Auditing Theory Salosagcol Summary

AC17&18: ASSURANCE PRINCIPLES, PROFESSIONAL ETHICS AND GOOD GOVERNANCE REVIEWER ALAMO, MARK JOSEPH S.

AC17&18: ASSURANCE PRINCIPLES, PROFESSIONAL ETHICS AND GOOD GOVERNANCE             

AUDIT – AUDIT – AN AN OVERVIEW THE PROFESSIONAL PROFESSIONAL STANDARDS STANDARDS THE AUDITOR’S RESPONSIBILITY RESPONSIBILITY THE AUDIT PROCESS – PROCESS – ACCEPTING ACCEPTING AN ENGAGEMENT AUDIT PLANNING CONSIDERATION CONSIDERATION OF INTERNAL CONTROL AUDITING IN AN COMPUTERIZED ENVIRONMENT ENVIRONMENT PERFORMING SUBSTANTIVE TESTS AUDIT SAMPLING COMPLETING THE AUDIT AUDIT REPORTS ON FINANCIAL STATEMENTS STATEMENTS ASSURANCE AND RELATED SERVICES THE CODE OF ETIHICS AND REPUBLIC ACT 9298


AUDIT – AUDIT – AN AN OVERVIEW An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about “ economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and criteria and communicating communicating the results to interested users.” users.” – AASC AASC

Types of Audit 1. Financial Statement Audit – audit conducted to determine whether the FSs of an entity are fairly presented with an identified financial reporting framework. (Conducted by EXTERNAL AUDITORS ) 2. Compliance Audit – a review of an organization’s procedures to determine whether the organization adhered to specific procedures, rules, contracts, or regulations . (Conducted usually by GOVERNMENT GOVERNMENT AUDITORS) 3. Operational Audit – Audit – study of a specific unit of the organization for the purpose of measuring its performance. (Conducted usually by INTERNAL AUDITORS ) The Independent Financial Statement Audit 

 

MANAGEMENT is responsible for preparing and presenting the FSs in accordance with the financial reporting framework. The AUDITOR’S RESPONSIBILITY RESPONSIBILITY is to form and express an opinion on the FSs based on his audit. An audit conducted with PSA is designed to provide only REASONABLE ASSURANCE that the FSs taken as a whole are free from material misstatements.

Limitations of an Audit 1. Sampling Risk/ Use of Testing 2. Error in Application of Judgment/ Non-sampling risk 3. Reliance on Management’s Representation

4. Inherent Limitations of the Client’s Accounting and Internal Control Systems 5. Nature of Evidence

General Principles Governing the Audit of Financial Statements 1. Code of Professional Ethics 2. Philippine Standards on Auditing (PSA)

3. Attitude of Professional Skepticism

Need for an Independent Financial Statement Audit 1. 2. 3. 4.

Conflict of Interest Expertise Remoteness Financial Consequences

Theoretical Framework of Auditing (Assumptions or Ideas that Support the Audit Function) 1. 2. 3. 4. 5. 6. 7.

Financial Data are Verifiable Independence No Long-Term Conflict Effective Internal Control Consistent application of GAAP/PFRS Continuity Benefits the Public


THE PROFESSIONAL STANDARDS Generally Accepted Auditing Standards (GAAS) It represents measures of the quality of auditor’s performance. performance. These standards should be looked as MINIMUM STANDARD of performance that auditors should follow.

General Standards Technical Training and Proficiency

Standards of Fieldwork Planning

Standards of Reporting GAAP

Independence

Internal Control Consideration

Inconsistency

Professional Care

Evidential matter

Disclosure Opinion

PHILIPPINE PHILIPPINE STANDARDS ON AUDITING (PSA) The Philippine Standard on Auditing (PSA) establishes the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with PSAs. These are issued by AASC as interpretations to GAAS. – are additions to these standards to provide practical assistance to auditors in implementing the Practice Statements – are standards and to promote good practice in the accountancy profession.

SYSTEM OF QUALITY CONTROL Quality controls are policies and procedures adopted by CPAs to provide reasonable assurance of conforming to professional standards in performing audit and related services. Elements of Quality Control (PSA 220) 1. Leadership Responsibilities Responsibilities for Quality on Audits 2. Ethical Requirements (Integrity, Objectivity, Professional Competence & Due Care, Confidentiality, Professional Behavior) 3. Independence 4. Acceptance and Continuance of Client Relationships 5. Human Resources and Assignment (Recruitment, Performance evaluation, Capabilities, Career Dev’t, Engagement Team Assignment) 6. Engagement Performance (Direction, Supervision, Review, Consultation, Engagement Quality Control Review, Differences of Opinion) 7. Monitoring QUALITY CONTROL REVIEW The government thru the Professional Regulatory Board of Accountancy (BOA) has required all CPA firms and individual CPA firms and individual CPAs in public practice to obtain a certificate of accreditation to practice public accountancy.

Quality Review Committee (QRC) – (QRC) – created by PRC which shall conduct a quality review on applicants for registration to practice public accountancy.


AUDITOR’S RESPONSIBILITY The auditor’s responsibility is to design the audit to provide reasonable assurance of detecting material misstatements in the FSs. These misstatements may emanate from: Error  Fraud  Noncompliance with Laws and Regulations 

ERROR – refers to unintentional misstatements in the financial statements Examples: Mathematical or clerical mistakes, incorrect accounting estimates, mistake in application of accounting policies FRAUD – refers to intentional act by one or more individuals among management, employees, or third parties which results in misrepresentation of financial statements. Types of Fraud: 1. Management Fraud/ Fraudulent Financial Reporting – involves intentional misstatements or omissions of amounts or disclosures, usually done by members of management or those charged with governance. Examples: manipulation of documents or records, misrepresentation of effects of transactions, recording of transactions w/o substance, intentional application of accounting policies 2. Employee Fraud/ Misappropriation of assets – fraud that is accompanied by false or misleading records in order to conceal the fact that assets are missing. Examples: embezzling receipts, stealing entity’s assets, lapping of AR RESPONSIBILITY OF MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE (PSA 240) Management – to establish a control environment and to implement internal control policies designed to ensure the DETECTION AND PREVENTION of fraud and error. Individuals charged with governance – to ensure the integrity of entity’s accounting and financial reporting systems AUDITOR’S RESPONSIBILITY: The auditor is not and cannot be held responsible for the prevention of fraud and error . The auditor’s responsibility is to design the audit to obtain reasonable assurance that the FS are free from material misstatements whether caused by error or fraud.

PLANNING PHASE

1. Make

TESTING PHASE

inquiries

management

of about

possibility of misstatement 2. Assess

the

risk

COMPLETION PHASE

3. Perform procedures necessary to

5. The auditor should obtain a written

determine

representation

whether

material

from

the

client’s

management

misstatements exist.

that

fraud/error may cause the

4.

a

6. When the auditor believes that

FS

misstatement resulted from error or

material error/fraud exists, he should

fraud. (Errors will only result to

request the mgmt. to revise the FS .

to

contain

misstatements.

material

Consider

whether

such

adjustment of FS but fraud may have other implications on an audit)

7. If the auditor is unable to evaluate the effect of fraud on FS, the auditor should either qualify or disclaim his opinion on

the FS.


FRAUD RISK FACTORS RELATING TO MISSTATEMENTS RESULTING FROM FRAUD FRAUDULENT FINANCIAL REPORTING (MANAGEMENT FRAUD) 1. Management’s Characteristics and Influence Over Control Environment These fraud risk factors pertain to 5mgmt.’s abilities, pressures,  styles, and attitude relating to internal control and financial reporting process. (Ex.: non-financial 5mgmt. participates exce ssively, high turnover of 5mgmt.., etc.) 2. Industry Conditions These fraud risk factors involve the economic and regulatory  environment in which the entity operates . (Ex.: new accounting/statutory req. that impairs financial stability of the entity) 3. Operating Characteristics and Financial Stability These fraud risk factors pertain to the nature and complexity of  the entity and its transactions , the financial condition, and profitability. (Ex.: inability to generate cash flows while reporting earnings)

MISAPPROPRIATION OF ASSETS (EMPLOYEE FRAUD) 1. Susceptibility of Assets to Misappropriation - These fraud risk factors pertain to the nature of an entity’s assets and the degree to which they are subject to theft. (Ex.: large amount of cash on hand, inventory characteristics, easily convertible assets, etc.) 2. Controls - These fraud risk factors involve the lack of controls designed to prevent or detect misappropriation of assets . (Ex.: lack of appropriate 5mgmt. over sight, inadequate record keeping of assets, poor physical safeguards, lack of timely documentation for transactions)

NONCOMPLIANCE WITH LAWS AND REGULATIONS – refers to acts or commission by the entity being audited, either intentional or intentional, which are contrary to the prevailing laws or regulations. Examples: Tax evasion, violation of environmental protection laws, inside trading of securities, violation of SEC requirements MANAGEMENT’S RESPONSIBILITY (PSA 250) – to ensure that the entity’s operations are conducted in accordance with laws and regulations. The responsibility for the prevention and detection of noncompliance rests with management. AUDITOR’S RESPONSIBILITY: An audit cannot be expected to detect noncompliance with all laws and regulations . Nevertheless, the auditor should recognize that noncompliance by the entity with laws and regulations may materially affect the FS. PLANNING PHASE

1. Obtain

TESTING PHASE

general

a

COMPLETION PHASE

4. When the auditor is aware

6. The auditor should obtain a written

understanding of the legal

concerning

representation

and

noncompliance,

regulatory

framework

applicable to entity

instance

evaluate

of

the

possible effect on the FS.

from

the

client’s

management. 7. When the auditor believes that there is

2. Design procedures to help of

5. When the auditor believes

noncompliance, the auditor should request

noncompliance with laws and

there maybe noncompliance, the

the mgmt. to revise the FS. Otherwise, a

regulations

auditor should document the

qualified or adverse opinion will be issued.

identify

3. Design

instances

audit procedures to

findings,

discuss

with

consider

the

obtain sufficient appropriate

mgmt.

audit

implication on other aspects of

evidence

about

compliance with laws and regulations  

the audit.

and

them

8. If a scope limitation has precluded the auditor from obtaining sufficient appropriate evidence, the auditor should express a

qualified opinion or a disclaimer of opinion .

Auditors are primarily concerned with the noncompliance what will have a direct and material effect in the F S. Noncompliance may involve conduct designed to conceal it such as collusion, forgery, senior 5mgmt. override of controls, failure to record transactions, or intentional misrepre sentations being made to auditor.


THE AUDIT PROCESS – ACEEPTING AN ENGAGEMENT FINANCIAL STATEMENT ASSERTIONS Assertions about classes of transactions and events for the period under audit :  Completeness Occurrence   Cutoff Accuracy   Classification

Assertions about account balances at the period end:    

Rights and Obligations Existence Completeness Valuation and allocation

Assertions about presentation and disclosure:  





Completeness Occurrence and rights and obligations and Classification understandability Accuracy and valuation

AUDIT PROCEDURES The procedures selected should enable the auditor to gather sufficient appropriate evidence about a particular assertion. Inspection – involves examining of records, documents, or tangible assets.  Observation – consists of looking a process or procedure being performed by others.  Inquiry – consists of seeking information from knowledgeable persons inside or outside the entity.  Confirmation – consists of the response to an inquiry to corroborate information contained in the accounting  records. Computation – consists of checking the arithmetical accuracy of source documents and accounting records or  performing independent calculations.  Analytical Procedures – consist of the analysis of significant ratios and trends including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate from particular amounts. Audit evidence – refers to the information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. Audit evidence will comprise source documents and accounting records underlying the financial statements and corroborating information from other sources. ISSUING A REPORT COMPLETING THE AUDIT

OVERVIEW OF THE AUDIT PROCESS

Forms a conclusion on FS (in the form of opinion)

Satisfy that the evidence gathered is consistent with auditor’s report.

PERFORMING SUBSTANTIVE TESTS Examination of documents and evidences supporting the amounts and disclosures in the FS

CONSIDERING INTERNAL CONTROL Obtaining understanding of entity’s control systems and assessing level of control risk

AUDIT PLANNING ACCEPTING AN ENGAGEMENT

Obtaining detailed knowledge about the entity and preliminary assessment

Evaluation of auditor’s qualification and auditability of prospective client’s FS

of risk and materiality


ACCEPTING AN ENGAGEMENT In deciding whether to accept or reject an engagement, the firm should consider: 1. Competence – acquired through a combination of education, training, and experience. The auditor should obtain a preliminary knowledge of client’s business and industry to determine whether the auditor has the degree of competence required by the engagement.

2. Independence – the auditor should consider whether there are threats to audit team’s independence and objectivity and, if so, whether adequate safeguards can be satisfied.

3. Ability to serve the client properly – An engagement should not be accepted if there are no enough qualified personnel to perform the audit. PSA 220 suggests that the audit work should be assigned to personnel who have the appropriate capabilities, competence, and time to perform the audit enga gement in accordance with professional standards.

4. Integrity of the management – PSA 220 requires the firm to conduct a background investigation of the prospective client in order to minimize the likelihood of association with clients whose mgmt. lacks integrity. This involves: 

Making inquiries of appropriate parties in the business community



Communicating with the predecessor auditor

RETENTION OF EXISTING CLIENTS Clients should evaluate at least once a year or upon occurrence of major events such as changes in mgmt.,  ownership, nature of client’s business, etc. In general, conditions that would cause the firm to reject the prospective client may also lead to decision of  terminating an audit engagement . ENGAGEMENT LETTER This serves as the written contract between the auditor and the client . This letter sets forth:  The objective of the audit of FS which is to express an opinion on the FS.  

The mgmt.’s responsibility for the fair representation of the FS.



The scope of the audit.



The forms or any reports or other c ommunication that the auditor expects to issue.



The fact that because of limitations of the audit , there is an unavoidable risk that material misstatements may remain undiscovered.



The responsibility of the client to allow the auditor to have unrestricted access to whatever records, documentation, and other information requested in connection with the audit.





Billing arrangements



Expectations of receiving mgmt. representation letter.



Arrangements concerning the involvement of others (experts, other auditors, internal auditors, etc.)



Request for the client to confirm the terms of the engagement

Importance of the engagement letter – (1) to avoid misunderstanding with respect to the mgmt. and (2) document and confirm the auditor’s acceptance of the appointment



Recurring audits – the auditor does b=not normally send new engagement letter every year, unless (1) client misunderstands the objective and scope of audit, (2) revised or special terms of the engagement (3) recent change of senior mgmt., (4) significant change in nature or size of business (5) legal and gov’t pronouncements



Audit of components – the auditor will consider the factors whether they will send a separate letter to component: (1) who appoints the auditor of component, (2) whether a separate audit report is to be issued on the component, (3) legal requirements, (4) the e xtent of any work performed by other auditor (5) degree of ownership by parent, (6) degree of independence of the component’s mgmt.


AUDIT PLANNING Audit planning – involves developing a general audit strategy and a detailed approach for the expected conduct of the audit. The auditor’s main objective in planning the audit is to determine the scope of the audit procedures to be

performed. PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment including the internal control. Such understanding involves obtaining knowledge of entity’s: Industry, regulatory, and other external factors, including financial reporting framework  Nature of the entity  Objectives and strategies and the related risks that may result in material misstatement of FS  Measurement and review of entity’s performance  Internal control  Additional Consideration on New Engagements PSA 510 requires the auditor to obtain sufficient appropriate audit evidence that: The opening balances do not contain misstatements that materially affect the current year’s FS  The prior period’s closing balances have been correctly brought forward to the current period or, when  appropriate, have been restated Appropriate accounting policies are consistently applied or changes in accounting policies have been properly  accounted for and properly disclosed Developing an Overall Audit Strategy The best strategy is the approach that results in the most efficient audit – that is, an effective audit performed at the least possible cost . An audit plan should be made regarding: How much evidence to accumulate  

How and when this should be done

When developing an audit strategy, the auditor must consider carefully the appropriate levels of materiality and audit

risk. MATERIALITY  “Information is material if its omission or misstatement could influence the economic decision of users ” In designing an audit plan, the auditor should make a preliminary estimate of materiality .  Materiality may be viewed as: (1) the largest amount of misstatement that the auditor could tolerate in the FS  or (2) the smallest aggregate amount that could misstate the FS There is an inverse relationship between materiality and evidence.  Use of materiality: (1) in the planning stage , to determine the scope of the audit and (2) in the completion  stage, to evaluate the effect of misstatements in the FS  Using materiality levels: Step 1. Determine the Overall Materiality – Financial Statement Level* PLANNING STAGE Step 2. Determine the Tolerable Misstatement – Account Balance Level** Perform audit procedures Step 3. Compare the aggregate amount of misstatements with overall materiality COMPLETION STAGE * Common method of estimating materiality at FS level is statement base (total assets, sales, etc.) x certain % ** Also known as performance materiality. This process is highly subjective and requires the exercise of great deal of auditor’s judgment Bases that can be used to determine materiality level: alternative for annual FS if not available – annualized  interim FS, prior year’s FS, budgeted FS for the current year


AUDIT RISK AUDIT RISK refers to the risk that the auditor gives an inappropriate audit opinion on the FS . This occurs  because the auditor believes that the FS are fairly stated when in fact the FS are materially misstated.  Audit Risk Model Audit Risk = Inherent Risk * Control Risk * Detection Risk 





  

  





INHERENT RISK is the susceptibility of an account balance or class of transactions to a material misstatement assuming that there are no related internal controls . PSA 315 requires the auditor to assess inherent risk at FS level and account balance/transaction level. Factors that affect the risk of misstatement at FS level include: Management integrity  Management Characteristics (e.g. aggressive attitude toward financial reporting)  Operating Characteristics (e.g. profitability of the entity relative to its industry)  Industry Characteristics (e.g. industry is experiencing a large no. of business failures)  Factors affecting inherent risk at the account balance level include: Susceptibility of the account to theft  Complexity of calculations related to account  The complexity underlying transactions and other events.  The degree of judgment involved in determining account balances  As the assessed level of INHERENT RISK INCREASES , the auditor should design MORE EFFECTIVE SUBSTANTIVE PROCEDURES. CONTROL RISK is the risk that the material misstatement that could occur in an account balance or class of transactions will not be prevented or detected on a timely basis by accounting and control systems . Control risk is related to the effectivene ss of the client’s internal control. If the entity’s internal control is effective, the assessed level of control risk decreases (and vice versa). As the assessed level of CONTROL RISK INCREASES , the auditor should design MORE EFFECTIVE SUBSTANTIVE PROCEDURES. DETECTION RISK is the risk that an auditor’s substantive procedure will not detect a material misstatement. Detection risk is a function of the effectiveness of the auditor’s substantive procedures. As the acceptable level of DETECTION RISK DECREASES , the ASSURANCE DIRECTLY PROVIDED FROM SUBSTANTIVE TESTS INCREASES . Hence, the auditor should design more effective audit procedures in order to achieve the desired level of assurance. Unlike inherent and control risk, THE AUDITOR CAN CONTROL THE LEVEL OF DETECTION RISKS by performing more effective substantive procedures. Steps in using the audit risk model: Step 1. Set the desired level of audit risk.* AUDIT PLANNING Step 2. Assess the level of inherent risk. ** CONSIDERATION OF INTERNAL CONTROL Step 3. Assess the level of control risk. *** Step 4. Determine the acceptable level of detection risk. **** PERFORMING SUBSTANTIVE TESTS Step 5. Design substantive tests.

* The auditor uses his judgment in determining th e risk that he is willing to take of accepting an assertion as fairly stated when in fact is materially misstated. ** Consider the specific factors related to client that may aff ect the risk of material misstatement for a particular amount. In making this assessment, the auditor will rely primarily on his knowledge of the client’s business and industry, and the results of his preliminary analytical procedures.

*** Assessment of control risk would involve studying and evaluating the effectiveness of the client’s accounting and internal control systems. **** The acceptable level of detection risk can be determined as follows: Detection risk =

Audit Risk

Inherent risk * Control Risk Nature

Timing

Extent

Low Acceptable Level of Detection Risk

More effective substantive procedures

year-end procedures

larger sample size

High Acceptable Level of Detection Risk

Less effective substantive procedures

Tests at interim

smaller sample size


RELATIONSHIP BETWEEN MATERIALITY AND RISK There is an INVERSE RELATIONSHIP between MATERIALITY and the LEVEL OF AUDIT RISK .  After planning for specific audit procedure, if the auditor determines that the acceptable materiality level is  lower, audit risk is increased. The auditor would compensate for this by either: Reducing the assessed level of control risk, where this is possible, and supporting the reduced level by  carrying out extended or additional tests of control ; or Reducing detection risk by modifying the nature, timing, and extent of planned substantive procedures .  MATERIALITY Planning materiality and/or tolerable error

AUDIT RISK Risk of material error occurring and/or Not being determined

PLANNED AUDIT PROCEDURES

LOW

HIGH

MORE EXTENSIVE

HIGH

LOW

LESS EXTENSIVE

RISK ASSESSMENT PROCEDURES – the procedures performed by auditors to obtain an understanding of the entity and its environment including its internal control and to assess the risks of material misstatements in the FS. These include:  Inquiries of management and others within the entity  Analytical procedures  Observation and inspection ANALYTICAL PROCEDURES – involves analysis of significant ratios and trends including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate from particular amounts. PSA 520 requires the auditor to use analytical procedures in the planning and overall stages of the audit. Steps in Applying Analytical Procedures  Step 1. Develop expectations regarding FS using:  Prior year’s financial statements  Anticipated results such as budgets and forecasts  Industry averages ( FS of other entities operating w/in the same industry)  Non-financial information Typical relationships among FS account balances  Step 2. Compare expectations with the FS under audit. Step 3. Investigate significant unexpected differences (unusual fluctuations) to determine whether FS contain material misstatements Uses of Analytical Procedures:  As a planning tool, to determine the nature, timing, and extent of other auditing procedures  to understand the client’s business  to identify areas that may represent specific risks In using analytical procedures as a planning tool, if the difference between recorded balances in FS and expectations is significant, the auditor must design more extensive substantive tests (or vice versa)  As a substantive test to obtain corroborative evidence about particular assertions related to account balance or transaction class  As an overall review of the financial statements in the completion phase of the audit to identify unusual fluctuations that were not identified in the planning and testing phases of the audit  to confirm conclusions reached w/ respect to the fairness of the FS

Documenting the Audit Plan – the final step in planning process is the documentation of the audit planning process by preparing: Audit plan – the overview of the expected scope and conduct of the a udit . It sets out in broad terms the  nature, timing, and extent of the audit procedures to be performed. Audit program – it sets out in detail the audit procedures to be performed in each segment of the audit.   Time budget – is an estimate of the time that it will spent in executing the audit procedures listed in the audit program.


CONSIDERATION OF INTERNAL CONTROL PSA 315 states that INTERNAL CONTROL is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of FINANCIAL REPORTING , effectiveness and efficiency of operations and compliance with applicable laws and regulations. 





In the audit of FS, the auditor is only concerned with those policies and procedures within the accounting and internal control systems that are relevant to the financial statement assertions . Components of Internal Control: 1. Control Environment – includes the attitudes, awareness, and actions of the mgmt . and those charged with governance concerning the entity’s IC and its importance in the entity.  Integrity and ethical values  Commitment in competence  Mgmt. philosophy and operating style  Personnel policies and procedures  Active participation of those charged w/  Assignment of responsibility and authority/ governance Organizational Structure 2. Risk Assessment – mgmt. should adopt policies and procedures that are designed to identify and analyze business risks. For audit purposes, the auditor is only concerned with risks that are relevant to preparation of reliable financial statements.  Business risk – is the risk that the entity’s business objectives will not be attained as a result of internal and external factors such as technological developments, changes in customer demand, etc. 3. Information and Communication Systems An information system encompasses methods and records that:  identify and record all valid transactions,  describe on a timely basis the transactions in sufficient detail to permit proper classification ,  measure transactions in their proper monetary value ,  determine the time period to permit recording of transactions in proper accounting period , and  present properly the transactions and disclosures in FS. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting . 4. Control Activities – are policies and procedures that help ensure that mgmt. directives are carried out . Specific control procedures that are relevant to FS audit would include:  Performance reviews – review and analysis of actual performance vs. budgets, forecasts, and PY’s .  Information Processing – to check accuracy, completeness, and authorization of transactions.  Physical Controls – physical security of assets, authorization for access to programs and data files, periodic counting and comparison w/ amounts shown on control records  Segregation of Duties – assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets. 5. Monitoring – the process of assessing the quality of internal control performance over time.

Auditors are not responsible for establishing and maintaining an entity’s accounting and internal control systems : that is the responsibility of the management.

STEPS IN CONSIDERATION OF INTERNAL CONTROL 1. OBTAIN UNDERSTANDING OF THE INTERNAL CONTROL Evaluating the design of a control   This can be obtained by: making inquiries of appropriate individuals, inspecting documents and records, and observing entity’s activities and operations Determining whether it has been implemented   This can be accomplished by performing a WALK-THROUGH TEST. This involves tracing one or two transactions through the entire accounting systems, from their initial recording at source to their final destination as a component of an account balance in the FS.


2. DOCUMENT THE UNDERSTANDING OF ACCOUNTING AND INTERNAL CONTROL SYSTEMS This documentation need not be in particular form . Some commonly used forms are: narrative description,  flowchart and diagrams of flow of transactions, internal control questionnaire providing mgmt. responses 3. ASSESS THE LEVEL OF CONTROL RISK If ICs related to a particular assertion is not effective, the auditor may assess the control risk at high level.  If the auditor concludes that it is more efficient to rely on entity’s IC, the auditor would plan to assess control risk  at less than high level. 4. PERFORM TEST OF CONTROLS TEST OF CONTROLS – are performed to obtain evidence about the effectiveness of the:  Design of the accounting and internal control systems; or  Operation of the internal control through the period 













According to PSA, the auditor should obtain audit evidence through test of control to support any assessment of control risk at less than high level . The lower assessment of control risk , the more support the auditor should obtain that the IC is suitably designed and operating effectively. Nature of Test of Controls Inquiry – searching for appropriate information about the effectiveness of internal control from  knowledgeable persons inside or outside the entity. Observation – refers to looking at the process being performed by others.   Inspection – involves examination of documents and records to provide evidence of reliability depending on their nature and source and the effectiveness of IC over their processing Reperformance – involves repeating the activity performed by the client to determine whether proper  results were obtained. Timing of tests of controls: auditors usually perform tests of controls during an interim visit, in advance of period end. However, auditors cannot rely on it w/o co nsidering the need to obtain further evidence on the remainder of the period. In determining whether or not to test the remaining period, these must be considered: the results of the interim tests, the length of the remaining period, and whether changes have occurred in accounting and internal control systems during the remaining period. Extent of test of controls: The auditor cannot examine all transactions related to certain control procedures. In an audit, the auditor should examine the size of a sample sufficient to support the assessed level of control risk. Operating effectiveness vs. implementation - When obtaining audit evidence of implementation by performing risk assessment procedures, the auditor determines that the relevant controls exist and the entity is using them . - When performing tests of the operating effectiveness of controls , the auditor obtains audit evidence that controls operate effectively. This includes obtaining evidence about how controls were applied at relevant times during period under audit, the consistency which they were applied, and by whom or by what means they were applied. Documenting the assessed level of control risk - If the control risk is assessed at high level, the auditor should document his conclusion that the control risk is at high level. - If the control risk is assessed at less than high level, the auditor should document his conclusion that control risk is less than high level and the basis for the assessment (basis is actually the results of TOC). Communication of Internal Control Weaknesses - Auditor is required to report the matter to the appropriate level of mgmt. material weaknesses in the design or operation of the accounting and IC systems. - Auditors are not required to search for and/or identify material control weaknesses. - Internal control weaknesses are documented in a formal management letter.


AUDITING IN A COMPUTERIZED ENVIRONMENT Characteristics of Computerized Information Systems (CIS) 1. Lack of Visible Transaction Trails 2. Consistency of Performance 3. Ease of Access to data and Computer Programs 4. Concentration of Duties Internal Control in a CIS Environment

5. Systems Generated Transactions 6. Vulnerability of Data and Program Storage Media

A. General Controls – are control policies and procedures that relate to the overall computer information system . 1. Organization controls – clear assignment of authority and responsibility a. Segregation b/w CIS dept. and user dept. b. Segregation of duties w/in the CIS dept. CIS Director (exercises control over the CIS operation) Systems Development - Systems Analyst (designs new systems, evaluates and improves existing systems, and prepares specs. for programmers)

-

Operations - Computer Operator (using the program and instructions by the programmer, he operates the computer to process transaction)

Programmer

- Data Entry Operator

(guided by the specs of the systems analyst, he writes a program, tests and debugs such programs, and prepares the computer operating instructions

(prepares and verifies input data for processing)

Other Functions - Librarian (maintains custody of systems documentation, programs and files)

- Control Group (reviews all input procedures, monitors computer processing, follows-up data processing errors, reviews the reasonableness of output, and distributes output to authorized personnel

2. Systems development and documentation controls – to facilitate use of program as well as changes that may be introduced to system 3. Access controls – adequate security controls, such as use of passwords 4. Data recovery controls – provides maintenance of back-up files and off-site storage procedures. 5. Monitoring controls – to ensure that CIS controls are working effectively as planned. B. Application Controls – are those policies and procedures that relate to the specific use of the system . 1. Controls over Input – designed to provide reasonable assurance that data submitted for processing are complete, properly authorized and accurately translated into machine readable form.   

  

Key verification – this requires data to be entered twice to provide assurance that there are no key entry errors committed. Field check - this ensures that the input data agree with required field format. Ex.: SSS number must contain 10 digits. An input of SSS number w/ more or less than 10 digits will be rejected Validity check – info entered are compared with valid info in the master file to determine the authenticity of the input. Ex.: Employees’ master file may contain two valid codes to indicate the employee’s gender “1” for male and “2” for female. A code of “3” is invalid and will be r ejected. Self-checking digit – this is a mathematically calculated digit w/c is usually added to a document number to detect common transpositional errors in data submitted for processing. Limit check – or reasonable check is designed to ensure that data submitted for processing do not exceed a predetermined or reasonable amount. Control totals – these are totals computed based on the data submitted for processing. Control totals ensure the completeness of data before and after they are processed.  Financial totals – sum total of the peso amount in the documents  Hash totals – sum total of the control numbers in the documents  Record count - total number of the documents

2. Controls over Processing – designed to provide reasonable assurance that input data are processed accurately, and that data is not lost, added, excluded, duplicated, or improperly changed.  Almost all of input controls mentioned above are also part of processing controls. 3. Controls over Output – designed to provide reasonable assurance that the results of processing are complete, accurate, and that these outputs are distributed only to authorized personnel.


Test of Control in a CIS Environment The auditor’s objectives and scope of the audit do not change in a CIS environment.  Testing the reliability of general controls may include:  Observing client’s personnel in performing their duties  Inspecting program documentation  Observing security measure in force  In testing application controls, the auditor may either:  Audit around the computer   Similar to testing control in a manual control structure i n that it involves examination of documents and reports to determine the reliability of the system.  When using this approach, the auditor ignores the client’s data processing procedures, focusing solely on the INPUT documents and the CIS OUTPUT.  Can be used only if there are visible input documents and detailed output that will enable the auditor to trace individual transactions back and forth.  This is also known as “black box approach”. Use Computer-Assisted Audit Techniques (CAATs)   Are computer programs and data which the auditor uses as part of the audit procedures to PROCESS data of audit significance contained in an entity’s information systems.  Used when computerized accounting systems performs tasks w/c no visible evidence is available. Consequently, the auditor will have to audit directly the client’s computer program using CAATs.  This is also known as “white box approach”.  Commonly used CAATs: 1. Test Data - Designed to test the effectiveness of the internal control procedures w/c are incorporated in the client’s computer program. - The objective of this technique is to determine whether the client’s computer programs can correctly handle valid and invalid conditions as they rise. 2. Integrated Test Facility (ITF) - the auditor creates dummy or fictitious employee , or other appropriate unit for testing within the entity’s computer system. - ITF integrates the processing of test data w/ the actual processing of ordinary transactions w/o mgmt. being aware of the testing process. - ITF provides assurance that the program tests by the auditor is the same program used by the client in the processing of transactions (unlike test data approach). 3. Parallel Simulation - requires the auditor write a program that simulates key features or processes of the program under review. - The simulated program is then used to reprocess transactions that were previously processed by the client’s program. - Can be accomplished by using: 1. Generalized auditing software – composed of generally available computer packages w/c has been designed to perform common audit tasks 2. Purpose-written programs – designed to perform audit tasks in specific circumstances.  Other CAATs 1. Snapshots – taking a picture of a transaction as it flows through the computer systems. 2. System control audit review files (SCARF) – embedding audit software modules within an application system to provide continuous monitoring of the systems transactions. The information is collected into a special computer file that the auditor can examine.


PERFORMING SUBSTANTIVE TESTS Substantive Tests – are audit procedures designed to substantiate the account balances or to detect material misstatements in the financial statements.

Types of Substantive Tests: 1. Analytical Procedures 2. Test of Details The decision about w/c procedures to use is based on the auditor’s judgment about the expected effectiveness and efficiency of such [procedures in satisfying the audit objective. 1. Analytical Procedures Analytical procedures applied as substantive tests enable the auditor to obtain corroborative evidence  about a particular account. USING ANALYTICAL PROCEDURES AS SUBSTANTIVE TESTS Develop Expectations about the FS Compare the FS with the Expectations Developed

NO Is the difference significant?

Conduct further Investigation

YES Accept the account balance as reasonable. 

When intending to perform analytical procedures as substantive tests, the auditor should focus on those accounts that are predictable. The following generalizations may be helpful in assessing the predictability of those accounts:  Income statement accounts are more predictable compared to balance sheet accounts.  Accounts that are not subject to management discretion are generally predictable.  Relationships in a stable environment are more predictable than those in a dynamic or unstable environment. 2. Test of Details  It involves examining the actual details making up the various account balances . This approach may take the form of:  Test of details of balances – involves direct testing of the ending balance of an account * This will be used when account balances are affected by large volume of relatively immaterial transactions. Test of details of transactions - involves testing the transactions which give rise to the ending  balance of the account. * This is useful if account balances are comprised of a smaller volume of transactions representing relatively material amounts.


Effectiveness of Substantive Test Nature of substantive test: relates to quality of evidence; high quality of evidence is preference, yet it’ll involve  high cost  Timing of substantive test: the higher the risk of material misstatement, the more likely it is that the auditor may decide to perform ST closer to year-end. Extent of substantive test: the auditor ordinarily increases the extent of ST as the risk of material  misstatement increases. Relationship between Substantive Test and Test of Control  Test of control provide evidence that indicates a misstatement is likely to occur. Substantive test on the other hand, provide evidence about the existence of misstatement in an account balance. AUDIT EVIDENCE It refers to the information obtained by the auditor in arriving at the conclusions on which the audit opinion i s  based. It consists of:  Underlying accounting data – refers to accounting records underlying in the FS. This includes books of accounts, related accounting manuals, worksheet supporting cost allocations and reconciliations prepared by the client personnel.  Corroborating information – supporting the underlying accounting data obtained from client and other sources. This includes documents such as invoices, bank statements, POs, contracts, checks, etc. Qualities of Evidence   When performing tests of control , audit evidence must support the assessed level of control risk.  When performing substantive tests, audit evidence must support the acceptable level of detection risk .  When obtaining audit evidence, the auditor should consider the:  Sufficiency – refers to the amount of evidence that the auditor should accumulate. The auditor uses his judgment to determine the amount of evidence needed to support the opinion on the FS. The following factors may be considered in evaluating the sufficiency of the audit evidence: competence of evidence, materiality of item being examined, the risk involved in a particular amount, experience gained during the previous audit. Appropriateness – is the measure of the quality of audit evidence and its relevance to a particular  assertion and its reliability. Relevance relates the timeliness of evidence and its ability to satisfy the audit objective. Reliability relates to the objectivity of evidence and is influenced by its source and by its nature. While reliability of audit evidence is dependent on individual circumstance, the following g eneralizations could help the auditor in assessing the reliability of audit evidence:  Audit evidence obtained from independent outside sources is more reliable than that generated internally.  Audit evidence generated internally is more reliable when the related accounting and internal control systems are effective.  Audit evidence obtained directly by the auditor is more reliable than that obtained by the entity.  Audit evidence in the form of documents and written representations is more reliable than oral representations.  Cost/benefit consideration when obtaining evidence  Ordinarily, the auditor finds it necessary to rely on audit evidence that is persuasive rather than conclusive in nature. AUDIT DOCUMENTATION/ WORKING PAPERS Working papers are records kept by the auditor that documents the audit procedures applied, information  obtained and conclusions reached. PSA 230 requires the auditor to document matters tha t are important to support an opinion on FS, and evidence  that the audit was conducted in accordance with PSA.




  













Functions of the Working Papers: Primary Support the auditor’s opinion on FS Support the auditor’s representation as to compliance with PSA. Assist the auditor in the planning, performance, review and supervision of the engagement.

  

Secondary Planning future audits Providing information useful in rendering other services (MAS or tax consultancy) Providing adequate defense in case of litigation

Form, Content, and Extent of Audit Documentation  In deciding on these, the auditor should consider what would enable an experienced auditor, having no previous connection with the audit, to understand: a. The nature, timing, and extent of the audit procedures to comply with PSAs and applicable legal and regulatory requirements b. The results of the audit procedures and the audit evidence obtained. c. Significant matters during the audit and the conclusions reached thereon. Classification of Working Papers  Permanent file – contains information of continuing significance to the auditor in performing recurring audits. This file would most likely include: copies of articles of incorporation and by-laws, major contracts, engagement letter, org. chart, analyses of long-term accounts, etc.  Current file – contains evidence gathered and conclusions reached relevant to the audit of a particular year. This file includes: copy of FS, audit program, working TB, lead schedules, correspondence w/ other parties. Ownership of working papers  Working papers are the property of the auditor and the client has no right to the working papers prepared by the auditor.  Working papers may sometimes serve as reference source for the client but they should not be considered as part or as a substitute for the client’s records . Confidentiality of working papers  Although the working papers are the personal property of the auditor, these working papers cannot be shown to third parties w/o client’s permission , except:  When disclosure is required by law or when the working papers are subpoenaed at court.  When there is a professional right to disclose information such as when the auditor uses his working papers to defend himself when sued by client for negligence. Retention of working papers. Working papers should be retained by the auditor for a period of time sufficient to meet the needs of his practice and to satisfy any pertinent legal requirements of record retention . Guidelines for the preparation of working papers. The following techniques may be used by the auditor:  heading (to be properly identified with such information such as client name, type of working paper, content description, period covered)  indexing (use of lettering or numbering system to identify accounts), cross-indexing/cross referencing (to provide a trail in reviewing),  tick marks (symbols to describe the audit procedures performed). 

AUDITING ACCOUNTING ESTIMATES PSA 540 defines ‘accounting estimate’ is an approximation of the amounts of an item in the absence of a  precise means of measurement. The risk of material misstatement is greater when accounting estimates are involved.  Management is responsible for making accounting estimates included in the financial statements.  The auditor’s responsibility is to obtain sufficient appropriate evidence as to whether:   Accounting estimate is properly accounted for and disclosed  Accounting estimate is reasonable in the circumstances.




In addition, the auditor may use one or a combination of the following approaches: 1. Review and test the process used by mg mt. to develop the estimate. 2. Make an independent estimate 3. Review subsequent events which confirm the estimate made.

RELATED PARTIES – refers to persons or entities that may have dealings w/ one another in which one party as the ability to exercise significant influence or control over the oth er party in making financial and operating decisions. Management’s Responsibility: Mgmt. is responsible for the identification and disclosure of related parties and transactions with such parties. Auditor’s responsibility: The auditor should obtain and review information provided by the directors and mgmt. identifying the names of all known related parties and related party transaction. - An audit cannot be expected to provide assurance that all related party transactions will be discovered. USING THE WORK OF AN AUDITOR’S EXPERT  An expert is a person or firm possessing special skill, knowledge and experience in a particular field other than accounting and auditing.  PSA 620 identifies two kinds of experts:  Auditor’s Expert – an expert, whose work in his/her field of specialization, is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence . Management’s Expert – an expert, whose work in his field of expertise, is used by the entity to assist in  preparing the financial statements .  Not all engagements would require the hel p of an expert. When determining the nee d of use of the work of an expert, the auditor would consider: whether the mgmt. has used a mgmt.’s expert in preparing FS, the nature and significance of the matter, the risk of material misstatement in the matter, and expected nature of procedures to respond to identified risks  Effect of the Reliance on Expert’s Work on the Auditor’s Report The auditor has sole responsibility for the audit opinion expressed and that responsibility is not  reduced by the auditor’s use of the work of an expert. Thus, the auditor should not refer to the work of an auditor’s expert in an auditor’s report containing an unmodified opinion . When an auditor’s report contains a modified opinion, the auditor can make reference to the expert’s  work if the auditor believes that such reference is necessary in order for the readers to understand the reason of expressing a modified opinion. When this happens, the auditor should indicate in his report that such reference does not reduce the auditor’s responsibility for that opinion. CONSIDERING THE WORK OF INTERNAL AUDITORS Internal auditing is an appraisal activity established within an entity as a service to the entity. Considering the work of internal auditor involves two important phases: 1. Making a preliminary assessment of internal auditing (considering the competence, objectivity, due professional care, and scope of function of internal auditors) 2. Evaluating and testing the work of internal auditing – to confirm its adequacy for the external auditor’s purposes. * The external auditor may also request the assistance of the internal auditors in performing routine or mechanical audit procedures.


AUDIT SAMPLING PSA 530 defines audit sampling as, “the application of audit procedures to less than 100% of the items within an account balance or class of transactions such that all sampling units have a chance of selection. Risks in Sampling 1. Sampling risk –refers to the possibility that the auditor’s conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedures. This exists because the sample selected for testing may not be truly representative of a population. Type Alpha Risk – results in an auditor performing audit procedures more than what is necessary, thus affecting audit efficiency Beta Risk - results in an auditor performing audit procedures less than what is necessary, thus affecting audit effectiveness.

Test of Control

Substantive Test

Risk of underreliance

Risk of incorrect rejection

Risk of overreliance

Risk of incorrect acceptance



The only way to eliminate sampling risk is to examine the whole population, yet it is not feasible to do so.  Controlling Sampling Risk: This can be done by: Increasing the sample size  Using an appropriate selection method 

2. Non-sampling risk – refers to the risk that the auditor may draw incorrect conclusions about the account balance or class of transactions because of human errors.  Non-sampling risk is something that cannot be eliminated even if the auditor examines the population.  Controlling Non-sampling Risk: This can be done by proper planning , adequate direction, review, and supervision of the audit team. General Approaches to Audit Sampling 1. Statistical sampling – is a sampling approach that uses random based selection of sample and uses the law of probability to measure sampling risk and evaluate sample results. 2. Non-statistical sampling - is a sampling approach that purely uses auditor’s judgment in estimating sampling risks, determining sample size, and evaluating sample results. Audit Sampling Plans Type 1. Attribute Sampling

2. Variable Sampling

Used to Estimate the frequency of occurrence of a certain characteristic in a population. Estimate a numerical measurement of a population such as peso value.

Used In Test of Controls to estimate the rate of deviations. Substantive Tests to estimate the amount of misstatements.


Steps in Audit Sampling: Step* 1. Define the objective of the test.

Test of Control Specify the control to be selected.

2. Determine the procedures to be performed.

Determine the appropriate audit procedures to satisfy the objective.

Substantive Test Specify the purpose of the test and its relationship to the financial statement assertions. Determine the appropriate audit procedures to satisfy the objective.

Define the population and the conditions that constitute a deviation. Consider the effects of the following factors in determining the sample size: Acceptable sampling risk  (inverse) Tolerable deviation rate  (inverse) Expected population deviation  rate (direct) Use any of the following techniques:  Random number selection Systematic selection  Haphazard selection (applies  only to non-statistical sampling)

Define the population and its characteristics. Consider the effects of the following 3. Determine the sample size. factors in determining the sample size: Acceptable sampling risk  (inverse) Tolerable misstatement  (inverse) Expected misstatement and  population variation (direct) Use any of the following techniques 4. Select the sample. and stratify the population, when appropriate: Random number selection  Systematic selection  Haphazard selection (applies  only to non-statistical sampling) Value weighted selection  Apply the audit procedures to the Apply the audit procedures to the 5. Apply the audit procedures. sample items. sample items. Decide whether the results supported Decide whether to accept account 6. Evaluate the sample results. the planned degree of reliance on balance as fairly stated or to require internal control. further actions. *It is to be emphasized that steps 1, 2, 5, and 6 will be performed whether the auditor uses auditor sampling or not.

Factors in Determination of Sample Size of T est of Controls (Step 3): 1. Acceptable sampling risk. There is an inverse relationship b/w the acceptable sampling risk and sample size. 2. Tolerable deviation rate. This is the maximum rate of deviations the auditor is willing to accept . 3. Expected deviation rate. This is the rate of deviations the auditor expects to find in the population before testing begins. Factors in Determination of Sample Size of Substantive Tests (Step 3): 1. Acceptable sampling risk. There is an inverse relationship b/w the acceptable sampling risk and sample size. 2. Tolerable misstatement. This is the maximum rate of misstatement the auditor will permit in the population and still be willing to conclude that the account balance is fairly stated. 3. Expected misstatement. This is the amount of misstatement the auditor believes exists in the population. 4. Variation in the population – when using statistical sampling, this is measured by standard deviation.


Sample Selection Methods for Test of Controls a nd Substantive Tests (Step 4): 1. Random number selection – the auditor selects the sample by matching random numbers , generated by a random number table or a computer software generator. 2. Systematic selection – this involves a constant sampling interval and then selects the sample based on the s ize of the interval. 3. Haphazard selection – the sample is selected without following an organized or structured technique. For Substantive Tests only:  In addition, the auditor may divide or stratify the population to decrease the effect of variance in the population. 4. Value Weighted Selection/ Probability Proportional or Size Sampling/ Monetary Unit Sampling – each peso is treated as one sampling unit. This method gives monetary values greater representation in the sample. Situations that Auditor May Encounter in Step 4 & 5: 1. Void documents – such document should be replaced by another sample item. 2. Missing documents – such document must be treated as a deviation. Evaluating the Results for Test of Control (Step 6): 1. Determine the sample deviation rate. 2. Compare the sample deviation rate with tolerable deviation rate and draw an overall conclusion of the population.  If sample deviation rate is greater than tolerable deviation rate – means that sample results do not support the planned degree of reliance on IC. Control risks will be assessed at high level and more extensive ST will be performed.  If sample deviation rate is less than tolerable deviation rate – consider the allowance for sampling risk (the possibility that these sample results could have occurred even if the actual population deviation rate is higher than TD) a. If SD is considerably lower than TD (Ex.: SD at 2% vs. TD of 1 0%) – the sample results supported the planned degree of reliance on IC. b. If SD is barely lower than TD (Ex.: SD at 8% vs. TD of 10%) - there is high possibility that the actual deviation rate will exceed the TD rate. Other Sampling Applications: 1. Sequential sampling/ stop-or-go sampling – used when an auditor expects very few deviations within the population. Under this method, the auditor does not use fixed sample size. 2. Discovery sampling – this form of attribute sampling is most appropriate when no deviations are expected in the population. This is normally used when the auditor suspects that an irregularity might have been committed. Evaluating the Results for Substantive Tests (Step 6): 3. Project the misstatements in the population. Projected Misstatements = Amount of misstatements x (population size / sample size) 

4.   

Ratio estimation – uses book values of the population and sample size  Difference estimation – uses number of customers on the population and number size Compare projected misstatements together with tolerable misstatements and draw an overall conclusion. If projected misstatement is greater than tolerable misstatements – the auditor will conclude that the account balance is materially misstated. If projected misstatement is less than tolerable misstatements - consider the allowance for sampling risk. In some circumstances, the auditor may encounter anomalous errors. These are errors or misstatements that arise from isolated event that has not recurred other than specifically identifiable occasions and are therefore not representative to the population.


COMPLETING THE AUDIT AND POST AUDIT RESPONSIBILITIES COMPLETING THE AUDIT After the fieldwork is almost complete, a series of procedures are generally carried out to complete the audit. These procedures include: 1. Identifying subsequent events that may affect the FS under audit. 







Subsequent events are those events or transactions that occur subsequent to the balance sheet date and may affect the financial statements and the auditor’s report. It may be classified as:  Requiring Adjustment – those that provide further evidence of conditions that existed at the BS date  Requiring Disclosure – those that are indicative of conditions that arose subsequent to the BS date. PSA 560 states that “The auditor should perform procedures designed to obtain sufficient appropriate evidence that all events up to the date of the auditor’s report that may require adjustment of, or disclosure in the financial statements have been identified.” Subsequent events occurring after the report date but before the FS are issued.  The auditor does not have any responsibility to perform procedures to identify subsequent events after the date of the auditor’s report.  If the auditor becomes aware of an event occurring after the report date but before the FS issuance date, he should take the necessary actions to ascertain whether such event is has been properly accounted for and disclosed in the notes to FS.  Failure on the part of the client to make amendments to the FS, where the auditor believes they need to be amended, will cause the auditor to issue either QUALIFIED OR ADVERSE OPINION. Effect of subsequent events on the date of report.  If a material SE requiring adjustment to the FS occurs after the date of auditor’s report but before the FS issuance, the FS should be adjusted and the auditor’s report should BEAR THE ORIGINAL DATE OF REPORT (date of completion of audit procedures).  If a SE requiring disclosure occurs after the date of auditor’s report but before the FS issuance, the auditor should consider the adequacy of the disclosure and the date the report ei ther:  

As of the date of the subsequent event(when this is used by the auditor, the responsibility for the SE is extended) Dual date of the report (used when the auditor does not want to extend the procedures, that is, original date of report and the date of the specific event is occurred, e.g.: March 15, 2018 except for Note 12 dated March 31, 2018)

2. Identifying contingencies such as litigations, claims and assessment. 







PSA 501 requires the auditor to carry out procedures in order to become aware of any litigation and claims involving the entity which may have a material effect on the FS. Mgmt. Is the primary source of information for L.C.A. The auditor corroborates info obtained from mgmt. to lawyers by asking the client to send letters of audit inquiry. If mgmt. refuses to give the auditor permission to communicate w/ the entity’s lawyer or lawyer refuses to reply, this would be considered a scope limitation that would require the auditor to issue either a QUALIFIED OR DISCLAIMER OF OPINION. If there is uncertainty because the lawyer is unable to estimate the likelihood of an unfavorable outcome including the potential loss on one outcome, the auditor should consider an EMPHASIS OF MATTER PARAGRAPH TO AN UNMODIFIED OPINION.

3. Obtaining written management representation. 





PSA 580 requires an auditor to obtain sufficient appropriate audit evidence that the entity’s mgmt. has acknowledged that has fulfilled its responsibility for the preparation and presentation of fair FS and has approved the FS – such evidence can be obtained using a WRITTEN representation from the mgmt. (can be requested from CEO and CFO or other equivalent officers) Mgmt. written representations complement the audit evidence the auditor accumulates, but they do not substitute for the performance of audit procedures. Written representation should be addressed to the auditor and the date shall be as near as practicable to, but not after the date of auditor’s report.


When mgmt. does not provide written representation or the auditor concludes that there is sufficient doubt on the integrity of the mgmt., the auditor should consider these as scope limitation that would warrant a DISCLAIMER OF OPINION. 4. Performing wrap-up procedures. Wrap-up procedures are procedures done at the end of the audit that generally cannot be performed before  the other audit work is complete. These include: a. Final analytical procedures  PSA 520 states that the auditor should apply analytical procedures at or near the end of the audit.  Analytical procedures applied in completion phase should focus on: identifying unusual fluctuations that were not previously identified and assessing the validity of the conclusions reached and evaluating the overall FS presentation. b. Evaluation of the entity’s ability to continue as a going concern  The auditor’s responsibility is to consider the appropriateness of mgmt. use of GC assumption (consider whether there are event s that cast a significant doubt on entity’s ability to continue as going concern and evaluate mgmt.’s assessment of the entity’s ability to continue as GC )  When evaluating the entity’s GC assumption, the auditor should remember that the conditions and events that may indicate significant doubt about entity’s continued existence may be mitigated by other factors (alternatives such as disposal of assets, obtaining additional capital, etc.)  Effect on the auditor’s report:  If there is reasonable assurance that the entity is going concern , the auditor should express an UNMODIFIED OPINION.  If there is uncertainty and is adequately disclosed that the entity is going concern, the auditor should express an UNMODIFIED OPINION WITH EMPHASIS OF MATTER PARAGRAPH .  If there is uncertainty and is not adequately disclosed that the entity is going concern, the auditor should express EITHER QUALIFIED OR ADVERSE OPINION.  If the GC assumption is not appropriate, the FS should be prepared using other appropriate basis. Otherwise the auditor should issue an ADVERSE OPINION. c. Evaluating audit findings and preparing a list of potential adjusting entries.  If mgmt. accepts all adjusting entries proposed by the auditor, an UNMODIFIED OPINION is issued.  If mgmt. refuses to correct the FS, a QUALIFIED OR AN ADVERSE OPINION will be issued. 

POST AUDIT RESPONSIBILITIES (Events after the FS have been issued) Ordinarily, the auditor does not have any responsibility to perform additional procedures after the FS are  issued, unless the auditor is aware that the audit report issued may be inappropriate (he must take steps to prevent future reliance on such report).  Subsequent discovery of facts 1. Discuss the matter w/ the appropriate level of mgmt. and consider whether the FS needs revision. 2. Advise mgmt. to take steps to ensure the users of the previous issued FS are informed of the situation.  If mgmt. makes appropriate revisions and disclosures, the auditor should issue a new audit report that includes an EMPHASIS OF MATTER PARAGRAPH . If mgmt. refuses to revise the FS or to inform the users about the new info, the auditor should notify the persons responsible for the refusal and intent to prevent reliance to the audit report.  Subsequent discovery of omitted procedures 1. Assess the importance of the omitted procedures to the auditor’s ability to support his opinion 2. Undertake to apply the omitted procedures or the corresponding alternative procedures.  If omission impairs the current ability to support his opinion, apply the procedures.  If, after applying the omitted procedures, it makes the report inappropriate, discuss this matter with mgmt. to take steps to prevent reliance in the report.


THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS PSA 700 requires an auditor’s report to contain a clear expression of the auditor’s opinion on the FS. THE UNMODIFIED REPORT  This is issued when the auditor concludes that based on the audit evidence obtained, that the FS is fairly presented, in all material aspects in accordance with the applicable financial reporting framework.  Basic Elements of the Unmodified Report: 1. Title (to emphasize the independence of the auditor and to distinguish the report from others ) 2. Addressee (report should be addressed to those parties for whom the report is prepared such as shareholders, BOD, third parties) 3. Introductory Paragraph (name of entity, FS audited, title of each FS including date covered by FS, summary of significant accounting policies and notes)

4. Management’s Responsibility for the FS (describes responsibility for the preparation and fair presentation of FS and for design, implementation and maintenance of IC)

5.

Auditor’s Responsibility (stating that the responsibility of the auditor is to

express an opinion on the FS, that the audit was

conducted in accordance with PSA , and to give a general description of the audit )

6. 7. 8. 9. 10.

Auditor’s Opinion Other Reporting Responsibilities Auditor’s Signature (name of audit firm and the personal name of the auditor) Date of Report (date as of the completion of all essential audit procedures) Auditor’s Address (location in the jurisdiction where the auditor maintains his office)

MODIFICATION TO THE OPINION MODIFICATION TO THE OPINION

 



MATERIAL MISSTATEMENT

SCOPE LIMITATION

Inappropriate accounting policy selected Misapplication of selected accounting policy Inappropriate or inadequate disclosure

(Auditor is unable to perform necessary audit procedures/auditor is unable to obtain sufficient appropriate evidence) Circumstances beyond control of the entity Circumstance imposed Circumstances relating to nature scope limitation or timing of auditor’s work Limitations imposed by management Mgmt. imposed scope  



limitation

Should re uest first to m mt. to remove the limitation

Material but not Pervasive

Material and Pervasive



(Material enough to affect




the FS but not to overshadow

the FS and overshadows the

the FS but not to overshadow

the FS and overshadows the

the fair presentation of FS as

fair presentation of FS as a

the fair presentation of FS as

fair presentation of FS as a

a whole)

whole)

a whole)

whole)

Qualified Opinion (use the phrase “except for the effects of the matter described in BMP…)

Adverse Opinion

Qualified Opinion

(should state that FS do not present fairly)

(use the phrase “except for the possible effects of the matter described in BMP…)

Disclaimer of Opinion (State that the auditor has not been able to obtain sufficient appropriate evidence to provide a basis of opinion)

Or resign from the engagement (for mgmt. imposed SL)

Basis of Modification Paragraph (placed immediately before the Opinion Paragraph )  For MM, it should include: a description of nature of misstatements and a quantification of its financial effects.  For SL, it should explain the reason of inability to obtain sufficient appropriate audit evidence.


Piecemeal Opinion  It is an unmodified opinion expressed on one or more components of the FS while expressing an adverse or disclaimer of opinion as a whole. PSA 705 does not allow this practice. EMPHASIS OF MATTER PARAGRAPH (placed after Auditor’s Opinion Paragraph) EMPHASIS OF MATTER (to give emphasis on an important matter affecting the FS or the auditor’s report; these does not negate the auditor’s unmodified opinion) 1. 2. 3. 4. 5. 6. * 

**

 

Uncertainties* Going Concern** Early Application of New Accounting Standards Major Catastrophe Subsequent Discovery of Facts Special Purpose FS

Adequately

Unmodified

disclosed in the

Opinion with

notes to the FS

Emphasis Matter Paragraph

Multiple uncertainties may cause the auditor to issue a DISCLAIMER OF OPINION. Only if GC uncertainty is adequately disclosed. If it was not adequately disclosed, the auditor will issue a QUALIFIED OR ADVERSE OPINION. If the GC assumption is inappropriate and the entity insists to use GC principle, the auditor will issue an ADVERSE OPINION.

OTHER MATTER PARAGRAPH

OTHER MATTER (to communicate a matter other than those that are presented or disclosed in the FS)

REPORTING ON COMPARATIVE INFORMATION PSA 710 identified two framework on comparative information:

1.

2.

Comparative FS – amounts and disclosures for the preceding period are not part of current FS a. PPFS were audited by a continuing auditor (state the fact of different updated opinion report, date of PY report, type of PY opinion, reason of changing opinion) b. PPFS were audited by another auditor (may either reissue predecessor PPFS or successor will make reference on predecessor’s report) c. PPFS were not audited (revise PPFS if it is materially misstated, then if mgmt. refused to revise FS, the auditor will issue a QUALIFIED OR ADVERSE OPINION ) Corresponding Figures - amounts and disclosures for the preceding period are part of current FS (comparatives are not specifically identified because the opinion is only on the current period FS only)

MATERIAL INCONSISTENCIES – exists when the other information* contradicts the information contained in the audited FS. FINANCIAL STATEMENTS PREPARED USING MORE THAN ONE FINANCIAL FRAMEWORKS (Include in other matter paragraph if the frameworks are acceptable)

LIMITING THE USE OF THE AUDITOR’S REPORT (Indicate in Other Matter Paragraph that auditor’s report is intended solely for intended users)

SUBSEQUENT DISCOVERY OF FACTS (Refer to post-audit responsibilities)


OTHER INFORMATION ACCOMPANYING FINANCIAL STATEMENTS * PSA 720 states that the auditor has no responsibility to corroborate the other info (such as in annual reports), but he should read the other info to determine that it is not materially inconsistent with the FS and whether the other information needs to be amended).  If an amendment is necessary in the FS , and the entity refuses to make an amendment, the auditor will issue either a QUALIFIED OR ADVERSE OPINION.  If an amendment is necessary in the other information, and the entity refuses to make an amendment, the auditor should consider making an O ther Matter paragraph indicating the material inconsistency, withhold the auditor’s opinion, or withdraw from the engagement MATERIAL MISSTATEMENT OF FACTS: This exists when other information, not related to matters appearing to FS, is incorrectly presented. If the auditor concludes that there is a material misstatement of fact and the mgmt. refuses to correct the other information, the auditor should notify the audit committee and if necessary, obtain legal advice.

AUDIT OF GROUP FINANCIAL STATEMENTS  A group auditor is the auditor with responsibility for reporting the FS of an entity when those FS include financial information of one or more components audited by another auditor .  If the group auditor has not become satisfied about the professional competence and the independence of the component, the group auditor should obtain sufficient appropriate audit evidence relating to the financial information of the entity by auditing the FS of the component.  Auditor’s report on group financial statements shall not refer to a component auditor. REPORTS ON SPECIAL PURPOSE FINANCIAL STATEMENTS  SPFS are made by entities that are complying with a special financial reporting framework designed to me et the needs of specific users (PSA 800). Examples include other comprehensive basis of accounting like cash basis accounting, financial reporting framework established by SEC, IC, or BSP, and financial reporting provisions of a contract such as bond indenture, loan agreement or a project grant.  Audit report of SPFS should include an EMPHASIS OF MATTER PARAGRAPH. AUDIT OF SINGLE FINANCIAL STATEMENT OR SPECIFIC ELEMENT OF A FINANCIAL STATEMENT  These are engagements that requested to express an opinion on a single FS or one of components of a FS . This type of engagement does not result to an expression of an opinion on FS taken as a whole.  When accepting this type of engagem ent: the auditor may need to examine other related accounts , materiality should be related to the specific account , and auditor’s report on a component of FS should not accompany the FS of the entity.  When the auditor undertakes an engageme nt to report on a single FS or on a specific element of a FS , the auditor should express a separate opinion for each engagement.  In case the auditor expresses an adverse or disclaimer of opinion as a whole but the auditor consider it appropriate to express an unmodified opinion on the single FS/specific element (which is a piecemeal opinion), the auditor shall only do so if: 1. the auditor is not prohibited by law or regulation, 2. the report on the element is not published together with the auditor’s report on the complete F S, and 3. the specific element does not constitute a major portion of the entity’s complete FS. REPORTING ON SUMMARY FINANCIAL STATEMENTS  Summary financial statements are derived only from the complete set of FS (to highlight the entity’s financial position and results of operation).  The auditor’s report on the audited FS should express an opinion about whether the summary FS are consistent with the audited FS or whether the summary FS are a fair summary of the audited FS.


ASSURANCE ENGAGEMENTS AND RELATED SERVICES There are four types of services that are normally performed in connection with the entity’s FS. These ar e: 1. Audit 3. Compilation 2. Review 4. Agreed-Upon Procedures

Type

Audit

Review

Objective

To express an opinion on the FS

Level of Assurance provided by the CPA Type of Report Issued

High/ Reasonable

Positive assurance (opinion)

Negative assurance

Basic Procedure

Risk assessment procedures, test of controls, and substantive tests

Independence Requirement

Required

Inquiry and analytical procedures. It does not include assessing control risk, test of records and of responses to inquiries by obtaining corroborating evidence. Required

To enable the CPA to report whether anything has come to his attention that would indicate the FS are not presented fairly Moderate/Limited

Agreed-upon Procedures To carry out audit procedures agreed on with the client and any appropriate third parties identified in the report None

Compilation To assist the client in the preparation of the FS

None

Description of procedures performed and actual findings As agreed

Identification of financial information compiled Assemble FS based on client’s data.

Not Required

Not Required

ASSURANCE ENGAGEMENTS  PSA 3000 states that assurance engagements are intended to enhance the credibility of information about a subject matter by evaluating whether the subject matter conforms in all material respects with suitable criteria.  Types of assurance engagement: reasonable assurance engagement (audit) and limited assurance engagement (review).  Elements of Assurance Engagements: 1. Three-party relationship 2. Appropriate subject matter 3. Suitable criteria 4. Sufficient appropriate evidence 5. Written assurance report REPORTS ON PROSPECTIVE FINANCIAL INFORMATION  Prospective financial information is financial information based on assumptions about events that may occur in the future and possible actions of the entity. There are two types: 1. Forecast - PFI prepared on the basis of the assumptions as to future events which mgmt. e xpects to take as of the date the information is prepared (best-estimate assumptions) 2. Projections – PFI prepared on the basis of hypothetical assumptions or a mixture of best-estimate and hypothetical.  PSA 3400 states that the auditor, when examining PFI, should obtain sufficient appropriate evidence that PFI are reasonable, properly prepared and presented, and on consistent basis.  When reporting on the reasonableness of mgmt. assumptions, the auditor normally provides only moderate level of assurance.


THE CODE OF ETIHICS AND REPUBLIC ACT 9298 THE CODE OF ETIHICS THE CODE OF PROFESSIONAL ETHICS - standards of conduct that embody and demonstrate integrity, objectivity, and concern for the public interest. The Code of Ethics for Professional Accountants in the Philippines is based on the IFAC Code of Ethics for Professional Accountants. The International Federation of Accountants (IFAC) serves the public interest by contributing to the development of strong and sustainable organizations, markets, and economies. It advocates for transparency, accountability, and comparability of financial reporting; helps develop the accountancy profession; and communicates the importance and value of accountants to the global financial infrastructure. Parts of “The Code of Ethics for Professional Accountants”: • Part A—General Application of the Code • Part B—Professional Accountants in Public Practice • Part C—Professional Accountants in Business Conceptual Framework Approach: (a) Identify threats to compliance with the fundamental principles; (b) Evaluate the significance of the threats identified; and (c) Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level. Threats (a) Self-interest threat – is the threat that a financial or other interest will inappropriately influence the professional accountant’s judgment or behavior. (b) Self-review threat – is the threat that a professional accountant will not objectively evaluate the results of the previous judgment made or service provided in forming a conclusion about the subject matter of the engagement. (c) Advocacy threat – is the threat that a professional accountant will promote a client’s or employer’s position to the point that the professional accountant’s objectivity is compromised. (d) Familiarity threat – occurs when, by virtue of close relationship with a client, its directors, etc. becomes too sympathetic to the client’s interests. (e) Intimidation threat – is the threat that a professional accountant will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the professional accountant. Safeguards (a) Safeguards created by the profession, legislation or regulation; and (b) Safeguards in the work environment. • Firm-wide safeguards • Engagement specific safeguards • Safeguards within the client’s systems and procedures PART A—GENERAL APPLICATION OF THE CODE • Section 100 Introduction and Fundamental Principles • Section 110 Integrity – not merely honesty but fair dealing and truthfulness. • Section 120 Objectivity – to be fair, intellectually honest, and free of conflicts of interest • Section 130 Professional Competence and Due Care –  Professional competence means he/she should continually strive to improve his knowledge and skills to ensure that a client or employer receives the advantage of competent professional service based on up-to-date developments in practice, legislation, and techniques. It is divided into two phases: attainment and maintenance




•

•

Due professional care encompasses the responsibility to perform professional services in accordance with technical and professional standards. Section 140 Confidentiality – he/she should not use or disclose any such information w/o proper and specific authority or unless: permitted by the client or employer, required by law, there is a professional duty to disclose information Section 150 Professional Behavior – he/she should comply with relevant laws and regulations

PART B—PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE • Section 200 Introduction • Section 210 Professional Appointment • Section 220 Conflicts of Interest • Section 230 Second Opinions • Section 240 Fees and Other Types of Remuneration • Section 250 Marketing Professional Services • Section 260 Gifts and Hospitality • Section 270 Custody of Client Assets • Section 280 Objectivity―All • •

Section 290 Independence―Audit and Review Engagements Section 291 Independence―Other Assurance Engagements 

Independence of mind - is the auditor’s perception of his own independence. Independence in appearance – refers to the public perception of the professional accountant’s independence.  Independence Requirements of Different Assurance Engagements :

Audit Non-audit (not restricted) Non-audit (restricted) Note: Additional requirement is that the firm should not have any material financial interest (direct or indirect) 

Members of the Assurance Team Yes Yes Yes

Firm

Network Firm

Yes Yes No

Yes No No

Independence Interpretations and Rulings

INTERPRETATION ON: Financial Interest

WILL NOT IMPAIR INDEPENDENCE

Loans and guarantees

 Loan to a financial institution ,

provided that the loan is immaterial to both and made my normal lending circumstances

 Considered as an indirect financial

Close Business Relationships

Family and Personal Relationships

Past employment with an assurance client Serving as an officer or director on

WILL IMPAIR INDEPENDENCE  Direct financial interest (material or immaterial  Material indirect financial interest  Loan to an assurance client that is not a financial institution

 As an honorary member, that he

interest, must be material to impair independence  Member of assurance team is an immediate family member of the assurance client  Member of assurance team had served in position to influence the subject matter of the engagement  Serves as an officer or a director


the Board of Assurance Clients Long association clients

with

assurance

Provision of accounting and bookkeeping services to assurance clients Provision of taxation services to assurance clients Provision of legal services to assurance clients Recruiting Senior Management Fees – overdue

Contingent Fees

does not participate in the mgmt. or operations of the client  Lead engagement partners must be rotated at least once every 5 years (for listed companies)

on the board of an assurance client

 Provision of services to an audit

client hat is a public interest entity   Advisory services

 Advocacy services

 Corporate finance services  Recruited for ultimate hiring

 Recruited for consulting services

decision  At the time of issuing the assurance report , the PY professional fees due from client is unpaid 

 Fees that are fixed by court or

other public authority, fees determined based on the results of judicial or gov’t agency proceedings

Gifts and Hospitality Actual or threatened litigation

 

PART C—PROFESSIONAL ACCOUNTANTS IN BUSINESS • Section 300 Introduction • Section 310 Potential Conflicts • Section 320 Preparation and Reporting of Information • Section 330 Acting with Sufficient Expertise • Section 340 Financial Interests • Section 350 Inducements

REPUBLIC ACT NO. 9298: THE PHILIPPINES ACCOUNTANCY ACT OF 2004 Overview of RA 9298 and its IRR The Republic Act No. 9298, including its implementing rules and regulations, consists of: five Articles (Rules); has three Annexes; and   with 44 Sections; was enacted into law on May 13, 2004.   1. Article I | Rule I - Act shall govern & provide for: Regulation of education o Examination for CPA o Supervision, control and regulation of practice o - Scope of practice: Public accountancy o Commerce & industry o - Definition of terms

o o

Education Government


2. Article II | Rule II Professional Regulatory Board - Chairman & 6 members - APO should submit its nominees not later than 60 days - Qualifications: Natural born Filipino Of good moral character o o Registered CPA w/ 10 years Not have any pecuniary interest o o experience Not a director or officer of APO o - Term: 3 years ; no person shall serve in the Board for more than 12 years - Receive compensation & allowances - Powers & functions: Monitor conditions Adopt official seal o o Supervise registration, licensure & Investigate violations o o practice Punish for contempt o Prescribe & adopt rules Prepare/Amend syllabi for o o Conduct oversight into quality examinations o Issue, suspend, revoke or reinstate Exercise other powers provided by o o the registration law - Submit a report @ close of each year - FRSC composed of 15 members with a chairman and 14 representatives - AASC composed of 15 members with a chairman and 14 representatives - Educational Technical Council (ETC) composed of 7 members with a chairman and 6 representatives wi th the functions of: Determine a min standard curriculum o Establish teaching standards o Monitor progress of program o Evaluate performance of educational institutions o - Board is under supervision of the Commission - May remove/suspend members of the board when: Neglect of duty o Violation of the Act o Final judgment of crimes involving moral turpitude o Manipulation o 3. Article 3 | Rule III Examination, Registration & Licensure - Qualifications for examinations: Filipino citizen o Good moral character o BSA degree o Not convicted of any crime involving moral turpitude o - Documents submitted to support requirements: NSO o College Diploma o NBI Clearance o - Scope of exam: o TOA Business Law & Tax o MAS o - Rating: general average of 75% w/ no grades lower than 65%

o o o

AT AP PRAC 1 & 2

Auditing Theory Salosagcol Summary

Recommend Documents