Joselito B. Mutia, Ph.D.

IT
(1947) Formulated by the American Institute
of Certified Public Accountants (AICPA)

oThree Categories
oGeneral Standards
oField Work Standards
oReporting Standards
oGeneral Standards

relates to professional and
technical competence,
independence, and professional
due care.
oField Work Standards

relates to the planning of an
audit, evaluation of internal
control, and obtaining sufficient
evidential matter upon which an
opinion is based.
oReporting Standards

relates to the compliance of all
auditing standards and adequacy
of disclosure of opinion in the
audit reports. If an opinion cannot
be reached, the auditor is
required to explicitly state their
assertions.

o

othe risk of reaching an
incorrect conclusion based on
the audit findings
(too high or too low risk)
o
1. Obtain an Understanding of the
Organization and its Environment
2. Identify Risks that May Result in
Material Misstatements
3. Evaluate the Organizations
Response to those Risks
4. Assess the Risk of Material
Misstatement
o Obtain an Understanding of the
Organization and its Environment

oauditors understanding should
include information on the nature of
the entity, management, governance,
objectives and strategies, and
business processes.
o Identify Risks that May Result in
Material Misstatements

oEvaluate an organizations business
risks (threats to the organizations
ability to achieve its objectives).
Business risks can arise due to new
personnel, new or restructured
information systems, corporate
restructuring, and rapid growth.
o Evaluate the Organizations
Response to those Risks

oAuditor evaluates the organizations
response to the assessed risks, then
obtain evidence of managements
actions toward those risks. The
response (or lack thereof) to any
business risks will impact the
auditors assessed level of audit risk.
o Assess the Risk of Material
Misstatement

oBased on the knowledge obtained in
evaluating the organizations
responses to business risks, the
auditor then assesses the risk of
material misstatements and
determines specific audit procedures
that are necessary based on that risk
assessment.
1. Establish the Terms of the
Engagement
oAllows the auditor to set the scope
and objectives of the relationship
between the auditor and the
organization. Responsibility(scope,
independence, deliverables),
Authority(right of access to
information), and Accountability
(auditees rights, agreed completion
date)
2. Preliminary Review

o Identify an organizations strategy
and responsibilities for managing and
controlling computer applications.
oObtaining general data about the
company, identifying financial
application areas, and preparing an
audit plan can achieve this.
3. Establish Materiality and Assess
Risks

oa preliminary judgment about materiality
and assessment of the clients business
risks are made to set the scope of the
audit.
3. Plan the Audit

oWill ensure the audit is conducted in an
effective and efficient manner.
o Auditor should take into consideration
the results of their understanding of the
organization and the results of the risk
assessment process.
4. Consider Internal Control

o auditor should consider information
from previous audits, the assessment of
inherent risk, judgments about
materiality, and the complexity of the
organizations operations and systems.
5. Perform Audit Procedures

o Audit procedures are developed based
on the auditors understanding of the
organization and its environment.
oA substantive audit approach is used
when auditing an organizations
information system.
6. Issues the Audit Report

o Once audit procedures have been
performed and results have been
evaluated, the auditor will issue either an
unqualified or qualified audit report
based on their findings.
This will be the next topic


Thank you