1

Day 36 – IT Control & CAAT

Information Technology system (IT) Controls

They are classified into two:

a) General IT Control

b) Application Control

General IT controls are policies and procedures that relate to many applications and support the effective
functioning of application controls. They commonly include controls over data centre, network operations,
system software acquisition, change and maintenance, access security etc.

Application IT controls are manual or automated procedures that typically operate at a business process level.
They can be preventative or detective in nature and are designed to ensure the integrity of the accounting
records. Accordingly, they relate to procedures used to initiate, record, process and report transactions or other
financial data.

Computer Assisted Audit Techniques (CAAT)

CAATs are the use of computers for audit work.

The two most commonly used CAATs are:

a) Audit software

b) Test data.

Audit software

Audit software consists of computer programs used by the auditors, as part of their auditing procedures, to
process data of audit significance from the entity's accounting system.

Audit software is used for substantive procedures.

It allows auditors to perform tests on computer files and databases, such as:

a. Reading and extracting data from a client's systems

b. Selecting data

c. Performing arithmetic calculations

d. Facilitate audit sampling

e. Prepare documents and reports

Test data

Test data techniques are used in conducting audit procedures by entering data into an entity's computer system,
and comparing the results obtained with pre-determined results.

Test data is used for tests of controls.

Advantages & Disadvantages of CAAT

Advantages Disadvantages
Test a greater number of items more quickly and Setting up the software needed for CAATs can be time
accurately. consuming and expensive.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 2

Test transactions rather than paper records of Audit staff will need to be trained so they have a sufficient
transactions that could be incorrect. level of IT knowledge to apply CAATs.

Cost-effective in the long-term if the client does Not all client systems will be compatible with the
not change its systems software used with CAATs.

There is a risk that live client data is corrupted and lost

during the use of CAATs.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 1

Day 37 - Data Analytics

What is it?

It is the examination of data to try to identify patterns, trends or correlations

How data analytics may help auditor? [Audit data analytics (ADA)

It may help auditor to:

a) Analyses revenue trends into products or region

b) Matching of customer orders to cash receipts
c) Matching of purchases to cash payment
d) Three-way match between purchase orders, GRN and purchase invoices
e) Three-way match between customer orders, GDN and sales invoices
f) Testing of access codes to verify unauthorized use of codes

Advantages of audit data analytics (ADA)

a) Improves audit efficiency and quality

b) Large quantities of data can be analyzed quickly, allowing auditor to focus on more riskier areas and
thus obtain more evidence and reduce audit risk

Limitations of audit data analytics (ADA)

a) Auditors need to have a clear understanding of the data they are analyzing. There is a risk that the
data analysed is not actually relevant to the audit.
b) Auditors cannot still audit 100% of population, because professional judgement is always involved.
c) Accounting estimates and qualitative disclosures require professional judgements

Challenges of using audit data analytics (ADA)

a) Data acquisition – Auditor needs to acquire and store large amount of entity’s data. This may cause
technical difficulties.
b) Conceptual challenges – Auditor will need to think about how to use data in ways that are different
from how the entity has used it in the past.
c) Legal and regulatory challenges over data security.
d) Resource availability – Auditor will need highly skilled data scientists to analyse ADA.
e) Retraining and reskilling auditors to use ADA.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 1

Day 34 – Audit Report

Q. Explain the contents of Audit report

Content Explanation
Title Independent auditor's report

Addressee Shareholders or Other Appropriate Addressee

Report on the Audit of the Financial • Mention the name of the company
Statements
• Mention the financial year end

• Mention the financial statements that were audited

Opinion • State that the audit was conducted in accordance with

International Standards on Auditing.

• State that the auditors have complied with Independence

& Ethical requirements.

• State that sufficient & appropriate Audit Evidence has

been obtained.

Basis for Opinion

Key Audit Matters State the definition as per ISA 701

Other Information State the definition as per ISA 720

Emphasis of Matter Paragraph State the definition as per ISA 706

Other Matter Paragraph State the definition as per ISA 706
Responsibilities of Management and a) Management: -
Those Charged With Governance for • Preparation and fair presentation of the financial
the Financial statements
Statements • Maintain Internal control
• Assess Going Concern
b) Those Charged with Governance:
• Overseeing the Company's financial reporting process.

Auditor's Responsibilities • Issue Report which includes an Opinion

• Obtain reasonable assurance about whether the financial
statements as a whole are free from material
misstatement due to fraud or error.
• Exercise professional judgement and professional
skepticism throughout the audit.
• Identify and assess the risks of material misstatement due
to fraud or error and respond to those assessed risks.
• Obtain an understanding of internal control
• Evaluate the appropriateness of accounting policies
• Evaluate reasonableness of accounting estimates
• Evaluate the appropriateness of going concern
• Evaluate fairness of overall presentation of the financial
statements.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 2

Signature Signature in the name of the audit firm, the personal name of the
auditor, or both

Auditor ‘s Address

Date

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 1

Day 38 – Assurance Engagement

Q. State and explain the elements of assurance engagement

Elements Explanation
Three party The three parties are the intended user, the responsible party and the practitioner.
relationship
Intended users are the persons for whom the practitioner prepares the assurance report.
The responsible party is the persons responsible for the subject matter.
The practitioner is the individual providing professional services that will review the
subject matter and provide the assurance.

Subject Matter This is the data to be evaluated that has been prepared by the responsible party.
(e.g. financial statements)

Suitable criteria The subject matter is evaluated or measured against criteria in order to reach an opinion.
(e.g. true and fair view)
Evidence Sufficient appropriate evidence needs to be gathered to support the required level of
assurance.

Report A written report containing the practitioner's opinion is issued to the intended user, in
the form appropriate to a reasonable assurance engagement or a limited assurance
engagement.

Q. Explain the different types of assurance engagement

Assurance Explanation
Engagement
External Audit Auditor provides a high, but not absolute level of assurance that the information
audited is free of material misstatement (reasonable assurance.
This expressed positively in the audit report as reasonable assurance.

Review Auditor provides a limited level of assurance that the information subject to review is free
Engagement from material misstatement due to fraud or error.
This expressed in form of negative assurance.
Negative assurance is when an auditor gives an assurance that nothing has come to
his/her attention which indicates that the financial statements have not been prepared
according to financial reporting framework.
E.g. Interim review, review of cashflow projections

Agreed-Upon Auditor simply provides a report of the factual findings of the engagement agreed by the
Procedure auditor, entity and any appropriate third parties.
No assurance is expressed.
E.g. Fraud investigation, review of sales etc.
Users of the report must instead judge for themselves the auditor’s procedures and
findings and draw their own conclusions.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra

 2

Compilation The practitioner uses his/her accounting expertise (not auditing expertise) to collect,
Engagement classify and summarize financial information.
No assurance is expressed.

E.g. Preparation of consolidated financial statements, tax return etc.

Q. Explain the meaning of true and fair view

True:
If information is to become true, it must be:
a. Factual
b. Confirms with reality
c. Confirm with required standards
d. Financial statements have been correctly extracted from the books and records.

Fair view:
a. Information must be free from discrimination and bias.
b. Comply with standards and rules.
c. Accounts should reflect the commercial substance of the company’s underlying transactions.

AA Short Notes Kappan’s School of Accountancy & Management Basil Neelambra