63 of 116
Related
502) fraud 2.09 6
Page 64 of 116
Related

Page 65 of 116
Related
Page 66 of 116
Related

AUS402AGS10
Page 67 of 116
Related
relaxed 2.96('04)to2.63('05) CS5.7
AUS210/402/40
Page 68 of 116
Related

Effect-quantifiable
Page 69 of 116
Related
Enterprise risk mgt

Page 70 of 116
Related

Fraud fin rept &
Page 71 of 116
Related
Page 72 of 116
Related
Page 73 of 116
Related

Page 74 of 116
Related
Internal control
(node) sys SA4.2

Page 75 of 116
Related
AUS210.48-
Page 76 of 116
Related
Page 77 of 116
Related
Performance audit -
audit fin 7.09
Page 78 of 116
Related
audit prog 8 7.43 AUS806.18/808
2005 examples 7.14-17
Performance
Page 79 of 116
Related
outcomes. F7.3 7.38
AUS512.8/402.
Page 80 of 116
Related
assu. critical 8.05
Page 81 of 116
Related

Page 82 of 116
Related
NSW audit
Page 83 of 116
Related
Page 84 of 116
Related
Page 85 of 116
Related
AICPA &
AICPA &
Page 86 of 116
Related
TBL Assurance
Page 87 of 116
Corp Act Std

Page 88 of 116
Corp Act Std
AICPA &
AICPA &
Page 89 of 116
Corp Act Std

Page 90 of 116
Corp Act Std
AUS202/210.33
Page 91 of 116
Corp Act Std
Fraud fin rept &
Internal control
AUS210.48-
502) fraud 2.09 6
AUS210/402/40
Page 92 of 116
Corp Act Std
AUS402AGS10
Page 93 of 116
Corp Act Std


AUS512.8/402.
Page 94 of 116
Corp Act Std

Page 95 of 116
Corp Act Std
Page 96 of 116
Corp Act Std
audit prog 8 7.43 AUS806.18/808
phase 9-10 7.45 AUS808.09-15
Page 97 of 116
Corp Act Std

Page 98 of 116
Corp Act Std
Enterprise risk mgt
TBL Assurance
Page 99 of 116
Corp Act Std
GRI 2001-std
Page 100 of 116

Corp Act Std


Page 101 of 116

Corp Act Std
Assertion present &
NSW audit
Page 102 of 116

Corp Act Std
Page 103 of 116

Corp Act Std
relaxed 2.96('04)to2.63('05) CS5.7
Page 104 of 116

Corp Act Std

Page 105 of 116

Corp Act Std
Effect-quantifiable
Page 106 of 116

Corp Act Std
database mgt MC4.05
(node) sys SA4.2
Page 107 of 116

Corp Act Std

Performance audit -
Page 108 of 116

Corp Act Std
Page 109 of 116

Corp Act Std
assu. critical 8.05
Page 110 of 116

Corp Act Std
Page 111 of 116

Corp Act Std
Performance
audit fin 7.09
2005 examples 7.14-17
outcomes. F7.3 7.38
Page 112 of 116

Corp Act Std
inv. impact CS5.5
Page 113 of 116

Corp Act Std
Page 114 of 116

Corp Act Std
Page 115 of 116

Corp Act Std
claim. 50M SA6.1
Page 116 of 116

CPA101 - Author: Laikwan

Uploaded by

Copyright:

Available Formats

CPA101 - Author: Laikwan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CPA101 - Author: Laikwan

Uploaded by

Copyright:

Available Formats

Page_

DESCRIPTION Q# M1:1-10, M2:11-22, M3:23-33, M4:34-45, M5:46-59, M6:60-73, M7:74-83,

Threats to independence: 1.self-int threats-auditor could benefit 2.self-review threats-auditor re-

RMM at assertion level consideration: 1.significance of risk 2.likelihood a material misstatement

Fraud involve 1.manipulation, falsification or alteration of alteration of records or documents

Applications control: 1. Data

Maintaining accuracy during processing: 1. Control total 2. Console message-reduce operator

E-commerce control: 1.alignment of e-commerce activities with entity's strategy 2.e-commerce

Transaction integrity controls: 1.validate input 2.prevent duplication or omission 3.agreement of

External confirmations procedures 1.designing external confirmation request 2.performing

Small business internal controls unique characteristics 1.concentration of ownership 2.limited

Performance audit defines-independent exam of efficiency & effectiveness of gov't undertaking,

Internal control guidelines: 1.category of control addressed 2.statement of inherent limitation

DESCRIPTION Q# M1:1-10, M2:11-22, M3:23-33, M4:34-45, M5:46-59, M6:60-73, M7:74-83,

Applications control: 1. Data

E-commerce control: 1.alignment of e-commerce activities with entity's strategy 2.e-commerce

External confirmations procedures 1.designing external confirmation request 2.performing

Internal control guidelines: 1.category of control addressed 2.statement of inherent limitation

IT significant impact of IT on internal control factors 1.breakdown traditional division, ensure

Performance audit defines-independent exam of efficiency & effectiveness of gov't undertaking,

Professional Statement F.1: 1 Independence of mind-individual act integrity 2 Independence in

RMM at assertion level consideration: 1.significance of risk 2.likelihood a material misstatement

Transaction integrity controls: 1.validate input 2.prevent duplication or omission 3.agreement of

DESCRIPTION Q# M1:1-10, M2:11-22, M3:23-33, M4:34-45, M5:46-59, M6:60-73, M7:74-83,

Applications control: 1. Data

RMM at assertion level consideration: 1.significance of risk 2.likelihood a material misstatement

Related services: 1.engagements to perform agreed-upon procedures 2.Compilations of financial

AUS406 & 502 response to

E-commerce control: 1.alignment of e-commerce activities with entity's strategy 2.e-commerce

Transaction integrity controls: 1.validate input 2.prevent duplication or omission 3.agreement of

External confirmations procedures 1.designing external confirmation request 2.performing

Cambridge credit case: 1. Advocacy threat-compromise obj by subordinate judgment to client

Internal control guidelines: 1.category of control addressed 2.statement of inherent limitation

Performance audit defines-independent exam of efficiency & effectiveness of gov't undertaking,

Disagreement with mgt-appropriateness of a/c policies selected, method of application and

DESCRIPTION Q# M1:1-10, M2:11-22, M3:23-33, M4:34-45, M5:46-59, M6:60-73, M7:74-83,

Transaction integrity controls: 1.validate input 2.prevent duplication or omission 3.agreement of

RMM at assertion level consideration: 1.significance of risk 2.likelihood a material misstatement

External confirmations procedures 1.designing external confirmation request 2.performing

Sampling techniques in substantive procedure dividing population into discrete sub-populations

Internal control guidelines: 1.category of control addressed 2.statement of inherent limitation

Page 100 of 116

Disclosure cover: 1.sources of uncertainty 2. Assumption uncertainties 3.factors affect

Performance audit defines-independent exam of efficiency & effectiveness of gov't undertaking,

Page 101 of 116

Page 102 of 116

Page 103 of 116

Page 104 of 116

Applications control: 1. Data

Page 105 of 116

Page 106 of 116

Page 107 of 116

E-commerce control: 1.alignment of e-commerce activities with entity's strategy 2.e-commerce

Page 108 of 116

Page 109 of 116

Page 110 of 116

Page 111 of 116

Page 112 of 116

Page 113 of 116

Page 114 of 116