Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
GOVERNANCE REVIEWER
ALAMO, MARK JOSEPH S.
AC17&18:ASSURANCE
PRINCIPLES,PROFES
SIONAL ETHICS AND
GOOD GOVERNANCE
AUDIT – AN OVERVIEW
THE PROFESSIONAL STANDARDS
THE AUDITOR’S RESPONSIBILITY
THE AUDIT PROCESS – ACCEPTING AN
ENGAGEMENT
AUDIT PLANNING
CONSIDERATION OF INTERNAL CONTROL
AUDITING IN AN COMPUTERIZED
ENVIRONMENT
PERFORMING SUBSTANTIVE TESTS
AUDIT SAMPLING
COMPLETING THE AUDIT
AUDIT REPORTS ON FINANCIAL STATEMENTS
ASSURANCE AND RELATED SERVICES
THE CODE OF ETIHICS AND REPUBLIC ACT
9298
AC17&18: ASSURANCE PRINCIPLES, PROFESSIONAL ETHICS AND GOOD
GOVERNANCE REVIEWER
ALAMO, MARK JOSEPH S.
AUDIT – AN OVERVIEW
nd evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence betwe
Types of Audit
usually by INTERNAL
AUDITORS) The
Independent Financial
Statement Audit
Limitations of an Audit
1. Conflict of Interest
2. Expertise
AC17&18: ASSURANCE PRINCIPLES, PROFESSIONAL ETHICS AND GOOD
GOVERNANCE REVIEWER
4. Financial Consequences
It represents measures of the quality of auditor’s performance. These standards should be looked as MINIMUM
STANDARD of performance that auditors should follow.
Opinion
The Philippine Standard on Auditing (PSA) establishes the independent auditor’s overall responsibilities when
conducting an audit of financial statements in accordance with PSAs. These are issued by AASC as
interpretations to GAAS.
Practice Statements – are additions to these standards to provide practical assistance to auditors in implementing the
standards and to promote good practice in the accountancy profession.
Quality controls are policies and procedures adopted by CPAs to provide reasonable assurance of conforming to
professional standards in performing audit and related services.
QUALITY CONTROL
REVIEW
The government thru the Professional Regulatory Board of Accountancy (BOA) has required all CPA firms and
individual CPA firms and individual CPAs in public practice to obtain a certificate of accreditation to practice public
accountancy.
Quality Review Committee (QRC) – created by PRC which shall conduct a quality review on applicants for registration to
practice public accountancy.
AUDITOR’S RESPONSIBILITY
uditor’s responsibility is to design the audit to provide reasonable assurance of detecting material misstatements in the FSs. These misstatements may emanate
FRAUD – refers to intentional act by one or more individuals among management, employees, or third parties which
results in misrepresentation of financial statements.
Types of Fraud:
1. Management Fraud/ Fraudulent Financial Reporting – involves intentional misstatements or omissions of
amounts or disclosures, usually done by members of management or those charged with governance.
Examples: manipulation of documents or records, misrepresentation of effects of transactions, recording of
transactions w/o substance, intentional application of accounting policies
2. Employee Fraud/ Misappropriation of assets – fraud that is accompanied by false or misleading records in order to
conceal the fact that assets are missing.
Examples: embezzling receipts, stealing entity’s assets, lapping of AR
AUDITOR’S RESPONSIBILITY:
The auditor is not and cannot be held responsible for the prevention of fraud and error. The auditor’s responsibility is
to design the audit to obtain reasonable assurance that the FS are free from material misstatements whether caused
by error or fraud.
NONCOMPLIANCE WITH LAWS AND REGULATIONS – refers to acts or commission by the entity being audited, either
intentional or intentional, which are contrary to the prevailing laws or regulations.
Examples: Tax evasion, violation of environmental protection laws, inside trading of securities, violation of SEC
requirements
MANAGEMENT’S RESPONSIBILITY (PSA 250) – to ensure that the entity’s operations are conducted in accordance with laws
and regulations. The responsibility for the prevention and detection of noncompliance rests with management.
AUDITOR’S RESPONSIBILITY:
An audit cannot be expected to detect noncompliance with all laws and regulations . Nevertheless, the auditor should
recognize that noncompliance by the entity with laws and regulations may materially affect the FS.
PLANNING PHASE TESTING PHASE COMPLETION PHASE
1. Obtain a general 4. When the auditor is aware 6. The auditor shouldobtain a written
legal concerning instance of representation from the client’s
ework noncompliance, evaluatethe management.
on the
elp FS. instances of noncompliance with laws and regulations
identify
When the auditor believes that there is
es to obtain sufficient appropriate audit evidence about compliance with laws and
uditor believes there maybe noncompliance, the auditor shouldnoncompliance, the auditor
document the findings, should
discuss request
them the mgmt.
with mgmt. and to revise the
consider the FS. Otherwise,
implication a qualified
on other aspectsor ao
If a scope limitation has precluded the auditor from obtaining sufficient appropriate evidence, the
qualified opinion or a disclaimer of opinion.
Auditors are primarily concerned with the noncompliance what will have a direct and material effect in the FS.
Noncompliance may involve conduct designed to conceal it such as collusion, forgery, senior 5mgmt. override
of controls, failure to record transactions, or intentional misrepresentations being made to auditor.
THE AUDIT PROCESS – ACEEPTING AN ENGAGEMENT
FINANCIAL STATEMENT ASSERTIONS
Assertions about classes of Assertions about account balances Assertions about presentation and
transactions and events for the at the period end: disclosure:
period under audit:
Completeness Rights and Obligations Completeness
Occurrence Existence Occurrence and rights and
Cutoff Completeness obligations
Accuracy Valuation and allocation Classification and
Classification understandability
Accuracy and valuation
AUDIT PROCEDURES
The procedures selected should enable the auditor to gather sufficient appropriate evidence about a particular
assertion.
Inspection – involves examining of records, documents, or tangible assets.
Observation – consists of looking a process or procedure being performed by others.
Inquiry – consists of seeking information from knowledgeable persons inside or outside the entity.
Confirmation – consists of the response to an inquiry to corroborate information contained in the
accounting records.
Computation – consists of checking the arithmetical accuracy of source documents and accounting
records or performing independent calculations.
Analytical Procedures – consist of the analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationships that are inconsistent with other relevant information or
deviate from particular amounts.
Audit evidence – refers to the information obtained by the auditor in arriving at the conclusions on which the
audit opinion is based. Audit evidence will comprise source documents and accounting records underlying the
financial statements and corroborating information from other sources.
ISSUING A REPORT
Obtaining detailed
ACCEPTING AN ENGAGEMENTknowledge about the entity and preliminary assessment of risk and materiality
PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment including the internal
control. Such understanding involves obtaining knowledge of entity’s:
Industry, regulatory, and other external factors, including financial reporting framework
Nature of the entity
Objectives and strategies and the related risks that may result in material misstatement of FS
Measurement and review of entity’s performance
Internal control
When developing an audit strategy, the auditor must consider carefully the appropriate levels of materiality and
audit risk.
MATERIALITY
“Information is material if its omission or misstatement could influence the economic decision of users”
In designing an audit plan, the auditor should make a preliminary estimate of materiality.
Materiality may be viewed as: (1) the largest amount of misstatement that the auditor could tolerate in
the FS or (2) the smallest aggregate amount that could misstate the FS
There is an inverse relationship between materiality and evidence.
Use of materiality: (1) in the planning stage, to determine the scope of the audit and (2) in the
completion stage, to evaluate the effect of misstatements in the FS
Using materiality levels:
* Common method of estimating materiality at FS level is statement base (total assets, sales, etc.) x certain %
** Also known as performance materiality. This process is highly subjective and requires the exercise of great deal of
auditor’s judgment
Bases that can be used to determine materiality level: alternative for annual FS if not
available – annualized interim FS, prior year’s FS, budgeted FS for the current year
AUDIT RISK
AUDIT RISK refers to the risk that the auditor gives an inappropriate audit opinion on the FS. This
occurs because the auditor believes that the FS are fairly stated when in fact the FS are materially
misstated.
Audit Risk Model
CONTROL RISK is the risk that the material misstatement that could occur in an account balance or
class of transactions will not be prevented or detected on a timely basis by accounting and control
systems.
Control risk is related to the effectiveness of the client’s internal control.
If the entity’s internal control is effective, the assessed level of control risk decreases (and vice versa).
As the assessed level of CONTROL RISK INCREASES, the auditor should design MORE EFFECTIVE
SUBSTANTIVE PROCEDURES.
DETECTION RISK is the risk that an auditor’s substantive procedure will not detect a material misstatement.
Detection risk is a function of the effectiveness of the auditor’s substantive procedures.
As the acceptable level of DETECTION RISK DECREASES, the ASSURANCE DIRECTLY PROVIDED FROM
SUBSTANTIVE TESTS INCREASES. Hence, the auditor should design more effective audit procedures in order to
achieve the desired level of assurance.
Unlike inherent and control risk, THE AUDITOR CAN CONTROL THE LEVEL OF DETECTION RISKS by
performing more effective substantive procedures.
Steps in using the audit risk model:
AUDIT PLANNING Step 1. Set the desired level of audit
risk.* Step 2. Assess the level of
CONSIDERATION OF INTERNAL CONTROL
inherent risk. ** Step 3. Assess the level
PERFORMING SUBSTANTIVE TESTS of control risk. ***
Step 4. Determine the acceptable level of detection risk.
**** Step 5. Design substantive tests.
* The auditor uses his judgment in determining the risk that he is willing to take of accepting an assertion as fairly stated when in fact is materially misstated.
** Consider the specific factors related to client that may aff ect the risk of material misstatement for a particular amount. In making this assessment, the
auditor will rely primarily on his knowledge of the client’s business and industry, and the results of his preliminary analytical procedures.
*** Assessment of control risk would involve studying and evaluating the effectiveness of the client’s accounting and internal control systems.
Low Acceptable Level of Detection Risk More effective substantive procedures year-end procedures larger sample size
RELATIONSHIP BETWEEN MATERIALITY AND RISK
There is an INVERSE RELATIONSHIP between MATERIALITY and the LEVEL OF AUDIT RISK.
After planning for specific audit procedure, if the auditor determines that the acceptable materiality level
is lower, audit risk is increased. The auditor would compensate for this by either:
Reducing the assessed level of control risk, where this is possible, and supporting the reduced
level by carrying out extended or additional tests of control; or
Reducing detection risk by modifying the nature, timing, and extent of planned substantive
procedures.
MATERIALITY AUDIT RISK PLANNED AUDIT PROCEDURES
Planning materiality and/or tolerable error Risk of material error occurring and/or
Not being determined
RISK ASSESSMENT PROCEDURES – the procedures performed by auditors to obtain an understanding of the entity
and its environment including its internal control and to assess the risks of material misstatements in the FS. These
include:
Inquiries of management and others within the entity
Analytical procedures
Observation and inspection
ANALYTICAL PROCEDURES – involves analysis of significant ratios and trends including the resulting investigation
of fluctuations and relationships that are inconsistent with other relevant information or deviate from particular
amounts. PSA 520 requires the auditor to use analytical procedures in the planning and overall stages of the
audit.
Steps in Applying Analytical Procedures
Step 1. Develop expectations regarding FS using:
Prior year’s financial statements
Anticipated results such as budgets and forecasts
Industry averages ( FS of other entities operating w/in the same industry)
Non-financial information
Typical relationships among FS account
balances Step 2. Compare expectations with the FS
under audit.
Step 3. Investigate significant unexpected differences (unusual fluctuations) to determine whether FS contain
material misstatements
Uses of Analytical Procedures:
As a planning tool, to determine the nature, timing, and extent of other auditing procedures
to understand the client’s business
to identify areas that may represent specific risks
In using analytical procedures as a planning tool, if the difference between recorded balances in FS and
expectations is significant, the auditor must design more extensive substantive tests (or vice versa)
As a substantive test to obtain corroborative evidence about particular assertions related to account
balance or transaction class
As an overall review of the financial statements in the completion phase of the audit
to identify unusual fluctuations that were not identified in the planning and testing phases of the
audit to confirm conclusions reached w/ respect to the fairness of the FS
Documenting the Audit Plan – the final step in planning process is the documentation of the audit planning process by
preparing:
Audit plan – the overview of the expected scope and conduct of the audit. It sets out in broad
terms the nature, timing, and extent of the audit procedures to be performed.
Audit program – it sets out in detail the audit procedures to be performed in each segment of the audit.
Time budget – is an estimate of the time that it will spent in executing the audit procedures listed in the
audit program.
CONSIDERATION OF INTERNAL CONTROL
vernance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of FINANCIAL RE
In the audit of FS, the auditor is only concerned with those policies and procedures within the
accounting and internal control systems that are relevant to the financial statement assertions.
Components of Internal Control:
1. Control Environment – includes the attitudes, awareness, and actions of the mgmt. and those charged
with
governance concerning the entity’s IC and its importance in the entity.
Integrity and ethical values Commitment in competence
Mgmt. philosophy and operating style Personnel policies and procedures
Active participation of those charged
Assignment of responsibility and authority/
w/ governance Organizational Structure
2. Risk Assessment – mgmt. should adopt policies and procedures that are designed to identify and
analyze business risks.
For audit purposes, the auditor is only concerned with risks that are relevant to preparation of reliable
financial statements.
Business risk – is the risk that the entity’s business objectives will not be attained as a result of internal
and external factors such as technological developments, changes in customer demand, etc.
3. Information and Communication Systems
An information system encompasses methods and records that:
identify and record all valid transactions,
describe on a timely basis the transactions in sufficient detail to permit proper classification,
measure transactions in their proper monetary value,
determine the time period to permit recording of transactions in proper accounting period, and
present properly the transactions and disclosures in FS.
Communication involves providing an understanding of individual roles and
responsibilities pertaining to internal control over financial reporting.
4. Control Activities – are policies and procedures that help ensure that mgmt. directives are carried
out. Specific control procedures that are relevant to FS audit would include:
Performance reviews – review and analysis of actual performance vs. budgets, forecasts, and PY’s.
Information Processing – to check accuracy, completeness, and authorization of transactions.
Physical Controls – physical security of assets, authorization for access to programs and data
files, periodic counting and comparison w/ amounts shown on control records
Segregation of Duties – assigning different people the responsibilities of authorizing
transactions, recording transactions, and maintaining custody of assets.
5. Monitoring – the process of assessing the quality of internal control performance over time.
Auditors are not responsible for establishing and maintaining an entity’s accounting and internal control
systems: that is the responsibility of the management.
STEPS IN CONSIDERATION OF INTERNAL CONTROL
1. OBTAIN UNDERSTANDING OF THE INTERNAL CONTROL
Evaluating the design of a control
This can be obtained by: making inquiries of appropriate individuals, inspecting documents and
records, and observing entity’s activities and operations
Determining whether it has been implemented
This can be accomplished by performing a WALK-THROUGH TEST. This involves tracing one or
two transactions through the entire accounting systems, from their initial recording at source to their
final destination as a component of an account balance in the FS.
2. DOCUMENT THE UNDERSTANDING OF ACCOUNTING AND INTERNAL CONTROL SYSTEMS
This documentation need not be in particular form. Some commonly used forms are: narrative
description, flowchart and diagrams of flow of transactions, internal control questionnaire providing
mgmt. responses
3. ASSESS THE LEVEL OF CONTROL RISK
If ICs related to a particular assertion is not effective, the auditor may assess the control risk at high level.
If the auditor concludes that it is more efficient to rely on entity’s IC, the auditor would plan to assess control risk
at less than high level.
4. PERFORM TEST OF CONTROLS
TEST OF CONTROLS – are performed to obtain evidence about the effectiveness of the:
Design of the accounting and internal control systems; or
Operation of the internal control through the period
According to PSA, the auditor should obtain audit evidence through test of control to support any
assessment of control risk at less than high level. The lower assessment of control risk, the more
support the auditor should obtain that the IC is suitably designed and operating effectively.
Nature of Test of Controls
Inquiry – searching for appropriate information about the effectiveness of internal control
from knowledgeable persons inside or outside the entity.
Observation – refers to looking at the process being performed by others.
Inspection – involves examination of documents and records to provide evidence of reliability
depending on their nature and source and the effectiveness of IC over their processing
Reperformance – involves repeating the activity performed by the client to determine whether
proper results were obtained.
Timing of tests of controls: auditors usually perform tests of controls during an interim visit, in
advance of period end. However, auditors cannot rely on it w/o considering the need to obtain further
evidence on the remainder of the period.
In determining whether or not to test the remaining period, these must be considered: the results of the
interim tests, the length of the remaining period, and whether changes have occurred in accounting and
internal control systems during the remaining period.
Extent of test of controls: The auditor cannot examine all transactions related to certain control
procedures. In an audit, the auditor should examine the size of a sample sufficient to support the
assessed level of control risk.
Operating effectiveness vs. implementation
- When obtaining audit evidence of implementation by performing risk assessment procedures, the
auditor determines that the relevant controls exist and the entity is using them.
- When performing tests of the operating effectiveness of controls, the auditor obtains audit evidence
that controls operate effectively. This includes obtaining evidence about how controls were applied
at relevant times during period under audit, the consistency which they were applied, and by whom
or by what means they were applied.
Documenting the assessed level of control risk
- If the control risk is assessed at high level, the auditor should document his conclusion that the
control risk is at high level.
- If the control risk is assessed at less than high level, the auditor should document his conclusion that
control risk is less than high level and the basis for the assessment (basis is actually the results of
TOC).
Communication of Internal Control Weaknesses
- Auditor is required to report the matter to the appropriate level of mgmt. material weaknesses
in the design or operation of the accounting and IC systems.
- Auditors are not required to search for and/or identify material control weaknesses.
- Internal control weaknesses are documented in a formal management letter.
AUDITING IN A COMPUTERIZED ENVIRONMENT
Characteristics of Computerized Information Systems (CIS)
1. Lack of Visible Transaction Trails 5. Systems Generated Transactions
2. Consistency of Performance 6. Vulnerability of Data and Program
3. Ease of Access to data and Computer Storage Media
Programs
4. Concentration of Duties
Internal Control in a CIS Environment
A. General Controls – are control policies and procedures that relate to the overall computer information system.
1. Organization controls – clear assignment of authority and responsibility
a. Segregation b/w CIS dept. and user dept.
b. Segregation of duties w/in the CIS dept.
CIS Director (exercises control over the CIS operation)
Programmer
- - Data(reviews
Entry all input procedures, monitors computer processing, follows-up data processing errors, reviews the reasonable- ness of out
Operator
authorized personnel
(guided by the specs of the systems analyst, he writes a program, tests and debugs(prepares
such and verifies input data for processing)
programs, and prepares the computer operating
instructions
2. Systems development and documentation controls – to facilitate use of program as well as changes
that may be introduced to system
3. Access controls – adequate security controls, such as use of passwords
4. Data recovery controls – provides maintenance of back-up files and off-site storage procedures.
5. Monitoring controls – to ensure that CIS controls are working effectively as planned.
B. Application Controls – are those policies and procedures that relate to the specific use of the system.
1. Controls over Input – designed to provide reasonable assurance that data submitted for
processing are complete, properly authorized and accurately translated into machine readable form.
Key verification – this requires data to be entered twice to provide assurance that there are no key
entry errors committed.
Field check - this ensures that the input data agree with required field format.
Ex.: SSS number must contain 10 digits. An input of SSS number w/ more or less than 10 digits will be rejected
Validity check – info entered are compared with valid info in the master file to determine the
authenticity of the input.
Ex.: Employees’ master file may contain two valid codes to indicate the employee’s gender “1” for male
and “2” for female. A code of “3” is invalid and will be rejected.
Self-checking digit – this is a mathematically calculated digit w/c is usually added to a document
number to detect common transpositional errors in data submitted for processing.
Limit check – or reasonable check is designed to ensure that data submitted for processing do not
exceed a predetermined or reasonable amount.
Control totals – these are totals computed based on the data submitted for processing. Control totals
ensure the completeness of data before and after they are processed.
Financial totals – sum total of the peso amount in the documents
Hash totals – sum total of the control numbers in the documents
Record count - total number of the documents
2. Controls over Processing – designed to provide reasonable assurance that input data are
processed accurately, and that data is not lost, added, excluded, duplicated, or improperly
changed.
Almost all of input controls mentioned above are also part of processing controls.
3. Controls over Output – designed to provide reasonable assurance that the results of processing
are complete, accurate, and that these outputs are distributed only to authorized personnel.
Test of Control in a CIS Environment
The auditor’s objectives and scope of the audit do not change in a CIS environment.
Testing the reliability of general controls may include:
Observing client’s personnel in performing their duties
Inspecting program documentation
Observing security measure in force
In testing application controls, the auditor may either:
Audit around the computer
Similar to testing control in a manual control structure in that it involves
examination of documents and reports to determine the reliability of the system.
When using this approach, the auditor ignores the client’s data processing procedures,
focusing solely on the INPUT documents and the CIS OUTPUT.
Can be used only if there are visible input documents and detailed output that will enable
the auditor to trace individual transactions back and forth.
This is also known as “black box approach”.
Use Computer-Assisted Audit Techniques (CAATs)
Are computer programs and data which the auditor uses as part of the audit procedures to
PROCESS data of audit significance contained in an entity’s information systems.
Used when computerized accounting systems performs tasks w/c no visible evidence
is available. Consequently, the auditor will have to audit directly the client’s computer
program using CAATs.
This is also known as “white box approach”.
Commonly used CAATs:
1. Test Data
- Designed to test the effectiveness of the internal control procedures w/c
are incorporated in the client’s computer program.
- The objective of this technique is to determine whether the client’s computer
programs can correctly handle valid and invalid conditions as they rise.
2. Integrated Test Facility (ITF)
- the auditor creates dummy or fictitious employee, or other appropriate unit for
testing within the entity’s computer system.
- ITF integrates the processing of test data w/ the actual processing of
ordinary transactions w/o mgmt. being aware of the testing process.
- ITF provides assurance that the program tests by the auditor is the same
program used by the client in the processing of transactions (unlike test data
approach).
3. Parallel Simulation
- requires the auditor write a program that simulates key features or processes of
the program under review.
- The simulated program is then used to reprocess transactions that were previously
processed by the client’s program.
- Can be accomplished by using:
1. Generalized auditing software – composed of generally available
computer packages w/c has been designed to perform common audit
tasks
2. Purpose-written programs – designed to perform audit tasks in
specific circumstances.
Other CAATs
1. Snapshots – taking a picture of a transaction as it flows through the computer systems.
2. System control audit review files (SCARF) – embedding audit software modules within
an application system to provide continuous monitoring of the systems transactions.
The information is collected into a special computer file that the auditor can examine.
PERFORMING SUBSTANTIVE TESTS
Substantive Tests – are audit procedures designed to substantiate the account balances or to detect material misstatements in the financial statements.
Types of Substantive Tests:
Analytical Procedures
Test of Details
The decision about w/c procedures to use is based on the auditor’s judgment about the expected
effectiveness and efficiency of such [procedures in satisfying the audit objective.
1. Analytical Procedures
Analytical procedures applied as substantive tests enable the auditor to obtain corroborative evidence
about a particular account.
Develop Expectations
about the FS
NO
Is the
Conduct further
difference significant?
Investigation
YES
When intending to perform analytical procedures as substantive tests, the auditor should focus on
those accounts that are predictable. The following generalizations may be helpful in assessing the
predictability of those accounts:
Income statement accounts are more predictable compared to balance sheet accounts.
Accounts that are not subject to management discretion are generally predictable.
Relationships in a stable environment are more predictable than those in a dynamic or
unstable environment.
2. Test of Details
It involves examining the actual details making up the various account balances. This approach
may take the form of:
Test of details of balances – involves direct testing of the ending balance of an account
* This will be used when account balances are affected by large volume of relatively
immaterial transactions.
Test of details of transactions - involves testing the transactions which give rise to the
ending balance of the account.
* This is useful if account balances are comprised of a smaller volume of transactions
representing relatively material amounts.
Effectiveness of Substantive Test
Nature of substantive test: relates to quality of evidence; high quality of evidence is preference, yet it’ll
involve high cost
Timing of substantive test: the higher the risk of material misstatement, the more likely it is that the
auditor may decide to perform ST closer to year-end.
Extent of substantive test: the auditor ordinarily increases the extent of ST as the risk of
material misstatement increases.
Relationship between Substantive Test and Test of Control
Test of control provide evidence that indicates a misstatement is likely to occur. Substantive test on the
other hand, provide evidence about the existence of misstatement in an account balance.
AUDIT EVIDENCE
It refers to the information obtained by the auditor in arriving at the conclusions on which the audit
opinion i s based. It consists of:
Underlying accounting data – refers to accounting records underlying in the FS. This includes
books of accounts, related accounting manuals, worksheet supporting cost allocations and
reconciliations prepared by the client personnel.
Corroborating information – supporting the underlying accounting data obtained from client and other
sources. This includes documents such as invoices, bank statements, POs, contracts, checks, etc.
Qualities of Evidence
When performing tests of control, audit evidence must support the assessed level of control risk.
When performing substantive tests, audit evidence must support the acceptable level of detection risk.
When obtaining audit evidence, the auditor should consider the:
Sufficiency – refers to the amount of evidence that the auditor should accumulate.
The auditor uses his judgment to determine the amount of evidence needed to support the opinion on
the FS. The following factors may be considered in evaluating the sufficiency of the audit evidence:
competence of evidence, materiality of item being examined, the risk involved in a particular amount,
experience gained during the previous audit.
Appropriateness – is the measure of the quality of audit evidence and its relevance to a
particular assertion and its reliability.
Relevance relates the timeliness of evidence and its ability to satisfy the audit objective.
Reliability relates to the objectivity of evidence and is influenced by its source and by its nature. While
reliability of audit evidence is dependent on individual circumstance, the following generalizations
could help the auditor in assessing the reliability of audit evidence:
Audit evidence obtained from independent outside sources is more reliable than that
generated internally.
Audit evidence generated internally is more reliable when the related accounting and
internal control systems are effective.
Audit evidence obtained directly by the auditor is more reliable than that obtained by
the entity.
Audit evidence in the form of documents and written representations is more reliable than
oral representations.
Cost/benefit consideration when obtaining evidence
Ordinarily, the auditor finds it necessary to rely on audit evidence that is persuasive rather than conclusive
in nature.
AUDIT DOCUMENTATION/ WORKING PAPERS
Working papers are records kept by the auditor that documents the audit procedures applied, information
obtained and conclusions reached.
PSA 230 requires the auditor to document matters that are important to support an opinion on FS, and
evidence that the audit was conducted in accordance with PSA.
Functions of the Working Papers:
RELATED PARTIES – refers to persons or entities that may have dealings w/ one another in which one party as the
ability to exercise significant influence or control over the other party in making financial and operating decisions.
Management’s Responsibility: Mgmt. is responsible for the identification and disclosure of related parties and
transactions with such parties.
Auditor’s responsibility: The auditor should obtain and review information provided by the directors and mgmt.
identifying the names of all known related parties and related party transaction.
- An audit cannot be expected to provide assurance that all related party transactions will be discovered.
Risks in Sampling
1. Sampling risk –refers to the possibility that the auditor’s conclusion, based on a sample may be
different from the conclusion reached if the entire population were subjected to the same audit
procedures. This exists because the sample selected for testing may not be truly representative of a
population.
2. Non-sampling risk – refers to the risk that the auditor may draw incorrect conclusions about the account
balance or class of transactions because of human errors.
Non-sampling risk is something that cannot be eliminated even if the auditor examines the population.
Controlling Non-sampling Risk: This can be done by proper planning, adequate direction,
review, and supervision of the audit team.
General Approaches to Audit Sampling
1. Statistical sampling – is a sampling approach that uses random based selection of sample and uses the
law of probability to measure sampling risk and evaluate sample results.
2. Non-statistical sampling - is a sampling approach that purely uses auditor’s judgment in estimating sampling
risks, determining sample size, and evaluating sample results.
Audit Sampling Plans
1. Define the objective of the test. Specify the control to be selected. Specify the purpose of the test and its
relationship to the financial
statement assertions.
2. Determine the procedures Determine the appropriate audit Determine the appropriate audit
to be performed. procedures to satisfy the objective. procedures to satisfy the objective.
Ratio estimation – uses book values of the population and sample size
Difference estimation – uses number of customers on the population and number size
4. Compare projected misstatements together with tolerable misstatements and draw an overall conclusion.
If projected misstatement is greater than tolerable misstatements – the auditor will conclude that the
account balance is materially misstated.
If projected misstatement is less than tolerable misstatements - consider the allowance for sampling risk.
In some circumstances, the auditor may encounter anomalous errors. These are errors or
misstatements that arise from isolated event that has not recurred other than specifically identifiable
occasions and are therefore not representative to the population.
COMPLETING THE AUDIT AND POST AUDIT RESPONSIBILITIES
COMPLETING THE AUDIT
After the fieldwork is almost complete, a series of procedures are generally carried out to complete the audit. These
procedures include:
1. Identifying subsequent events that may affect the FS under audit.
Subsequent events are those events or transactions that occur subsequent to the balance sheet date and
may affect the financial statements and the auditor’s report. It may be classified as:
Requiring Adjustment – those that provide further evidence of conditions that existed at the BS date
Requiring Disclosure – those that are indicative of conditions that arose subsequent to the BS date.
PSA 560 states that “The auditor should perform procedures designed to obtain sufficient appropriate
evidence that all events up to the date of the auditor’s report that may require adjustment of, or disclosure
in the financial statements have been identified.”
Subsequent events occurring after the report date but before the FS are issued.
The auditor does not have any responsibility to perform procedures to identify subsequent events after the
date of the auditor’s report.
If the auditor becomes aware of an event occurring after the report date but before the FS issuance date,
he should take the necessary actions to ascertain whether such event is has been properly accounted for
and disclosed in the notes to FS.
Failure on the part of the client to make amendments to the FS, where the auditor believes they need
to be amended, will cause the auditor to issue either QUALIFIED OR ADVERSE OPINION.
Effect of subsequent events on the date of report.
If a material SE requiring adjustment to the FS occurs after the date of auditor’s report but before
the FS issuance, the FS should be adjusted and the auditor’s report should BEAR THE ORIGINAL
DATE OF REPORT (date of completion of audit procedures).
If a SE requiring disclosure occurs after the date of auditor’s report but before the FS issuance, the
auditor should consider the adequacy of the disclosure and the date the report either:
As of the date of the subsequent event(when this is used by the auditor, the responsibility for the SE is extended)
Dual date of the report (used when the auditor does not want to extend the procedures, that is, original date of report
and the date of the specific event is occurred, e.g.: March 15, 2018 except for Note 12 dated March 31, 2018)
3.
PSA 580 requires an auditor to obtain sufficient appropriate audit evidence that the entity’s mgmt. has
acknowledged that has fulfilled its responsibility for the preparation and presentation of fair FS and has
approved the FS – such evidence can be obtained using a WRITTEN representation from the mgmt. (can
be requested from CEO and CFO or other equivalent officers)
Mgmt. written representations complement the audit evidence the auditor accumulates, but they do
not substitute for the performance of audit procedures.
Written representation should be addressed to the auditor and the date shall be as near as practicable to, but
not after the date of auditor’s report.
When mgmt. does not provide written representation or the auditor concludes that there is sufficient doubt
on the integrity of the mgmt., the auditor should consider these as scope limitation that would warrant a
DISCLAIMER OF OPINION.
4. Performing wrap-up procedures.
Wrap-up procedures are procedures done at the end of the audit that generally cannot be performed
before the other audit work is complete. These include:
a. Final analytical procedures
PSA 520 states that the auditor should apply analytical procedures at or near the end of the audit.
Analytical procedures applied in completion phase should focus on: identifying unusual
fluctuations that were not previously identified and assessing the validity of the conclusions
reached and evaluating the overall FS presentation.
b. Evaluation of the entity’s ability to continue as a going concern
The auditor’s responsibility is to consider the appropriateness of mgmt. use of GC assumption
(consider whether there are event s that cast a significant doubt on entity’s ability to continue
as going concern and evaluate mgmt.’s assessment of the entity’s ability to continue as GC)
When evaluating the entity’s GC assumption, the auditor should remember that the conditions
and events that may indicate significant doubt about entity’s continued existence may be
mitigated by other factors (alternatives such as disposal of assets, obtaining additional capital,
etc.)
Effect on the auditor’s report:
If there is reasonable assurance that the entity is going concern, the auditor should express an
UNMODIFIED OPINION.
If there is uncertainty and is adequately disclosed that the entity is going concern, the auditor
should express an UNMODIFIED OPINION WITH EMPHASIS OF MATTER PARAGRAPH.
If there is uncertainty and is not adequately disclosed that the entity is going concern, the
auditor should express EITHER QUALIFIED OR ADVERSE OPINION.
If the GC assumption is not appropriate, the FS should be prepared using other appropriate
basis. Otherwise the auditor should issue an ADVERSE OPINION.
c. Evaluating audit findings and preparing a list of potential adjusting entries.
If mgmt. accepts all adjusting entries proposed by the auditor, an UNMODIFIED OPINION is
issued.
If mgmt. refuses to correct the FS, a QUALIFIED OR AN ADVERSE OPINION will be issued.
POST AUDIT RESPONSIBILITIES (Events after the FS have been issued)
Ordinarily, the auditor does not have any responsibility to perform additional procedures after the FS are
issued, unless the auditor is aware that the audit report issued may be inappropriate (he must take steps
to prevent future reliance on such report).
Subsequent discovery of facts
1. Discuss the matter w/ the appropriate level of mgmt. and consider whether the FS needs
revision.
2. Advise mgmt. to take steps to ensure the users of the previous issued FS are informed of
the situation.
If mgmt. makes appropriate revisions and disclosures, the auditor should issue a new audit
report that includes an EMPHASIS OF MATTER PARAGRAPH. If mgmt. refuses to revise
the FS or to inform the users about the new info, the auditor should notify the persons
responsible for the refusal and intent to prevent reliance to the audit report.
Subsequent discovery of omitted procedures
1. Assess the importance of the omitted procedures to the auditor’s ability to support his opinion
2. Undertake to apply the omitted procedures or the corresponding alternative procedures.
If omission impairs the current ability to support his opinion, apply the procedures.
If, after applying the omitted procedures, it makes the report inappropriate, discuss this
matter with mgmt. to take steps to prevent reliance in the report.
THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS
PSA 700 requires an auditor’s report to contain a clear expression of the auditor’s opinion on the FS.
MATERIAL MISSTATEMENT
Inappropriate accounting policy
SCOPE LIMITATION
(Auditor is unable to perform necessary audit procedures/auditor is
selected
unable to obtain sufficient appropriate evidence)
Misapplication of selected Circumstances beyond control of the entity
Circumstance imposed
accounting policy
Circumstances relating to nature scope limitation
Inappropriate or inadequate or timing of auditor’s work
disclosure Limitations imposed by Mgmt. imposed scope
management limitation
EMPHASIS OF MATTER
(to give emphasis on an important matter affecting the FS or the auditor’s report;
these does not negate the auditor’s unmodified opinion)
Uncertainties*
Going Concern** Adequately Unmodified
Early Application of New Accounting Standards disclosed in the notes to
Opinion
the FS with Emphasis Matter Paragraph
Major Catastrophe
Subsequent Discovery of Facts
Special Purpose FS
OTHER MATTER
(to communicate a matter other than those that are presented or disclosed in the FS)
MATERIAL INCONSISTENCIES – exists when the other information* contradicts the information contained in
the audited FS.
MATERIAL MISSTATEMENT OF FACTS: This exists when other information, not related to matters appearing to FS, is incorrectly
presented. If the auditor concludes that there is a material misstatement of fact and the mgmt. refuses to correct the other
information, the auditor should notify the audit committee and if necessary, obtain legal advice.
Objective To express an To enable the CPA to To carry out audit To assist the client in
opinion on the report whether anything procedures agreed on the preparation of the
FS has come to his attention with the client and any FS
that would indicate the FS appropriate third
are not presented fairly parties identified in the
report
Level of High/ Reasonable Moderate/Limited None None
Assurance
provided by
the CPA
Type of Positive assurance Negative assurance Description of Identification of
Report Issued (opinion) procedures performed financial information
and actual findings compiled
Basic Risk assessment Inquiry and analytical As agreed Assemble FS based on
Procedure procedures, test of procedures. It does not client’s data.
controls, and include assessing control
substantive tests risk, test of records and
of responses to inquiries
by obtaining
corroborating evidence.
Independence Required Required Not Required Not Required
Requirement
ASSURANCE ENGAGEMENTS
PSA 3000 states that assurance engagements are intended to enhance the credibility of information
about a subject matter by evaluating whether the subject matter conforms in all material respects with
suitable criteria.
Types of assurance engagement: reasonable assurance engagement (audit) and limited assurance
engagement (review).
Elements of Assurance Engagements:
1. Three-party relationship
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report
REPORTS ON PROSPECTIVE FINANCIAL INFORMATION
Prospective financial information is financial information based on assumptions about events that may
occur in the future and possible actions of the entity. There are two types:
1. Forecast - PFI prepared on the basis of the assumptions as to future events which mgmt. expects to
take as of the date the information is prepared (best-estimate assumptions)
2. Projections – PFI prepared on the basis of hypothetical assumptions or a mixture of best-
estimate and hypothetical.
PSA 3400 states that the auditor, when examining PFI, should obtain sufficient appropriate evidence that PFI
are reasonable, properly prepared and presented, and on consistent basis.
When reporting on the reasonableness of mgmt. assumptions, the auditor normally provides only
moderate level of assurance.
THE CODE OF ETIHICS AND REPUBLIC ACT 9298
THE CODE OF ETIHICS
THE CODE OF PROFESSIONAL ETHICS - standards of conduct that embody and demonstrate integrity, objectivity, and
concern for the public interest.
The Code of Ethics for Professional Accountants in the Philippines is based on the IFAC Code of Ethics for
Professional Accountants.
The International Federation of Accountants (IFAC) serves the public interest by contributing to the development
of strong and sustainable organizations, markets, and economies. It advocates for transparency, accountability,
and comparability of financial reporting; helps develop the accountancy profession; and communicates the
importance and value of accountants to the global financial infrastructure.
Parts of “The Code of Ethics for Professional Accountants”:
• Part A—General Application of the Code
• Part B—Professional Accountants in Public Practice
• Part C—Professional Accountants in Business
(d) Familiarity threat – occurs when, by virtue of close relationship with a client, its directors, etc. becomes too
sympathetic to the client’s interests.
(e)Intimidation threat – is the threat that a professional accountant will be deterred from acting objectively
because of actual or perceived pressures, including attempts to exercise undue influence over the
professional accountant.
Safeguards
(a)Safeguards created by the profession, legislation or regulation;
and (b) Safeguards in the work environment.
• Firm-wide safeguards
• Engagement specific safeguards
• Safeguards within the client’s systems and procedures
1. Article I | Rule I
- Act shall govern & provide for:
o Regulation of education
o Examination for CPA
o Supervision, control and regulation of
practice
- Scope of practice:
o Education
o Public accountancy
o Government
o Commerce & industry
- Definition of terms
2. Article II | Rule II
Professional Regulatory Board
- Chairman & 6 members
- APO should submit its nominees not later than 60
days
- Qualifications:
o Of good moral character
o Natural born Filipino
o Not have any pecuniary interest
o Registered CPA w/ 10
years experience o Not a director or officer of APO
- Term: 3 years ; no person shall serve in the Board for more than 12 years
- Receive compensation & allowances
- Powers & functions:
o Monitor conditions o Adopt official seal
o Supervise registration, licensure o Investigate violations
& practice o Punish for contempt
o Prescribe & adopt rules o Prepare/Amend syllabi for
o Conduct oversight into quality examinations
o Issue, suspend, revoke or o Exercise other powers provided
reinstate the registration by law
- Submit a report @ close of each year
- FRSC composed of 15 members with a chairman and 14 representatives
- AASC composed of 15 members with a chairman and 14 representatives
- Educational Technical Council (ETC) composed of 7 members with a chairman and 6 representatives with
the functions of:
o Determine a min standard curriculum
o Establish teaching standards
o Monitor progress of program
o Evaluate performance of educational institutions
- Board is under supervision of the Commission
- May remove/suspend members of the board when:
o Neglect of duty
o Violation of the Act
o Final judgment of crimes involving moral turpitude
o Manipulation