Prof Madya Dr. Mohamad Azmi Nias Ahmad

23 Januari 2026

My "All Time Favourite" 15 Study Tips

Push yourself - Start small. Few minutes then few hours.
Rest! - If your tired, but don't over do it!
Don't be perfectionist - Aim to understand, NOT to understand everything. You will understand more.
Read! - Better start!.
Don't ReRead! - Don't reread but test yourself. If you don't get close 100%, then reread to fill your knowledge gap.
Set a clear goal – Know what you want to understand before you start. Reading without a goal wastes energy.
Break it down – One topic, one concept, one problem at a time. Big tasks become easy when divided.
Write while reading – Short notes, keywords, or diagrams lock ideas into memory.
Teach someone (or yourself) – If you can explain it simply, you truly understand it.
Use active recall – Close the book and list what you remember. Memory grows through effort.
Space your learning – Come back tomorrow, next week, next month. Repetition over time beats cramming.
Accept confusion – Feeling lost is part of learning; clarity comes later. Don’t panic.
Connect ideas – Link new knowledge to what you already know. Learning sticks when it has anchors.
Apply immediately – Do a question, example, or case as soon as you finish reading.
Be consistent, not intense – 30 minutes daily beats 5 hours once a week.

Taklimat peperiksaan Semester 20254

20 Januari 2026

Substantive testing

Substantive testing is audit work performed to detect material misstatements directly in the financial statements—by checking transactions, balances, and disclosures.

It answers: “Is this amount (or disclosure) actually correct?”
(Not “did the control work?”—that is TOC.)

Two main types of substantive procedures

1) Substantive analytical procedures

Auditor uses comparisons and ratios to identify unusual trends.

Example: Compare this year’s gross profit margin with last year and with industry; investigate big changes.

2) Tests of details

Auditor checks the supporting evidence for amounts.

Example: Select sales invoices and match to delivery orders and customer orders to confirm revenue is valid.

Simple examples by audit area

Cash & Bank: confirm bank balance (bank confirmation), check bank reconciliation, trace cash book to bank statement.
Receivables: send confirmation letters to customers, check subsequent receipts after year-end.
Inventory: attend stocktake, test inventory pricing and valuation, check for obsolete items.
Purchases/Payables: test supplier invoices, check unmatched GRNs, search for unrecorded liabilities.
Revenue: vouch sales to DO/invoice, perform cut-off tests (sales recorded in correct period).

When auditors do more substantive testing

Auditors increase substantive testing when:

internal controls are weak,
risk of material misstatement is high,
there is significant judgment/estimation (e.g., impairment, provisions),
fraud risk is higher.

If you tell me which topic you are studying (cash, inventory, revenue, payroll), I can write a Diploma-ready table: Assertion → Substantive test → Audit evidence.

Tests of Controls

What are Tests of Controls (TOC)?

TOC are audit procedures performed to check whether a company’s internal controls are:

properly designed, and
operating effectively (working consistently as intended).

If the controls are effective, the auditor may reduce some substantive testing (detailed testing of transactions/balances). If not effective, the auditor increases substantive procedures.

Simple example

Control: Every supplier payment must be approved by the Finance Manager.

TOC: The auditor selects a sample of payment vouchers and checks whether:

the Finance Manager’s approval/signature is present,
the approval was done before the payment date, and
the supporting documents are attached (invoice, PO, GRN).

How auditors perform TOC (common methods)

Inquiry: ask staff how the control is done
Observation: watch the control being performed
Inspection: check documents/records for evidence of the control
Reperformance: auditor repeats the control (strong evidence)

Difference: TOC vs Substantive testing

TOC = “Did the control work?”
Substantive testing = “Is the account balance/transaction amount correct?”

If you tell me the topic (cash, revenue, purchases, inventory, payroll), I can give you 3–5 TOC examples specifically for that area.

Internal control in auditing

Internal control is a process designed and implemented by those charged with governance and management to provide reasonable assurance that the entity will:

achieve operational objectives (effectiveness and efficiency),
produce reliable financial reporting, and
comply with laws and regulations.

In an audit, internal control matters because it directly affects the auditor’s assessment of the risk of material misstatement (RMM) and therefore the nature, timing, and extent of audit procedures.

1) Why auditors consider internal control

Auditors evaluate internal control not to guarantee it is perfect, but to:

Understand how relevant controls are designed and implemented.
Assess RMM at the financial statement level and assertion level.
Design audit responses:
- If controls are reliable and tested as effective → auditors may rely more on controls and reduce some substantive testing.
- If controls are weak or not reliable → auditors increase substantive procedures (more detailed testing, larger samples, closer to year-end).

2) The 5 components of internal control (COSO framework)

Auditors commonly frame internal control using COSO:

Control Environment
“Tone at the top,” integrity and ethics, governance oversight, organizational structure, competence, HR policies.
Risk Assessment
How management identifies and responds to business and reporting risks (including fraud risks, changes in systems, new products).
Information and Communication
The accounting system and related business processes; how information flows and responsibilities are communicated.
Control Activities
Policies/procedures that prevent or detect misstatements: approvals, reconciliations, segregation of duties, physical safeguards, IT controls.
Monitoring
Ongoing or periodic evaluation of controls, internal audit activities, follow-up on identified deficiencies.

3) Types of controls auditors look at

By purpose

Preventive controls: stop errors/fraud from occurring (e.g., segregation of duties).
Detective controls: identify issues after they occur (e.g., bank reconciliations).
Corrective controls: fix problems and reduce future recurrence (e.g., root-cause action plans).

By form

Manual controls (human review/approval)
Automated controls (system-enforced checks)
IT General Controls (ITGCs): access security, program change management, IT operations—these support the reliability of automated controls.
Application controls: input–processing–output checks (validations, edit checks, sequence checks).

4) How internal control affects the audit approach

Auditors generally use a mix of:

Tests of controls (TOC): to determine whether controls operate effectively.
Substantive procedures: analytical procedures and tests of details to detect material misstatements directly.

Practical implications:

High RMM / weak controls → more tests of details, larger samples, year-end testing.
Strong controls verified by TOC → reduced extent of certain substantive tests (where appropriate), but some substantive work remains necessary for material balances.

5) How auditors obtain evidence about controls

Common techniques:

Inquiry (ask personnel)
Observation (watch the control being performed)
Inspection (review documents/records)
Reperformance (independently execute the control again—often the most persuasive)

Note: Inquiry alone is rarely sufficient to conclude a control is effective.

6) Inherent limitations of internal control

Internal control cannot provide absolute assurance due to:

Human error
Management override
Collusion
Cost–benefit constraints
Changing conditions (new systems, staff turnover, process changes)

7) Control deficiencies and auditor communication

If issues are identified, auditors classify and communicate them (depending on standards and jurisdiction), such as:

Deficiency in internal control
Significant deficiency
Material weakness (term more common in some regulatory environments)

These are often reported in a management letter (also called a letter of internal control weaknesses), with recommendations for improvement.

Examples (area → typical key controls)

Cash/Bank → timely bank reconciliations, dual authorization for payments, restricted e-banking access.
Revenue → approved pricing/discounts, system blocks invoicing without delivery evidence, sales-to-AR reconciliations.
Purchases → three-way match (PO–GRN–invoice), vendor master file controls.
Inventory → cycle counts/stocktakes, controlled warehouse access, reconciliation between stock records and GL.

17 Januari 2026

Tanggungjawab dipenuhi

15 Januari 2026

Baki cuti dibawa kehadapan done

13 Januari 2026

Testing Clerical Accuracy

Auditors check the final inventory listing for clerical accuracy by:

Extensions (quantity × unit price)
Footings (adding totals correctly)

Be careful of common big errors:

Misplaced decimal points (e.g., 1.5 becomes 15)
Wrong count units (e.g., pieces vs boxes/cartons)

Developing the Audit Plan (Inventory)

Risk assessment procedures flow:

Understand the entity to identify inherent risks
Understand internal controls over inventory
Assess risk of material misstatement
Design further audit procedures

Internal controls understanding (what auditors look at):

Procedures for purchasing, receiving, storing, issuing goods (purchase & sales cycles)
Methods: observation, enquiries, inspecting documents, and performing/attending stocktake
Goal: determine whether quantity and value are recorded appropriately

Risk factors that increase inherent risk (IR):

Multiple sites
Vulnerable to theft, spoilage, obsolescence

Further audit procedures:

TOC: confirm controls over inventory records work effectively
Substantive testing (ST): obtain evidence on existence and valuation

Inventory Valuation: Accounting Principles the Auditor Checks

Auditor focuses on whether valuation follows acceptable accounting principles, including:

(1) Assignment of costs

Must use an acceptable method (e.g., FIFO or average cost) and apply it consistently.

(2) Accounting treatment of problem inventory

Identify and treat properly: obsolete, slow-moving, excess, defective items.

(3) Lower of cost or NRV

Inventory may need to be reduced to replacement cost or NRV (lower of cost or NRV concept).
Auditor verifies the basis by observing inventory and making enquiries (management/production/sales).

Key Audit Issues / Assertions for Inventory

The key issues are to ensure inventory:

Exists (physically there)
Is owned by the entity
Is properly valued

Main concern highlighted:

Risk of overstatement of year-end inventory balance → auditors focus strongly on physical existence.

Auditor Attendance at Stocktake: What to Consider (Planning)

When planning to attend the physical inventory count, the auditor considers:

a) Inherent risk, control risk, detection risk & materiality (inventory is significant)

b) Whether the client has adequate counting procedures and proper instructions

c) Timing of the count

d) Locations where inventory is held

e) Whether an expert is needed (nature/complexity/materiality of items)

Important exam phrase:

Audit procedures at inventory count are dual-purpose tests because they relate to:

Accuracy of the physical count, and
Effectiveness of controls over counting and pricing.

Why Compare Physical Count vs Records?

Comparing the physical count to records is aimed at:

Confirming records reflect the actual inventory on hand
Evaluating whether counting/control procedures are properly designed and working
Promoting accountability for safeguarding inventory
Detecting differences (errors in counting or recording) that need investigation and correction

Stocktake & Reconciliation (Key Control Activity)

A physical inventory count and comparing it to accounting records is a very important control activity and helps the auditor assess control risk.

Two common counting approaches:

1. Complete inventory count

Operations mostly stop; everything counted at one time.

2. Cycle count

Counts selected items during the year; all items counted at least once per year.

For both methods:

Physical count is reconciled to perpetual inventory records (if maintained).
Pricing and summarisation are based on the reconciled amount.

Electronic counting methods (e.g., barcode/scanner) may be used to support counting efficiency and accuracy.

Inventory Records: With vs Without

A. Entities without inventory records

Rely heavily on stocktake / physical count at the end of the reporting period.

B. Entities with comprehensive inventory records (perpetual system)

Auditor should do:

TOC (Tests of Controls) over recording/maintaining inventory records
Observation of physical inventory (existence)
Verification of cost and net realizable value (NRV)

Why is Inventory Audit Important (and often “tough”)?

Inventory is usually:

Large in value on the balance sheet
Easy to manipulate (changing inventory can affect profit)
Complex and time-consuming to audit, especially year-end balance testing

Why complex?

Inventory may be stored in many locations (harder to count/control)
Items can be diverse (e.g., jewels, chemicals, electronic parts) → hard to observe/value
Valuation judgement is needed (e.g., obsolescence, cost allocation in manufacturing)
There are several acceptable valuation methods

What is Inventory?

Inventory is a current asset held by a business:

Goods for sale (e.g., finished goods in a shop), or
Items used to produce goods for sale (e.g., raw materials in a factory).

Manufacturing inventory stages:

Raw materials
Work in progress (WIP)
Finished goods

Audit of Inventory Cycle

What is Inventory?
Why is Inventory Audit Important (and often “tough”)?
Inventory Records: With vs Without
Stocktake & Reconciliation (Key Control Activity)
Why Compare Physical Count vs Records?
Auditor Attendance at Stocktake: What to Consider (Planning)
Key Audit Issues / Assertions for Inventory
Inventory Valuation: Accounting Principles the Auditor Checks
Developing the Audit Plan (Inventory)
Testing Clerical Accuracy

Conclusion

An auditor’s report

Provides an opinion on true and fair view
Enhances reliability of financial statements
Helps users make better decisions

Key Audit Matters (KAM)

Key Audit Matters help users understand:

Important issues during the audit
Matters of most significance in the current year audit

Examples:

Major lawsuits
Early adoption of new accounting standards
Major disasters affecting the company

Why Do We Need an Audit Report?

Independent audits are needed because of

Conflict of interest (management vs shareholders)
Consequences of wrong decisions
Complexity of accounting
Remoteness of users from the business

Mnemonic: C³R

Conflict – Consequence – Complexity – Remoteness

Reasons for Modified Audit Report

Audit opinion is modified due to

Limitation of audit scope
Disagreement on accounting treatment

Types of Audit Opinions

Click Image to Enlarge

Audit opinions are divided into two main groups:

(A) Unqualified (Unmodified) Opinion

Issued when

Financial statements give a true and fair view
Prepared according to accounting standards
No material misstatement
Simple meaning: Everything is okay.

(B) Modified Opinions (ISA 705)

There are three types

1. Qualified Opinion

Issued when

There is a scope limitation OR
Disagreement with management
Problem is material but not pervasive
Uses the phrase “except for”
Meaning: Mostly okay, except one issue.

2. Disclaimer of Opinion

Issued when

Auditor cannot obtain sufficient evidence
Effects may be material and pervasive
Auditor does not express any opinion
Meaning: Auditor cannot say anything.

3. Adverse Opinion

Issued when

Financial statements are materially and pervasively misstated
Do not present a true and fair view
Meaning: Accounts are seriously wrong.

Contents of an Audit Report (ISA 700)

An audit report must include

Title
Addressee
Introductory paragraph (what was audited)
Management’s responsibility
Auditor’s responsibility
Opinion paragraph
Auditor’s signature
Date
Auditor’s address

Tip for exams:

If asked “state FOUR contents”, any four from this list is acceptable.

Standard Format of an Audit Report

A typical audit report contains three main paragraphs

Responsibilities of management and auditor
Scope of the audit
Auditor’s opinion

Responsibility: Management vs Auditor

According to ISA and Companies Act 2016

Management is responsible for:

Preparing financial statements
Ensuring they give a true and fair view
Applying proper accounting standards

Auditor is responsible for:

Examining the financial statements
Collecting sufficient audit evidence
Expressing an independent opinion

Easy memory tip:

Management prepares, Auditor checks.

Purpose of an Audit Report

The main objectives are to

Communicate the auditor’s findings
Express an opinion on the truth and fairness of the financial statements
Provide reasonable assurance that the accounts are free from material misstatement (fraud or error)

Important exam phrase:

“Reasonable assurance, not absolute assurance”