Guide to Implementing Audit Assertions in Internal Audits

In the increasingly complex world of organizational governance, internal audit is no longer simply a routine audit activity. It now serves as a strategic partner to management in ensuring accountability, transparency, and effective risk management. Amidst these needs, one fundamental concept that forms the backbone of the entire audit process is assertion.

Understanding audit assertions and examples is a mandatory competency for every internal auditors, tim GRC (Governance, Risk, and Compliance), and organizational management. This article serves as a practical guide to understanding the concept of assertions from the basics to their practical application in internal audits.

What is meant by assertion in auditing?

What does it mean by assertions in auditingSimply put, an assertion is a statement or claim made by management regarding the accuracy, completeness, and reliability of the information contained in an organization's financial or operational reports. This statement can be explicit, written directly in the report, or implicit, implied through the way the data is presented.

In other words, when management presents a figure or information in a report, they are indirectly making a claim that the information is correct, complete, and presented according to applicable standards.

Management Assertions in Internal Audit

Management assertions in audits refer to the five basic categories of statements generally accepted in professional auditing standards. According to PSAK 07 (SA 326), there are five types of assertions that auditors must understand and test:

• Existence or Occurrence: A claim that a recorded asset, liability, or transaction actually exists and has occurred in the period in question.
• Completeness: Claim that all transactions and accounts that should be recorded have been fully included in the financial statements.
• Rights and Obligations: The claim that recorded assets are the legal rights of the organization, while recorded liabilities are real burdens that must be borne.
• Valuation and Allocation: Claim that all components of the financial statements have been valued and allocated at the appropriate amounts in accordance with applicable accounting standards.
• Presentation and Disclosure: Claim that all information in the financial statements has been classified, explained, and disclosed fairly and adequately.

Management assertions in an audit do not stand alone. They serve as a framework that guides the auditor in determining what types of procedures, evidence, and tests to perform during the audit process.

Audit Assertions and Examples in Practice

To make it easier to understand, here are audit assertions and examples in real operational contexts:

• Existence: Management stated that Rp500 million worth of inventory was recorded on the balance sheet. The auditor then conducted a physical inventory count to verify this claim.
• Equipment: Management stated that all accounts payable to suppliers had been recorded. The auditor examined whether any invoices received after the balance sheet date were related to the period under audit.
• Rights and Obligations: Management claims that the operational vehicles listed on the balance sheet are legally owned by the company. Auditors examine ownership documents such as vehicle ownership certificates (BPKB) or proof of acquisition.
• Rating: Management stated that accounts receivable are presented at net realizable value after deducting an allowance for doubtful accounts. The auditor examines the reasonableness of this allowance.
• Disclosure: Management stated that long-term liabilities classified on the balance sheet would not be due within the next 12 months. The auditor reviewed the payment schedule and credit agreement.

The Role of Assertions in the Internal Audit Process

In a modern internal audit framework, assertions serve as a compass that guides the audit's focus. Without a solid understanding of assertions, auditors risk spending resources on non-critical areas while overlooking true material risks.

The strategic role of assertions in the internal audit process includes:

• Audit Planning Basis: Assertions help the audit team determine which areas require more in-depth testing based on the initial risk assessment.
• Evidence Collection Guide: Each assertion has a type of audit evidence that is most relevant, so that the auditor can design efficient and proportionate testing procedures.
• Evaluation Standards for Findings: Audit findings are evaluated based on whether an assertion is proven correct or there is a material deviation, so that audit conclusions are objective and standardized.
• Communication with Management: Assertions create a common language between auditor and management, so that discussion of findings becomes more constructive and fact-based.

Steps to Implement Audit Assertions in Internal Audit

Effectively implementing audit assertions in internal auditing requires a systematic approach. Here are some practical steps you can take:

1. Audit Scope Identification Determine the unit, process, or report to be audited. Understand the relevant business and regulatory context to ensure the assertions selected align with the characteristics of the audit object.
2. Mapping Assertions to Risks For each area audited, identify which assertions are most susceptible to misstatement or deviation. For example, the procurement process is at high risk for the existence and completeness assertions.
3. Design the Right Testing Procedure Each assertion requires different procedures. Use a combination of analytical procedures, substantive tests, and tests of controls to obtain sufficient evidence.
4. Collect and Evaluate Evidence Gather sufficient, relevant, and reliable evidence to support or refute each assertion tested. Document the entire process neatly in audit working papers.
5. Communicate Results to Management Present findings based on unmet assertions. Recommendations should be specific, measurable, and directed toward systemic improvement.
6. Follow-up and Monitoring Ensure that recommendations on problematic assertions are followed up within the agreed timeframe, and conduct regular monitoring.

Relevance of Assertions for GRC

The relevance of assertions for GRC is significant, especially in an era of increasingly risk-based governance. GRC is an integrated framework that combines Governance, Risk Management, and Compliance requires a strong verification foundation, and this is where audit assertions play a crucial role.

Some points of intersection between assertions and GRC include:

• Governance (Tata Kelola): Assertions ensure that reports submitted to the board of directors and stakeholders reflect the true condition of the organization, supporting accountable decision-making.
• Risk Management (Manajemen Risiko): By testing the existence and completeness assertions, internal auditors help identify potential misstatements that could be indicators of operational risk or fraud (fraud).
• Compliance (Kepatuhan): Presentation and disclosure assertions ensure that the organization's reporting complies with applicable regulatory requirements, such as accounting standards, OJK regulations, and tax provisions.

Challenges in Implementing Audit Assertions

Despite its structured concept, the application of audit assertions in practice is not always smooth. Some common challenges include:

• Limitations of the Audit Team's Understanding: Not all internal audit team members have a thorough understanding of the five assertions and how to test them effectively, especially in organizations that do not yet have a mature audit function.
• Implicit Assertions That Are Difficult to Identify: Not all management claims are explicitly stated. Implied assertions require greater analytical rigor to identify and test appropriately.
• The Ever-Evolving Risk of Misstatement: With the digitalization and automation of business processes, the types of risks that threaten the reliability of assertions have also evolved. Auditors are required to continually update their testing methodologies.
• Time and Resource Pressure: Comprehensive assertion testing requires significant time and effort, and internal audit functions often operate with limited resources.
• Coordination with Management: Sometimes management becomes defensive about assertion testing, especially if the audit findings have the potential to reveal internal control weaknesses.

Addressing these challenges requires organizational commitment to building a healthy audit culture, investing in auditor training, and using relevant audit technology.

Conclusion

Audit assertions are more than just academic concepts; they are a practical framework that determines the quality and reliability of the entire internal audit process. By understanding what assertions mean in auditing, mastering management assertions in auditing, and understanding audit assertions and their practical examples, internal auditors can work more purposefully, efficiently, and add value to the organization.

The relevance of assertions to GRC cannot be overlooked, as they mutually reinforce each other in building transparent governance, proactive risk management, and sustainable compliance. In an ever-changing business landscape, the ability to appropriately apply audit assertions is one of the core competencies that distinguishes a reactive internal audit function from a truly strategic one.

Therefore, companies need a system that can help the internal audit process run more structured, accurate, and risk-based. To support this, an audit application is needed. Audithink can be a solution in managing audit assertions, monitoring findings, and internal control more effectively.

This application is designed to be easily integrated with various company systems, supports real-time monitoring, and helps audit teams ensure optimal governance, risk, and compliance processes. Submit a demo now and find out how our app works.