Procedures designed to restrict access to on-line terminal devices, programs and data. It consist of of 'user authentication' and 'user authorization.User authentication typically attempts to identify a user through unique logon identifications, passwords, access cards or biometric data. �User authorization� consists of access rules to determine the computer resources each user may access. Specifically, such procedures are designed to prevent or detect:
(a) Unauthorized access to on-line terminal devices, programs and data
(b) Entry of unauthorized transactions
an approximation of the amount of an item in the absence of a precise means of measurement.
is the series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events.
Agreed-upon procedures engagement
an auditor is engaged to carry out those procedures of an audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings. The recipients of the report must form their own conclusions from the report by the auditor. The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the reasons for the procedures may misinterpret the results.
consist of the analysis of significant ratios and trends including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate from predictable amounts.
An entity ordinarily issues on an annual basis a document which includes its financial statements together with the audit report thereon. This document is frequently referred to as the ___________
Application controls in computer information systems
The specific controls over the relevant accounting applications maintained by the computer. The purpose of this is to establish specific control procedures over the accounting applications in order to provide reasonable assurance that all transactions are authorized and recorded, and are processed completely, accurately and on a timely basis.
the measure of the quality of audit evidence and its relevance to a particular assertion and its reliability.
are representations by management, explicit or otherwise, that are embodied in the financial statements
are personnel involved in an individual audit other than the auditor.
consists of being present during all or part of a process being performed by others
is the information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. It will comprise source documents and accounting records underlying the financial statements and corroborating information from other sources.
is either a firm or entity providing audit services, including where appropriate its partners, or a sole practitioner.
sets out the nature, timing and extent of planned audit procedures required to implement the overall audit plan. This serves as a set of instructions to assistants involved in the audit and as a means to control the proper execution of the work.
is the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. It has three components: inherent risk, control risk and detection risk.
is the risk that a misstatement that could occur in an account balance or class of transactions and that could be material, individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems.
is the risk that an auditor�s substantive procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes.
is the susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatements in other balances of classes, assuming that there were no related internal controls.
involves the application of audit procedures to less than 100% of items within an account balance or class of transactions such that all sampling units have a chance of selection. This will enable the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion concerning the population from which the sample is drawn. This can use either a statistical or a non-statistical approach.
means an error that arises from an isolated event that has not recurred other than on specifically identifiable occasions and is therefore not representative of errors in the population.
error that the auditor expects to be present in the population.
arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, most audit evidence is persuasive rather than conclusive, the auditor might use inappropriate procedures, or the auditor might misinterpret evidence and fail to recognize an error.
means the entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions. This may be divided into strata, or sub-populations, with each stratum being examined separately. The term is used to include the term stratum.
arises from the possibility that the auditor's conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure.
means the individual items constituting a population, for example checks listed on deposit slips, credit entries on bank statements, sales invoices or debtors' balances, or a monetary unit.
means any approach to sampling that has the following characteristics:
(a) Random selection of a sample and
(b) Use of probability theory to evaluate sample results, including measurementof sampling risk.
A sampling approach that does not have characteristics (a) and (b) is considered non-statistical sampling.
is the process of dividing a population into subpopulations, each of which is a group of sampling units which have similar characteristics (often monetary value).
means the maximum error in a population that the auditor is willing to accept.
is the auditor who audited and reported on the prior period's financial statements and continues as the auditor for the current period.
External auditorWhere appropriate the terms external auditor and external audit are used to distinguish the external auditor from an internal auditor and to distinguish the external audit from the activities of internal auditing.
is a current period's auditor who did not audit the prior period's financial statements.
an auditor, other than the principal auditor, with responsibility for reporting on the financial information of a component which is included in the financial statements audited by the principal auditor. They include affiliated firms, whether using the same name or not, and correspondents, as well as unrelated auditors.
includes all partners and professional staff engaged in the audit practice of the firm.
The auditor who was previously the auditor of an entity and who has been replaced by an incoming auditor.
is the auditor with responsibility for reporting on the financial statements of an entity when those financial statements include financial information of one or more components audited by another auditor.
in this engagement the accountant is engaged to use accounting expertise as opposed to auditing expertise to collect, classify and summarize financial information.
is a division, branch, subsidiary, joint venture, associated company or other entity whose financial information is included in financial statements audited by the principal auditor.
Comprehensive basis of accounting
comprises a set of criteria used in preparing financial statements which applies to all material items and which has substantial support.
consists of checking the arithmetical accuracy of source documents and accounting records or of performing independent calculations.
Computer-assisted audit techniques
Applications of auditing procedures using the computer as an audit tool are known as
Computer information systems
exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether that computer is operated by the entity or by a third party.
comprises the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance in the entity.
are those policies and procedures in addition to the control environment which management has established to achieve the entity�s specific objectives.
A collection of data that is shared and used by a number of different users for different purposes.
is the material (working papers) prepared by and for, or obtained and retained by the auditor in connection with the performance of the audit.
Electronic Data Interchange (EDI)
The electronic transmission of documents between organizations in a machine-readable form.
The process of transforming programs and information into a form that cannot be understood without access to specific decoding algorithms (cryptographic keys). For example, the confidential personal data in a payroll system may be encrypted against unauthorized disclosure or modification. It can provide an effective control for protecting confidential or sensitive programs and information from unauthorized access or modification. However, effective security depends upon proper controls over access to the cryptographic keys.
documents and confirms the auditor's acceptance of the appointment, the objective and scope of the audit, the extent of the auditor's responsibilities to the client and the form of any reports.
are defined as:
(a) Initiatives to prevent, abate, or remedy damage to the environment, or to deal with conservation of renewable and non-renewable resources (such initiatives may be required by environmental laws and regulations or by contract, or they may be undertaken voluntarily)
(b) Consequences of violating environmental laws and regulations
(c) Consequences of environmental damage done to others or to natural resources and
(d) Consequences of vicarious liability imposed by law (for example, liability for damages caused by previous owners).
Environmental performance report
is a report, separate from the financial statements, in which an entity provides third parties with qualitative information on the entity's commitments towards the environmental aspects of the business, its policies and targets in that field, its achievement in managing the relationship between its business processes and environmental risk, and quantitative information on its environmental performance.
In certain circumstances, factors relevant to the assessment of inherent risk for the development of the overall audit plan may include the risk of material misstatement of the financial statements due to environmental matters.
is an unintentional mistake in financial statements.
is a person or firm possessing special skill, knowledge and experience in a particular field other than accounting and auditing.
is the process of obtaining and evaluating audit evidence through a direct communication from a third party in response to a request for information about a particular item affecting assertions made by management in the financial statements.
A combination of hardware and software that protects a WAN, LAN or PC from unauthorized access through the Internet and from the introduction of unauthorized or harmful software, data or other material in electronic form.
is prospective financial information prepared on the basis of assumptions as to future events which management expects to take place and the actions management expects to take as of the date the information is prepared (best-estimate assumptions).
refers to an intentional act by one or more individuals among management, employees, or third parties, which results in a misrepresentation of financial statements.
General controls in computer information systems
The establishment of a framework of overall control over the computer information systems activities to provide a reasonable level of assurance that the overall objectives of internal control are achieved.
describes the role of persons entrusted with the supervision, control and direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its objectives, financial reporting, and reporting to interested parties. Those charged with governance include management only when it performs such functions.
Government business enterprises
are businesses which operate within the public sector ordinarily to meet a political or social interest objective. They are ordinarily required to operate commercially, that is, to make profits or to recoup, through user charges a substantial proportion of their operating costs.
consists of seeking information of knowledgeable persons inside or outside the entity.
consists of examining records, documents, or tangible assets.
is an appraisal activity established within an entity as a service to the entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of the accounting and internal control systems.
Internal control system
consists of all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management�s objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.
The policies and procedures that the entity implements and the IT infrastructure (hardware, operating systems, etc) and application software that it uses to support business operations and achieve business strategies.
Limitation on scope
A limitation on the scope of the auditor�s work may sometimes be imposed by the entity (for example, when the terms of the engagement specify that the auditor will not carry out an audit procedure that the auditor believes is necessary). A scope limitation may be imposed by circumstances (for example, when the timing of the auditor's appointment is such that the auditor is unable to observe the counting of physical inventories). It may also arise when, in the opinion of the auditor, the entity's accounting records are inadequate or when the auditor is unable to carry out an audit procedure believed desirable.
Local Area Network (LAN)
A communications network that serves users within a confined geographical area. These were developed to facilitate the exchange and sharing of resources within an organization, including data, software, storage, printers and telecommunications equipment. They allow for decentralized computing. The basic components of this network are transmission media and software, user terminals and shared peripherals.
comprises officers and others who also perform senior managerial functions. Management includes directors and the audit committee only in those instances when they perform such functions.
Representations made by management to the auditor during the course of an audit, either unsolicited or in response to specific inquiries.
exists when other information contradicts information contained in the audited financial statements. This may raise doubt about the audit conclusions drawn from audit evidence previously obtained and, possibly, about the basis for the auditor�s opinion on the financial statements.
Material misstatement of fact
exists when such information, not related to matters appearing in the audited financial statements, is incorrectly stated or presented.
The weaknesses in internal control that could have a material effect on the financial statements.
A mistake in financial information which would arise from errors and fraud.
Modified auditor's report
An auditor's report is considered to be modified if either an emphasis of matter paragraph(s) is added to the report or if the opinion is other than unqualified:
Emphasis of matter paragraph(s)
An auditor's report may be modified by adding an emphasis of matter paragraph(s) to highlight a matter affecting the financial statements which is included in a note to the financial statements that more extensively discusses the matter. The addition of such an emphasis of matter paragraph(s) does not affect the auditor's opinion. The auditor may also modify the auditor's report by using an emphasis of matter paragraph(s) to report matters other than those affecting the financial statements.
is expressed when the auditor concludes that an unqualified opinion cannot be expressed but that the effect of any disagreement with management, or limitation on scope is not so material and pervasive as to require an adverse opinion or a disclaimer of opinion.
Disclaimer of opinion
is expressed when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and accordingly is unable to express an opinion on the financial statements.
is expressed when the effect of a disagreement is so material and pervasive to the financial statements that the auditor concludes that a qualification of the report is not adequate to disclose the misleading or incomplete nature of the financial statements.
is used to refer to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations.
consists of looking at a process or procedure being performed by others, for example, the observation by the auditor of the counting of inventories by the entity�s personnel or the performance of internal control procedures that leave no audit trail.
are those account balances which exist at the beginning of the period. Opening balances are based upon the closing balances of the prior period and reflect the effects of transactions of prior periods and accounting policies applied in the prior period.
PCs or personal computers (also referred to as microcomputers)
Economical yet powerful self-contained general purpose computers consisting typically of a monitor (visual display unit), a case containing the computer electronics and a keyboard (and mouse). These features may be combined in portable computers [laptops]. Programs and data may be stored internally on a hard disk or on removable storage media such as CDs or floppy disks. PCs may be connected to on-line networks, printers and other devices such as scanners and modems.
involves developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit.
Procedures designed to prevent or detect improper changes to computer programs that are accessed through on-line terminal devices. Access may be restricted by controls such as the use of separate operational and program development libraries and the use of specialized program library software. It is important for on-line changes to programs to be adequately documented, controlled and monitored.
is prospective financial information prepared on the basis of: (a) Hypothetical assumptions about future events and management actions which
are not necessarily expected to take place, such as when some entities are in a start-up phase or are considering a major change in the nature of operations or(b) A mixture of best-estimate and hypothetical assumptions.
Prospective financial information
is financial information based on assumptions about events that may occur in the future and possible actions by an entity. This can be in the form of a forecast, a projection or a combination of both
refers to national governments, regional (for example, provincial, territorial) governments, local (for example, city, town) governments and related governmental entities (for example, agencies, boards, commissions and enterprises).
The policies and procedures adopted by a firm to provide reasonable assurance that all audits done by the firm are being carried out in accordance with the Objective and General Principles Governing an Audit of Financial Statements, as set out in Philippine Standard on Auditing 220
Related party transaction
A transfer of resources or obligations between related parties, regardless of whether a price is charged.
comprise reviews, agreed-upon procedures and compilations.
Scope of an Audit
refers to the audit procedures deemed necessary in the circumstances to achieve the objective of the audit.
Scope of a Review
refers to the review procedures deemed necessary in the circumstances to achieve the objective of the review.
Information in the financial statements regarding distinguishable components or industry and geographical aspects of an entity.
are tests performed to obtain audit evidence to detect material misstatements in the financial statements, and are of two types:
(a) Tests of details of transactions and balances
(b) Analytical procedures.
is the measure of the quantity of audit evidence.
Supreme Audit Institution
The public body of a State which, however designated, constituted or organized, exercises by virtue of law, the highest public auditing function of that State.
Tests of control
are performed to obtain audit evidence about the effectiveness of the:
(a) Design of the accounting and internal control systems, that is, whether they are suitably designed to prevent or detect and correct material misstatements and
(b) Operation of the internal controls throughout the period.
Transaction logs�Reports that are designed to create an audit trail for each on-line transaction. Such reports often document the source of a transaction (terminal, time and user) as well as the transaction�s details.
is a matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the financial statements.
involves tracing a few transactions through the accounting system.
Wide area network (WAN)
A communications network that transmits information across an expanded area such as between plant sites, cities and nations. They allow for on-line access to applications from remote terminals.