KOLEJ PROFESIONAL MARA BANDAR PENAWAR

ASSIGNMENT COVER SHEET

COURSE Auditing

COURSE CODE ACC 3573

SESSION Session 1/2022

LECTURER’S NAME Sir Helmi Hamid

DATE DUE Week 10 - Thursday 26/5/2022

Student details

Name ID

Luqmanul Hakim Bin Norazman PDA-2007-099

Ahmad Ismail Bin Rajaluddin PDA-2007-105

Nur Hazimah Binti Mazlan PDA-2007-077

Nurul Asyiqin Binti Jamaludin PDA-2007-078

Farah Natasha Binti Nazrul Azam PDA-2007-066

Class: DIA6E

Acknowledgement
Assalamualaikum W.B.T, first and foremost we want to thank Allah SWT for giving us the
chance and strength to finish this Assignment 1 during this semester. No doubt there are
problems faced throughout the journey to finish this assignment but God willing we can
solve them all.

Moreover, we wish to express our gratitude to Sir Helmi Hamid, our Auditing lecturer
for providing us the opportunity to work on this assignment to test our understanding in
chapter one until three of Auditing course. Not to forget the guidance and encouragement
gave for us to carry on the assignment. Alas, helping us in enhancing our group work
morale and preparing us in workforce after study.

We also sincerely want to thank our parents and friend for support and
encouragement they give throughout the process of completing the assignment. Not to
forget the group member, thank you for the collaboration, idea contribution, energy and
time spend given only to complete the assignment and task. We hope nothing but success
of our Assignment 1 outcome.

Table of content

2
 No Content Page

1 Introduction of ICS and CIS 4-5

2 Introduction of internal control system (ICS) and its 6

components.

3 Describe the effect of computer information system 7-8

(CIS) on ICS which relates to business entities.

4 Distinguish between auditing around the computer 9

and auditing through the computer.

5 THREE (3) testing approaches used by auditor in 10-11

auditing through the computer.

6 Types of documents to be used by an auditor to 12

obtain understanding of a client’s company ICS.

7 ICQ) or ICEQ) for any FOUR (4) components based 13-16

on the case study given.
8 Flowchart of the company, based on the case study, 17
as to document your understanding of ICS.
9 Different types of subsequent events as stated under 18
ISA 560 – Subsequent Events.
10 Appendix 19

11 Reference 20

1. International Standards on Auditing (ISA) are issued by the International

Auditing Practices Committee (IAPC) of the International Federation of
Accountants (IFAC). Describe the role of International Standards on

3
 Auditing (ISA) and how it is different from Malaysian Approved Standards
of Auditing (MASA).

Auditing standards are broad rules that help auditors perform their professional
obligations while conducting an audit of historical financial accounts. Consideration is given
to professional attributes such as competence and independence, as well as reporting
obligations and proof. This International Standard on Auditing (ISA) addresses the auditor's
role to detect and evaluate the risks of substantial misstatement in the financial statements
by knowing the company, its environment, and its internal control. The auditor's objective is
to identify and assess the risks of material misstatement, whether due to fraud or error, at
the financial statement and assertion levels, by understanding the entity and its
environment, including the entity's internal control, thereby establishing a foundation for
designing and implementing responses to the assessed risks of material misstatement

The International Standard on Auditing (ISA) outlines the main responsibilities of an

independent auditor conducting an audit in accordance with ISA. ISAs are drafted within the
framework of an independent auditor's examination of financial statements. There are six
categories for the 36 ISAs: General Principles, Risk Assessment and Response, Audit
Evidence, Using the Works of Others, Conclusions and Reporting, and Specialized Areas.
Analyzing the comparability of national accounting and auditing standards with international
standards, determining the extent to which applicable auditing and accounting standards are
adhered to, and analyzing the institutional framework's strengths and weaknesses in
maintaining high-quality financial reporting. Assist the government in establishing and
executing a national action plan for institutional capacity building with the objective of
improving the corporate financial reporting system.

Malaysia Approved Standards on Auditing as Malaysia approved standards on auditing,

the Mia provides standards relevant to real auditing practice (MASA). Members who accept
duties as independent auditors are required to conduct their audits in accordance with
Malaysian Approved Standards on Auditing (MASA) and to ensure that those who assist

4
them do the same. A positive declaration indicating the audit was conducted in accordance
with Malaysian Approved Standards on Auditing must be included in an audit report (MASA).
Any breach or failure to comply with Malaysian Approved Standards on Auditing (MASA) may
result in disciplinary action against the member or members implicated.

2. Introduction of internal control system (ICS) and its components.

5
A company's internal control system consists of the policies and procedures designed to
offer a reasonable level of assurance that the entity's stated goals will be achieved.
Typically, the owner-manager of a small firm oversees and actively engages in all business
activities.

There are five components internal control system:

a) Environment control: The control environment is the basis for all other aspects,
including moral value, management knowledge, employee integrity, and managerial
direction.

b) Risk evaluation: both internal and external risks must be considered after the
establishment of the objective. After doing a risk assessment, management must
determine how risk management connects to each objective.

c) Controlling activities: The management builds a controlling activities structure for all
objectives to avoid risk. These are steps that are to be implemented by personnel.

d) Information and communication: timely dissemination of information pertinent to

decision-making. Both internal and external sources may generate data-generating
events. Management goals cannot be attained without effective communication.
Employees are obliged to know what is expected of them and how their duties relate
to those of others. Communication between owners and other parties, including as
suppliers, is also essential.

e) Monitoring: Once the internal control system is operational, the organisation

examines its effectiveness to make the necessary modifications if a severe problem
arises.

3. Describe the effect of computer information system (CIS) on ICS which

relates to business entities.

6
 a) Adequate Documents and Records

In a manual system, sufficient documentation and records are necessary to create an audit
trail of system actions. In a computer system, document support for initiating, executing,
and recording a transaction may not be required. Auditors may simply create a visual audit
trail if the systems are built to preserve a record of all occurrences and to make that record
readily accessible. In properly designed computer systems, audit trails are more
comprehensive than in manual systems; nevertheless, not all computer systems are
structured correctly. This causes a significant control issue.

b) Adequate Management Supervision

In a computer system, staff monitoring may need to be performed remotely. Supervisory

controls must be introduced into the computer system to compensate for the controls that
may typically be exercised via observation and inquiry. Computer systems also make the
actions of workers less apparent to management, thus supervisory controls must be
included into the system. Due to the fact that many operations are electronically monitored,
managers must regularly analyse the audit trail of employee activities for inappropriate acts.

c) Competent And Trustworthy Personnel

Personnel in the formation system who are skilled, competent, well-trained, and experienced
have been in short supply. Since the person responsible for the creation, implementation,
operation, and maintenance of the organization's computer information system is often
endowed with extensive authority, knowledgeable and trustworthy employees are in high
demand. Unfortunately, the lack of skilled workers compelled many organisations to settle
for subpar personnel. In addition, it is not always simple for organisations to evaluate the
competency and honesty of their system personnel. The typical for this workforce has been
a high turnover rate. Some information systems employees lack a well-developed moral
compass, while others delight in undermining controls.

d) Independent Checks on Performance

7
Checks from a third-party aid in detecting mistakes and anomalies. If a programme code is
permitted, correct, and complete in a computer system, the system will always follow the
specified processes in the absence of hardware or system software faults. Consequently,
independent checks on the success of programmes are often of little value. Rather, the
focus of control moves to verifying the integrity of programmed code. Auditors must now
analyze the controls created for programme creation, modification, and maintenance.

e) Delegation Of Authority and Responsibility

An organised hierarchy of authority and responsibility is a crucial control in both manual and
digital environments. Due to the fact that certain resources in a computer system are shared
across several users, it may be challenging to create a clear chain of authority and
accountability. For example, one of the goals of a database management system is to
provide multiple users with access to the same data, thereby reducing the control problems
associated with maintaining redundant data. However, when multiple users have access to
the same data and the data integrity is somehow compromised, it is not always easy to
determine who is responsible for corrupting the data and who is responsible for identifying
and correcting the error. Some organisation designated a single user as the data owner.

4. Distinguish between auditing around the computer and auditing through

the computer.

8
 AUDITING AROUND THE COMPUTER AUDITING THROUGH THE COMPUTER

Auditors frequently use this strategy when Another way auditors can use when auditing
working with smaller firms, such as those a corporate setting where computerised
that follow industry standards. It's also a systems are more complicated and the
viable option if the client's system is based computer creates information internally
on a single PC and the computer is only through automatic procedures is to
used to replace human records with few, if comprehend and interrogate the
any, automated procedures. The client's management information system (MIS).
programme has been recognised as well-
tested and error-free, indicating that it is
standard software.

Process of assessing or auditing a client's The process of reviewing a client's computer

software and hardware is to establish controls to see if the information system
operational reliability. process is active.

Techniques involving the use of computers Select transactions are manually processed,
to process transactions and records with and the results are compared against
faults and exceptions to ensure that computer output.
programme controls are working properly.

The storage of financial data is softcopy or The storage of financial data is printed data
visibility data storage. storage or hardcopy

Procedures for auditing around the Procedures for auditing through the
computer is performing test of control and computer is in obtaining understanding
substantive test. accounting and internal control

5. Three (3) testing approaches used by auditor in auditing through the

computer.

9
 Inquiry could be a straightforward testing approach that uses touchpoint interview-
style queries for specific verification. as a result of the accuracy and honesty of the
respondent confirm the standard of the data obtained through the investigation, it's
thought-about a weaker sort of evidence. Auditors use the inquiry approach to interview
management, accountants, and different key personnel within the organization to collect
relevant information. to make sure that the organization is doing what's necessary to avoid
risk, the auditor will give information on the operation of the business and therefore the
correct documentation of economic transactions. For example, the auditor might invite the
situation of the company' monetary associated information security records. as a result of
this approach is usually employed in conjunction with different a lot of reliable methods, the
responses are thought-about by the tax assessor however not accepted as validation for the
creation of additional assessment criteria.

Next comes the examination or review of the evidence. This testing technique helps
auditors confirm whether or not manual managements are frequently performed and
properly recorded. Inspections are often wont to guarantee control measures are being
followed and to check specific aspects of policies and processes. For example, an auditor
may check whether regular backups are scheduled or whether or not information
categorization procedures are in place. In these situations, the auditor will use the review to
make sure that the management was properly designed and is functioning properly. He or
she checks that the forms are stuffed out correctly.Inspection of written documentation and
records reminiscent of traveller logs, worker handbooks and system databases is an element
of the proof review method.

Last however not least, auditors can use computer-assisted auditing techniques
(CAATs) to perform essential process or check application controls. If validation and process
rules for routine transactions are enforced in application programs, this procedure is needed
in demanding IT systems. Keeping legal entity files in a very machine-readable format may
also be helpful for main proceedings. samples of CAATs are generalized audit code, custom

10
audit software, check data, parallel simulation, integrated test facility, and coincidental audit
procedures. This testing approach is usually wont to examine giant amounts of information
or a sample of compiled data.CAAT tests run a script on a complete ledger, spreadsheet, or
info mistreatment specific software to appear for patterns, anomalies, and probably deceitful
entries.

6. Types of documents to be used by an auditor to obtain understanding of a

client’s company ICS.

11
Preparation of audit documents must include adequate information to facilitate
comprehension of its purpose, origin, and findings. Document working papers must include
finished dictionaries, flowcharts, decision tables, and narrative memos. There are three
methods used by auditors to record their comprehension of internal control: nerratives,
flowcharts, and internal control questions.

In the internal control description, a narrative is composed by a correct narrative of an

accounting system and its associated controls, which includes the following four
descriptions:

 The provenance of every system document and record.

 All processing that occurs.
 The disposal of all system documents and records.
 A description of the controls pertinent to the evaluation of the controls pertinent to
the evaluation of control risk.

A flowchart of internal control is a symbolic, diagrammatic depiction of client documents and

their sequential passage inside an organisation. A suitable flowchart incorporates the four
outlined qualities for storytelling.

A questionnaire on internal control asks a series of questions concerning controls in each

audit area in order to indicate to the auditor which components of internal control may be
lacking. Typically, it is meant to demand a 'yes' or 'no' answer, with no response suggesting
a possible control weakness.

7. Internal control questionnaire (ICQ) or internal control evaluation

questionnaire (ICEQ) for any FOUR (4) components or ICS (control
activities area is compulsory) based on the case study given.

12
Control activities

Question Yes No Comment

Does controls employed by Helena Sdn Bhd

ensure comparison, approval and
authorization upon tangible non-current
assets aquisition and its allowable budget?

Does the company implement the

technology security to protect the
information and prevent fraud?

Does the company hired independent party

in applying security in information access?

Does Helena Sdn Bhd has policies and

procedures made addressing proper
segregation of duties for each task?

Does the policies, processes or directives

made are in place that ensures employees
and directors are aware of their role related
to internal control responsibilities?

Risk assessments

Question Yes No Comment

Does the company apply budget control on

13
 tangible non-current assets expenditure?

Does the bonus entitlement is reviewed by

the right director or management?

Which managment is granted access for - -

budget control and purchase requisition
information?

Does the management identify risks that

could affect the organization thus
jeopardizing the objectives achievement?
Namely?

Does Helena Sdn Bhd do risk identification

or assessment that is broad and includes
both internal and external business partners
namely hired buyer?

Information and communication

Question Yes No Comment

14
 Does meeting content between buyer-
director is recorded or documented?

How often the requirement and budget of

tangible non-current assets is reviewed?

Does the management apply a process for

the development, approval and
implementation of policy and ensure the
related staff understands and know it?

Does communication exists between

management and the board of directors so
that both have information needed to fulfill
their roles with respect to the company’s
objectives?

Does the company has processes in place to

communicate the results of reports provided
by the following external parties, namely the
buyer?

Monitoring

Question Yes No Comment

15
 Does any deficiency happened is reported to
the management?

Does the internal control applied in

departments is reviewed by the
management?

Does the management monitors to ensure

that funds provided for the purchase of
tangible non-current assets are expended
only for agreed acquisition list of tangible
non-current assets?

Does the management consider the level of

staffing, training and skills of people
performing the monitoring given the
environment and monitoring activities which
include observations, inquiries and
inspection of source documents?

Does the management perform action to

correct any efficiency happened and had
been reported during monitoring and
internal control review?

8. Flowchart of the company, based on the case study, as to document your

understanding of ICS.

16
 9. Different types of subsequent events as stated under ISA 560 –
Subsequent Events.

Provide evidence of conditions that Provide evidence of conditions that

17
 existed at the date of the financial arose after the date of the financial
statements statements

Auditor should perform procedures After the date of the audit report, the
designed to obtain sufficient appropriate auditor has no further obligation to
audit evidence that all events up to the undertake processes or conduct
date of the auditor’s report that may investigations into the financial statements.
require adjustment or disclosure have been Upon becoming aware of an amendment,
identified. the auditor should discuss it with
management and examine its impact on
audit findings.

Auditors are liable for completing these After the date of the financial statement,
procedures right up until the day that they they are no longer required to carry out the
sign the audit report, which is their final procedures but should they become aware
obligation in this regard. of any major later developments, they are
obligated to take appropriate action.

Appendix

18
 Reference

19
 1. Sha, T. (2021, July 2). Malaysian approved standard auditing. Padlet.
Retrieved May 26, 2022, from https://padlet.com/pritisya2318/3l8vow88m4cq
2. International Standard on auditing 560 subsequent events contents - IFAC.
(n.d.). Retrieved May 25, 2022, from
https://www.ifac.org/system/files/downloads/a030-2010-iaasb-handbook-isa-
560.pdf
3. Hara, M. C. (n.d.). Session 10: Completion and review - ppt download.
SlidePlayer. Retrieved May 26, 2022, from
https://slideplayer.com/slide/15750899/
4. No Author. (2019). 2019-20 Internal Control Questionnaire and Assessment.
Florida Department of Economic Opportunity
5. https://www.accaglobal.com, A. C. C. A.-. (n.d.). Auditing in a computer-
based environment. F8 Audit and Assurance | ACCA Qualification | Students |
ACCA Global. Retrieved May 24, 2022, from
https://www.accaglobal.com/in/en/student/exam-support-resources/fundame
ntals-exams-study-resources/f8/technical-articles/auditing-computer-
environment.html
6. Ikram, N. (2017, December 20). Differentiation between auditing through
computer and around computer. Academia.edu. Retrieved May 22, 2022, from
https://www.academia.edu/35478638/Differentiation_between_auditing_thro
ugh_computer_and_around_computer

20