1

Chapter 1
Overview of Auditing Process and Pre-Engagement Activities
Topic chapter discusses the definition of audit, phases of audit and the different
considerations of auditor in accepting an audit engagement.
Learning Objectives:
After studying this chapter, you should be able to:
1. Describe what an audit is.
2. Enumerate and describe different phase of an audit.
3. Identify and explain pre-engagement activities.
4. Identify the different considerations in accepting audit.

Audit
An audit is a systematic process of objectively obtaining and evaluating evidence
regarding assertions about economic actions and events ascertain the degree of
correspondence between these assertions and established criteria and communicating
the results thereof. (American Accounting Association)

Audit Process
The audit process is the sequence of different activities involved in an audit. This
process normally includes the following steps:
Phase Description
1. Pre-engagement This phase will require a decision from the auditor
whether or not to accept new client or continue
relationship with an existing one. This process
would require evaluation not only of the auditor’s
qualification, but also the integrity and auditability
of the client’s financial statements.
Primary objective: To minimize the likelihood of
being associated to a client whose management
locks integrity
2. Audit Planning Audit planning involves the development of an
overall audit strategy, audit plan and audit
program. The auditor usually obtained more
detailed knowledge about the client’s business
and industry in order to understand the
transaction and events affecting the financial
statements.
Preliminary assessment of risk and materiality is
also made during this phase.
 2
Primary objective: To assess the different risks associated
with the audit to determine the nature, timing and extent of
further audit procedures necessary to be performed.
3. Considerations of Since entity’s internal control directly affects the reliability of
Internal Controls the financial statements. It is appropriate to study and
evaluate these controls.
Primary objective: To establish a basis for reliance on
internal controls, in determining the nature, timing and extent
of audit procedures to be performed.
4. Evidence Using the information obtained in audit planning and
gathering consideration of internal controls, the auditor perform
(substantive testing) substantive test to determine whether entity’s financial
statements are presented fairly in accordance with financial
reporting standards. Substantive procedures could either be
analytical procedures or test of details of transaction balances.
This phase will always be performed by the auditor.
Primary objective: To ascertain the degree of
correspondence between the financial statements prepared by
client’s management and the financial reporting framework.
With this, the auditor will be able to conclude whether or not
the financial statements are presented fairly in accordance
with financial reporting standards.
5. Completing the Wrapping-up procedures are performed; conclusion reached
audit are reviewed; and an overall opinion is formed during this
phase.
Primary objective: To assist the auditor in assessing
conclusion reached is consistent with evidence gathered
6. Issuance of the In this stage, auditor prepares and issues audit report which
audit report describes the scope of the audit and states the auditor’s
conclusion regarding the fairness of the financial statements.
Primary objective: To communicate the conclusions reached
by the auditor to various intended users.
7. Post-audit After completion of the audit engagement, auditor performs
responsibilities procedures that will enable him/her identify areas for
improvement in the current and future engagements.
Primary objective: To assess and evaluate the quality of
services delivered by the engagement team.
 3
Pre-Engagement
Acceptance of an engagement
In making a decision whether to accept or reject an engagement, an auditor should
consider the following:

1. Its competence;
2. Its independence;
3. Its ability to serve the client properly; and
4. The integrity of the prospective client’s management.

Furthermore, the auditor is expected to perform the following:

1. Obtain a preliminary knowledge of the client’s business and industry to determine

whether the auditor has the degree of competence required by the engagement.
2. Consider whether there are any threats to the firm’s independence and objectivity,
and if so, whether adequate safeguards can be established.
3. Evaluation of the firm’s ability to serve the prospective client.
4. Evaluate auditability.
5. Investigation of the integrity of the client’s management through inquiry to
appropriate parties or communication with the predecessor auditor

Matters to be discussed with predecessor auditor include the following: (RID)

a. The predecessor’s understanding as to the Reasons for change in auditors;
b. Information that might bear on the Integrity of the management; and
c. Disagreements between the predecessor auditor and management as to accounting
principles, auditing procedures, etc.

Note: Every time communication is made to parties other than the client, the auditor
shall seek permission from the client and document the item discussed.

6. Agree on the terms of the engagement and prepare an engagement letter.

Agreeing the Terms of Audit Engagements

The auditor and the client shall agree on the terms of engagement. The agreed terms
would need to be recorded in an audit engagement letter or other suitable form
of contract.
 4
It is in the interest of both client and the auditor that the auditor sends an
engagement letter, preferably before the commencement of the engagement to help
avoid misunderstanding with respect to the engagement. The engagement letter
documents and confirms:
a. Auditor’s acceptance of the engagement
b. Objective and scope of the audit
c. Extent of auditor’s responsibilities to the client
d. Form of any reports

Contents of engagement letter (RA FORMS)

The form and content of audit engagement letters may vary for each client but they
would generally include reference to:
a. The presence of audit Risk
b. Unrestricted Access to whatever records
c. The financial reporting Framework used
d. Objective of the audit
e. The form of any Reports or other communication
f. Management’s responsibility
g. The Scope of the audit
The auditor may also wish to include in the letter: (FRAP REPORTS)
a. Basis in which Fees are computed and any billing arrangement
b. Expectation of receiving Representation letter
c. Acknowledgement of management of terms of agreement
d. Arrangements regarding the Planning of the audit
e. Description of any other letters of Reports

When relevant, the following points could also be made:

 Arrangements concerning the involvement of other auditors and experts in some
aspects of the audit.
 Arrangement concerning the involvement of internal auditors and other staff
 Arrangement to be made with the predecessor auditor, if any, in the case initial.
 Any restriction of the auditor’s liability when such possibility exists.
 A reference to any further agreements between the auditor and the client.

Audit of Components
When the auditor of a parent entity is also the auditor of its subsidiary, branch, or
division (component), the factors that influence the decision whether to send a separate
engagement letter to the component include the following:
 Who appoints the component auditor
 Legal requirements in relation to audit appointments
 5
 Degree of Ownership
 Whether a Separate auditor’s report is to be issued on the component; and
 Degree of Independence of the component’s management from the parent
entity.

Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the
terms of the engagement to be revised and whether there is a need to remind the client
of the existing terms of the engagement. The auditor may decide not to send a new
engagement letter each period.

However, the following factors may make it appropriate to send a new letter:
 Any indication that the client misunderstands the objective and scope of the
audit
 Any revised or special terms of engagement
 A recent change of management, board of directors or ownership.
 A significant change in ownership
 A significant change in nature or size of the client’s business.
 A change in legal or regulatory requirements.
 A change in financial reporting framework adopted in the preparation of the
financial statements.
 A change in other reporting requirements.

Acceptance of a Change in Engagement

 a. Stop performing the old engagement
YES b. Stop referring to the old engagement,
except when the new engagement involves
agreed upon procedures
Is there a c. Start performing the new engagement
reasonable
justification

a. Continue the original audit engagement

NO b. When prohibited to continue, withdraw from
the audit engagement

Note: Every time withdrawal is made, the auditor

should consider the necessity of communicating
the reasons to appropriate level of
management.

6
Circumstance Justifiable
1. Change in circumstances affecting the need for the service √
2. A misunderstanding as to the nature of an audit or related services √
originally requested.
3. A restriction on the scope of the engagement, whether imposed by ×
management or caused by circumstances
4. If the change relates to information that is incorrect, incomplete or ×
otherwise unsatisfactory
5. the auditor is unable to obtain sufficient appropriate audit evidence ×
regarding assertions
Circumstance that could lead to Change in Engagement
 15
Chapter 2
AUDIT PLANNING – INTRODUCTION AND RISK ASSESSMENT PROCEDURES

Topic Overview:
This chapter discusses the audit planning process, audit strategy and risk assessment
procedures.

Learning Objectives:
After studying this chapter, you should be able to:
1. Explain audit planning
2. Identify and explain the major audit planning activities.
3. Identify considerations in establishing audit strategy.
4. Describe the difference of audit strategy, audit plan and audit program
5. Identify the activities in risk assessment.
6. Describe audit risk and its components and how will it affect the audit
procedures.

PLANNING AN AUDIT OF FINANCIAL STATEMENTS

The primary objective of the auditor is to plan the audit so that the audit will be
performed in an effective manner. However, adequate planning also leads to an
efficient and timely audit engagement.

The Role and Timing of Planning

Planning an audit involves establishing the overall strategy for the engagement
and developing and audit plan. Adequate planning benefits the audit of financial
statements in several ways, including the following:
 Appropriate attention is devoted to important areas
 Potential problems are identified and resolved on timely basis
 Proper organization and management of the audit engagement leading to an
effective and efficient performance.
 Work are properly assigned to appropriate engagement team members
 Assistance in coordinating work done by other auditors and experts
 Assistance in facilitating direction, supervision and review.

The nature and extent of planning activities will vary according to the (SECTA)

 Size and complexity of the entity

 Previous Experience with the entity of key engagement team members (partner,
manager, and staff-in-charge)

 Changes in circumstances that occur during the audit engagement.

16

 Timing of the Appointment of the Independent auditor

Planning as a phase of the audit process

Planning is not a discrete phase of an audit, but rather a continual and iterative process
that often begins shortly (or in connection with) the completion of the previous audit
and continues until the completion of the current audit engagement.

Major Audit Planning Activities

The auditor shall establish an overall audit strategy that sets the scope, timing and
direction of the audit, and that guides the development of the audit plan after
performing the following procedures:
a. Obtaining an understanding of the client and its environment
b. Determining the need for experts
c. Establishing materiality and assessing risks
d. Assessing the possibility of non-compliance
e. Identifying related parties
f. Performing preliminary analytical procedures
g. Development of the overall audit strategy and detailed audit plan
h. Preparation of preliminary audit programs

THE OVERALL AUDIT STRATEGY AND AUDIT PLAN

Overall Audit strategy
In establishing the overall audit strategy, the auditor shall:
 Identify the characteristics of the engagement that defines its scope;
 Ascertain the reporting objectives of the engagement to plan the timing of the
audit and the nature of the communications required;
 Consider the factors that, in the auditor’s professional judgment, are significant
in directing the engagement team efforts
 Consider the result of preliminary engagement activities and, where practicable,
whether knowledge gained on other engagement performed by the engagement
partner for the entity is relevant.
 Ascertain the nature, timing and extent of resources necessary to perform the
engagement.

Audit Plan
After the overall audit strategy has been established, an audit plan can be developed to
address the various matters identified in the overall audit strategy, taking into account
the need to achieve the audit objectives through the efficient use of the auditor’s
resources.

The audit plan is more detailed than the overall audit strategy in that it includes the
nature, timing and extent of audit procedures to be performed by engagement team
members. These procedures may be documented in audit program.
17
The auditor program shall serve as a:
 Set of instructions to assistants involved in the audit; and
 Means to control and record the proper execution of the work.
The audit program also contains:
 The auditor objectives for each area; and
 A time budget in which hours are budgeted for the various audit areas or
procedures.
Changes to Planning Decision during the Course of the Audit
The overall audit plan and the audit program should be revised as necessary during the
course of the audit. Planning is continuous throughout the engagement because of
changes in condition or unexpected results of audit procedures.

Completion of Overall Strategy and Audit Plan

The establishment of the overall audit strategy and the detailed audit plan are not
necessarily discrete or sequential process, but are closely interrelated since changes in
one may result in consequential changes to the other. Also, preferably, a plan shall be
initially completed prior to consideration of internal controls or performance of specific
procedures.

Planning documentation
The auditor shall document:
 a. The overall audit strategy
b. The audit plan
c. Any significant changes made during the audit engagement to the overall
strategy or audit plan, and the reasons for such changes

Additional Considerations in Initial Audit Engagements

After performing preliminary engagement activities, for an initial audit, the auditor may
need to expand the planning activities because he/she does not ordinarily have the
previous experience with the entity that is considered when planning recurring
engagement. For initial audits, additional matters the auditor may consider in
developing the overall audit strategy and audit plan include the following:
 Arrangements to be made with the predecessor auditor to review prior year’s
working papers;
 Any major issues discussed with management in connection with the initial
selection as auditors, the communication of these matters to those charged with
governance and how these matters affect the overall audit strategy and audit
plan
 The planned audit procedures to obtain sufficient appropriate audit evidence
regarding opening balances; and
 Other procedures required by the firm’s system of quality control for initial audit
engagements.

18
DIRECTION, SUPERVISION AND REVIEW
The auditor should plan the nature, timing and extent of direction and supervision of
engagement team members and review of their work.

The nature, timing and extent of the direction and supervision of engagement team
members and review of their work vary depending on many factors, including
 The assessed risks of material misstatement;
 Size and complexity of the entity
 The area of audit and
 Capabilities and competence of personnel performing the audit work.

Considerations Specific to Smaller Entities

When an audit is carried out entirely by an audit engagement partner, who may be a
sole practitioner, it may be desirable to consult with other suitably-experience auditors
or the auditor’s professional body.

RISK ASSESSMENT PROCEDURES

Identifying and assessing the risk of material misstatement through

understanding the Entity and its Environment
It is the objective of the auditor to identify and assess risks of material misstatements,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment including the entity’s internal control,
thereby providing a basis for designing and implementing responses to the assessed
risks of material misstatements.

RISK ASSESSMENT PROCEDURES

Risk assessment procedures are audit procedures performed to obtain an understanding
of the entity and its environment, including the entity internal control, to identify and
assess the risks of material misstatement, whether due to fraud or error, at the financial
statement and assertion levels.

Risk Assessment procedures and Related Activities

The auditor shall:
a. Identify risk throughout the process of obtaining an understanding of the entity
and its environment, including relevant controls the relate to the risks, and
consider the classes of transaction, account balances and disclosures in the
financial statements;
b. Relate the identified risks to what can go wrong at the assertion level;
c. Consider whether the risks are of a magnitude that could result in a material
misstatements of the financial statements; and
d. Consider the likelihood that the risks could result in a material misstatement of
the financial statements.
19
The risk assessment procedure shall include the following:
a. Inquiries of management, and of others within the entity who in the auditor’s
judgment may have information that is likely to assist in identifying risks of
material misstatement due to fraud or error
b. Analytical procedures; and
c. Observation and inspection.
Note: Risk assessment procedures by themselves, however, do not provide
sufficient appropriate audit evidence on which to base the audit opinion.

Analytical Procedures during planning Stage

Analytical procedure consist of evaluations of financial information made by a study
of plausible relationships among both financial and non-financial data. Analytical
procedures also encompass the investigation of identified fluctuations and
relationships that are consistent with other relevant information or that differ from
expected values by a significant amount.

Analytical procedure is required to be performed during planning stage. It is

designated to assist the auditor in planning the nature, timing and extent of other
auditing procedures.
 The Required Understanding of the Entity and its Environment
The auditor shall obtain an understanding of the following:
a. Relevant industry, regulatory, and other external factors including the
applicable financial reporting framework;
b. The nature of the entity, including its operations; ownership and governance
structure; types of investments that the entity is structured and how it is
financed;
c. Entity’s selection and application of accounting policies, including reasons for
changes thereto;
d. Entity’s objectives and strategies, and those related business risks that may
result in risk of material misstatement;
e. The measurement and review of the entity’s financial performance and
f. Internal control

ASSESSMENT OF AUDIT RISK AND MATERIALITY

Materiality and audit risk affect the application of PSA, and are reflected in the auditor’s
report. The auditor must make judgments about materiality and audit risk in
determining the nature, timing and extent procedures to apply and in evaluating
results.

Materiality
Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
20
Materiality depends on the size of the item or error judge in the particular
circumstances of its omission or misstatement.

The concept of materiality recognizes that some matters, but not all, are important for
fair presentation of the financial statements in conformity with PFRS.

The auditor should consider materiality and its relationship with audit risk when
conducting an audit. The auditor’s purpose in considering materiality at the planning
stage of the audit is to determine the appropriate scope of their audit procedures.

Using professional judgment, the auditor shall determine materiality at

 Financial statement level – the smallest aggregate amount of misstatement
applicable to all financial statements.
 Assertion level for classes of transaction, account balance and disclosures –
largest tolerable misstatement.

Audit Risk
Audit risk is the risk that the auditor gives an inappropriate audit opinion when the
financial statements are materially misstatement.
 Component of Audit Risk
a. Risk of material misstatement
 Inherent risk is the susceptibility of an account balance or class of
transaction to misstatement that could be material individually or when
aggregated with misstatements in other balances or classes, assuming
that there is no related controls.
 Control risk is the risk that a misstatement, that could occur in an account
balance or class of transactions that could be material, individually or
when aggregated with misstatements in other balances or classes, will not
be prevented or detected and corrected on a timely basis by the
accounting and internal control systems.
b. Risk on not Detecting the Misstatement
 Detection Risk is the risk that the auditor’s substantive procedures will not
detect a misstatement that exists in an account balance or class
transactions that could be material, individually or when aggregated with
misstatements in other balances or classes.

If the auditor wishes to reduce detection risk, procedures to be performed shall

be
a. As to nature – more effective procedures
b. As to timing – closer or nearer to year end
c. As to extent – larger sample size

21
Interrelationship of the Components of Audit Risk
    Auditor's Assessment of Control risk is
    High Medium Low
Auditor's High Lowest Lower Medium
assessmen Mediu
t of m Lower Medium Higher
inherent
risk Low Medium Higher Highest

Relationships of Risk and Materiality to substantive procedures

Risk of material misstatement (inherent and control risk) Direct
Risk of not detecting the misstatement (detection risk) Inverse
Materiality Inverse

Summary of Procedures Performed in Planning an Audit

Obtaining an
understanding of the
entity’s environment
 Consider Materiality
and Assess Risk of
Material Misstatements

Determine the
acceptable level of
Audit Risk

Identify Detection Risk to

determine the nature, timing and
extent of further Audit Procedures
 30
Chapter 3
INTERNAL CONTROL CONSIDERATION AND RESPONSES TO ASSESSED RISKS

Topic Overview
This chapter discusses internal controls, assessment of control risk and how will affect
audit procedures.

Learning Objectives:
After studying this chapter, you should be able to:
1. Describe the objectives and inherent limitation of an internal control,
2. Identify and explain each component of internal control.
3. Describe the appropriate responses of the auditor to assessed risks.
4. Explain test of controls and substantive procedures and identify how they are
affected by assessed risk.

INTERNAL CONTROL CONSIDERATION

The auditor should obtain an understanding of the accounting and internal control
systems sufficient to plan the audit and develop an effective audit approach.

The auditor uses the understanding of internal control to identify types of potential
misstatements, consider factors that affect the risk of material misstatement, and
design the nature the nature, timing, and extent of further audit procedures.

ACCOUNTING AND INTERNAL CONTROL SYSTEMS

Accounting system is a series of tasks and records of an entity by which transactions
are processed as a means of maintaining financial records. Such systems identify,
assemble, analyze, calculate, classify, record, summarize and report transaction events.

Internal Control System means all the policies and procedures (internal controls)
adopted by the management of an entity to assist in achieving management’s objective
of ensuring, as far as practicable:
 Orderly and efficient conduct of its business, including adherence to
management policies;
 Safeguarding of assets
 Prevention and detection of fraud and error
 Accuracy and completeness of the accounting records; and
 Timely preparation of reliable financial information.
 31
The internal control system extends beyond those matters which relate directly to the
functions of accounting system.

ENTITY’S INTERNAL CONTROL

Internal control is a process, effected by those charged with governance,
management, and other personnel, designed to provide reasonable assurance regarding
the achievement of objectives in the following categories:
a. Effectiveness and efficiency of operations;
b. Reliability of financial reporting; and
c. Compliance with applicable laws and regulations.

Assurance provided by internal control

There is a direct relationship between an entity’s objectives and the controls which are
implemented to provide assurance of their achievement. However, no matter how well
designed and operated, internal control can only provide reasonable assurance.

Inherent Limitations of Internal Control

The internal control can only provide reasonable assurance because of inherent
limitations that may affect the effectiveness of internal controls.
Such limitations include: (COC CHA)
 Management usual requirement that a control be cost-effective (Cost benefit
consideration)
 The possibility that a person responsible for exercising control could abuse the
responsibility (Management Overriding the Control);
 The possibility of circumvention of controls through collusion with parties outside
the entity or with the employees of the entity;
 The possibility that procedures may become inadequate due to Changes in
condition and compliance with procedures may deteriorate;
 The potential for Human error due to carelessness, distraction, mistakes of
judgment or the misunderstanding of instructions; and
 The fact that most controls tend to be directed at anticipated types (routine) of
transaction and not at unusual (non-routine) transactions.

Areas of Internal Control

Areas of internal control can be classified as either administrative control or accounting
control.

Administrative control includes, but is not limited to, plan of organization and the
procedures and records that are concerned with the decision process leading to
management’s authorization of transactions. Administrative controls promote
operational efficiency and adherence to managerial policies.
 32
On the other hand, accounting control compromises the plan of organization and the
procedures and records that are concerned with the safeguarding of assets and the
reliability of financial records. It involves systems of authorization and approval control
over assets, internal audit and all other financial matters.

Controls Relevant to the Audit

The auditor’s risk assessment process relates to controls pertaining to the entity’s
objective of preparing financial statements for external purposes and the management
risk that may give rise to a material misstatement in those financial statements.

It is a matter of professional judgment, subject to the requirements of PSA whether a

control, individually or in combination with others, is relevant to the auditor’s
considerations in assessing the risks of material misstatement and designing and
performing further procedures in response to assessed risks. In exercising that
judgment, the auditor considers the applicable component and factors such as the
following:
a. The auditor’s judgment about materiality;
b. The size of the entity;
c. The nature of the entity’s nosiness, including its organization and ownership
characteristics;
d. The diversity and complexity of the entity’s operations;
e. Applicable legal and regulatory requirements; and
f. The nature and complexity of the systems that are part of the entity internal
control, including the use of service organizations.

Components of Internal Control

Internal control, as discussed in PSA 315 (Redrafted), consists of the following
components: (CRIME)
a. Control Environment
b. Entity’s Risk assessment process
c. Information and communication system
d. Control activities
e. Monitoring of Controls

A. The control Environment

The control environment includes the governance and management functions and the
attitudes, awareness, and actions of those charge with governance and management
concerning the entity’s internal control and it’s important in the entity.
Elements of control environment: (IM CPA HO)
1. Communication and enforcement of integrity and ethical values
2. Management’s philosophy and operating style;
3. Commitment to competence
4. Participation by those charged with governance
 33
5. Assignment of authority and responsibility;
6. Human resource policies and procedures; and
7. Organizational structure

B. The entity’s risk assessment process

An entity’s risk assessment process is the process of identifying and responding to
business risk and the result thereof.
For financial reporting purposes, the entity’s risk assessment process includes how
management identifies risk relevant to the preparation of financial statements that are
presented fairly, in all material respects in accordance with the entity’s applicable
financial reporting framework, estimates their significance, assesses the likelihood of
their occurrence, and decides upon action to manage them.

Risk can arise or change due to circumstances such as the following:

a. Changes in operating environment
b. New personnel
c. New or revamped information system
d. Rapid growth
e. New Technology
f. New business models, products, or activities
g. Corporate restructuring
h. Expanded foreign operations
i. New accounting pronouncements

The auditor shall obtain an understanding of whether the entity has a process for:
(IAM)
 Identifying business risks relevant to financial reporting objectives
 Assessing the significance of risks and the likelihood of their occurrence
 Deciding how to Manage those risk
C. The information system, including the related business processes relevant
to financial reporting, and communication.
a. Infrastructure (physical and hardware components)
b. Software (process and procedures;
c. People
d. Input or data; and
e. Output or meaningful information.

NOTE: Infrastructure and software will be absent, or have less significance in systems
that are exclusively or primary manual.
The information system relevant to financial reporting objectives, such as the financial
reporting system, consist of the procedures and records established to initiate, record,
process and report entity transaction.
 34
( as well as events and conditions ) and to maintain accountability for the related
assets, liabilities, and entity.
Communication of financial reporting roles and responsibilities and significant matters
relating to financial reporting includes:
a. Communications between management and those charged with governance and
b. External communications, such as those with regulatory authorities

D. Control activities relevant to the audit

Control activities are the policies and procedures to help ensure that management
directives are carried out.
Examples of control activities includes those relating to the following (APIPS)
a. Authorization
 Specific authorization (for unusual, material, or infrequent project.
 General authorization (for regular transaction)
b. Performance reviews (actual performance versus budget, forecast and prior
period performance)
c. Information processing (from initiation up to the eventual inclusion of transaction
in financial reports)
d. Physical controls (for both assets and documents)
e. Segregation of duties
To achieve optimum segregation of responsibilities, the following functions
should be performed by different employees: (I CARE)
 Independent checks
 Custody of assets
 Authorization of transaction
 Recording of transaction
 Execution of transactions
E. Monitoring of Controls.
Monitoring is the process of assessing the quality of internal control performance over
time. It involves assessing the design and operations of controls on a timely basis and
taking necessary corrective actions. Monitoring is done to ensure that controls continue
to operate effectively.
Monitoring can be accomplished through
a. Ongoing monitoring activities (performed by the persons within the same line
function)
b. Separate evaluations (performed by internal auditors, audit committee,
and/external auditors
c. Combination of the two
 35
RESPONSES TO ASSESSED RISKS
The auditor shall design and implement overall responses to address the
assessed risks of material misstatement at the financial level.
Moreover, the auditor shall design and perform further audit procedures whose
nature, timing, and extent are based on and are responsive to the assessed risks
of material misstatement at the assertion level.

In designing the further audit procedures to be performed, the auditor shall:

a. Consider the reasons for the assessment given to the risk of material
misstatement at the assertion level for each class of transaction balance, and
disclosure, including:
i. The likelihood of material misstatement due to particular characteristics of
the relevant class of transactions, account balance, or disclosure (i.,e., the
inherent risk); and
ii. Whether the risk assessment takes account of relevant controls (i.,e., the
control risk), thereby requiring the auditor to obtain audit evidence to
determine whether the controls are operating effectively (i.,e the auditor
intends to rely on the operating effectiveness of controls in determining
the nature, timing, and extent substantive procedures); and
b. Obtain more persuasive audit evidence, the higher the auditor’s assessment risk.

TEST OF CONTROLS
The auditor should give adequate consideration to controls relevant to the audit. The
quality of the entity’s internal control can have significant impact in determining the
nature, timing and extent of the audit procedures in gathering audit evidence related to
class of transactions, account balances and disclosures.

The auditor shall design and perform tests of controls to obtain sufficient appropriate
audit evidence as to the operating activities of controls when:
a. The auditor’s assessment of risks of material misstatement at the assertion level
includes an expectation that the controls are operating effectively (i.,e the auditor
intends to rely on the operating effectiveness of controls in determining the nature,
timing and extent of substantive procedures) or
b. Substantive procedures alone cannot provide sufficient appropriate audit evidence at
the assertion level.
Test of controls over the design of a policy or procedure include Inquiry, Observation,
Inspection, Reperformance and Walk-through tests.
 36
SUBSTANTIVE PROCEDURES
Irrespective of the assessed risks of material misstatement, the auditor shall design and
perform substantive procedures for each material class of transaction, account balance,
and disclosure.
Summary of Procedures Performed in Consideration of internal Control

Risk assessment Further audit procedure

Reassessment
Obtainofan
Control Risk Audit Approach Effect on Substantive Test
CR assessment remainsof
understanding at Less Reliance Approach  Less effective procedures
than High  Interim testing may be appropriated
the internal control  Smaller sample size
focusing on the
CR assessment is changed to High Switch to no Reliance  More effective procedures
design and approach  Test nearer or at the year end
implementation of  Larger sample size
the controls.
Control risk at Perform
maximum level Substantive
Make preliminary
test
assessment of
Control Risk
Control risk at Perform Test
below maximum of controls
level

Perform Control risk at

Substantive Tests maximum level Make preliminary
assessment of
Perform Control risk at Control Risk
Substantive Tests below maximum
level

Effect of the reassessment of control risk on the audit approach

Documentation Requirements
Control Risk Understanding of Control risk Basis for the control risk
Assessment internal control assessment assessment

High Yes Yes No

Less than high Yes Yes Yes
 47
CHAPTER 4
TRANSACTION CYCLE – TEST OF CONTROLS
Topic Overview:
This chapter discusses the different transaction cycles and the key controls for each
transaction cycle.

Learning Objectives
1. Describe the different categories of transaction cycles.
2. Identify the forms or documents used in different departments.
3. Identify and describe the functions of departments in each transaction cycle.