CHAPTER 7

PERFORMING AN INTEGRATED
AUDIT
 Comment on Integrated Audit
The integrated audit involves ONLY auditing a
public company’s financial statement AND its
internal controls

Public companies are required to have audited

financial statements accompanied by
 Management report on internal control over
financial reporting
 External audit report on financial statements,
management’s assessment of internal
controls over financial reporting and internal
controls over financial reporting
 Adverse Audit Opinion
Most audit opinions are have an
“unqualified opinion. However, 15% of
the SEC registrants received “adverse”
opinions on the quality of their internal
controls.
Adverse opinion is issued when the
auditor finds material weaknesses in
the internal controls over financial
reporting.
Planning the Integrated Audit
5 Phases to Plan the Integrated Audit:
 Identify and assess business risk and determine the
implications for the audit risk
 Assess fraud risk and brainstorm how fraud might
occur
 Consider the process used by management to
assess internal control and address internal control
deficiencies
 Determine which controls must be tested
 Determine the most efficient approach to achieve
dual objectives on reporting on internal controls and
on financial statements
 Top Down Approach
Top Down Approach requires auditors to
consider materiality of the account
balances and processes along with risk
that the account balance may be
misstated
 Top Down Approach (Cont.)
Risk Analysis
Account Balances and Risk
Analysis
Control Environment
Identification of Significant
Processes
Materiality of Account Balances
 Searching for Audit Efficiency
Remaining residual risk after testing
internal controls
The risk that account balances likely to
contain misstatements after testing
internal controls
Likely nature of misstatements and
efficiency of audits the auditor needs to
consider regarding account balances
that might be misstated
Evaluating Internal Control Over
Financial Reporting
Evaluate the:
Control Environment
Risk Management
Information and Communication
Monitoring
Management’s Process of Evaluating
Internal Control
 Evaluating Internal Control Over
Financial Reporting (Cont.)
Control Environment – The auditor should
examine management’s assessment
process, including the extent to which
management performed independent
assessments of the effectiveness of the
control environment.

The auditor should perform an independent

assessment of the design of the control
structure
 Evaluating Internal Control Over
Financial Reporting (Cont.)
Risk Management – The auditor should
observe the extent to which the company
uses enterprise risk management in
managing its organization. Most information
can be gather through inquiry and review of
documents
 Evaluating Internal Control Over
Financial Reporting (Cont.)
Information and Communication – The auditor
should assess the company’s information
and communication systems through inquiry
and observation

SOX requires the establishment of an effective

whistleblower program.
 Evaluating Internal Control Over
Financial Reporting (Cont.)
Monitoring – is the process by which a
company determines whether its control
procedures are operating effectively.

Section 404 of SOX requires companies

develop a process that monitors the
effectiveness of their controls. Companies
can not solely rely on the auditor to assess
the effectiveness of their controls.
 Evaluating Internal Control Over
Financial Reporting (Cont.)
Management’s Process of Evaluating Internal
Control

A thorough approach by management reduces

the risk of an incorrect assessment by the
auditor. In addition, the auditor may rely on
some work performed by the company (such
as internal auditors).

The auditor still needs to independently test

important controls.
 Testing Control Activities

The auditor must understand and test controls

that are important to preventing or detecting
significant misstatements.
 Understand Important Supporting Systems
many significant accounting processes do
not process transactions but are related to
transactions or legal requirements (process
to estimated pensions)
 Transaction Based Systems are accounting
application systems that should be designed
to ensure all transactions are recorded
properly.
 Perform Test of Controls
Once the auditor identifies the significant processes,
the important controls must be tested. Examples
include
The report must describe the following:
 Computerized Controls
 Manual Controls
Authorization
Reconciliations
Segregation of Duties
Review for Unusual Transactions
 Adjusting Entries
 Accounting Estimates
 Auditor Evaluation of the Design of
Controls
The auditor will perform a “walk-through” of the
control process and conclude if the design of the
control address the important assertions and are
operating EFFECTIVELY.

Walk-through is when an auditor documents and

obtains evidence of a control process. The
documentation includes all steps from the initiation
of the process to its conclusion.

As and “added-value” step, auditor may suggest steps

to help with the efficiency of the controls in place