p



 


p
p   
p
p  

# p
$ p
   

c
Àc p   is concerned in dealing with financial Àc î± Evaluating the acceptance of a new
c
transactions and events so as to produce information client ; assessing whether the client is likely to be
that is useful for decision making. ethical, assessing independence, and drafting up
Àc p c
 is concerned with verifying the credibility the audit agreement. c
and reliability of the information produced by Àc 
 
±Understand both the
c
accounting. industry and business environment, its policies,
and so on.
c
#%
p
$ Àc p    
± identify the areas
that are most risky and thus, material. Conducting
c
Àc The corporation structure that is founded on the tests of controls.

 
 
c  !

. Managers are the stewards Àc 0


± details the scope and timing
of the shareholders¶ resources, which is the absentee of the audit. Involves selection of appropriate audit
owner.
c procedures.
Àc p    
      Àc G
  


 
 
leads
c to the need for shareholders to protect themselves Àc î 
 


from managers¶ misconduct. Àc  


Àc c  

prescribe proper guidelines for
p  ác  
 
auditor
managers to follow. offers reasonable assurance that there are
Àc p c
 verify that managers have been following the no material misstatements, in accordance
proper guidelines. to the standards. The financial statements
Àc c 


 
 
 
&  
p present a true and fair view. 
    ác Œ 
auditor has a scope limitation
c or a disagreement, but generally the
' 
p
( 
  financial statements present a true and
c
fair view. 
Àc p
 )  ± There is always a risk that an audit will
ác 0 puditor fails to offer an
c to detect misstatements or fraud in the financial
fail
opinion because of material scope
statements. puditors seek to provide  &
limitations. 
 c  , as opposed to absolute assurance. Only
ác p
 puditor¶s disagreement with
reasonable assurance can be provided due to
c the company¶s accounting policies are
constraints. Thus, auditors always use a risk-based
material, in such a way that the financial
approach to auditing. They identify the most risk-prone
c and then focus their investigation on those areas. statements do not present a true and fair
areas
view. 
c
Àc D± pn item is said to be material if it affects 
the decision making process. puditors focus on the
c  !
 

"
material areas of the financial statements. What is
considered material is up to the professional judgement
c Àc pccounting skills
of the auditor. In a small business, having 10 errors
might be considered a material event, but in a huge Àc puditing skills
c
public company, it might be considered inmaterial.  Àc èegal knowledge
 c Àc Creativity in obtaining evidence
Àc p
 î
  ± puditing is all about collecting and Àc ºtrong, rigorous logic ± revise critical thinking please. 
analyzing
c evidence  evidence that verifies financial

records. pgain, it is not possible to collect every single
bitc of evidence. puditors use the risk-based approach

when auditing. puditors investigate ending balances,
c
transactions and internal controls.  
c c

c
c
c
å'  p
î å'  p
î
puditors have to operate within the boundary of relevant  

&
&   

ccounting standards. Understanding the financial reporting 
environment is vital for an auditor. c ' 

c åc +



p
 


 ,c (
 

c -c '
 

Àc IFpC - The International Federation of pccountants 5.c   



 ± In Malaysia, auditors are
aims to develop the accounting profession across a
wide range of areas. Ippº - The International
puditing and pssurance ºtandards oard is a
committee of the IFpC. It issues auditing standards
c only required (in a financial statement audit btw) to assess
whether the entity¶s ºtatement on Internal Control is in line
c with the actual system, unlike auditors in the Uº where they
must evaluate the system¶s effectiveness (under º-Oxley)
and practices for auditors. However, these standards 6.c p
  

- puditors help to provide
c assurance on the preparation, supporting evidence and
are more towards providing guidance rather than
mandating the law. presentation of these financial forecasts. They however do
c not assure that the financial projections will be realised.
Àc In pmerica, the pICPp sets the auditing standards
through ºpº (ºtatement on puditing ºtandards). They 7.c )
 



 - assessing risk management system of
are mostly similar to Iºp standards. c the entity as well as IT computer systems.
 .c /
 

î 


 
&

 c 0c D


 

 10.c (

 
± merely compiling data provided by
Àc Price competition among public accounting firms c client into financial statements. No assurance provided.
While not illegal in a sense to compile and audit the same
Àc Clients' opinion shopping
client, the auditor might be perceived to be less independent
Àc Clients threatening to change auditors c and less objective. Normally occurs for small private
companies.
p


p
 

D  c 11.c ü

 ± normally the accounting firm that does the
 bookkeeping won¶t be allowed to do the auditing.
Àc MIp - The Malaysian Institute of pccountants is a c
committee member of the IFpC. esides representing
and regulating the accounting profession in Malaysia, it
has the role of helping the IFpC to develop local c Gp 

p
 


1Gpp 2developed
by pICPp.
auditing standards for the country.
Àc In Malaysia, the approved auditing standards are c
Àc G 



Àc IFpC's Iºp (International ºtandards on puditing) that 
have been approved by MIp, and c ác puditor must have technical training and
Àc Malaysian ºtandards on puditing (Mºp) issued by the proficiency. 
MIp. ºo far, no Mºp has been issued by the MIp, but c ác puditor must maintain independence ±
it has issued Recommended Practice Guidelines, which without bias, obligation to management, 3 rd
serve as guidelines rather than law. c parties and the public. 
 ác puditor must use due professional care in
p
*
)


& 

preparing the report ± critical review,
c
professionalism on par with other auditors &
Àc puditors are not responsible for the content of the professional skepticism. 
financial statements. They merely express an opinion. c

ecause of the risk-based approach, the opinion is not Àc 


'
#
perfect. It is management that are primarily responsible c 
for the financial statements. If an auditors detect fraud ác puditor must plan the audit well and supervise
or errors, they should report it to management. It c assistants 
should be noted that they are not primarily responsible ác puditor must understand the entity¶s
for detecting fraud. puditors are also not primarily c environment 
responsible for detecting non-compliance of the client ác puditor must obtain sufficient evidence 
with laws and regulations (for example, environmental 
c
laws). Àc 


)

c 
% 
 !!

 
#
 
 ác puditor must state in the report whether or not


$
 c
Àc Consider if it affects the financial stmt disclosures. 
Àc Inform top management, even if the auditor believes
that the non-compliance was intentional.
Àc Iºp 250 ± If the non-compliance has a material effect
on the financial statements and management refuses to
take remedies, the auditor should issue a qualified or
adverse opinion.
c
Àc ºection 174(8) of the Companies pct 1965 ± non
c
compliance of any pcts should be reported to the CCM
and the ºC (if it¶s a public company).
the records follow GppP.
ác puditor must identify circumstances in which
GppP has not been followed with
c consistency
ác puditor must state that disclosures are
c inadequate, if that is the case with the
financial statements.
ác puditor must either express or do not express
an opinion. If an opinion cannot be expressed,
reasons must be given. puditors must state the
scope and work done under the audit.
 ,)
p



D ,)
p



D


 3! 
 



pfter accepting the engagement and understanding the entity¶s c 1.c First of all, the auditor should decide what is the audit
environment, the auditor¶s next step is to assess the level of risk, risks level that he/she can tolerate. p normal level of
in which he/she identifies the areas that are considered material. c acceptable risk is 5%. Factors in deciding the level or
p
)
D
 audit risk includes reliance of external users on the
c financial statements, the likelihood that the client will

ppR = IR x CR x DR go bankrupt, and management integrity / ethical issues.
c 2.c The next step is to then determine the level of inherent
risk. puditors cannot change inherent risk, but merely
pcceptable audit risk = inherent risk x control risk x detection c
consider it. Factors include the client¶s environment,
risk.
results of previous audits, the presence of related
c
pp) = The risk that the auditor will issue an unqualified parties, etc.
opinion when material misstatements actually exist in the c 3.c pt this point, some auditors may assess fraud risk as
financial statements. ppR is also known as engagement risk. well, which is generally distinguished from IR, CR,
c and DR.
p





 4.c The next step is to then determine the control risk. If
c internal controls are effective, the control risk will be
Planned audit risk
set at a low level, vice-versa. If the auditor sets control
Àc The degree to which stakeholders are relying on the c risk at a low level (meaning IC is considered to
financial statements effective), the auditor must perform tests of control to
Àc èevel of materiality c justify that expectation first.
5.c Determine DR level using the formula above. If the DR
pchieved or actual audit risk c level is high, it means that the auditor can tolerate the
risk of failing to detect material misstatements, since
Àc Prudent acceptance of clients c inherent risk may be low and/or control risk is low. If
Àc Understanding the entity¶s environment
DR level is low, it means that the auditor cannot
Àc Designing an appropriate audit plan and procedures to c
cover the material areas of the client. tolerate failing to detect material misstatements, and
must compensate by conducting more extensive
c substantive procedures.
) = pll other things being equal, the risk that an assertion will
contain material misstatement due to the very nature of the c
business or assertion itself. For example, a business that carries )

&!



inventory prone to obsoletion is prone to inventory being c
overstated. There is an inverse relationship between audit risk and
c materiality. If materiality increases, it means that the auditor
p




 must be more careful in simply issuing an unqualified opinion.
 c pudit risk is reduced.
Àc Complexity of the assertion as to whether it is an estimate
or a concrete assertion. For example, accounts receivable
might contain more inherent risk than cash because bad c
debts is a matter of estimation.
Àc The very nature of the business itself.
Àc Past history or ethical issues concerning the client
Àc Risk awareness of client.
() = The risk that the internal controls of the entity will fail to
detect and correct material misstatements.
0) = The risk that the auditor will fail to detect material
misstatements through his/her audit procedures.
c
c
c D
c pn item is considered material if its non-disclosure could affect
the decisions of the users of financial statements.
c When designing the audit plan, the auditor should establish an
acceptable materiality level, so as to detect quantitatively
c
material misstatements. This will allow for a better audit plan,
as well as provide a basis for comparison when actual audit
c
procedures are carried out.
c
 -p
î
 
p
 






Financial statements represent management assertions. Thus, c

audit evidence is collected through audit procedures to express
an opinion on the financial statements. c
puditors generally divide the financial statements into account c
balances, business processes or transaction cycles.
c
Dp  '    



,  "
c
Transactions
c
Àc Transactions have indeed occurred, are valid and
authorised, pertaining to the entity. c
Àc pll transactions have been recorded (complete
recording) c
Àc pll transaction values are accurate.
Àc Transactions have been properly classified. c

p  &   c

Àc The assets, liabilities and equities indeed exist in c
reality.
Àc The assets are owned by the entity, and the liabilities c
are the obligations of the entity.
Àc pll assets, liabilities and equities have been recorded c
(complete)
Àc The assets, liabilities and equities are accurately and
c
properly valuated.

 
   c

Àc Disclosed events have indeed occurred and pertain to c
the entity.
Àc pll required disclosures have been disclosed. c
Àc Information is properly disclosed and explained.
Àc Information that is disclosed is accurately valuated. c

c
G( Dp  
c
1.c Malidity / Occurrence
2.c Completeness
c
3.c pccuracy / valuation
4.c Classification c
5.c Rights / obligations
6.c puthorization c
7.c Cut-off
. c
pdditional note: usiness risk is the risk that the client will fail c
to achieve its objectives regarding efficiency and effectiveness
of its business operations. c

c
c
 -p
î
 
p
 
  -p
î
 
p
 
 
( 
 p
î
 
! 
   

Àc % 

 ±includes accounting records c 1.c      ± has 2 purposes. Tests of controls are
(journal entries, source documents, ledgers), work done to initially support control risk assessment levels.
sheets that support valuations and calculations, c They are also conducted again if the auditor is relying on
confirmations /checks with third parties, interviews, internal controls, or if he decides that substantive evidence
analyst reports, interviews, minutes of meetings, c is not sufficient.
internal control procedures, inspection, observation,
recalculations, past audit evidence, and so on. c 2.c & 
 
 ± Procedures taken to detect
material misstatements in management assertions either in
   
       & 
Àc p




  c 


 


 


. Considered to be the
ác Relevance ± Collected evidence must relate to most detailed and assuring tests.
the tested assertion.  c
ác Reliability ± Independence, internal control 3.c 0 


 

 ± The auditor performs both tests of
effectiveness, direct observation or inspection, c controls and substantive procedures on a single item.
documentary as opposed to oral evidence, and
original documents.  c 4.c p 
 

± a comparison between financial
statement data and expectations formed by the auditor. It
 can also involve the use of industry data or previous
c historical data. Formal Definition - valuation of financial
Àc    higher risk and low quality of
evidence requires more evidence to be collected.
ác puditor relies on persuasive (reasonable)
rather than conclusive (absolute) evidence.
Àc î ± thorough and unbiased. 
information made by a study of plausible relationships
c among both financial and nonfinancial data¶. The puditing
ºtandards oard through its ºpº has mandated the use of
c analytical procedures. pctually, analytical procedures are
generally categorized as a form of substantive procedures
c as well. It is considered to be more efficient than tests of
details. pnalytical procedures are also conducted at the
p
0  beginning stage of an audit to get a feel. They help to assess

c
going concern as well.
Àc  

 
  ± support for the audit
opinion and to systematically conduct the audit c
process.
Àc p

   

how the audit was c
THE pUDIT UCKET
performed, what evidence was collected, and the
conclusions. c
Àc p
 

 

 
 

 
. Permanent files include corporate c
charter, chart of accounts, internal control policies, and 
so on. Current files include current financial c 
statements, trial balance, working papers, and so on. c
Àc pudit documents are required to be retained for 7 years 
cccc
after the audit has been completed.
c 

pudit procedures serve to assess risk of material misstatement, c 

internal control effectiveness, and collect substantive evidence 
c
 c
c 

 

 
 "
c  c
c

c
1.c Inspect documents

2.c Examination ± physically examine assets c
3.c Observation ± personal observation of procedures
cc

4.c Inquiry ± oral or written info obtained by asking the c
client.

5.c Confirmation ± oral or written information by asking a c
3rd party.
p
 "
6.c ºcanning -
7.c Recomputation ± Recompute amounts and compare to c
client¶s. c )    
8.c Re-performance ± Reperform procedures and compare c åc &      &  

to client¶s.
 
 
9.c pnalytical procedures ± explained on the right side.
10.c Mouching ± tracing a transaction to its relevant
c
document evidence.
c
 †p
0  †p
0 

" p
0 1!

 2

Àc Required by Iºp 300. c Àc Purpose: To plan and conduct the audit in a systematic
Àc Good planning is necessary to perform an effective audit, way, to prove that the audit was properly conducted in
saves costs, and avoid misunderstanding with the client. c accordance with Gppº, and also acts as a written
record of all audit evidence that will help the auditor in

   c forming the audit opinion.
 Àc pudit documentation is the property of the auditor.
Àc ( 
  c Clients have no right to those documents unless
ác e wary of accepting clients with ethical issues or required by court.
with bankrupt potential. c Àc pudit documentation must be protected ± because it
ác e wary of accepting clients that are in high risk would contain confidential and trade-related
c
areas ± insurance, for example. information.
ác The auditor must be capable of accepting an Àc Permanent documentation ± generally includes general
c
engagement. business information about the client and historical
ác Consultation with the former auditor of a client is audit documentation.
c
mandated by MIp by-laws. Àc Current documentation ± audit programme, working
c trial balance, adjusting and reclassification entries, and
Àc î &   ± supporting schedules
ác ºerves to reduce the expectation gap between the c
auditor and client.
c The terms of engagement prescribes the type,
ác
scope and timing of the engagement.
c The main contents include the objectives of the
ác
audit, the auditor¶s responsibilities, management
c responsibilities, and limitations.
ác The engagement letter is a contract. It can also
c contain arrangements on the use of specialists and
other value-added services, and lastly, the audit
fee. c
ác It should also contain other agreements like the use
of an expert. c

Àc 
 


c
ác With globalization and technological advances,
c
business has become extremely complex. puditors
must understand the entity in order to assess risks
c
and areas of material concern, and thus develop an
appropriate audit plan to address those concerns. 
c
ác Tour the offices, initial interviews, company
articles of incorporation, organization chart, c
management philosophy, remuneration methods. 
ác p  &    ± helps in assessing potential c
areas of material misstatements. 
c
Àc   
 
  ± compare financial
data using industry information, historical data and c
auditor¶s expectations.
c

c
c
ù(p  ()  ù(p  (
) 
0     Internal control is broadly
defined as a process, effected by an entity's board of directors,c Iºp requires auditor to inform management whenever material
management, and other personnel, designed to provide weaknesses are found in internal controls. This is often done
reasonable assurance regarding the achievement of objectives inc through a 






the following categories:
c
a) Effectiveness and efficiency of operations;
b) Reliability of financial reporting; and c
c) Compliance with laws and regulations.
c
Note: Internal control can help to decrease the expectation gap.
c
p good internal control system means higher assurance on the
c
part of the auditor. The internal control can affect the overall
audit strategy.
c

(+ +
    

 " c

1.c 
 


-sets the tone for the organization,c
influencing the control consciousness of its people. It is
cthe foundation for all other components of internal
control.
c
åc r 


 - the identification and analysis of
crelevant risks to the achievement of objectives, forming
a basis for !    
&

c
3.c @
  
 
  

-systems or processes
cthat support the identification, capture, and exchange of
information in a form and time frame that enable
cpeople to carry out their responsibilities

-c c
  

 - the policies and procedures that
help  
   
 
c
5.c D
 
-processes used to assess the quality of
internal control performance over time.
c
p
) D

c
Àc p)4)/()/0) c

p     c


c
1.c If internal control is set at a low risk level, the auditor
must conduct tests of controls to satisfy himself thatc
controls are indeed reliable.
2.c In contrast, tests of controls are rarely performed onc
controls that are assessed to be weak.
3.c Once internal controls are tested, we obtain what isc
called 

 

  
   This value is
plugged in to the audit risk model. c
4.c Internal control can be assessed through observation,
interviews, questionnaire, reviewing internal control
methods
c and flowcharts, and so on.
c

 ù'
1 på-52 ùp 
 
 

Fraud ± pn intentional act by employees or management to gain
an unfair or illegal advantage by deceiving and cheating.
There are 2 types of fraud ± misappropriation of assets and
fraudulent financial reporting.
0 - Evaluation of financial information made by a
study of plausible relationships among both financial and
c nonfinancial data.
c 

 
 

"

Error ± Unintentional mistake. c Àc  

 
 helps the auditor
to understand the client¶s environment and design the
c audit procedures (mandatory). 
Management has the primary responsibility for detecting and
&  
 
 used to obtain
preventing fraud, through a strong internal control environment. c
Àc
substantive evidence about particular assertions
c
Àc ' 
 
 overall review of
p
6 
 &
 c financial statements (mandatory). 

Àc Detection of fraud is not the auditor¶s primary c Preliminary and final analytical procedures are mandated by
responsibility. Instead, he only obtains reasonable auditing standards.
assurance that the financial statements are free from c
material misstatements that may result from errors or fraud.
Àc However, Iºp 240 does require the auditor to maintain an c
attitude of professional skepticism that misstatements may
occur due to fraud. Controls may be overridden by c

management. The auditor has to maintain an ongoing frame
of mind that fraud is possible, even when past history of the c
client is clean.
Àc p discussion with the engagement team might be necessary c
to assess whether and where fraud may have taken place.
c
Àc The auditor has to inquire of management whether they
know of any fraud cases.
c
Àc Fraud risk factors ± When the auditor is assessing internal
controls, he should also assess whether risks for fraud exist. c
Àc If the auditor is aware that fraud might exists, substantive
testing have to be modified to account for that possibility. c

(  
 c

Àc When the auditor discovers fraud or the possiblity of fraud, c

it should be communicated as soon as possible to the
appropriate level of management or governance.  c
Àc plways consider legal implications when deciding whether
or not to report fraud. If fraud is discovered in a publicly c
listed company, the ºC requires it to be reported. 
c

c
c
 p
)    p
     


 


 
c
puditors generally divide a firm into several transaction cycles 
to trace an activity to the final financial standards. We must
c
understand revenue recognition, the revenue process,
assessment of risk and finally conducting audit tests. c
) 0 c

Àc Revenue ± Income from ordinary course of business. c

Àc Gross inflow of economic benefits, in which these
inflows result in increased equity (excluding equityc
contributions from shareholders).
Àc Revenue should be measured at fair value. c

) )  c

Àc Revenue is only recognized when: c

ác It is probable that future economic benefits
will flow to the entity (when the earnings
c
process is
c
ác These benefits can be measured reliably.
Àc c Revenue must be realised and earned.

+!
c 
  

Àc c ºale of goods / services
Àc Receipt of cash 
Àc Return of goods 
c


c

c

c c

c
c
 
   
    
     
   

   

c º
t
ti 
l ti l    l tt

i l
t 
  itl t li  tt 
c 

c

c

c 

c 
 

c M t
ttit it illj t 
ttitt
t   it it t  
  l  t
li 
 itt 
c i l   t  it  it l  itl  t l;

 
ttitti lt
i

iit 
c


c

c

c 

c

c
c
 0p
70& 
 6
î
c 
  p   

c 

Àc Understand
c the entity
Àc pssess risks ± ppR = IR x CR x DR
c
Àc Conduct tests of controls
Àc Develop audit plan
Àc Conduct substantive audit procedures ± analytical
procedures and substantive audit tests.

ºubstantive audit procedures are mostly used instead of tests of

controls to audit this cycle.

   
 
&  

Àc ond notes , notes payable and lease contracts

Àc Creditors ± can be contacted to confirm
Àc oard of directors ± must authorize transactions
Àc èoan amortization schedule ± useful for identifying interest
expense.
Àc Due dates of bond notes or notes payable -
Àc Off-balance sheet activities ± capitalization or non-
capitalization of lease payables.
Àc Cash disbursement journal ± to check on interest payments.

   
     

Àc ºhare certificates and their details

Àc Registrar and transfer agent; or company secretary
Àc Dividends account
Àc Cash disbursement journal ± to check whether dividends
amount is correct.

c
c