Module Audit 1

AUDIT 1 MODULE POLITEKNIK MUKAH SARAWAK PREPARED BY: Mr. Najib Amin & Mdm. Darlia Saini Lecturers of Commerce Department

FIRST EDITION 2023 All the rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, photographs, recording or otherwise without the prior permission of Politeknik Mukah, Sarawak. PUBLISHED BY: POLITEKNIK MUKAH KM 7.5 JALAN OYA 96400 MUKAH, SARAWAK

PREFACE This module is a compilation of the topic discussed in DPA 40123 Audit 1 under the syllabus of Polytechnic Diploma of Accountancy student semester 4. This module is compressed for the better understanding of the students. Every chapter has notes and exercise that expected to enable students for fully understand the concept taught for the application of audit in the industry. It is sincerely hoped that this module will benefits students to excel in audit courses.

Table of Contents Introduction to Auditing Objectives & Scope of Financial Statement Audit Internal Control System Audit Planning & Audit Risk Documentation & Sampling Audit Evidence & Audit Procedures 1 17 25 37 52 64

OVERVIEW AUDIT 1 MAIN REFERENCE ABOUT COURSE Principles of Auditing & Assurance Services in Malaysia (1st ed) Aasmund Eilifsen, W.F. (2017). Mc Graw Hill Education. AUDIT 1 focuses on providing students with an understanding the technical, professionalism and value skill of audit services. Students will be exposed to the auditing process which includes understanding the management impact on the services in accordance with an approved auditing standard. The course assessment consists of: Continuous Assessment (CA) – 50% Final Examination (FE) – 50% Quantity of CA: Quiz - 2 Test - 2 Tutorial - 1 Reflective Journal - 1 Fundamentals of Auditing (1st ed) Ayoib Che Ahmad, H.H. (2017). Malaysia: Oxford Fajar. Auditing: Theory and Practice in Malaysia (3rd ed) Ferdinand A Gul, N.M. (2017). Wolters Kluwer.

CHAPTER 1 Introduction To Auditing

1.1 Nature of auditing Definition: Auditing is a systematic process implemented to accumulate and evaluate objectively all evidence relevant to any economic events which reflected financial statements so that the auditors can express their opinion. Audit scope: Referring to the determination of the range of the activities and the period of records that are to be subjected to an audit examination. Audit scope is included: 1) Audit objectives 2) Nature of audit procedures 3) Duration of audit 4) Any other related activities (e.g.: market environment) Audit purpose: Enable auditor to give opinion on financial statements as to give true and fair view in accordance with the rules and regulation To ensure a proper bookkeeping has been maintained by the company through proper documentation To enhance the trustworthiness of financial statements as reduce or prevent fraud from beginning To ensure compliance with accounting standards and the Financial Reporting Act 1997 To provide assistance to the client in improving financial controls and financial reporting within the business Audit Concept: Risk assessment Identification and analysis of risk relating to the preparation of financial statement as to follow Generally Accepted Accounting Principles (GAAP) Materiality The magnitude of misstatements of accounting information that able influence user economic decision Audit evidence All information used by auditor to reach audit conclusion on the financial statements. The audit evidence should follow these concepts: 1) The nature should be in written, oral or visual 2) The appropriateness by having a high degree of reliability and relevancy 3) The sufficiency by deciding the optimum quantity to collect 4) The evaluation on how strong the evidence is able to assist auditor DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 1

Auditing VS Accounting: Audit Concept: ELEMENTS AUDITING ACCOUNTING DEFINITIONS Accumulation and evaluation of evidence about the financial statements prepared by the accountant Process of recording, classifying and summarizing economic events in a logical manner for the purpose of preparing financial statements INDIVIDUAL QUALIFICATION Must have understanding on both auditing and accounting principles and rules that been implemented in preparing financial statements Must have understanding on the accounting principles and rules that provide the basis for preparing the financial statements SCOPE OF WORK Within Companies Act 2016, International Standards of Auditing (ISA), Malaysia Approved Standards on Auditing (MASA) and other relevant regulations Within Companies Act 2016, Malaysian Financial Reporting Standards (MFRS), Malaysian Private Entity Reporting Standards (MPERS) and other relevant regulations FINAL OUTPUT Audit report / audited financial statements Financial statements DURATIONS From the date of appointment until issuance of audit report Throughout the financial year DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 2

1.2 Types of auditors and audit services Types of auditors: Types of audit services: 1) Financial statements audit To determine whether the overall financial statements are stated in accordance with specific criteria such as GAAP More efficient to have one independent external auditor from a certified public accounting firm to perform the audit and draw conclusions on those financial statements so that they can be relied upon by the different groups of users Some test will be performed by auditor to determine whether FS contains material errors or misstatement EXAMPLE: Audit of SESCO financial statement. Company will provide FS that been prepared by their management. Auditor will check the FS by looking at the provided documents, records and other outside sources ELEMENTS INTERNAL AUDITOR EXTERNAL AUDITOR PRIMARY TASK Audit of department and activity Audit of the financial statements REPORTING TO Audit committee, Board of Directors Shareholders of the company PROFESSIONAL DESIGNATION Certified Internal Auditor (CIA) Chartered Accountant (CA) LICENSE REQUIREMENT None Need approval from the Ministry of Finance (MOF) PROFESSIONAL CERTIFICATION Institute of Internal Auditor Malaysia (IIAM) Malaysian Institute of Accountant (MIA) DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 3

2) Performance and operational audit To evaluate the efficiency and effectiveness of organizational operating procedures, method and resources utilization Top management will expect to get the recommendation from the auditor for the future operation improvement EXAMPLE: Audit of the inventory system of the company 3) Compliance audit To determine whether the company is following specific procedures, rules and regulation set by the authorities Included legislation, regulation, contractual and regulatory requirement, the code of conduct and other internal policies and procedures EXAMPLE: Audit of the license renewal by the company 4) Tax audit To examine the taxpayer's business records and financial affairs Conducted after the individual or company submitted and paid their annual taxes Have 2 types of tax audit which are DESK AUDIT (held at the office of Inland Revenue Board of Malaysia) and FIELD AUDIT (held at taxpayer’s premises) EXAMPLE: Audit on the tax computation of the company 5) Syariah audit To provide independent assessment and assurance on Islamic Financial Institution’s (IFI’s) compliance with syariah guidelines issued by the Syariah Advisory Board Normally been performed by internal auditors who have adequate Shariah-related knowledge and skills EXAMPLE: Audit on the products on Islamic banks 6) Public sector audit To provide unbiased and objective assessment of whether public resources are managed responsibly and effectively to achieve intended result Conducted by Auditor’s General Department annually for public sector agencies which are government related EXAMPLE: Audit on the operation of Ministry of Finance (MOF) DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 4

1.3 Auditing profession The audit or accounting firm usually offered services other than accounting and auditing which is included taxation services, business consultation, assurance and non-assurance services Led by an audit partner who has significant experience and knowledge of the client’s industry and its regulations and well versed with the accounting requirements Needed license to provide all these services 1.4 Professional skepticism Emphasize on having inquisitive and questioning mind when encountering audit evidence Auditor should not easily satisfy with one observation Should be exercise at every stage of audit Referring to MIA By-Law, there are 2 types of independence: 1) Independence of mind The state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity, and exercise objectivity and professional skepticism 2) Independence in appearance (facts) The avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances that a firm’s, or a member of the audit assurance team’s integrity, objectivity or professional skepticism has been compromised 1.5 Auditing standards 1) Malaysia Approved Standards on Auditing (MASA) To guide auditors fulfilling their professional responsibilities in the audit of financial statements Failure to follow these standards will discredit the profession and could lead to disciplinary action against the member concerned Consisted of 2 categories which are standards that are adapted and adopted from the International Standard of Auditing (ISA) and standards issued by MIA to address local features DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 5

2) By-Law Issued by MIA on professional ethics, conduct and practice Discuss professional ethics in part 1 and professional conduct and practice in part 2 Mainly based on the Code of Ethics issued by International Federation of Accountants (IFAC) 3) International Standards on Quality Controls (ISQC) To establish basic principles, essential procedures and guidance regarding a firm’s responsibilities for its system of quality control for audits Elements of System Quality Control (SQC): DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 6 1) Leadership responsibilities The firm should establish policies and procedures to promote an internal culture based on the recognized quality in performing engagements The promotion of a quality-oriented internal culture depends on clear, consistent and frequent actions and messages from all levels of the firm’s management emphasizing the firm’s quality control policies and procedures 2) Ethical requirement The firm should establish policies and procedures that provide reasonable assurance that the firm and its personnel comply with relevant ethical requirements Included the compliance with the fundamental principles of professional ethics such as integrity, objectivity, professional competence and due care, confidentiality and professional behavior 3) Acceptance and continuance of clients and engagements The firm should establish policies and procedures that provide reasonable assurance that the firm will only undertake or continue client relationships and engagements where it: If there is issue has been identified and the firms decides to accept or continue the client and engagement, it should document how the issue was resolved Has considered the integrity of the client and does not have information that would lead it to conclude that the client has lacks integrity 1. 2. Has capabilities and competence to perform the engagement

DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 7 4) Human resources The firm should establish policies and procedures that provide reasonable assurance that the firm has sufficient personnel with capabilities, competency and commitment to ethical principles Capabilities can be developed by professional education, training and work experience 5) Engagement performance The firm should establish policies and procedures that provide reasonable assurance that the firm performed the engagement with professional standards, regulatory and legal requirements Appropriate team working and training are necessary to assist less experienced members of the engagement team to clearly understand the objectives of the assigned work 6) Monitoring The firm should establish policies and procedures that provide reasonable assurance that the firm has the relevant, adequate and effective system of quality control The firm should communicate to the appropriate personnel for the deficiencies noted as the result of monitoring process and recommendation for appropriate remedial action Importance of standards: Ensure the firms to adhere with the principles of integrity, objectivity, independence, confidentially and professional behavior Ensure the firm to be staffed by personnel who have maintain the technical standards and professional competence required Ensure the audit work to be assigned to personnel who have the degree of technical training and proficiency required Ensure sufficient direction and supervision of work at all levels to meets appropriate standard of quality Ensure the monitoring of the quality control policies and procedures is is adequate and effective

1.6 Provision for audit under Companies Act 2016 Section 266 (1) Every auditor of the company shall report to the members on the account required to be laid before the general meeting on the company accounting and other records relating to those accounts and if it is a holding company for which a consolidated account is prepared shall also report to the members on the consolidated accounts Section 266 (2) An auditor shall, in a report stated: a) Whether the account and if the company is a holding company for which consolidated account are prepared, the consolidated account is in his opinion properly drawn up so to give true and fair view with accordance of the Act and applicable accounting standards b) In his opinion properly drawn up if in his opinion the FS, and where applicable the consolidated FS, have not been drawn up in accordance with a particular applicable approved accounting standard c) In his opinion properly drawn up that in the case of consolidated FS, the name of the subsidiaries, if any, of which he has not acted as auditor d) In his opinion properly drawn up that there is any defect or irregularity in the FS or consolidated FS and any matter not set out in the FS or consolidated FS e) In his opinion properly drawn up that he is not satisfied as to any matter referred to in paragraph (a) (b) or (c) his reason for not being so satisfied Section 266 (3) It is the duty of an auditor of a company to form an opinion as to each of the following matters: a) Whether he has obtained all the information and explanation that are required b) Whether a proper accounting and other records (including registrars) have been kept by the company as required by this Act DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 8 A U DIT O R D U TIE S , P O W E R & RIG H T

Section 266 (3) It is the duty of an auditor of a company to form an opinion as to each of the following matters: (cont'd) c) Whether the return received from branch office of the company are adequate d) Whether the procedure and method used by holding company or a subsidiary in arriving at the amount taken into any consolidated accounts were appropriate to the circumstances of the consolidation, and he shall state in his report particulars of any deficiencies, failure or shortcoming in respect of any matters referred to in his subsection Section 266 (4) For the stand alone auditor An auditor of a company has right of access at all reasonable times to the accounting and other records including registers of the company An auditor is entitled to get from any other officer of the company and any auditor of a related company such information and explanation as he desires for the purpose of the audit Section 266 (5) For the holding auditor An auditor of a holding company for which the consolidated account is required has a right to access at all reasonable times to the accounting and other records including registers of any subsidiary An auditor of a holding company is entitled to get from any officer or auditor of any subsidiary, at the expense of the holding company, such information and explanations in relation to the affairs of the subsidiary required for the purpose of reporting on the consolidated accounts Section 266 (6) Auditor report should be attached to or endorsed on the accounts or consolidated accounts Shall if any member requires, be read before the company in general meeting and shall be opened to inspection by any member at any reasonable times DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 0 9 A U DIT O R D U TIE S , P O W E R & RIG H T

Section 266 (7) An auditor or authorized agent is entitled to attend any general meetings of the company and to receive all notices of, and other communications relating to, any general meeting which a member is entitled to receive An auditor or authorized agent is entitled to attend any part of the business of the meeting which concerns the auditor in his capacity as an auditor Section 266 (8) Auditor shall write to the Registrar if in the course of the performance of his duties as auditor of a company, auditor is satisfied that: a) There has been a breach or non-observance of any of the provisions of this Act b) The circumstances are such that in his opinion the matter has not been or will not be adequately dealt with by comment in his report on the account or consolidated accounts or by bringing the matter to the notice of the directors of the company or company subsidiary or director of its holding company Section 264 (1) Auditor report should be attached to or endorsed on the accounts or consolidated accounts Shall if any member requires, be read before the company in general meeting and shall be opened to inspection by any member at any reasonable times DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 0 A U DIT O R D U TIE S, P OW E R & RIG H T A P P OIM E N T T O F A U DIT O R: DIS Q U A LIFIE D P E R S O N A person shall not: a) Knowingly consent to be appointed as an auditor for any company b) Knowingly act as an auditor for any company; and c) Prepare, for or on behalf of a company, any report required by this Act if: He is not an approved company auditor He is indebted to the company or a corporation that is deemed to be related to that company in amount exceeding RM25,000 He is i. Or his spouse is an officer of the company ii. A partner, employer or employee of an officer of the company iii. A partner or employee of an employee of an officer of the company iv. A shareholder or his spouse is a shareholder of a corporation whose employee is an officer of the company

Section 264 (1) v. Responsible for or if he is the partner, employer or employee of a person responsible for the keeping of the register of members or the register of debenture holders of the company vi. An undischarged bankrupt within or outside Malaysia except with leave of the Court vii. Been convicted of any offence involving fraud or dishonesty punishable with imprisonment for 3 months or more Section 276 The members of a company may remove an auditor from office at any time by: - ordinary resolution at AGM - special notice This section shall not be taken as depriving the person for the compensation due to the termination An auditor may not be removed before expiry of his term except with special resolution Section 267 Auditor report should be attached to or endorsed on the accounts or consolidated accounts Shall if any member requires, be read before the company in general meeting and shall be opened to inspection by any member at any reasonable times DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 1 A P P OIM E N T T O F A U DIT O R: DIS Q U A LIFIE D P E R S O N Special notice is required for resolution to remove auditor from office at AGM Once receipt the notice, company shall immediately send a copy to intended auditor and Registrar Auditor may make a representation in writing to request for consideration within 7 days from the date of receipt of notice and that notice need to be sent to members of that meeting Auditor may also request the company to send to the members of the meeting a copy of representation If notice of the representation is not sent as required, auditor has right to be heard and representation has right to be read in the meeting If representation is not be circulated or to be read at the AGM, Court can use this section as to protect auditor for defamatory claims or some other ground that Court thinks reasonable A U DIT O R R E M O VA L (T E R MIN ATIO N) S P E CIA L N O TIC E T O R E M OV E A U DIT O R

Section 278 If a resolution is passes under Section 276, the company should give notice of that fact to the Registrar within 14 days Fail to comply is an offence Section 281 Auditor may resign by giving notice in writing to the company The notice of resignation will be effective after 21 days from the given date or from the date as may be specified in the notice Section 282 DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 2 N O TIC E T O R E GIS T R A R T O R E M OV E A U DIT O R Notice of resignation shall be sent by the company to registrar within 7 days from receiving notice of resignation Fail to comply is an offence R E SIG N ATIO N O F A U DIT O R N O TIC E O F R E SIG N ATIO N T O R E GIS T R A R 1.7 Governing bodies 1) Malaysian Institute of Accountants (MIA) To determine the qualifications of persons for admission as members To provide the training and education by the Institute or any other body of person practicing or intending to practice the profession of accountancy To approve MIA Qualifying Examination (QE) and to regulate and supervise the conduct of that examination To regulate the practice of the profession of accountancy in Malaysia To promote in any manner it thinks fit, the interest of the profession of accountancy in Malaysia The member's designation is C.A.(M)

DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 3 2) Malaysian Institute of Certified Public Accountants (MICPA) To advance the theory and practice of accountancy in all its aspects To recruit, educate, train and assess by means of examination or otherwise a body of members skilled in these areas To preserve at all times the professional independence of accountants in whatever capacities they may be serving To maintain high standards of practice and professional conduct by all its members To advance the profession of accountancy in relation to public practice, industry, commerce, education and the public service The member's designation is CPA(M) 3) International Federation of Accountants (IFAC) To issue code of ethics for professional accountants To serve as independent boards which set standards for education and public sector accounting 4) Audit Oversight Board (AOB) To audit the work of an auditor To promote and develop and effective audit oversight framework To promote confidence in the quality and reliability of audited financial statements in Malaysia 5) Practice Review Committee (PRC) To avoid any risk of negligence associated with audit work that may affect their professional reputation and credibility To review audit firms in a cycles of 5 years To evaluate internal quality controls of the members firm with focus on the requirement of ISQC

DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 4 6) Ethics Standards Board (ESB) To operate independently under the auspices of the Council of the MIA To serve the public interest by setting high quality ethical standards for professional accountants To further the convergence of MIA’s ethics standards with the international standards To support the efforts of MIA in promoting greater awareness and understanding of MIA of Laws To review exposure drafts issued by International Ethics Standards Boards for accountants and submits comment thereon To speak out on public interest issue where the professionalism and ethical conduct of professional accountants is required 7) Auditing and Assurance Standards Board (AASB) To operate independently under the auspices of the Council of the MIA To serve the public interest and strengthen the accountancy profession in Malaysia To promote high quality professional standards and furtherance of international convergence of standards To support the accountancy professional in continuous developing and spread guidance for auditing and assurance services To consider new or revised International Auditing and Assurance Standards by the International Auditing and Assurance Standards Board (IAASB) for adoptions To review exposure drafts and others consultative documents issued by IAASB and to submits comments thereon 8) Other governing bodies Securities Commission Malaysia (SC) Bank Negara Malaysia (BNM) Malaysian Accounting Standard Boards (MASB) Suruhanjaya Syarikat Malaysia (SSM) END OF CHAPTER

PRACTICE MAKES PERFECT 1 Define auditing. 5 Marks 2 Compare TWO (2) differences between internal and external auditor. 4 Marks 3 Explain independence of mind that should be practice by auditor when exercise their professional judgment. 3 Marks 4 Give TWO (2) functions of Malaysian Institute of Accountants (MIA). 2 Marks 5 Discuss the duties of auditor of a company in forming opinion under Section 266 (3). 4 Marks 6 List THREE (3) individuals who are not qualified to be an auditor of the company in accordance with Companies Act 2016. 3 Marks 7 Siti is the auditor of JP Sdn Bhd. During the current year audit, she does not receive a notice of invitation to attend the general meeting from the secretary. The secretary explains that the agenda of the meeting does not require the presence of the auditor. Ascertain whether the situation is a violation of the Companies Act 2016 with explanation. 3 Marks 8 Nestlor Bhd want to terminate their auditor, Kay & Co due to their bad performance during the audit of many years. Explains the provision of the Companies Act 2016 which can be use by the legal department of Nestlor Bhd to terminate Kay & Co. 5 Marks 9 Jenny is a fresh graduate who are newly join May & Co as an auditor. Point THREE (3) auditing standards that should be aware by Jenny to conduct an audit. 3 Marks DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T R O D U C T I O N T O A U D I T I N G | 1 5

N O T E S

CHAPTER 2 Objectives & Scope of Financial Statement Audit

2.1 Audit objectives and basic Audit objective: ISA 200 stated two overall objectives of the auditor which are: To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatements, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework To report the financial statements, and communicates as required by the ISA in accordance with the auditor findings Objective of an audit of FS: To enhance the degree of confidence of users of the financial statements To provide opinions on other specific matters, such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements To notify the financial statements users whether the financial statements are properly presented Fundamental principles: 1) Integrity Impose an obligation on all auditors to be sincere, straightforward and honest in all professional and business relationship 2) Objectivity Impose an obligation on all auditors not to compromise their professional or business judgment because of bias, conflict of interest or the undue influence of others 3) Professional competence and due care Impose an obligation on all auditors to maintain professional knowledge and skills at the level required to ensure that clients or employers received competent professional service and to act diligently in accordance with applicable technical and professional standards when providing professional services 4) Confidentiality Impose an obligation on all auditors to refrain from disclosing outside the firm confidential information acquired as a result of professional relationship without authority and for their personal advantage or advantages of third parties DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 1 8

5) Professional behavior Impose an obligation on all auditors to comply with relevant laws and regulations and avoid any action that the auditor knows may discredits the profession Other principles: 1) Skills and abilities Auditors to exercise of sound judgment in applying professional knowledge and skills in providing professional services 2) Documentation Auditors to keeps all the important documents as it is a proof of the audit work that been performed 3) Planning Auditors to save time and cost for the achievement of efficiency and effectiveness by considering accounting systems, internal control and procedures policies 4) Audit evidence Auditors to get appropriate and adequate audit evidence 5) Accounting system and internal control Auditors to test and understand the internal control systems and finally evaluate it 6) Audit opinion and report Auditors to evaluate and review formulas from the result of the audit evidence obtained as a basis to express opinion Auditors will issue Unqualified audit report that shows the auditor agree to conclude that financial statement is presented with true and fair view in accordance with financial reporting framework Other audit opinion is qualified, adverse and disclaimer DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 1 9

2.2 Auditors responsibilities for detecting fraud DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 2 0 ELEMENTS ERROR FRAUD DEFINITION Unintentional misstatement of the FS Intentionally misstatement of the FS made by group of people for personal gain EXAMPLE Wrongly key-in amount in the system Misappropriation of assets and fraudulent of financial reporting Misappropriation of assets (a) vs Fraudulent of financial reporting (b): ERROR ELEMENTS ERROR b DEFINITION Also call as defalcation or employee fraud Also call as management fraud EXAMPLE Clerk taking cash from the cash counter Intentionally overstate the total revenue near balance sheet date a Auditor responsibilities to detect fraud: To perform procedures to obtain information that is used to identify the risks of material misstatement due to fraud To identify, assess and evaluate the risks of material misstatement and designing the entity controls to dealt with the risks To determine the overall responses to address the risk of material misstatements and consider the supervision of personnel, accounting policies used, nature, timing and extend of procedure to be used To design and perform the audit procedures in responses to address the risk of management override of controls To communicate with management and those charged with governance on material misstatement due to fraud

2.3 Auditing assertions 1) Existence Concern whether assets, obligation, and equities included in the Statements of Financial Position actually existed on the SOFP date EXAMPLE: Count the inventories to ensure the quantity in warehouse is the same with the accounting record 2) Occurrence Concern whether recorded transactions included in the Statements of Comprehensive Income actually occurred during the accounting period EXAMPLE: Inspect the sales invoice to ensure the sales recorded in the accounting system is occurred 3) Completeness Concern whether all transaction of assets, liabilities and equities that should have been recorded have been recorded EXAMPLE: Check the hardcopy sales invoice to ensure it has been key-in into the accounting system 4) Right and obligations Concern whether entity has the right on the assets and has obligation on the entity and liabilities at a given date EXAMPLE: Review the car grant to ensure it belong to the company 5) Valuation and allocation Concern whether asset, liability, equity, revenue and expenses have been included in the financial statements at appropriate amounts EXAMPLE: Check sales invoice to ensure amount recorded in the accounting system is the same with the invoice 6) Cut-off Concern whether transactions and events have been recorded in the correct accounting period EXAMPLE: Review the sales account as of 31 December 2021 to ensure only sales invoice dated from 1 January 2021 to 31 December 2021 has been recorded into the account DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 2 1

7) Classification Concern whether the transaction and events have been recorded in proper accounts or ledger EXAMPLE: Ensure all records in sales account is exactly sales 8) Understandability Concern whether information included in the financial statement has been appropriately presented and is clearly understandable EXAMPLE: Ensure each item in the financial statement presented in appropriate accounts 9) Presentation and disclosure Concern whether components of Financial Statement or other reporting are properly classified by type or account and described EXAMPLE: Ensure property, plant and equipment has been correctly recorded under non-current assets 10) Measurement Concern whether a transactions or event is recorded at the proper amount and revenue and expenses are allocated to the proper period EXAMPLE: Ensure all expenses related to the sales recorded has been recorded accordingly in the same accounting period DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 2 2 END OF CHAPTER

PRACTICE MAKES PERFECT 1 Explain the definition of fraud with TWO (2) examples. 5 Marks 2 Write any THREE (3) assertions that will be use by the auditor to assess the risk of the misstatements. 6 Marks 3 Explain assertions below with an example: i) Right and obligations ii) Cut-off iii) Classification iv) Occurrence 12 Marks 4 Provide FIVE (5) responsibilities of an auditor to detect fraud. 10 Marks 5 Compare fraud and error. 4 Marks 6 Explain TWO (2) audit objectives based on the International Standards of Auditing. 4 Marks 7 Athirah, an auditor of Alamandar Sdn Bhd tell her sister in-law, a successful shares trader to purchase the shares of Alamandar. It is because during the audit, Athirah aware that the price of the shares pottentially will increase due to the successful project done by the company at Dubai. Examine the relevant basic principles involved and whether the principles has been complied by Athirah. 5 Marks 8 Marcus, the auditor of Brendy Bhd has told his brother about the salaries of the staff worked at Brendy Bhd. He has a good intention as he want his brother to apply for a job at this company as they pay highest salaries in the market. Examine the relevant basic principles involved and whether the principles has been complied by Marcus. 5 Marks DPA 40123 Audit 1 l Politeknik Mukah Sarawak O B J E C T I V E S & S C O P E O F F I N A N C I A L S T A T E M E N T A U D I T | 2 3

N O T E S

CHAPTER 3 Internal Control System ("IC")

3.1 Fundamental concept Definition: Internal control is a process designed and effected by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the company’s objectives with regards to the reliability of the financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations General objectives: To ensure timely preparation of reliable financial statements To ensure effectiveness and efficiency of operation by carrying out the business in orderly and efficient manner, including the optimal utilization of resources To ensure the compliance with applicable laws and regulations To safeguard the company assets To ensure the completeness and accuracy of the records To prevent and detect fraud and error Importance for MANAGEMENT: To promote orderly, economical, efficient and effective operations To produce quality products and services consistent with the department’s mission To safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud To promote adherence to statutes, regulations, bulletins and procedures To develop and maintain reliable financial and management data, and accurately report that data in a timely manner Importance for AUDITOR: To perform audit within economic fee limitation where the external auditor can complete their work in less than the amount they actually needed To check the possibilities of error or irregularities To help obtain reasonable assurance by the accuracy of accounting data DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 2 6

Types of IC: 1) Preventive Aims to decrease the chances of error and fraud before they occur Essential because it is proactive and focused on quality EXAMPLE: Segregation of duties. Person in-charge for the budget should be difference with the person approved the tender 2) Detective Aims to find errors or problems after the transaction has occurred Essential because it is provided evidence that preventive controls are operating as intended EXAMPLE: Prepare bank reconciliation to detect the difference between cash at bank and cash recorded in the accounting system 3) Corrective Aims to correct errors or irregularities that have been detected EXAMPLE: Change the depreciation computation in the accounting system to the correct formula Elements of IC (Part 1): 1) Control environment Influenced by management’s philosophy, operating styles, integrity, ethical values, and commitment to competence If the control environment is positive, the overall system of internal control will be more effective 2) Risk assessment Identification, analysis, and management of risk relevant to the achievement of the department goals and objectives Includes internal and external events or circumstances that may occur and adversely affect operations DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 2 7

3) Control activities Tools such as policies, procedures, techniques, and mechanism that helps to ensure management directives are carried out accordingly Occur throughout the department at every level and in all function such as approval, verification and reconciliation 4) Information and communication Department must have relevant, valid, reliable, and timely communication relating to internal and external events Managers must be able to obtain reliable information to make informed business decision, determine their risk, and communicates their policies and other important information to those who need it 5) Monitoring To assess whether control is effective and operating as intended Deficiencies found during monitoring need to be report to the top management and possible corrective action should be taken Details elements of IC (Part 2): Control environment -Have 6 sub elements which are: 1) Integrity and ethical values The products of the entity’s ethical and behavior standards Include the communication of entity values and behavioral standards to personnel through policy statements and code of conduct EXAMPLE: Management act to remove or reduce incentives for the personnel who engage in dishonest, illegal, or unethical acts 2) Commitment to competence Necessary knowledge and skills to accomplish task that define an individual’s jobs Include management consideration of the competence level for specific jobs and how those levels translate into requisite skills and knowledge EXAMPLE: Management allocate only person who have education background of finance to work in the finance department DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 2 8

3) Board of Directors and Audit Committee participation Essential for effective corporate governance because they have ultimate responsibility to make sure management implements proper internal control and financial reporting processes An affective BOD and AC is the one who is independent of management EXAMPLE: Audit committee update the progress of the company from the management in monthly basis 4) Management philosophy and operating style Management provides clear signals to employees about the importance of internal control through its activities Understanding these will give the auditor a sense of management attitude about internal control EXAMPLE: Top management explain the importance of internal control during the monthly meeting with staff 5) Organizational structure Defines the existing lines of responsibility and authority Auditor can learn the management and functional elements of the business and perceive how control are implemented by the understanding of client’s organizational structure EXAMPLE: Implementation of organizational structure for staff in the finance department 6) Human resource policies and practices Most important as the reliable financial statements may be achieve by having competent and trustworthy employees Related to the methods by which persons are hired, evaluated, trained, promoted and compensated EXAMPLE: Management to review carefully the background of the potential hiring to ensure it suit the position DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 2 9

Risk assessment -Have 3 sub elements which are: 1) Identify Determine the significant and complexity of core business and processes, new information technologies, economic downturn and the entrance of the new competitors 2) Analyses Once the risk has been identified, the significant of the risk will be estimate and the likelihood of the risk occurring will be assess 3) Manage The specific actions will be developing to reduce the risk to an acceptable level Control activities -Have 5 sub elements which are: 1) Adequate separation of duties Allowing one person to perform more than 1 function will increase the risk of asset usage for personal gain Significant for auditors to ensure the minimization of fraud and error 2) Proper authorization of transaction and activities Every transaction must be properly authorized by the specific function as mentioned in the control Have 2 types of authorization which are: i) General authorization - management establish policies for subordinates to approve all transactions within the limits set by the policy ii) Specific authorization – applies to individual transaction which management prefer to authorize each transaction individually 3) Adequate documents and records Adequate documents are essential for correct recording of transaction and control of assets Included sales invoices, purchase order, subsidiary records, sales journals and employee’s timecards DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 0

4) Physical control over assets and records Assets and records must be protected to maintain adequate internal control Most important type of protective measure for safeguarding assets and records is the use of physical precautions 5) Independent checks on performance Also known as internal verification Important because the internal control tend to change over time Information and communication -Auditor should determines 5 sub elements which are: Major classes of transaction of the entity How those transaction are initiated and recorded What accounting records exist and their nature How the system captures events that are significant to the financial statement Nature and details of the financial reporting process Monitoring -3 sub elements need to be taken note which are: Monitoring activities deal with ongoing or periodic assessment of the quality of internal control by management to determine that control is operating as intended and that are modified as appropriate for changes in conditions The internal audit function must be performed by staff independent of both the operating and accounting departments and report directly to a high level of authority within the organization, either top management or the audit committee of the board of directors Monitoring activities can reduce external audit costs by providing direct assistance to the external auditor in which external auditor can rely on internal auditor works in many ways Responsibility of MANAGEMENT: Establish and maintain the proper entity internal control Publicly report on the operating effectiveness of those control To design and implement IC based on below concept: 1) Reasonable assurance IC should provide reasonable, but not absolute, assurance that the financial statement is fairly stated after considering both the costs and benefits of the controls DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 1

2) Inherent limitations IC can never be completely effective, regardless of care followed in their design and implementation because it depends on the competency of the people using it 3) Design of IC IC must be evaluated to ensure the design in place is able to prevent or detect material misstatement in the financial statements The evaluation of design includes evaluating how significant transaction are initiated, authorized, recorded, processed, and reported to identify point in the flow of transactions where material misstatement due to error or fraud could occur 4) Operating effectiveness of IC IC must be tested to determine whether the control is operating as designed and whether the person performing the control possess the necessary authority and qualification to perform the control effectively Responsibility of AUDITOR: Understanding and testing internal control over financial reporting Annually issue an audit report on the operating effectiveness of those controls as required by Securities Commission (SC) Primarily concern about control as per below: 1) Control over the reliability of financial reporting Should not ignore the control affecting internal management information, such as budget and internal performance reports 2) Control over the class of transaction Should not ignore the control on the accuracy of input and processing transaction 3.2 Importance of internal control to auditors Relationship between internal control and audit evidence: Information produced by the clients that is used for performing audit procedures needs to be sufficiently complete and accurate in order for the external auditors to obtain reliable audit evidence. It can only be achieved by having proper internal control system. DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 1

3.3 Documentation of internal control system Documentation of understanding of IC: 1) Narrative Written description of the client’s internal control Proper narrative described 4 characteristics: i) The origin of every document and record. For example, the description how sales invoice is generated. ii) All process that take place. For example, the description on how to get the amount stated in the sales invoice. iii) The disposition of every document and record. For example, the description on how the sales invoice been sending to the customer. iv) Indication of the control relevant to the risk. For example, the description on whom will be authorize and review the sales invoice issued. 2) Flowchart Diagram of client’s documents and their sequential flow in the organization Adequate flowcharts have the 4 characteristics as mentioned in narrative The advantages are it is easier to read and update 3) Internal control questionnaire Ask a series of questions about the controls in each audit area as a means of identifying internal control deficiencies The disadvantage of questionnaire is inability to provide an overview of the system Cyber threat to internal control: Attacked by computer malware that taking over client’s files that can lead to data losses, disruption of operations and leaked of information. Therefore, protection of company system, networks and data in cyberspace are crucial to be consider as part of internal control. 3.4 Strengths and weaknesses Strengths: 1) Detection of errors and frauds IC systems are structured in such an away that work done by one employee in a process is checked by another without knowledge of the former. In such an environment, any fraud committed is brought to light unless there is collusion among fraudsters. DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 2

2) Time saving Auditor can check by sampling the transactions to ensure reliability and accuracy of entries in the books. Hence, he can complete his audit work within the prescribed time. 3) Minimum scope of errors and frauds Each employee does only a limited work due to implementation of segregation of duties. Moreover, consciousness of his work being independently checked by another keeps him to be always alert at work. 4) Operational efficiency Enforcement of accountability, error-free work policies, reliability, and check and balance practices enables the management to monitor and assess the performance of employees. This positive cultured of internal control policies and practices able to enhance the efficiency and effectiveness of organization. Weaknesses: 1) Collusion Where 2 or more people who are intended by a system of control to keep watch over each other could instead collude to override the system 2) Human error A person involved in a control system could simply make a mistake, perhaps forgetting to use a control step. Or the person does not understand how a control system is to be used or does not understand the instructions associated with the system. 3) Management override Someone of the management team who has the authority could override any aspect of a control system for his personal advantages 4) Missing segregation of duties Control system might have been designed with an insufficient segregation of duties, so that one person can interfere the operation based on the policies Deficiency: 1) Deficiency in design Occurred when a control necessary to meet the control objectives is missing, or an existing control is not properly designed EXAMPLE: The control for payment authorization did not state who should authorize the payment DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 3

2) Deficiency in operation Occurred when a control does not operate as designed, or when a person performing the control does not possess the necessary authority or competence to perform the control effectively EXAMPLE: The control for payment authorization stated that only Finance Manager can authorize the payment, but in practice, Finance Executive has authorized it on behalf of the Finance Manager 3.5 Management letter Contents: Management responsibility for designing and implement the internal control system to prevent and detect fraud Disclosure on the fraud activities detected or suspected that involving the management where it would affect the company Details of employees that have significant roles in the internal control system Details of fraud that could have significant effect on the financial statement DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 4 END OF CHAPTER

PRACTICE MAKES PERFECT 1 Explain FIVE (5) components of internal control. 10 Marks 2 Elaborate risk assessment as one of the elements in internal control. 6 Marks 3 Analyse TWO (2) advantages of the internal control. 4 Marks 4 The management of the company must ensure that the internal control of the company has been documented properly. Elaborate THREE (3) ways of documentation that can be use by the company. 9 Marks 5 Explain any TWO (2) elements under control environment with an example. 6 Marks 6 Management has a huge responsibility to maintain a proper internal control within the company. List the important concepts that should be consider by the management when design and implement the internal control. 4 Marks 7 Amy works as a finance staff at JayP Sdn Bhd. She is responsible to key-in all sales transaction into the accounting system. Sometimes, she wrongly key-in the amount of sales transaction due to the huge numbers of sales generated per day. Ascertain whether this situation represents fraud or error. 2 Marks DPA 40123 Audit 1 l Politeknik Mukah Sarawak I N T E R N A L C O N T R O L S Y S T E M | 3 5 8 During the audit of Eberwin Sdn Bhd, the auditor found out that the finance staff has approved all the payments to the suppliers. However, the operating procedures stated that only the finance manager is able to approve the payment. Demonstrate the types of deficiency of internal control involved in this situation. 3 Marks

N O T E S

CHAPTER 4 Audit Planning & Audit Risk

4.1 Nature of audit planning Definition: Planning an audit involves establishing the overall audit strategy and developing an audit plan for the engagement. The audit plan should be developed for the purpose of an audit in order to reduce audit risk to an acceptably low level. Also involves the engagement partner and other key members of the engagement team to benefit from their experience an insight to enhance the effectiveness and efficiency of planning process. Purposes: To get the right attention into important areas To immediately identify problems To save cost and time To reduce misunderstanding between auditor and clients To standardize the audit work carried out by different auditor Issues and relevant considerations: 1) Staff requirements and use of expert Audit managers need to properly plan the allocation of the audit team member as well as appointment of external expert Decision made based on the resources given such as number of staff and audit fees EXAMPLE: Auditor to consider the use of external valuer for the audit of land and buildings 2) Consideration of materiality and risks Audit team need to identify for any potential problem such as from complex accounting system or transactions, related parties' transactions, major changes in company’s operations or the implementation of new IT system to replace manual operations The assessment should be conducted to deal especially with the material problem with high risk EXAMPLE: Auditor to give more attention to the audit of revenue as it is high risk area DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 3 8

3) Laws and regulations involved Audit team need to identify the relevant laws and regulation which apply to the client’s business Different business and sector apply different set of laws and regulations EXAMPLE: Auditor who audit the manufacturing company should consider the client’s compliance on environmental Act 4) Identify related parties Audit team need to obtain a detailed of related parties' relationships and transactions The identification process should involve below procedures: i) Discussion among engagement team of related parties' issues ii) Inquiry management about the identity of related parties, nature of relationship, types and purpose of related party transactions iii) Inquiry person within the entity to understand the entity controls on related party relationship and transactions EXAMPLE: Auditor to identify transactions with subsidiaries 5) Going concern issues Audit team should access the client’s financial for potential going concern issues Going concern issues indicate that the client’s financial potentially unable to fulfil the company’s short-term liabilities with the liquidation of the current assets EXAMPLE: Auditor to monitor the current assets of the client either is it higher than the current liabilities or not 6) Develop the overall audit strategy and audit plan Audit team should establish the overall audit strategy and then proceed to the development of an audit plan to address the various matters identified in the overall audit strategy The establishment of the overall audit strategy and the detailed audit plan are not necessarily in sequential processes, but are closely inter-related since changes in one may result in consequential changes to the other EXAMPLE: Auditor to plan procedures to audit cash balances DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 3 9

7) Additional value-added services Audit team should conduct an assessment on other value-added services that able to enhance their competitive advantage Competitive advantages able help the auditor and management to identify the opportunities for business improvement, time and cost saving EXAMPLE: Auditor to discuss with management to have accounting training with the audit firm’s training department 4.2 Process in audit planning Preliminary engagement activities: Client acceptance of the engagement Audit firm must exercise reasonable care in deciding whether to accept an audit engagement The decision should consider the business position in the community, financial stability, relationship with previous accounting firms and justification of the change of audit firm Initial planning upon acceptance Audit firm and client should agree to the terms of an audit engagement before the engagement begins It is possible that the terms may be changed subsequently during the audit engagement, but it must then be agreed by both audit firm and client ISA 210 stated that, “the auditor shall not agree to a change in the terms of the audit engagement where there is no reasonable justification for doing so The changes must have a reasonable justification which may include changes affecting the needs of the services, misunderstanding on the nature of the audit as originally requested and restriction on the scope of audit engagement whether imposed by management or caused by other circumstances Engagement letter (EL) Is a documents letter that confirms the auditor’s acceptance of the appointment, the objective and scope of the audit, the extent of the auditor’s responsibilities to the client on the form of any reports Will be sent after auditor decide to accept A crucial written approval Can avoid misunderstanding between management and auditor that might arise during audit process DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 4 0

Contents of EL is including management responsibility on internal control, constraints of the audit firm and description of the basis fees Important contents of EL: 1) Audit work scope Notify that the audit scope on financial statement is as per ISA and the Companies Act 2016 2) Audit work carried out Explain that auditor will be doing audit on financial statement and inspection on the internal control system 3) Audit limitation Inform on the audit work and inherent audit limitation 4) Management and auditor’s responsibility Explain clearly on the management and auditor’s responsibility 5) Fraud Explain the responsibility of the company to prevent and detect fraud Importance of EL: Serve as a contract between auditor and client Confirms the acceptance of an appointment Avoid misunderstanding between auditor and client Show the scope of the audit work Show the responsibility of the auditor and client Purpose of preparing EL: To state clearly the limitation to be imposed on auditor’s work To state the timeline for audit completion To state the requirements of assistance from client’s staff in obtaining records and evidence To shows the acceptance of the audit engagement To state the objective and scope of the audit DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 4 1

Methods to understand client’s business risks: 1) Tour the plant and offices Helpful in obtaining a better understanding of the client’s business operations Actual viewing of the physical facilities aids in understanding physical safeguards over assets EXAMPLE: Auditor see the warehouse of the company 2) Inquiries of the client’s personnel Meet key personnel of the client Discussions with non-accounting employees are useful in maintaining a broad perspective of the company EXAMPLE: Auditor inquiry the sales manager to understand sales processes 3) Identify related parties Identify the related party's transaction that are material and should be disclosed in the financial statements The disclosure includes the nature of the related party relationship and a description of the transactions EXAMPLE: Auditor get the intercompany transactions details from the management 4) Memorandum and articles of association Legal document necessary for recognizing a corporation Includes the name of the company, date of incorporation and types of business entity EXAMPLE: Auditor read the memorandum to know the nature business of the client 5) Minutes of meeting Official record of the meetings of the board of directors and stockholders A lot of information related to the progress of the business can be read from the minutes EXAMPLE: Auditor read the minutes to get information about the new investments made by the client DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 4 2

Factors to be considered when understand client’s business risks: 1) Knowledge of the business Auditor should understand how the entity communicates financial reporting roles and responsibilities and significant matters relating to the financial reporting Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting 2) Understanding accounting and internal control systems Auditor should understand the internal control involves by evaluating the design of a control and determining whether it has been implemented properly Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable in effectively preventing, detecting and correcting the material misstatements 3) Risk and materiality Auditor should obtain a sufficient understanding of a control activities to assess the risk of material misstatement at the assertion level Assessment of risk includes auditor to design further appropriate audit procedures to assess the risks 4) Nature, timing and extent of procedures Nature refers to the types of audit procedures that will be use for the audit either test of control or substantive procedures Timing refers to when the audit procedures are performed or the period which the audit evidence applies Extent refers to the quantity of sample size that will be selected or audit procedures that will be performed 5) Coordination, direction, supervision and review The level of direction, supervision and review of audit team members is different based on several factors such as: i) The size and complexity of the client’s entity ii) The area of audit iii) Assessment of the risk on material misstatements iv) Capabilities and competencies of audit team members DPA 40123 Audit 1 l Politeknik Mukah Sarawak A U D I T P L A N N I N G & A U D I T R I S K | 4 3