FUNDAMENTALS OF AUDITING AND ASSURANCE SERVICES UNIT 1
WHAT IS AUDITING?
AUDITING DEFINED •
Philippine Standards on Auditing: “to enable the auditor to express an opinion whether
the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework.”
•
American Accounting Association: “a systematic process of objectively obtaining and
evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between thee assertions and established criteria and communicating the results to interested users.”
AUDITING DEFINED •
Auditing is a systematic process
•
An audit involves obtaining and evaluating evidence about assertions regarding economic actions and events.
•
An audit is conducted objectively.
•
Auditors ascertain the degree of correspondence between assertions and established criteria.
•
Auditors communicate the audit results to various interested users.
BUT, BEFORE WE GO FURTHER INTO THE WORLD OF AUDITING, LET US EXAMINE THE BROAD UMBRELLA TO WHICH AUDIT IS INCLUDED.
ASSURANCE ENGAGEMENTS •
Assurance Engagement – engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence that intended users can have about the evaluation or measurement of a subject matter that is the responsibility of a third party, other than the intended users or the practitioner, against criteria.
•
Assurance services – independent professional services that improve the quality of information, or its context, for decision makers.
•
Philippine Framework for Assurance Engagements •
Provides a frame of reference for practitioners and others involved with assurance engagements
•
Describes the objectives and elements of assurance engagements intended to provide either a high or moderate level of assurance.
ASSERTION BASED VS DIRECT REPORTING ENGAGEMENTS •
Assertion-based Engagements •
Assurance engagements that involve the evaluation or measurement of the subject matter by the responsible party and the subject matter information in the form of assertion by the responsible party is made available for intended users.
•
Direct Reporting Engagements •
Engagements where the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the
evaluation or measurement that is not available to the intended users.
•
Independent Financial Statement audit is an example of Assertion-based engagement.
TYPES OF ASSURANCE ENGAGEMENTS •
Reasonable Assurance Engagement •
Engagement that aims to reduce the assurance engagement risk to an acceptably low level in the circumstances of the engagement as a basis for a positive form of expression of the practitioner’s
conclusion.
•
Limited Assurance Engagement •
Engagement that aims to reduce the assurance engagement risk to a level that is acceptable in the
circumstance of the engagement but where that risk is greater than for a reasonable assurance engagement as a basis for a negative form of expression of the practitioner’s conclusion.
TYPES OF ASSURANCE SERVICES •
Audit (Independent financial statements audit; external audit) •
Assurance engagement to provide a high level of assurance that the financial statements are free of material misstatement.
•
Reviews •
Review of financial statements – involves limited investigation of much narrower scope than audit and undertaken for the purpose of providing limited (negative) assurance that the statements are presented in accordance with identified Financial Reporting standards.
•
Other Review engagements – other engagements in which the practitioner is engaged to issue a written communication that expresses conclusion with respect to the reliability of a written assertion that is the responsibility of another party.
•
Other Assurance Services
OTHER ASSURANCE SERVICES •
Assurance Services on Information Technology •
Assurance over website controls, assurance about information system reliability and electronic commerce assurance services.
•
CPA Web Trust Service •
Assures the user that the web site owner has met establishment criteria related to business practices, transaction integrity and information process
•
Information Systems Reliability Service •
CPAs provide assurance that an information system has been designed and operated to produce reliable data including tests of the system to determine whether the system protects against potential causes of data defects.
ATTESTATION SERVICE
•
An engagement in which a practitioner is engaged to issue, or does issue, a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party.
NON-ASSURANCE SERVICES •
Agreed-Upon Procedures •
The party engaging the professional accountant or the intended user determines the procedures to be performed and the professional accountant provides a report of factual findings as a result of undertaking those procedures.
•
•
The professional accountant does not express an opinion or conclusion that provides a level of assurance
Compilation of Financial or Other Information •
Presenting in the form of financial statements that is the representation of management (owners) without
undertaking to express any assurance on the statements •
Tax Services •
Tax compliance – preparation of tax returns for individuals, corporations, estates and trusts, and others.
•
Tax planning – determines the tax consequences of planned or potential transactions and suggests the desirable course of action to minimize the tax liability while achieving the client’s objectives.
NON-ASSURANCE SERVICES •
Management Consulting/Advisory Services •
Professional services that employ the practitioner’s technical skills, education, observations, experiences,
and knowledge of the analytical approach and procedures used in a consulting engagement.
•
Accounting and Data Processing or Information Technology System Services •
Include doing manual or automated bookkeeping, journalizing, and posting adjusting entries or preparing (or compiling) financial statements.
REPORTS ON NON-ASSURANCE ENGAGEMENTS •
Non-assurance reports should avoid: •
Implying compliance with PSAs, PSREs or PSAEs
•
Inappropriately using the words “assurance”, “audit” or “review”
•
Including a statement that could reasonably be mistaken for a conclusion designed to enhance the degree of confidence of intended users about the outcome of the evaluation or measurement of a subject matter against criteria.
ELEMENTS OF AN ASSURANCE ENGAGEMENT •
Three-party relationship
•
Appropriate Subject Matter
•
Suitable Criteria
•
Sufficient appropriate evidence
•
A written assurance report in the for of appropriate to a reasonable/limited assurance engagement.
THREE-PARTY RELATIONSHIP •
Practitioner •
Person who provides assurance to the intended users about a subject matter that is the responsibility of another party.
•
Responsible party •
Direct reporting – responsible for subject matter
•
Assertion based – responsible for subject matter information (assertion), and may be responsible for subject matter.
•
•
The responsible party may not be the engaging party
Intended users •
Person/persons/class of persons for whom the practitioner prepares the assurance reports.
SUBJECT MATTER •
Financial Performance or conditions
•
Nonfinancial performance or conditions
•
Physical characteristics (specifications documents)
•
Systems and processes
•
Behavior (corporate governance, compliance with regulation)
SUBJECT MATTER •
Characteristics of subject matter affect the: •
Precision with which the subject matter can be evaluated or measured against criteria
•
The persuasiveness of available evidence. The assurance report notes characteristics of particular relevance to the intended users.
•
An appropriate subject matter is: •
Identifiable, and capable of consistent evaluation or measurement against the identified criteria
•
Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate.
CRITERIA •
Benchmarks used to evaluate or measure the subject matter.
•
Examples: PFRS, established internal control framework, law/regulation, code of conduct
•
Characteristics of suitable criteria:
•
•
Relevance: contribute to conclusions that assist decision making by the intended users.
•
Completeness: relevant factors that could affect the conclusions are not omitted.
•
Reliability: allow reasonably consistent evaluation or measurement of the subject matter.
•
Neutrality: contribute to conclusions that are free from bias.
•
Understandability: contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations.
Criteria should be made available: •
Publicly
•
Through inclusion in the subject matter information
•
Through inclusion in the assurance report
•
By general understanding (criterion for measurement of hours and minutes)
EVIDENCE •
Professional scepticism •
Practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations
by the responsible party. •
Sufficiency and Appropriateness of Evidence •
Sufficiency – measure of quantity of evidence
•
Appropriateness – measure of the quality of evidence.
•
General rules on the reliability of evidence: •
More reliable when obtained from independent sources outside the entity
•
When internally generated, more reliable when the related controls are effective.
•
Evidence obtained directly is more reliable than evidence obtained indirectly or by reference(inquiry)
•
Evidence is more reliable when it exists in documentary form.
•
Evidence provided by original documents is more reliable than evidence provided by photocopies/facsimiles
EVIDENCE •
Materiality •
Considered in the context of qualitative and quantitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and
interests on the intended users. •
Assurance engagement risk •
Risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. (on nature, timing, and extent of evidence gathering procedures)
•
Risk that the subject matter information is materially misstated •
Inherent risk – the susceptibility of the subject matter information to a material misstatement, assuming there are no related controls
•
Control risk – material misstatement could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls
•
Detection Risk – risk that the practitioner will not detect material misstatement that exists.
EVIDENCE •
Nature, timing, and extent of Evidence-gathering procedures •
•
•
Systematic engagement process: •
Obtaining an understanding of the subject matter and other engagement circumstances
•
Based on that understanding, assessing the risks that the subject matter may be materially misstated
•
Responding the assessed risks and determining the nature, timing, and extent of further procedures.
•
Performing further procedures
•
Evaluating the sufficiency and appropriateness of evidence
Reducing engagement risk to zero is rarely attainable as a result of such factors: •
Use of selective testing
•
Inherent limitations of internal control
•
Persuasive rather than conclusive evidence
•
Use of judgment in gathering and evaluating evidence
•
Characteristics of subject matter when evaluated
Quantity and Quality of available evidence •
Characteristics of subject matter and subject matter information
ASSURANCE REPORT •
Practitioner provides a written report containing a conclusion that conveys the assurance obtained about the subject matter information
•
Assertion-based engagement can be worded as follows: •
In terms of the responsible party’s assertion (In our opinion the responsible party’s assertion that internal
control is effective, in all material respects, based on XYZ criteria, is fairly stated) •
Directly in terms of the subject matter and the criteria (In our opinion internal control is effective, in all material respects, based on XYZ criteria)
INAPPROPRIATE USE OF PRACTITIONER’S NAME •
A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or consents to the use of the practitioner’s name in a
professional connection with that subject matter.