CPAR Auditing Theory

CPAR Reviewers
Auditing
Theory
CPA REVIEW SCHOOL OF THE PHILIPPINES

Manila
1
AUDITING THEORY CPA
REVIEW
PREFACE TO PHILIPPINE STANDARDS ON QUALITY CONTROL, AUDITING,

REVIEW, OTHER ASSURANCE AND RELATED SERVICES
PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS
OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL
STATEMENTS (PSA 200 [Amended as a result of PSA 700 (Revised)])
The Authority Attaching to Philippine Standards Issued by the AASC

STANDARDS APPLICATION
1. Philippine Standards on Auditing Audit of historical financial
(PSAs) information
2. Philippine Standards on Review Review of historical financial
Engagements (PSREs) information
3. Philippine Standards on Assurance Assurance engagements dealing
Engagements (PSAEs) with subject matters other than
historical financial information
4. Philippine Standards on Related Compilation engagements
Services (PSRSs) Engagements to apply agreed-
upon procedures to information
Other related services
engagements as specified by the
AASC
1. PSAs, PSREs, PSAEs and PSRSs are collectively referred to as the AASCs
Engagement Standards.
2. Philippine standards on Quality Control (PSQC) are to be applied for all
services falling under the AASCs engagement standards.
3. Philippine Standards are applicable to engagements in the Public sector.
The Authority Attaching to Practice Statements Issued by the AASC

1. Philippine Practice Statements are issued to:
Provide interpretive guidance and practical assistance o professional
accountants in implementing Philippine Standards; and
Promote good practice
2. Professional accountants should be aware of and consider Practice
Statements applicable to the engagement.
3. A professional accountant who does not consider and apply the guidance
included in a relevant Practice Statements should be prepared to explain how
the basic principles and essential procedures in the AASCs Engagement
Standard(s) addressed by the Practice Statement have been complied with.
PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS

1. The Framework does not itself establish standards or provide procedural
requirements for the performance of assurance engagements.
2. In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who
perform assurance engagements are governed by:
The Philippine Code of Ethics for Professional Accountants; and
Philippine Standards on Quality Control (PSQCs)
ASSURANCE ENGAGEMENTS
1. Assurance engagement means an agreement in which a particular
expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.
2. Subject matter information refers to the outcome of the evaluation or
measurement of a subject matter.
3. In some assurance engagements, the evaluation or measurement of the
subject I performed by the responsible party, and the subject matter
2
information is in the form of an assertion by the responsible party that is
made available to intended users (assertion-based engagements).
4. In other assurance engagements, the practitioner either directly performs the
evaluation or measurement of the subject matter, or obtains a representation
from the responsible party that has performed the evaluation or
measurement that is not available to the intended users in the assurance
report (direct reporting engagements)
TWO TYPES OF ASSURANCE ENGAGEMENT

1. Reasonable assurance engagement the objective is a reduction in
assurance engagement risk to an acceptably low level in the circumstances
of the engagement as the basis for a positive form of expression of the
practitioners conclusion.
2. Limited assurance engagement the objective is a reduction in assurance
engagement risk to a level that is acceptable in the circumstances of the
engagement, but where the risk is greater than for a reasonable assurance
engagement, as a basis for a negative form of expression of the
practitioners conclusion.
SCOPE OF THE FRAMEWORK

The following are non-assurance engagements and therefore are not covered by the
Framework:
1. Engagements covered by the PSRSs such as agreed-upon procedures
engagements and compilations of financial or other information.
2. The preparation of tax returns where no conclusion conveying assurance is
expressed.
3. Consulting (or advisory) engagements, such as management and tax
consulting.
ELEMENTS OF AN ASSUARANCE ENGAGEMENT

1. A three-party relationship involving:
A practitioner;
A responsible party; and
Intended users.
2. An appropriate subject matter;
3. Suitable criteria;
4. Sufficient appropriate evidence; and
5. A written assurance report in the form appropriate to a reasonable assurance
engagement or a limited assurance engagement.
OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL

STATEMENTS
1. The OBJECTIVE of an audit of financial statements is to enable the auditor to
express an opinion whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting
framework.
2. The auditor should comply with relevant ethical requirements relating to audit
engagements.
3. The auditor should conduct the audit in accordance with PSAs.
4. Scope of an audit refers to the audit procedures that, in the auditors
judgment and based on PSAs, are deemed appropriate in the circumstances
to achieve the objective of the audit.
5. The auditor should plan and perform an audit with an attitude of
PROFESSIONAL SKEPTICISM recognizing that circumstances may exist that
cause the financial statements to be materially misstated.
6. In forming the audit opinion, the auditor obtains sufficient appropriate
evidence to be able to draw conclusions on which to base that opinion.
7. The auditors opinion enhances the credibility of financial statements by
providing a high, but not absolute, level of assurance.
8. Absolute assurance in auditing is not attainable as a result of such factors as:
The need for judgment;
The use of testing;
The inherent limitations of any accounting and internal control
systems; and
3
The fact that most of the evidence available to the auditor is
persuasive, rather than conclusive, in nature.
9. While the auditor is responsible for forming and expressing an opinion on the
financial statements, the responsibility for the preparation and presentation
of the financial statements in accordance with the applicable financial
reporting framework is that of the entitys MANAGEMENT, with oversight from
those charged with governance.
ENGAGEMENTS TO REVIEW FINANCIAL STATEMENTS

1. The objective of a review of financial statements is to enable a practitioner to
state whether, on the basis of procedures which do not provide all the
evidence that would be require in an audit, anything has come to the
practitioners attention that causes the practitioner to believe that the
financial statements are not prepared, in all material respects, in accordance
with an identified financial reporting framework (negative assurance)
2. A review comprises INQUIRY and ANALYTICAL PROCEDURES which are
designed to review the reliability of an assertion that is the responsibility of
one party for use by another party.
3. A review does not ordinarily involve an assessment of accounting and
internal control systems, tests of records and of responses to inquiries by
obtaining corroborating evidence through inspection, observation,
confirmation and computation, which are procedures ordinarily performed
during an audit.
4. The level of assurance provided in a review report is less that that given in an
audit report.
ENGAGEMENTS TO PERFORM AGREED-UPON PROCEDURES REGARDING

FINANCIAL INFORMATION
1. In an engagement to perform agreed-upon procedures, an auditor is engaged
to carry out those procedures of an audit nature to which the auditor and the
entity and any appropriate third parties have agreed and to report on
FACTUAL FINDINGS.
2. The recipients of the report must form their own conclusion from the report of
the auditor.
3. The report is restricted to those parties that have agreed to the procedures to
be performed since others, unaware of the reasons for the procedures, may
misinterpret the results.
ENGAGEMENTS TO COMPILE FINANCIAL INFORMATION

1. In a compilation engagement, the accountant is engaged to use accounting
expertise as opposed to auditing expertise to collect, classify, and
summarized financial information.
2. It ordinarily entails reducing detailed data to manageable and understandable
form without a requirement to test the assertions underlying that information.
3. The procedures performed are not designed and do not enable the
accountant to express any assurance on the financial information.
4. Users of compiled financial information derived some benefit as a result of
the accountants involvement because the service has been performed with
due professional skill and care.
SUMMARY
Nature of Audit Review Agreed-upon Compilation
service Procedures
Level of High, but not Moderate No assurance No assurance
Assurance absolute assurance
Provided assurance
Report Positive Negative Factual Identification
provided assurance on assurance on findings of of information
assertion(s) assertion(s) procedures compiled
(Audit Report) (Review (Compilation
Report) Report)
4
Manila
AUDITING THEORY CPA

REVIEW
PSQC1 QUALITY CONTROL FOR FIRMS THAT PERFORM

AUDITS AND REVIEWS OF HISTORICAL FINANCIAL
INFORMATION, AND OTHER ASSURANCE AND RELATED
SERVICES
PSA 220 (REVISED)
QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL
INFORMATION
PSA 210 [AMENDED BY PSA 700(REVISED)]
TERMS OF AUDIT ENGAGEMENTS
PSQC 1
1. The firm should establish a System of Quality Control to provide it with
reasonable assurance that:
a. The firm and its personnel comply with professional standards and
regulatory and legal requirements; and
b. The reports issued by the firm or engagement partners are
appropriate in the circumstances.
2. Elements of a System of Quality Control
a. Leadership responsibility for quality within the firm
b. Ethical requirements
c. Acceptance and continuance of client relationships and specific
engagements.
d. Human resources
e. Engagement performance
f. Monitoring
PSA 220 (Revised)

1. The engagement team should implement quality control procedures that are
applicable to the individual audit engagement.
2. The engagement partner should
a. Take responsibility for the overall quality on each audit engagement
to which that partner is assigned.
b. Consider whether members of the engagement team have
complied with ethical requirements.
c. Be satisfied that appropriate procedures regarding the acceptance
and continuance of client relationships and specific audit
engagements have been followed, and that conclusions reached in
this regard are appropriate and have been documented.
5
d. Be satisfied that the engagement team collectively has the
appropriate capabilities, competence and time to perform the audit
engagement in accordance with professional standards and
regulatory and legal requirements, and to enable an auditors report
that is appropriate in the circumstances to be issued.
e. Take responsibility for the direction, supervision and performance of
the audit engagement in compliance with professional standards
and regulatory and legal requirements, and for the auditors report
that is issued to be appropriate n he circumstances.
f. Be satisfied that sufficient appropriate audit evidence has been
obtained to support the conclusions reached and for the auditors
report to be issued.
PSA 210 [AMENDED BY THE PSA 700 (REVISED)]

1. The purpose of this standard is to establish standards and provide guidelines
on:
a. Agreeing the terms of the engagement with the client; and
b. The auditors response to a request by a client to change the terms
of an engagement to one that provides a lower level of assurance.
2. Audit Engagement Letters
It is in the interest of both client and auditor that the auditor sends an
engagement letter, preferably before the commencement of the engagement, to
help in avoiding misunderstandings with respect to the engagement.
Principal Contents
An engagement letter would generally include reference to:
The objective of the audit of financial statements.
Managements responsibility for the financial
statements.
The financial reporting framework adopted by
management in preparing the financial statements.
The scope of the audit, including reference to
applicable legislation, regulations or
pronouncements of professional bodies to which
the auditor adheres.
The form of any reports or other communication of
results of the engagement.
The fact that because of the test nature and other
inherent limitations of an audit, together with the
inherent limitations of any accounting and internal
controls system, there is an unavoidable risk that
even some material misstatement may remain
undiscovered.
Unrestricted access to whatever records,
documentation and other information requested in
connection with the audit.
3. Acceptance of a Change in Engagement
1. An auditor who, before the completion of the engagement, is
requested to change the engagement tone which provides a lower
level of assurance, should consider the appropriateness of doing so.
2. A request from the client for the auditor to change the engagement
may result from:
a. A change in circumstances affecting the need for the service;
b. A misunderstanding as to the nature of an audit or related
service originally requested; or
c. A restriction on the scope of the engagement, whether
imposed by management or caused by circumstances.
(NOTE: A or B would ordinarily be a reasonable basis
for requesting a change in the engagement)
3. A change would not be considered reasonable if it appeared that
the change relates to information that is incorrect, incomplete or
otherwise unsatisfactory.
6
4. Before agreeing to change an audit engagement to a related
service, an auditor would also consider any legal or contractual
implications of the change.
5. If the auditor concludes that there is reasonable justification to
change the engagement and if the audit work performed complies
with the PSAs applicable to the change engagement, the report
issued would be that appropriate for the revised terms of the
engagement.
6. In order to avoid confusing the reader, the report would not include
reference to:
a. The original engagement; or
b. Any procedures that may have been performed by the
original engagement, except where the engagement is
changed to undertake agreed-upon procedures.
7. Where the terms of the engagement are changed, the auditor and
the client should agree in the new terms.
8. The auditor should not agree to a change of engagement where
there is no reasonable justification for doing so.
9. If the auditor is unable to agree to a change of engagement and is
not permitted to continue the original engagement, the auditor
should withdraw and consider whether there is any obligation,
contractual or otherwise, to report to other parties, such as the
board of directors or shareholders, the circumstances necessitating
the withdrawal.

Manila
AUDITING THEORY CPA

REVIEW
PSA 300 (Rev.) PLANNING AN AUDIT OF FINANCIAL

STATEMENTS
PSA 315 UNDERSTANDING THE ENTITY AND ITS
ENVIRONMENT AND ASSESSING THE RISKS OF
MATERIAL MISTATEMENT
PSA 300 (Rev.)

PLANNING AN AUDIT OF FINANCIAL STATEMENTS
1. Planning an audit involves:

establishing the overall audit strategy for the engagement and
developing an audit plan,
in order to reduce audit risk to an acceptably low level.
Preliminary Engagement Activities
2. The auditor should perform the following activities at the beginning of the
current audit engagement:
Perform procedures regarding the continuance of the client relationship
and the specific audit engagement.
Evaluate compliance with ethical requirements, including independence.
Establish an understanding of the terms of the engagement.
7
Planning Activities
3. The auditor should establish the overall audit strategy for the audit. The
overall audit strategy sets the scope, timing and direction of the audit, and
guides the development of the more detailed audit plan
4. The establishment of the overall audit strategy involves:

a.) Determining the characteristics of the engagement that define its scope;
b.) Ascertaining the reporting objectives of the engagement to plan the timing
of the audit and the nature of the communication required; and
c.) Considering the important factors that will determine the focus of the
engagement teams efforts.
5. The auditor should develop an audit plan for the audit in order to reduce audit
risk to an acceptably low level.
6. The audit plan is more detailed than the overall audit strategy and includes the
nature, timing and extent of audit procedures to be performed by engagement
team members in order to obtain sufficient appropriate audit evidence to
reduce audit risk to an acceptably low level.
7. The audit plan includes:

A description of the nature, timing and extent of planned risk assessment
procedures sufficient to assess the risks of material misstatement as
determined under PSA 315, Understanding the Entity and its Environment
and Assessing the Risks of Material Misstatement.;
A description of the nature, timing and extent of planned further audit
procedures at the assertion level for each material class of transactions,
account balance, and disclosure, as determined under PSA 330, The
Auditors Procedures in Response to Assessed Risks,; and
Such other procedures required to be carried out for the engagement in
order to comply with PSAs
Changes to Planning Decisions during the Course of the Audit
The overall audit strategy and the audit plan should be updated and changed as
necessary during the course of the audit.
Direction, Supervision and Review
1. The auditor should plan the nature, timing and extent of direction and
supervision of engagement team members and review their work.
2. The nature, timing and extent of the direction and supervision of engagement
team members and review of their work vary depending on many factors,
including:
The size and complexity of the entity;

The area of audit;
The risks of material misstatement; and
The capabilities and competence of personnel performing the audit work.
3. The auditor plans the nature, timing and extent of direction and supervision of
engagement team members based on the assessed risk of material
misstatement.
Documentation
The auditor should document the overall audit strategy and the audit plan, including
any significant changes made during the audit engagement.
Communications with Those Charged with Governance and Management
1. The auditor may discuss elements of planning with those charged with
governance and the entitys management.
8
2. Discussions with those charged with governance ordinarily include the overall
audit strategy and timing of the audit, including any limitations thereon, or any
additional requirements.
3. When discussion of matters included in the overall audit strategy or audit plan
occur, care is required in order not to compromise the effectiveness of the
audit.
Additional Considerations in Initial Audit Engagements
The auditor should perform the following activities prior to starting an initial audit:
1. Perform procedures regarding the acceptance of the client relationship and the
specific audit engagement.
2. Communicate with the previous auditor, where there has been a change of
auditors, in compliance with relevant ethical requirements.
PSA 315
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE
RISKS OF MATERIAL MISSTATEMENT
1. The auditor should obtain an understanding of the entity and its environment,
including its internal control, sufficient to identify and assess the risks of
material misstatement of the financial statements whether due to fraud or
error, and sufficient to design and perform further audit procedures.
2. The auditor should perform the following risk assessment procedures to obtain
an understanding of the entity and its environment, including its internal
control:
a.) Industry, regulatory, and other external factors, including the applicable
financial reporting framework.
b.) Nature of the entity, including the entitys selection and application of
accounting policies.
c.) Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements.
d.) Measurement and review of the entitys financial performance.
e.) Internal control.
INTERNAL CONTROL
1. Internal control is the process designed and effected by those charged with
governance, management, and other personnel to provide reasonable
assurance about the achievement of the entitys objectives with regard to:
Reliability of financial reporting;
Effectiveness and efficiency of operations; and
Compliance with applicable laws and regulations.
2. The auditor uses the understanding of internal control to:

Identify types of potential misstatements;
Consider factors that affect the risks of material misstatement; and
Design the nature, timing and extent of further audit procedures.
3. Internal control consists of the following components:
1.) The control environment.

2.) The entitys risk assessment process.
3.) The information system, including the related business processes, relevant
to financial reporting, and communication.
4.) Control activities.
5.) Monitoring of controls.
9
The control environment includes the governance and management functions
and the attitudes, awareness, and actions of those charged with governance
and management concerning the entitys internal control and its importance in
the entity.
Elements of control environment:

a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Managements philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.
The auditor should obtain an understanding of the entitys risk assessment

process, i.e., the entity process for identifying business risks relevant to
financial reporting objectives and deciding about actions to address those risks,
and the results thereof.
The auditor should obtain an understanding of the information system,

including the related business processes, relevant to financial reporting,
including the following areas:
The classes of transactions in the entitys operations that is significant to

the financial statements.
The procedures, within both IT and manual systems, by which those

transactions are initiated, recorded, processed and reported in the
financial statements.
The related accounting records, whether electronic or manual, supporting

information, and specific accounts in the financial statements, in respect
of initiating, recording, processing and reporting transactions.
How the information system captures events and conditions, other than
classes of transactions that are significant to the financial statements.
The financial reporting process used to prepare the entitys financial

statements, including significant accounting estimates and disclosures.
Control activities are the policies and procedures to help ensure that
management directives are carried out. Examples of control activities include
those relating to the following:
Authorization
Performance reviews.
Information processing.
Physical controls.
Segregation of duties.
Monitoring of controls involves assessing the design and operation of

controls on a timely basis and taking the necessary corrective actions modified
for changes in conditions.
4. Obtaining an understanding of internal control involves:
a) Evaluating the design of a control; and

b) Determining whether it has been implemented.
ASSESSING THE RISKS OF MAERIAL MISSTATEMENT
1. The auditor should identify and assess the risks of material misstatement at the
financial statements level, and at the assertion level for classes of transactions,
account balances, and disclosures.
10
2. The auditor:
Identifies risks throughout the process of obtaining an understanding of
the entity and its environment, including relevant controls that relate to
the risks, and by considering the classes of transactions, account
balances, and disclosures in the financial statements;
Relates the identified risks to what can go wrong at the assertion level;
Considers whether the risks are of a magnitude that could result in a
material misstatement of the financial statements; and
Considers the likelihood that the risks could result in a material
misstatement of the financial statements.

Manila
AUDITING THEORY CPA

REVIEW
PSA 330
THE AUDITORS PROCEDURES IN REPONSE TO ASSESSED RISKS
Overall responses
1. The auditor should determine overall responses to address the risks of
material misstatement at the financial statement level. Such responses may
include:
Emphasizing to the audit team the need to maintain professional
skepticism n gathering and evaluating audit evidence
Assigning more experienced staff or those with special skills or
using experts
Providing more supervision
Incorporating additional elements of unpredictability in the
selection of further audit procedures to be performed
11
Making general changes to the nature, timing or extent of audit
procedures
Audit Procedures Responsive to Risks of Material Misstatement at the

Assertion Level
1. In designing further audit procedures, the auditor considers the following:
The significance of the risk
The likelihood that the material misstatement will occur
The characteristics of the class transactions, account balance, or
disclosure involved.
The nature of the specific controls used by the entity and in
particular whether they are manual or automated
Whether the auditor expects to obtain audit evidence to
determine if the entitys controls are effective n preventing, or
detecting and correcting, material misstatements
2. Considering the nature, timing and extent of further audit
procedures
The nature of further audit procedures refers to their:

a. Purpose- tests of controls or substantive procedures
b. Type - inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedures.
Timing refers to when audit procedures are performed or the period or date
to which the audit evidence applies.
Extent includes the quantity of a specific audit procedure to be performed.
TESTS OF CONTROLS
1. The auditor is required to perform tests of controls when:
a. The auditors risk assessment includes an expectation of the
operating effectiveness of controls; or
b. When the substantive procedures alone do not provide sufficient
appropriate audit evidence at the assertion level
2. Tests of the operating effectiveness of controls are performed only on

those controls that the auditor has determined are suitably designed to
prevent, or detect and correct, a material misstatement in an assertion
3. Testing the operating effectiveness of controls includes obtaining evidence
about:
a. How controls were applied at relevant times during the period
under audit;
b. The consistency with which they were applied; and
c. By whom or by what means they were applied.
SUBSTANTIVE PROCEDURES
1. Substantive test procedures are performed in order to detect material
misstatements at the assertion level, and include:
Tests of details of classes of transactions, account balances, and
disclosures; and
Substantive analytical procedures
2. The auditors substantive procedures should include the following audit
procedures related to the financial statement closing process:
Agreeing or reconciling the financial statements with accounting
records; and
Examining material journal entries and other adjustments made
during the course of preparing the financial statements
3. The auditor should perform audit procedures to evaluate whether the overall
presentation of the financial statements, including the related disclosures, are
in accordance with the applicable financial reporting framework.
Evaluating the sufficiency and appropriateness of audit evidence obtained

1. Based on the audit procedures performed and the audit evidence obtained,
the auditor should evaluate whether the assessments of the risks of material
misstatement at the assertion level remain appropriate.
12
2. The auditor should conclude whether the assessments of the risks of material
misstatement in the financial statements.
3. If the auditor has not obtained sufficient appropriate audit evidence as to a
material financial statement assertion, the auditor should attempt to obtain
further audit evidence. If the auditor is unable to obtain further audit
evidence, the auditor should express a qualified opinion or a disclaimer of
opinion.
Documentation
1. The auditor should document:
The overall responses to address the assessed risks of material
misstatement at the financial statement level and the nature,
timing, and extent of the further audit procedures;
The linkage of those procedures with the assessed risks at the
assertion level; and
The results of the audit procedures
2. If the auditor plans to use audit evidence about the operating effectiveness of
controls obtained in prior audits, the auditor should document the
conclusions reached with regard to relying on vcfsuch controls that were
tested in a prior audit.
3. The auditors documentation should demonstrate that the financial
statements agree or reconcile with the underlying accounting records.

Manila
AUDITING THEORY CPA

REVIEW
PSA 320 AUDIT MATERIALITY (amended by PSA 240 [Revised 2005])

PSA 520 ANALYTICAL PROCEDURES
PSA 550 RELATED PARTIES
PSA 610 CONSIDERING THE WORK OF INTERNAL AUDIT
PSA 620 USING THE WORK OF AN EXPERT
PSA 320
13
AUDIT MATERIALITY
1. Materiality should be considered by the auditor when:
Determining the nature, timing and extent of audit procedures;
and
Evaluating the effect of misstatements
2. There is an inverse relationship between materiality and the level of audit risk
3. In evaluating whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework, the
auditor should assess whether the aggregate of uncorrected misstatements
that have been identified during the audit is material.
4. If the auditor concludes that the aggregate of uncorrected misstatements
may be material, the auditor needs to consider:
Reducing audit risk by extending audit procedures; or
requesting management to adjust the financial statements for
the misstatements identified
5. If management refuses to adjust the financial statements and the results of
extended audit procedures do not enable the auditor to conclude that the
aggregate of uncorrected misstatements is not material, the auditor should
consider the appropriate modification to the auditors report.
6. If the auditor has identified a material misstatement resulting from error, the
auditor should communicate the misstatements to the appropriate level of
management on a timely basis, and consider the need to report it to those
charged with governance.
PSA 520
ANALYTICAL PROCEDURES
1. Analytical procedures means the analysis of significant ratios and trends
including the resulting investigation of fluctuations and relationships that are
inconsistent with other relevant information or which deviate from predicted
amounts.
2. Analytical procedures also include consideration of comparisons of the
entitys financial statements:
a. Comparable information for prior periods
b. Anticipated results of the entity, such as budgets or forecasts, or
expectations of the auditor, such as an estimation of depreciation
c. Similar industry information
3. Analytical procedures also include consideration of relationships:
a. Among elements of financial information that would be expected to
conform to a predictable patter based on the entitys experience,
such as gross margin percentages.
b. Between financial information and relevant no-financial information,
such as payroll costs to numbers and employees
4. The auditor should apply analytical procedures at the planning stage to assist
in understanding the business and in identifying areas of potential risk.
Analytical procedures in planning the use both financial and non-financial
information.
5. The auditor should apply analytical procedures at or near the end of the audit
when performing an overall conclusion as to whether the financial statements
as a whole are consistent with the auditors knowledge of the business.
6. The application of analytical procedures is based on the expectation that
relationships among data exist and continue in the absence of known
conditions to the contrary. The presence of these relationships provides audit
evidence as to the completeness, accuracy and validity of the data produced
by the accounting system
7. The extent of reliance that the auditor places on the results of analytical
procedures depends on the following factors:
a. Materiality of the items involved
b. Other audit procedures directed toward the same audit objectives
c. Accuracy with which the expected results of analytical procedures
can be predicted.
8. When analytical procedures identify significant fluctuations or relationships
that are inconsistent with other relevant information or that deviate from
predicted amounts, the auditor should investigate and obtain adequate
explanations and appropriate corroborative evidence.
9. The investigation of unusual fluctuations and relationships ordinarily begins
with inquiries of management, followed by:
a. Corroboration of management responses; and
14
b. Consideration of the need to apply other audit procedures based on
the results of such inquiries, if management is unable to provide an
explanation or if the explanation is not considered adequate.
PSA 550
RELATED PARTIES
1. Management is responsible for the identification and disclosure of related
parties and transactions with such parties.
2. The auditor should perform audit procedures designed to obtain sufficient
appropriate audit evidence regarding the identification and disclosure by
management of related parties and the effect of related party transactions
that are material to the financial statements. However, an audit cannot be
expected to detect all related party transactions.
3. The auditor needs to have a sufficient understanding of the entity and its
environment to enable identification of the events, transactions and practices
that may result in a risk of material misstatement regarding related parties
and transactions with such parties.
4. When obtaining an understanding of the entitys internal control, the auditor
should consider the adequacy of control activities over the authorization and
recording of related party transactions.
5. In examining the identified related party transactions, the auditor should
obtain sufficient appropriate audit evidence as to whether these transactions
have been properly recorded and disclosed.
6. The auditor should obtain a written representation from management
concerning:
a. The completeness of information provided regarding the
identification of related parties; and
b. The adequacy of related party disclosures in the financial
statements
7. The auditor is unable to obtain sufficient appropriate audit evidence
concerning related parties and transactions with such parties or concludes
that their disclosure in the financial statements is not adequate; the auditor
should modify the audit report appropriately.
PSA 610
CONSIDERING THE WORK OF INTERNAL AUDIT
1. The external auditor should obtain a sufficient understanding of internal audit
activities to identify and assess the risks of material misstatement of the
financial statements and to design and perform further audit procedures.
2. The external auditor should perform an assessment of the internal audit
function when internal auditing is relevant to the external auditors risk
assessment.
3. When obtaining an understanding and performing a preliminary assessment
of the internal audit function, the important criteria are:
a. Organizational status
b. Scope of the function
c. Technical competence
d. Due professional care
4. When planning to use the work of internal auditing, the external auditor will
need to consider internal auditings tentative plan for the period and discuss
it as early a stage as possible.
5. Where the work of internal auditing is to be a factor in determining the
nature, timing and extent of the external auditors procedures, it is desirable
to agree in advance the timing of such work, the extent of audit coverage,
materiality levels and proposed methods of sample selection, documentation
of the work performed and review and reporting procedures.
6. A liaison with internal auditing is more effective when meetings are held at
appropriate intervals during the period.
7. When the external auditor intends to use specific work of internal auditing,
the external auditor should evaluate and perform audit procedures on that
work to confirm its adequacy for the external auditors purposes.
8. The evaluation of specific work of internal auditing involves consideration of
the adequacy of the scope of the work and related programs and whether the
preliminary assessment of the internal auditing remains appropriate.
15
9. The nature, timing and extent of audit procedures performed on the specific
work of internal auditing will depend on:
The external auditors judgment as to the risk of material
misstatement of the area concerned;
The assessment of internal auditing; and
The evaluation of the specific work by internal auditing.
10.The external auditor would record conclusions regarding the specific internal
auditing work that has been evaluated and the audit procedures performed
on the internal auditors work.
PSA 620
USING THE WORK OF AN EXPERT
1. Expert means a person or firm possessing special skill, knowledge and
experience in a particular filed other than accounting and auditing.
2. An expert may be:
a. Contracted by the entity;
b. Contracted by the auditor;
c. Employed by the entity; or
d. Employed by the auditor.
3. When determining the need to use the work of an expert, the auditor would
consider:
a. The materiality of the financial statement item being considered;
b. The risk of misstatement based on the nature and complexity of the
matter being considered; and
c. The quantity and quality of other audit evidence available
4. When planning t use the work of an expert, the auditor should evaluate the
professional competence and objectivity of the expert.
5. The risk that an experts objectivity will be impaired increases when the
expert is:
a. Employed by the entity; or
b. Related in some other manner to the entity.
6. The auditor should obtain sufficient appropriate audit evidence that the scope
of the experts work is adequate for the purposes of the audit. Audit evidence
may be obtained through a review of the terms of reference which are often
set out in written instructions from the entity to the expert.
Such instructions to the expert may cover matters such as:
a. The objectives and scope of the experts work
b. A general outline as to the specific matters the auditor expects the
experts report to cover
c. The intended use by the auditor of the experts work, including the
possible communication to third parties of the experts identity and
extent f involvement
d. The extent of the experts access to appropriate records and files
e. Clarification of the experts relationship with the entity, if any.
f. Confidentiality of the entitys information
g. Information regarding the assumptions and methods intended to be
used by the expert and their consistency with those used in prior
periods.
7. The auditor should evaluate the appropriateness of the experts work as audit
evidence regarding the financial statement assertion being considered. This
will involve assessment of whether the substance of the experts findings is
properly reflected in the financial statements or supports the financial
statement assertions, and consideration of:
a. Source data used.
b. Assumptions and methods used and their consistency with prior
periods
c. Results of the experts work in the light of the auditors overall
knowledge of the business and of the results of other audit
procedures.
8. When considering whether the expert has used source data which is
appropriate in the circumstances, the auditor would consider the following
procedures:
a. Making inquiries regarding any procedures undertaken by the
expert to establish whether the source data is sufficient, relevant
and reliable.
b. Reviewing or testing the data used by the expert
16
9. If the results of the experts work do not provide sufficient audit evidence or if
the results are not consistent with other audit evidence, the auditor should
resolve the matter. This may involve:
a. Discussions with the entity and the expert
b. Applying additional audit procedures
c. Including possibly engaging another expert; or
d. Modifying the auditors report
10.When issuing an unmodified auditors report, the auditor should not refer to
the work of an expert. Such a reference might be misunderstood to be a
qualification of the auditors opinion or a division of responsibility, neither of
which is intended.
11.If as a result of the work of an expert, the auditor decides to issue a modified
auditors report, in some circumstances it may be appropriate, in explaining
the nature of the modification, to refer to or describe the work o the expert
(including the identity of the expert and the extent of the experts
involvement). In these circumstances, the auditor would obtain the
permission of the expert before making such a reference. If permission is
refused and the auditor believes a reference is necessary, the auditor may
need to seek legal advice.
17
Manila
AUDITING THEORY CPA

REVIEW
PSA 500(REVISED) AUDIT EVIDENCE

PSA 501 AUDIT EVIDENCE ADDITIONAL CONSIDERATIONS ON
SPECIFIC ITEMS
PSA 505 EXTERNAL CONFIRMATIONS
PSA 230 AUDIT DOCUMENTATION
PSA 500(REVISED)
AUDIT EVIDENCE
1. The auditor should obtain sufficient appropriate audit evidence to be able to
draw reasonable conclusions on which to base the audit opinion
2. Audit Evidence is all the information used by the auditor in arriving at the
conclusions on which the opinion is based, and includes the information
contained in the accounting records underlying the financial statements and
other information
3. Accounting records generally include:
The records of initial entries and supporting records, such as
checks and records of electronic fund transfers;
Invoices
Contracts
The general and subsidiary ledgers, journal entries and other
adjustments to the financial statements that are not reflected in
formal journal entries; and
Records such as work sheets and spreadsheets supporting cost
allocations, computations, reconciliations and disclosures
4. Other information that the auditor may use as audit evidence includes:
Minutes of the meetings
Confirmations from third parties
Analysts reports
Comparable data about competitors (benchmarking)
Control manuals
Information obtained by auditors from such audit procedures as
inquiry, observation, and inspection; and
Other information developed by, or available to, the auditor that
permits the auditor to reach conclusions through valid reasoning
Sufficient appropriate evidence

1. Sufficiency is the measure of the quantity of audit evidence
2. Appropriateness is the measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for, or detecting material
misstatements in, the classes of transactions, account balances, and
disclosures and related assertions.
3. The following generalizations can be made about the reliability of audit
evidence:
a. Audit evidence I more reliable when it is obtained from independent
sources outside the entity
b. Audit evidence that is generated internally is more reliable when
the related controls imposed by the entity are effective
c. Audit evidence obtained directly by the auditor (for example,
observation of the application of a control) is more reliable than
audit evidence obtained indirectly or by inference (for example, the
inquiry about the application of control)
d. Audit evidence is more reliable when it exists in a documentary
form, whether paper, electronic, or other medium (for example,
contemporaneously written record of a meeting is more reliable
than a subsequent oral representation of the matters discussed)
18
e. Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles
4. An audit rarely involves the authentication of documentation, nor is the
auditor trained as or expected to be an expert in such authentication
5. When information produced by the entity is used by the auditor to perform
audit procedures, the auditor should obtain audit evidence about the
accuracy and completeness of the information
6. In forming an audit opinion, the auditor does not examine all the information
available because conclusions ordinarily can be reached by using sampling
approaches and other means of selecting items for testing.
The use of assertions in obtaining audit evidence

1. Management is responsible for the fair presentation of financial statements
that reflect the nature and operations of the entity.
2. In representing that the financial statements are presented fairly, in all
material respects, in accordance with the applicable financial reporting
framework, management implicitly or explicitly makes assertions regarding
the recognition, measurement, presentation, and disclosure of the various
elements of financial statements and related disclosures
3. The auditor should use assertions for classes of transactions, account
balances, and presentation and disclosures in sufficient detail to form a basis
for the assessment of risks of material misstatement and the design and
performance of further audit procedures
CATEGORIES OF ASSERTIONS
a. Assertions about classes of transactions and events for the period under
audit:
1. OCCURRENCE - transactions and events that have been recorded
have occurred and pertain to the entity
2. COMPLETENESS - all transactions and events that should have been
recorded have been recorded.
3. ACCURACY - amounts and other data relating to
recorded transactions and events have been recorded
appropriately
4. CUTOFF - transactions and events have been recorded in
the correct accounting period
5. CLASSIFICATION- transactions and events have been recorded in
the proper accounts
b. Assertions about account balances at the period end:
1. EXISTENCE -assets, liabilities, and equity
interests exist
2. RIGHTS AND OBLIGATIONS - the entity holds or controls the
right to assets, and liabilities are obligations of the entity
3. COMPLETENESS - all assets, liabilities, and equity
interests that should have been recorded have been recorded
4. VALUATION AND ALLOCATION- assets, liabilities and equity interests
are included in the financial statements at appropriate amounts and
any resulting valuation or allocation adjustments are appropriately
recorded
c. Assertions about presentation and disclosure:

1. OCCURRENCE AND RIGHTS AND OBLIGATIONS
Disclosed events, transactions, and other matters have
occurred and pertain to the entity
2. COMPLETENESS
All disclosures that should have been included in the
financial statements have been included
3. CLASSIFICATION AND UNDERSTANDABILITY
Financial information is appropriately presented and
described and disclosures are clearly expressed
4. ACCURACY AND VALUATION
Financial and other information are disclosed fairly and at
appropriate amounts
Audit procedures for obtaining audit evidence

1. RISK ASSESSMENT PROCEDURES
19
Obtain an understanding of the entity and its environment, including
its internal control, to assess the risk of material misstatement at the
financial statement and assertion levels
2. TESTS OF CONTROLS
When necessary or when the auditor has determined to do so, test the
operating effectiveness of controls in preventing, or detecting and
correcting, material misstatements at the assertion level
3. SUBSTANTIVE PROCEDURES
Detect material misstatements at the assertion level. These include
analytical review procedures and tests of details
Examples of audit procedures

1. INSPECTION
Consists of examining records and documents, whether internal or
external in paper form, electronic form, or other media. Inspection of
tangible assets consists of physical examination of the assets.
2. OBSERVATION
Consists of looking at a process or procedure being performed by
others
3. INQUIRY
Consists of seeking information of knowledgeable persons, both
financial and nonfinancial, throughout the entity or outside the entity
4. CONFIRMATION
The process of obtaining a representation of information or of an
existing condition directly from a third party
5. RECALCULATION
Consists of checking the mathematical accuracy of documents or
records
6. REPERFORMANCE
The auditors independent execution of procedures or controls that
were originally performed as part of the entitys internal control, either
manually or through the use of CAATs
7. ANALYTICAL PROCEDURES
Consists of evaluations of financial information made by a study of
plausible relationships among both financial and nonfinancial data. It
also encompasses the investigation of identified fluctuations and
relationships that are inconsistent with other relevant information or
deviate significantly from predicted amounts.
PSA 501
AUDIT EVIDENCE ADDITIONAL CONSIDERATIONS ON SPECIFIC ITEMS
Attendance at Physical Inventory Counting
1. When inventory is material to the financial statements, the auditor should

obtain sufficient appropriate audit evidence regarding its existence and
condition by attendance at physical inventory counting unless impracticable.
2. If unable to attend the physical inventory count on the date panned due to
unforeseen circumstances, the auditor should take or observe some physical
counts on an alternative date and, when necessary, perform tests of
intervening transactions.
3. Where attendance is impracticable, due to factors such as the nature and

location of the inventory, the auditor should consider whether alternative
procedures provide sufficient appropriate audit evidence of existence and
condition to conclude that the auditor need not make reference to a scope
limitation.
4. In planning attendance at the physical inventory count or the alternative

procedures, the auditor would consider:
The nature of the accounting and internal control systems used regarding
inventory.
Inherent, control, and detection risks, and materiality related to inventory.
20
Whether adequate procedures are expected to be established and proper
instructions issued for physical inventory counting.
The timing of the count.
The locations at which inventory is held.
Whether an experts assistance is needed.
5. The auditor would review managements instructions regarding:

The application of control procedures, for example, the collection of used
stocksheets, accounting for unused stocksheets, and count and recount
procedures.
Accurate identification of the stage of completion of work in progress, of
slow moving, obsolete or damaged items and inventory by a third party, for
example, on consignment.
Whether appropriate arrangements are made regarding the movement of
inventory between areas and the shipping and receipt of inventory before
and after the cutoff date.
6. To obtain assurance that managements procedures are adequately

implemented the auditor would observe employees procedures and perform
test counts.
7. The auditor would also consider cutoff procedures including details of the
movement of inventory just prior to, during, and after the count so that the
accounting for such movements can be checked at a later date.
8. The auditor would test the final inventory listing to assess whether it accurately
reflects actual inventory counts.
9. When inventory is under the custody and control of a third party, the auditor
would ordinarily obtain direct conformation from the third party as to the
quantities and condition of inventory held on behalf of the entity. Depending on
the materiality of this inventory, the auditor would consider:
The integrity and independence of the third party.
Observing, or arranging for another auditor to observe, the physical
inventory count.
Obtaining another auditors report on the adequacy of third partys
accounting and internal control systems for ensuring that inventory is
correctly counted and adequately safeguarded.
Inspecting documentation regarding inventory held by third parties, for
example, warehouse receipts, or obtaining confirmation from other parties
when such inventory has been pledged as collateral.
Procedures regarding litigation and claims
1. The auditor should carry out procedures in order to become aware of any
litigation and claims involving the entity, which may have a material effect on
the financial statements.
Such procedures would include:

Make appropriate inquiries of management including obtaining
representations.
Review board minutes and correspondence with the entitys lawyers.
Examine legal expense accounts.
Use any information obtained regarding the entitys business including
information obtained from discussions with any inhouse legal department.
2. When litigation or claims have been identified or when the auditor believes
they may exist, the auditor should seek direct communication with the entitys
lawyers.
3. The letter, which should be prepared by management and sent by the auditor,
should request the lawyer to communicate directly with the auditor. When it is
considered unlikely that the lawyer will respond to a general inquiry, the letter
would ordinarily specify:
A list of litigation and claims.
21
Managements assessment of the outcome of the litigation or claim and its
estimate of the financial implications, including costs involved.
A request that the lawyer confirms the reasonableness of managements
assessments and provides the auditor with further information if the list is
considered by the lawyer to be incomplete or incorrect.
4. The auditor considers the status of legal matters up to date of the audit report.
5. If management refuses to give the auditor permission to communicate with the

entitys lawyers, this would be a scope limitation and should ordinarily lead to a
qualified opinion or a disclaimer of opinion.
Valuation and disclosure of long-term investments
1. When long-term investments are material to the financial statements, the

auditor should obtain sufficient appropriate audit evidence regarding their
valuation and disclosure.
2. Audit procedures ordinarily include considering evidence as to whether the

entity has the ability to continue to hold the investments on a long-term basis
and discussing with management whether the entity will continue to hold the
investments as long-term investments and obtaining written representations to
that effect.
3. Other procedures would ordinarily include considering related financial

statements and other information, such as market quotations, which provide an
indication of value and comparing such values to the carrying amount of the
investments up to the date of the auditors report.
Segment information
1. When segment information is material to the financial statements, the auditor

should obtain sufficient appropriate audit evidence regarding its disclosure in
accordance with the applicable financial reporting framework.
2. The auditor considers segment information in relation to the financial

statements taken as a whole, and is not ordinarily required to apply auditing
procedures that would be necessary to express an opinion on the segment
information standing alone.
3. Audit procedures regarding segment information ordinarily consist of analytical

procedures and other audit test appropriate in the circumstances.
4. The auditor would discuss with management the methods used in determining
segment information, and consider whether such methods are likely to result in
disclosure in accordance with GAAP and test the application of such methods.
PSA 505
EXTERNAL CONFIRMATIONS
1. External confirmation is the process of obtaining and evaluating audit
evidence through a direct communication from a third party in response to a
request for information about a particular item affecting assertions made by
management in the financial statements.
Use of positive and negative external confirmations
2. A positive external confirmation request asks the respondent to reply to the

auditor in all cases either by indicating the respondents agreement with the
given information, or by asking the respondent to fill in the information.
22
3. A negative external confirmation request asks the respondent to reply only in
the event of disagreement with the information provided in the request.
4. Negative confirmation requests may be used to reduce the risk of material

misstatement to an acceptable level when:
The assessed risk of material misstatement is lower.
A large number of small balances are involved.
A substantial number of errors are not expected.
The auditor has no reason to believe that respondents will disregard these
requests.
5. When performing confirmation procedures, the auditor should maintain control

over the process of selecting those to whom a request will be sent, the
preparation and sending of confirmation requests, and the responses to those
requests.
6. The auditor should perform alternative procedures where no response is

received to a positive external confirmation request. The alternative audit
procedures should be such as to provide the evidence the evidence about the
financial statement assertions that the confirmation request was intended to
provide.
7. When the auditor forms a conclusion that the confirmation process and
alternative procedures have not provided sufficient appropriate audit evidence
regarding an assertion, the auditor should undertake additional procedures to
obtain sufficient audit evidence.
8. The auditor should evaluate whether the results of the external confirmation
process together with the results from any other procedures performed,
provide sufficient appropriate audit evidence regarding the assertion being
audited.
PSA 230 (Revised)

AUDIT DOCUMENTATION
1. The auditor should prepare, on a timely basis, audit documentation that
provides:
a sufficient and appropriate record of the basis for the auditors report;
and
evidence that the audit was performed in accordance with PSAs and
applicable legal and regulatory requirements
2. Audit documentation means the record of audit procedures performed,
relevant audit evidence obtained, and conclusions the auditor reached (terms
such as working papers or work papers are also sometimes used).
3. experience auditor means an individual (whether internal or external to the
firm) who has reasonable understanding of
Audit processes;
PSAs and applicable legal and regulatory requirements
The business environment in which the entity operates; and
Auditing and financial reporting issues relevant to the entitys industry
4. Audit documentation may be recorded on paper or on electronic or other
media
5. The auditor should prepare the audit documentation so as to enable an
experiences auditor, having no precious connection with the audit, to
understand:
the nature, timing , and extent of the audit procedures performed to
comply with PSAs and applicable legal and regulatory requirements
the results of the audit procedures and the audit evidence obtained;
and
significant matters arising during the audit and the conclusions
reached thereon
6. in documenting the nature, timing and extent of audit procedures performed,
the auditor should record the identifying characteristics of the specific items
or matters beig tested
23
7. the auditor should document discussions of significant matters with
management and others on a timely basis
8. where, in exceptional circumstances, the auditor judges it necessary to
depart from a basic principle or an essential procedure that is relevant in the
circumstances of the audit, the auditor should document how the alternative
audit procedures performed achieved the objective of the audit, and, unless
otherwise clear, the reasons for the departure
9. the auditor should record:
who performed the audit work and the date such work was completed
who reviewed the audit work performed and the date and extent of
such review
Assembly of the final audit file

10. The auditor should complete the assembly of the final audit file on a
timely basis after the date of the auditors report. As PSQC 1 indicates, 60
days after the date of the auditors report is ordinarily an appropriate time
limit within which to complete the assembly of the final audit file

Manila
AUDITING THEORY CPA

REVIEW
PSA 240 (REVISED 2006) THE AUDITORS RESPONSIBILITY TO
CONSIDER FRAUD IN AN AUDIT OF FINANCIAL
STATEMENTS
PSA 250 CONSIDERATIONS OF LAWS AND REGULATIONS IN

AN AUDIT OF FINANCIAL STATEMENTS
PSA 260 COMMUNICATIONS OF AUDIT MATTERS WITH

THOSE CHARGED WITH GOVERNANCE
PSA 240 (REVISED 2006)

THE AUDITORS RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF
FINANCIALSTATEMENTS
FRAUD refers to an intentional act by one party or more individuals among

management, those charged with governance, employees or third parties, involving
the use of deception to obtain an unjust or illegal advantage
Fraud involves:
Incentive or pressure to commit fraud
A perceived opportunity to act or to do so
Some rationalization of the act
24
Management fraud - fraud involving one or more members of management or
those charged with governance
Employee fraud - fraud involving only employees of the entity
(In either case, there may be collusion within the entity or with third parties
outside of the entity)
TWO TYPES OF FRAUD

1. FRAUDULENT FINANCIAL REPORTING
Involves intentional misstatements including omissions of amounts or
disclosures in financial statements to deceive financial statement users
often involves management override of controls that otherwise may
appear to be operating effectively
can be caused by the efforts of management to manage earnings in
order to deceive financial statements users by influencing their
perceptions as to the entitys performance and profitability
may be accomplished by the following
manipulation, falsification (including forgery), or alteration
of accounting records or supporting documentation from
which the financial statements are prepared
misrepresentation in, or intentional omission from, the
financial statements of events, transactions or other
significant information
intentional misapplication of accounting principles relating
to amounts, classifications, manner of presentation, or
disclosure
2. MISAPPROPRIATION OF ASSETS
Involves the theft of an entitys assets and is often perpetrated by
employees in relatively small and immaterial amounts
Can also involve management who are usually more able to disguise or
conceal misappropriations in ways that are difficult to detect
Often accompanied by false or misleading records or documents in
order to conceal the fact that the aspects are missing or have been
pledged without proper authorization
Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
o Using an entitys assets for personal use
Responsibilities of Those charged with Governance and of Management
1. The primary responsibility for the prevention and detection of fraud rests with
both those charged with governance of the entity and with management
2. It is important management, with the oversight of those charged with
governance, place a strong emphasis on fraud prevention, which may reduce
opportunities for fraud to take place, and fraud deterrence, which could
persuade in individuals not to commit fraud because of the likelihood
detection and punishment
3. It is the responsibility of those charged with governance of the entity to
ensure , through oversight of management, that the entity establishes and
maintains internal control to provide reasonable assurance with regard to
reliability of financial reporting, effectiveness and efficiency of operations and
compliance with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged
with governance, to establish a control environment and maintain policies
and procedures to assist in achieving the objective ensuring, as far as
possible, the orderly and efficient conduct of the entitys business
Inherent limitations of an Audit in the context of Fraud

1. Owing to inherent limitations of an audit, there is an unavoidable risk that
some material misstatements of the financial statements will not be
detected, even though the audit is properly planned and performed in
accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is
higher than the risk of not detecting a material misstatement resulting from
error because fraud may involve sophisticated and carefully organized
schemes designed to conceal it, such as:
25
Forgery
Deliberate failure to record transactions
Intentional misrepresentation being made to the auditor
3. The risk of the auditor not detecting a material misstatement resulting from
management fraud is greater than for employee fraud, because management
is frequently in a position to directly or indirectly manipulate accounting
records and present fraudulent financial information
4. The subsequent discovery of a material misstatement of the financial
statements resulting from fraud does not, in and of itself, indicate a failure to
comply with PSAs
Responsibilities of the auditor for detecting material misstatements due

to fraud
1. An auditor conducting an audit in accordance with PSAs obtains reasonable
assurance that the financial statements taken as a whole are free from
material misstatement, whether caused by fraud or error
2. An auditor cannot obtain absolute assurance that material misstatements in
the financial statement will be detected because of such factors as of the
following:
use of judgment
use of testing
inherent limitations of internal control
the fact that much of the audit evidence available to the auditor
is persuasive rather than conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput
the audit, recognizing the possibility that a material misstatement due to
fraud could exist, notwithstanding the auditors past experience with the
entity about the honesty and integrity of management and those charged
with governance
4. Members of the engagement team should discuss the susceptibility of the
entitys financial statements to material misstatement due to fraud
5. Risk assessment procedures
The auditor should perform risk assessment procedures to obtain an
understanding of the entity and its environment, including its internal
control. As part of this work, the auditor performs the following
procedures to obtain information that is used to identify the risks of
material misstatements due to fraud:
1. Makes inquiries of management, of those charged with governance,
and of others within the entity as appropriate and obtains an
understanding of how those charged with governance exercise
oversight of managements processes for identifying and
responding to the risks of fraud and he internal control that
management has established to mitigate these risks
2. Considers whether one or more fraud risk factors are present
3. Considers any unusual or unexpected relationships that have been
identified in performing analytical procedures
4. Considers other information that may be helpful in identifying the
risks of material misstatement due to fraud.
Responses to the risks of material misstatement due to fraud
1. The auditor should determine overall responses to address he assessed risks
of material misstatement due to fraud at the financial statement level and
should design and perform further audit procedures whose nature, timing and
extent are responsive to the assessed risks at the assertion level
2. In determining overall responses to address the risks of material misstatement
due to fraud at the financial statement level the auditor should:
Consider the assignment and supervision of personnel
Consider the accounting policies used by the entity; and
Incorporate an element of unpredictability in the selection of the
nature, timing and extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to
fraud at the assertion level
The auditors responses may include changing the nature, timing, and extent
of audit procedures in the following ways:
26
a. The nature of audit procedures to be performed may need to be
changed to obtain audit evidence that is more reliable and relevant to
obtain additional corroborative information
b. The timing of substantive procedures may need to be modified. The
auditor may conclude that performing substantive testing at or near
the period end better addresses an assessed risk of material
misstatement due to fraud
c. The extent of the procedures applied reflects the assessment of the
risks of material misstatement due to fraud. For example, increasing
sample sizes or performing analytical procedures at a more detailed
level may be appropriate
4. To respond to the risk of management override of controls, the auditor should
design and perform audit procedures to:
a. Test the appropriateness of journal entries recorded in the general
ledger and other adjustments made in the preparation of the financial
statements
b. Review accounting estimates for biases that could result to material
c. Obtain an understanding of the business rationale of significant
transactions that the auditor become aware of that are outside the
normal course of the business for the entity, or that otherwise appear
to be unusual given the auditors understanding of the entity and its
environment
Evaluation of audit evidences

1. The auditor should consider whether analytical procedures that are
performed at or near the end of audit when forming an overall conclusion as
to whether the financial statements as a whole are consistent with auditors
knowledge of the business indicate a previously unrecognized risk of material
2. When the auditor identifies the misstatement, the auditor should consider
whether such a misstatement may be indicative of fraud and if there is such
an indication the auditor should consider the implications of the
misstatement in relation to other aspects of the audit, particularly the
reliability of management representations
3. When the auditor confirms that, or is unable to conclude whether, the
financial statements are materially misstated as a result of fraud, the auditor
should consider the implications for the audit
Management representations
The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of
internal control to prevent and detect fraud
b. It has disclosed to the auditor the results of its assessment of the risk that the
financial statements may be materially misstated as a result of fraud
c. It has disclosed to the auditor its knowledge of fraud or suspected fraud
affecting the entity involving:
i. Management
ii. Employees who have significant roles in internal control
iii. Others where the fraud could have a material effect on the
financial statements and
d. It has disclosed to the auditor its knowledge of any allegations of fraud,
or suspected fraud, affecting the entitys financial statements
communicated by the employees, former employees, analysts,
regulators or others
Communication with management and those charged with governance

1. If the auditor has identified a fraud or has obtained information that indicates
that a fraud may exist, the auditor should communicate these matters as
soon as practicable to the appropriate level of management
2. If the auditor has identified fraud involving management, employers who
have significant roles in internal control, or others where the fraud results in a
material misstatement in the financial statements, the auditor considers
seeking legal advice to assist in the determination of the appropriate course
of action
27
3. If the integrity or honesty of management or those charged with governance
is doubted, the auditor considers seeking legal advice to assist in the
determination of the appropriate course of action
4. The auditor should make those charged with governance and management
aware, as soon as practicable, and at the appropriate level of responsibility,
of material weaknesses in the design or implementation of internal control to
prevent and detect fraud which may have come to the auditors attention
5. The auditors professional duty to maintain the confidentiality of client
information may preclude reporting fraud to a party outside the client the
entity. However, the duty of confidentiality may be overridden by regulatory
requirements
Auditor unable to continue the engagement

1. If , as a result of a misstatement resulting from fraud or suspected fraud, the
auditor encounters exceptional circumstances that bring into question the
auditors ability to continue performing audit, the auditor should:
a. Consider the professional and legal responsibilities applicable in the
circumstances, including whether there is a requirement for the
auditor to report to the person or persons who made the audit
appointment or, I some cases, to regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:
i. Discuss the appropriate level of management and those
charged with governance the auditors withdrawal from the
engagement and the reasons for the withdrawal; and
ii. Consider whether there is a professional or legal requirement to
report to the person or persons who made the audit
appointment or, in some cases, to regulatory authorities, the
auditors withdrawal from the engagement and the reasons for
the withdrawal
Documentation
1. The documentation of the auditors understanding of the entity and its
environment and the auditors assessment of the risks of material
misstatement should include:
a. The significant decisions reached during the discussion among the
engagement team regarding the susceptibility of the entitys
financial statements to material misstatement due to fraud
b. The identified and assessed risks of material misstatement due to
fraud at the financial statement level and at the assertion level
2. The documentation of the auditors responses to the assessed risks of
material misstatement should include:
a. The overall responses to the assessed risks of material
misstatement due to fraud at the financial statement level and the
nature, timing and extent of audit procedure, and the linkage of
those procedures with the assessed risks of material misstatement
due to fraud at the assertion level
b. The results of the audit procedures, including those designed to
address the risk of management override of controls
3. The auditor should document the communications about fraud made to
management, those charged with governance, regulators and others
4. When the auditor has concluded that the presumption that there is a risk of
material misstatement due to fraud related to revenue recognition is not
applicable in the circumstances of the engagement, the auditor should
document the reasons for that conclusion
PSA 250
CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL
STATEMENTS
28
1. Noncompliance as used in PSA 250 refers to acts of omission or commission
by he entity being audited, either intentional and unintentional, which are
contrary to the prevailing laws and regulations
2. Noncompliance does not include personal misconduct (unrelated to the
business activities of the entity) by the entitys management or employees
3. When planning and performing audit procedures and in evaluating and
reporting the results thereof, the auditor should recognize that
noncompliance by the entity with laws and regulation may materially affect
the financial statements
Responsibility of management for the compliance with laws and

regulations
1. It is managements responsibility to ensure that the entitys operations
conducted in accordance with laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests
with management
3. The following policies and procedures, among others, may assist
management in discharging its responsibilities for the prevention and
detection of noncompliance:
Monitoring legal requirements and ensuring that operating procedures
are designed to meet these requirements
Instituting and operating appropriate systems of internal control
Developing, publicizing and following a Code of Conduct
Ensuring employees are properly trained and understand the Code of
Conduct
Monitoring compliance with the Code of Conduct and acting
appropriately to discipline employees who fail to comply with it
Engaging legal advisors to assist in monitoring legal requirements
Maintaining a register of significant laws with which the entity has to
comply within its particular industry and a record of complaints
The auditors consideration of compliance with laws and regulations

1. The auditor is not, and cannot be held responsible for preventing
noncompliance
2. The auditor should plan and perform the audit with an attitude of professional
skepticism recognizing that the audit may reveal conditions or events that
would lead to questioning whether an entity is complying with laws and
regulations
3. In order t plan the audit, the auditor should a general understanding of the
legal and regulatory framework applicable to the entity and the industry and
how the entity is complying wih that framework
4. After obtaining the general understanding, the auditor should perform
procedures to help identify instances of noncompliance with those laws and
regulations where non compliance should be considered when preparing
financial statements specifically:
a. Inquiring of management as to whether the entity is in compliance
with such laws and regulations
b. On receipt of an inquiry from the proposed auditor, the existing
auditor should advise whether there are any professional reasons
why the proposed auditor should not accept the appointment. If
permission from the client to discuss its affairs with the proposed
auditor of denied by the client, the fact should be disclosed to the
propose auditor
29
Manila
AUDITING THEORY CPA

REVIEW
AUDIT SAMPLING
(BASED ON PSA 530: AUDIT SAMPLING AND OTHER SELECTIVE TESTING
PROCEDURES)
Selecting items of testing to gather audit evidence

When designing audit procedures, the auditor should determine appropriate means
of selecting items for testing. The means available to the auditor are:
a. Selecting all items (100% examination)
b. Selecting specific items
c. Audit sampling
Selecting all items (100% examination)

Unlikely in the case of tests of control but more common for substantive
procedures
May be appropriate when:
a. The population constitutes a small number of large value
items
b. When both inherent risk and control risk are high and other
means do not provide sufficient appropriate audit evidence
c. When the repetitive nature of a calculation or other process
performed by a computer information system makes a 100%
examination cost effective
Selecting specific items

The auditor may decide to select specific items from a population based on
such factors as knowledge of the clients business, preliminary assessments
of inherent and control risks, and the characteristics of the population being
tested
The judgmental selection of specific items is subject to nonsampling risk
Specific selected items may include:
High value or key items
All items over a certain amount
Items to obtain information
Items to test procedures
While an efficient means of gathering audit evidence, it does not constitute
audit sampling. The results of audit procedures applied to specific items
selected cannot be projected to the entire population
AUDIT SAMPLING
1. Audit Sampling involves the application of audit procedures to less than
100% of items with an account balance or class of transactions
2. Sampling may be statistical or nonstatistical.
I. Statistical sampling means any approach t sampling that has the
following characteristics:
a. Random selection of a sample
b. Use of probability theory to evaluate sample results
II. Nonstatistical sampling is a sampling approach that does not

have characteristics (a) and (b).
Audit sampling plan refers to the procedures an auditor applies t accomplish a

sampling application. In aids an auditor I forming conclusions about one r more
30
characteristics or either a particular class of transactions or a particular account
balances
1. ATTRIBUTE SAMPLING
Applicable to tests of control
Used to test an entitys rate of deviation (also called rate of
occurrence) from a prescribed control procedure
2. VARIABLES SAMPLING
Applicable to substantive test
Most commonly used to test whether recorded account balances are
fairly stated
SAMPLING RISK
1. It arises from the possibility that the auditors conclusion, based on a sample
may be different from the conclusion reached if the entire population were
subjected to the same audit procedures
2. The confidence level (also called reliability level) is the mathematical
complement of the applicable sampling risk factor
3. It is to be measured and controlled. The auditor controls it by specifying the
acceptable level when developing the sampling design
4. For tests of control, it has the following aspects:
a. Risk of assessing control risk too low (Risk of Overreliance)
The risk that the auditor would conclude that the control
risk is lower than it actually is
It affects audit effectiveness and is more likely to lead to
an inappropriate audit opinion
b. Risk of assessing control risk too high (Risk of under reliance)
The risk that the auditor would conclude that control risk
is higher than actually is
It affects audit efficiency as it would lead to additional
work to establish that initial conclusions were incorrect
5. For substantive tests, it has the following aspects:
a. Risk of incorrect acceptance
The risk that the auditor would conclude that a material
error exists when in fact it does
It affects audit effectiveness and is more likely to lead to
an inappropriate audit opinion
b. Risk of incorrect rejection
The risk that the auditor would conclude that a material
error exists when in fact it does not
It affects audit effectiveness as it would lead to additional
work to establish that initial conclusions were incorrect
NONSAMPLING RISK
It arises from factors that cause the auditor to reach an erroneous conclusion for
any reason not related to the size of the sample. For example, most audit evidence
is persuasive rather than conclusive, the auditor might use inappropriate
procedures, or the auditor might misinterpret evidence and fail to recognize an
error.
5 STEPS IN ATTRIBUTE SAMPLING PLAN

1. Define the objectives of the plan
2. Define the population
For example, if an auditors objective is to test controls
designed to assure that all shipped goods are invoiced, the
population would be defined as all sipping documents issued
during the period not all sales invoices
3. Define the attribute and deviation conditions

An attribute s a characteristic of control. For example, the
supervisors signature of approval on a document. A
deviation is the absence of an attribute
4. Determine the sample size
The sample size is determined by considering the following factors:
a. Risk of assessing control risk too low
b. Tolerable deviation rate
31
c. Expected population deviation rate
Risk of assessing control risk too low

There is an inverse relationship between the risk and the sample size.
The higher the acceptable risk, the smaller the sample size
Because the risk of assessing control risk too low relates to the
effectiveness of the audit, it is kept at a relatively low level by the
auditor
Tolerable deviation rate

This the maximum deviation rate that the auditor is willing to accept
The lower the rate of deviation that the auditor is willing to accept, the
larger the sample size needs to be
Expected population deviation rate (expected error)

The rate of deviation from the prescribed control procedure the auditor
expects to find in the population
The higher the rate of deviation the auditor expects, the larger the
sample size needs to e so as to be in a position o make a reasonable
estimate of the actual rate of deviation
Factors relevant to the auditors consideration of the expected error
rate include:
o The auditors understanding of the business (in particular,
procedures undertaken to obtain an understanding of the
accounting and internal control systems)
o Charges in the personnel or in the accounting and internal
control systems
o The results of audit procedures applied in prior periods
o The results of other audit procedures
5. Determine the method of sample selections

Some commonly used methods are:
a. Random number sampling
Each item in the population has an equal chance and nonzero
probability of selection
It is usually accomplished by generating random numbers from a
random number table or computer program and tracing them to
associated documents or items in th population
It is appropriate for both statistical and nonstatistical sampling
b. Systematic selection
The number of sampling units in the population is divided by the
sample size to give a sample interval, for example 50, and having
determined the starting point within the first 50, each 50 th sampling
unit is hereafter selected
Although the starting point may be determined haphazardly, the
sample is more likely to be truly random if it is determined by use of a
computerized random number generator or random number tables
When using systematic selection, the auditor would need to determine
that sampling interval corresponds with a particular pattern in the
population
c. Block selection or cluster sampling

It involves selecting a block(s) of contiguous items from within the
population
It cannot be ordinarily used in audit sampling because most
populations are structured such that items in sequence can be
expected to have similar characteristics to each other, but different
characteristics from items elsewhere in the population
Although in some circumstances it may be an appropriate audit
procedure to examine a block of items, it would rarely be an
appropriate sample selection technique when the auditor intends to
draw valid inferences about the entire population based on sample
d. Haphazard selection
The auditor selects a sample without following a structured technique
32
It is not appropriate when using statistical sampling
e. Stratification
This involves subdividing the population into subpopulations or strata,
i.e., a group of sampling units which have similar characteristics (often
monetary value)
The strata must be explicitly defined so that each sampling unit can
belong to only one stratum
This method enables the auditor to direct his efforts towards the items
he considers would potentially contain the greater monetary error
6. Perform sampling plan

7. Evaluate and document results
These include:
a. Determining the sample deviation rate
Sample deviation rate = number of deviations observed
Sample size
b. Determining the maximum population deviation rate (achieved upper
deviation limit) and the allowance for sampling risk (achieved precision)
The maximum deviation rate is based on the sample size and the
number of deviations discovered. There are standard tables that
yield maximum population deviation rates at specified risks of
assessing control risk too low
Allowance for sampling risk = Maximum Deviation Rate Sample
Deviation Rate
c. Considering qualitative information
The auditor considers each of the deviations nature, importance, and
probable cause
d. Reaching an overall conclusion
In assessing control risk, the auditor considers all available quantitative
and qualitative information
COMMONLY USED ATTRIBUTES SAMPLING TECHNIQUES

1. ATTRIBUTE ESTIMATION SAMPLING
A statistical sampling plan for tests of controls
Appropriate when an auditor wishes to estimate a true but unknown
population deviation rate
Uses a fixed sampling plan, i.e., the auditor tests a single sample
2. SEQUENTIAL SAMPLING (ALSO CALLED STOP-OR-GO SAMPLING)
The sampling plan is performed in several steps
Following each step, the auditor decides whether to stop or to go on to
the next step
Appropriate when the auditor expects zero or very few deviations
3. DISCOVERY SAMPLING
Appropriate when the expected deviation rate is near zero and when
the auditors objective is to find at least one deviation in a sample if
the actual population deviation rate exceeds or equals a
predetermined critical rate (tolerable deviation rate)
STEPS IN A VARIABLE SAMPLING PLAN

1. Determine the objectives of the test
The auditors objective is to test the reasonableness of a record
account balance, called hypothesis testing.
2. Define the population and sampling unit
3. Choose an audit sampling technique
a. Statistical vs. Nonstatistical
b. Classical variables sampling vs. Probability-proportional-to-size sampling
4. Determine the sample size
The auditor considers the following:
a. Variation within the population
Sample size varies in the same direction as the variation in population
amounts. As population variation increases, so does the sample size
An estimate of population variation is made by determining a
population standard deviation
b. Acceptable risk of incorrect rejection
33
c. Acceptable risk of incorrect acceptance
d. Tolerable error the maximum monetary error that may exist in an
account balance without causing the financial statements to be
materially misstated
5. Determine the method of sample selection

6. Perform the sampling plan
7. Evaluate the sample results
The following procedures are performed:
a. Projecting the same error to the population
b. Considering sampling risk
c. Considering qualitative information
d. Reaching an overall conclusion
CLASSICAL VARIABLES SAMPLING TECHNIQUES

A. Mean-per-unit estimation
A classical variables sampling technique that projects the sample
average to the population by multiplying the sample average by the number
of items in the population
B. Difference estimation
It is a classical variables sampling technique that uses the average
difference between audited amounts and individual recorded amounts to
estimate the total audited amount of a population and an allowance for
sampling risk.
C. Ratio estimation
A classical variables sampling technique that uses the ratio of audited
amounts to recorded amount in the sample to estimate the total amount of
the population and an allowance for sampling risk
Conditions for using difference and ration estimation

1. Each population item must have a recorded book value
2. Total population book value must be known
3. Expected differences between audited and recorded book values must not
be too rare
Choosing between difference and ratio estimation
Ratio estimation is more appropriate when he differences are nearly

proportional to book values.
Difference estimation is more appropriate when there is little or n relationship
between the absolute amounts of the differences and the book values.
PROBABILITY-PROPROTIONAL-TO-SIZE SAMPLING (PPS)

PPS uses a peso as the sampling unit
PPS sampling gives each individual peso in the population an equal chance of
selection
PPS is only useful for TESTS OF OVERSTATEMENTS (e.g., assets) since the
sample selection method dictates that the larger the transaction or amount,
the more likely that it will be selected.
PPS is inappropriate for testing liabilities because understatement is the
primary audit consideration
34
EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF
CONTROL
(PSA 530, APPENDIX I)
Factor Effect on Sample

size
An increase in the auditors intended reliance on accounting and
Internal control systems increase
An increase in the rate of deviation from the prescribed control

Procedure that the auditor is willing to accept
(Tolerable error) decrease
An increase in the rate of deviation from the prescribes control

Procedure that the auditor expects to find in the population
(Expected error) increase
An increase in the auditors required confidence level (or conversely

A decrease in the risk that the auditor will conclude that the auditor will
Conclude that the control risk is lower than the actual control risk in the
Population) increase
An increase in number of sampling units in the population negligible

effect
EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR SUBSTANTIVE

PROCEDURES
(PSA 530, APPENDIX II)
Factor Effect on Sample

size
An increase in the auditors assessment of inherent risk
increase
An increase in the auditors assessment of control risk

increase
An increase in the use of other substantive procedures

Directed at the same financial statement assertion decrease
An increase in the auditors required confidence level (or

Conversely, a decrease in the risk that the auditors will conclude that
35
A material error does not exist, when in fact it does exist) increase
An increase in the amount of error the auditor expects to find in

The population (tolerable error) decrease
An increase in the amount of error the auditor expects to find in the

Population (expected error) increase
Stratification of the population when appropriate decrease
The number of sampling units in the population

negligible effect

Manila
AUDITING THEORY CPA

REVIEW
AUDITING IN A CIS (IT) ENVIRONMENT
1. A CIS environment exists when a computer of any type or size is involved in

the processing by the entity of financial information of significance to the
audit, whether the computer is operated by the entity or by a third party
2. The overall objective and scope of an audit does not change in a CIS
environment
3. A CIS environment may affect:
a. The procedures followed in obtaining a sufficient understanding of
the accounting and internal control systems
b. The consideration of the inherent and control risk
c. The design and performance of tests of controls and substantive
procedures
4. The auditor should have sufficient knowledge of the CIS to plan, direct, and
review the work performed
5. If specialized skills are needed, the auditor would seek the assistance of a
professional possessing such skills, who may be either on the auditors staff
or an outside professionals
6. In planning the portions of the audit which may be affected by the clients CIS
environment, the auditor should obtain an understanding of the significance
and complexity of the CIS activities and the availability of data for use in the
audit
7. When the CIS are significant, the auditor should also obtain an understanding
of the CIS environment and whether it may influence the assessment of
inherent and control risks
8. The auditor should consider the CIS environment in designing audit
procedures to reduce audit risk to an acceptably low level. The auditor can
use either manual audit procedures, computer-assisted audit techniques, or a
combination of both to obtain sufficient evidential matter
36
RISK ASSESSMENTS AND INTERNAL CONTROL:
CIS CHARACTERISTICS AND CONSIDERATION
Organizational Structure
Characteristics of a CIS organizational structure includes:
a. Concentration of functions and knowledge
Although most systems employing CIS methods will include certain
manual operations, generally the number of persons involved in the processing of
financial information is significantly reduced.
b. Concentration of programs and data
Transaction and master file data are often concentrated, usually in
machine-readable form, either in one computer installation located centrally or in a
number of installations distributed throughout the entity.
Nature of Processing
The use of computers may result in the design of systems that provide less
visible evidence than those using manual procedures. In addition, these systems
may be accessible by a larger number of persons.
System characteristics that may result from the nature of CIS processing include:
a. Absence of input documents
Data may be entered directly into the computer system without
supporting document
In some on-line transaction systems, written evidence of individual
data entry authorization (e.g., approval for order entry) may be
replaced by other procedures, such as authorization controls contained
in computer programs (e.g., credit limit approval)
b. Lack of visible audit trail
The transaction trail may be partly in machine-readable form and may
exist only for a limited period of time (e.g., audit logs may be set to overwrite
themselves after a period of time or when the allocated disk space is consumed)
c. Lack of visible output
Certain transactions or results of processing may not be printed or only
summary data may be printed
d. Ease of access to data and computer programs

Data and computer programs may be assessed and altered at the
computer or through the use of computer equipment at remote locations. Therefore,
in the absence of appropriate controls, there is an increased potential for
unauthorized access to, and alteration of, data and programs by persons inside or
outside the entity
Design and procedural aspects

The development of CIS will generally result n design and procedural
characteristics that are different from those found in manual systems. These
different design and procedural aspects of CIS include:
a. Consistency of performance
CIS perform functions exactly as programmed and are potentially more
reliable than annual systems, provided that all transactions types and conditions
that could occur are anticipated and incorporated into the system. On the other
hand, a computer program that is not correctly programmed and tested may
consistently process transactions or other data erroneously
b. Programmed control procedures
The nature of computer processing allows the design of internal control
procedures in computer programs
c. Single transaction update of multiple or data base computer files
A single input t the accounting system may automatically update all
records associated with the transaction
d. Systems generated transactions
Certain transactions may be initiated by the CIS itself without the need
for an input document
e. Vulnerability of data and program storage media
Large volumes of data and the computer programs used to process
such data may be stored on portable or fixed storage media, such as magnetic disks
and tapes. These media are vulnerable to theft, loss, or intentional or accidental
destruction.
37
INTERNAL CONTROLS IN A CIS ENVIRONMENT
GENERAL CIS CONTROLS to establish a framework of overall control over the
CIS activities and to provide a reasonable level of assurance that the overall
objectives of internal control are achieved
General CIS controls may include:

a. Organization and management controls designed to define the strategic
direction and establish an organizational framework over CIS activities,
including:
Strategic information technology plan
CIS policies and procedures
Segregation of incompatible functions
Monitoring of CIS activities performed by third party consultants
b. Development and maintenance controls designed to provide reasonable
assurance that systems are developed or acquired, implemented and
maintained in an authorized and efficient manner. They also typically are
designed to establish control over:
Project initiation, requirements definition, systems design, testing, data
conversion, go-live decision, migration to production environment,
documentation of new or revised systems, and user training
Acquisition and implementation of off-the-shelf packages
Request for changes to the existing systems
Acquisition, implementation, and maintenance of system software
c. Delivery and support controls designed to control the delivery of CIS
services and include:
Establishment of service level agreements against which CIS services
are measured
Performance and capacity management controls
Disaster recovery/contingency planning, training, and file backup
Computer operations controls
Systems security
Physical and environment controls
d. Monitoring controls designed to ensure that CIS controls are working
effectively as planned. These include:
Monitoring of key CIS performance indicators
Internal external CIS audits
CIS APPLICATION CONTROLS to establish specific control procedures over the

application systems in order to provide reasonable assurance that all transactions
are authorized, recorded and are processed completely, accurately and on a timely
basis. CIS application controls include:
a. Controls over Input designed to provide reasonable assurance that:
Transactions are properly authorized before being processed by the
computer
Transactions are accurately converted into machine readable form and
recorded in the computer data files
Transactions are not lost, added, duplicated or improperly changed
Incorrect transactions are rejected, corrected and, if necessary,
resubmitted on a timely basis.
b. Controls over processing and computer data files designed to provide
reasonable assurance that:
Transactions, including system generated transactions, re properly
processed by the computer
Transactions are not lost, added, duplicated or improperly changed
Processing errors (i.e., rejected data and incorrect transactions) are
identified and corrected on a timely basis
c. Controls over output designed to provide reasonable assurance that:
Results of processing are accurate
Access to output is restricted to authorized personnel on a timely basis
Output is provided to appropriate authorized personnel on a timely
basis
Review of general CIS controls
38
General CIS controls that relate to some or all applications are typically
interdependent controls in that their operation is often essential to the effectiveness
of CIS application controls. Accordingly, it may be more efficient to review the
design of the general controls before reviewing the application controls.
Review of CIS application controls

CIS application controls which the auditor may wish to test include:
a. Manual controls exercised by the user
b. Controls over system output
c. Programmed control procedures
CIS ENVIRONMENTS STAND-ALONE PERSONAL COMPUTERS

1. A personal computer (PC) can be used in various configurations. These
include:
a. A stand-alone workstation operated by a single user or a number of
users at different times;
b. A workstation which part of a Local Area Network (LAN) of PCs; and
c. A workstation connected to a server
2. In a stand-alone PC environment, it may not be practicable or cost-effective
for management to implement sufficient controls to reduce the risks of
undetected error to a minimum level
3. After obtaining the understanding of the accounting system and control
environment, the auditor may find it more cost-effective not to make a
further review of general controls or application controls, but concentrate
audit efforts on substantive procedures.
CIS ENVIRONMENTS ON-LINE COMPUTER SYSTEMS

1. On-line computer systems are computer systems that enable users to access
data and programs directly through terminal devices
2. On-line systems allow users to directly initiate various functions such as:
a. Entering transactions
b. Making inquiries
c. Requesting reports
d. Updating master files
e. Electronic commerce activities
3. Types of terminals used in on-line systems:
A. General purpose terminals
1. Basic keyboard and screen
2. Intelligent terminal
3. PCs
B. Special purpose terminals
1. Point-of-sale devices
2. Automated teller machines (ATM)
5. Types of on-line computer systems:
a. On-line/ real time processing
Individual transactions are entered at terminal devices,
validated, and used to update related computer files immediately.
b. On-line/batch processing
Individual transactions are entered at a terminal device,
subjected to certain validation checks, and added to a transaction file that contains
other transactions entered during the period. Later, during a subsequent processing
cycle, the transaction file may be validated further and then used to update
relevant master file.
c. On-line/Memo update (and subsequent Processing)
Combines in-line/ real time and on-line/ batch processing

Individual transactions immediately update a memo file
containing information that has been extracted from the
most recent version of the master file. Inquiries are made
from this memo file
These same transactions are added to a transaction file
for subsequent validation and updating of the master file
on a batch basis
d. On-line/ inquiry
Restricts users at terminal devices to making inquiries of
master file
39
Master files are updated by other systems, usually on a
batch basis
e. On-line downloading/ uploading processing
On-line downloading refers to the transfer of data from a
master file to an intelligent terminal device for further
processing by a user
NETWORK ENVIRONMENT
1. A network environment is a communication system that enables computer
users to share computer equipment, application software, data, and voice
and video transmissions
2. A file server is a computer with an operating system that allows multiple
users in a network to access software applications and data files
3. Basic types of networks
a. Local area network (LAN)
b. Wide area network (WAN)
c. metropolitan area network (MAN)
CIS ENVIRONMENTS DATABASE SYSTEMS

1. DATABASE a collection of data that is shared and used by many different
users for different purposes
2. Two components of database systems:
a. Database
b. Database management system (DBMS) software that creates,
maintains, and operates the database
3. Characteristics of database systems:
a. Data sharing
b. Data independence
TERMS USED IN CIS ENVIRONMENTS

HARDWARE
1. COMPUTER HARDWARE consists of the configuration of physical electronic
equipment
2. CONSOLE a special CRT (Cathode Ray Tube) used for communication
between the operator and the computer.
3. PERIPHERAL EQUIPMENT all non-CPU hardware that may be placed under
the control of the processor. This consists of input, storage, output, and
communication devices
4. CONTROLLERS units designed to operate (control) specific input/output
devices
5. CHANNELS units designed to handle the transfer of data into or out of
primary storage (memory)
6. BUFFER MEMORY (BUFFER) temporary storage unit used to hold data during
input/output operations
7. OFF-LINE peripheral equipment not in direct communication with the CPU
8. ON-LINE peripheral equipment in direct communication with, and under the
control of the CPU
9. INPUT DEVICES provides a means of transferring data into CPU storage
a. Magnetic tape reader capable of sensing information recorded as
magnetized spots on magnetic tape. It is also used as an output
device and storage medium.
b. Magnetic ink character reader( MICR) reads characters by
scanning temporarily magnetized characters using magnetic ink
c. Optical character recognition (OCR) reads characters directly from
documents based on their shapes and positions on the source
document
d. Cathode ray tube (CRT) a typewriter-like device that decodes
keystrokes into electronic impulses
e. Key-to-tape and Key-to-disk systems in which input data can be
entered directly onto magnetic tape, magnetic disk, or floppy disk
through CRT
10.STORAGE DEVICES devices which store data that can be subsequently used
by the CPU
a. Random access data can be accessed directly regardless of how it
is physically stored (e.g., magnetic disk)
b. Sequential access data must be processed in the order in which it
is physically stored (e.g., magnetic tape)
40
11.OUTPUT DEVICES produce readable data or machine-readable data when
further processing is required. Examples are CRT, printer, and CRT COM
(Computer output to Micro film)
12.TERMINALS CRT devices or microcomputers used for input/output
(communication) with the CPU
13.POINT-OF-SALE DEVICES a terminal connected to a computer. It takes the
place of a cash register or similar devices which allows instant recording and
is capable of keeping perpetual inventory
14.MODEM a device for interfacing communications equipment within
communication networks
Software consists of computer programs which instruct the computer hardware to

perform the desired processing.
Types of computer programs

1. OPERATING SYSTEM controls the functioning of the CPU and its peripheral
equipment. Several different operating systems allow a single configuration
of hardware to function in the following modes:
a. MULTIPROGRAMMING the operating system processes a program
until an input/output operation is required. Since input or output
can be handled by peripheral devices, such as channels and
controllers, the CPU can begin executing another programs
instructions. Several programs appear to be concurrently
processing
b. MULTIPROCESSING multiple CPUs process data while sharing
peripheral devices, allowing two or more programs to be process
simultaneously
c. VIRTUAL STORAGE the operating system separates user programs
into segment pages automatically. It appears as though there is
unlimited memory available for programs, even though the program
is still confined to a physical segment of memory.
2. UTILITY PROGRAM performs a commonly required process, such as storing
and merging
3. APPLICATION PROGRAM performs the desired processing tasks (e.g., payroll
preparation)
4. SOURCE PROGRAM written by a programmer in a source language (e.g.,
COBOL) that will be converted into an object program
5. OBJECT PROGRAM converted source program that was changed using a
complier to create a set of machine-readable instructions
6. COMPILER converts a source program to a machine language object
program
7. INTERPRETER converts each source code instruction to object code each
time it is executed
8. DATABASE MANAGEMENT SYSTEM (DBMS) a software package for the
purpose of creating, accessing, and maintaining a database
9. TELECOMMUNICATIONS MONITOR PROGRAM provides edit capabilities and
file maintenance to users, monitors on-line terminals, and handles input to
application programs
ELECTRONIC DATA INTERCHANGE (EDI) the electronic exchange of

transactions, from one entitys computer to another entitys computer through an
electronic communications network. In electronic fund transfer (EFT) Systems, for
example, electronic transactions replace checks as a mean of payment.
EDI controls include:
a. Authentication controls must exist over the origin, proper submission,
and proper delivery of EDI communications to ensure that the EDI
messages are accurately sent and received to and from authorized
customers and suppliers.
b. Encryption involves conversion of plain text data to cipher text data to
make EDI messages unreadable to unauthorized persons
c. VAN controls a value added network (VAN) is a computer service
organization that provides network, storage, and forwarding (mailbox)
services for EDI messages
AUDIT APPROACHES
1. Auditing around the computer the auditor ignores or bypasses the computer
processing function of an entitys EDP system
2. Auditing with the computer the computer is used as an audit tool
41
3. Auditing through the computer the auditor enters the clients system and
examines directly the computer and its system and application software
COMPUTER ASSISTED AUDIT TECHNIQUES FOR TESTS OF CONTROLS

I. Program analysis techniques that allow the auditor to gain an
understanding of the clients program
1. Code review involves actual analysis of the logic of the programs
processing routines
2. Comparison programs programs that allow the auditor to compare
computerized files
3. Flowcharting software used to produce a flowchart of a programs
logic and may be used both in mainframe and microcomputer
environments
4. Program tracing and mapping program tracing is a technique in
which instruction executed is listed along with control information
affecting that instruction. Program mapping identifies sections of
code which may be potential source of abuse
5. Snapshot this technique takes a picture of the status of program
execution, intermediate results, or transaction data at specified
processing points I the program processing
II. Program testing involves the use of auditor-controlled actual or
simulated data
1. Historical audit techniques test the audit computer controls at a
point in time
a. Test data
A set of dummy transactions specifically designed to test
the control activities that management claims to have
incorporated into the processing programs
Shifts control over processing to the auditor by using the
clients software to process auditor-prepared test data
that includes both valid and invalid conditions
It embedded controls are functioning properly, the clients
software should detect all the exceptions planted in the
auditors test data
Ineffective if the client does not use the software tested
b. Base case system evaluation (BCSE)
Develops test data that purports to test every possible
condition that an auditor expects a clients software will
confront
Provides an auditor with much more assurance than test
data alone, but expensive to develop and therefore cost-
effective only in large computer systems
c. Integrated test facility (ITF)
A variation of test of data whereby simulated data and actual data are run
simultaneously with the clients program and computer results are
compared with auditors predetermined results
It provides assurance that the software tested is actually used to prepare
financial reports
d. Parallel simulation
It involves of processing clients live (actual) data utilizing an auditors
generalized audit software
If an entitys control have been operating efficiently, the clients software
should generate the same exceptions as the auditors software
It should be performed on a surprise basis, I possible
e. Controlled reprocessing
A variation of parallel simulation, it involves processing of actual client data
through a copy of the clients application program
2. Continuous audit techniques test the audit computer controls
throughout a period.
a. Audit modules programmed audit routines incorporated into
an application program that are designed to perform an audit
function such as a calculation, or logging activity
b. Systems control audit review files (SCARFs) log that collect
transaction information for subsequent review and analysis
by the auditor
42
c. Audit hooks exists in an entitys computer program that
allows an auditor to insert commands for audit processing
d. Transaction tagging a transaction record is tagged and then
traced through critical control points in the information
system
e. Extended records this technique attaches additional audit
data which would not otherwise be saved to regular historic
records and thereby helps to provide a more complete audit
trail
III. Review of operating system and other system software
1. JOB ACCOUNTING DATA/ OPERATING SYSTEM LOGS these logs that
track particular functions, include reports of the resources use by
the computer system. The auditor may be able to use them to
review the work processed, to determined whether unauthorized
applications were processed and to determine that authorized
applications were processed properly
2. LIBRARY MANAGEMENT SOFTWARE this logs changes in programs,
program modules, job control language, and other processing
activities
3. ACCESS CONTROL AND SECURITY SOFTWARE this restricts access
to computers to authorized personnel through techniques such as
only allowing certain users with read-only access or through use
of an encryption
COMPUTERIZED AUDIT TOOLS
1. AUDIT SOFTWARE computer programs used to process data of audit
significance from the clients accounting system
a. Package programs (generalized audit software)
1. Reading computer files
2. Selecting samples
3. Performing calculations
4. Creating data files
5. Printing reports in an auditor-specified format
b. Purpose written programs (special purpose or custom designed programs)
c. Utility programs they are generally not designed for audit purposes
2. Electronic spreadsheets contain a variety of predefined mathematical
operations and functions that can be applied to data entered into the cells of
a spreadsheet
3. Automated work paper software designed to generate a trial balance, lead
schedules, and other reports useful for the audit. The schedules and reports
can be created once the auditor has either manually entered or electronically
imported through using the clients account balance information into the
system
4. Text retrieval software allow user to view any text that ia available in an
electronic format. The software program allows the user to browse through
text files much as a user would browse through books.
5. Database management systems
6. Public databases
7. Word processing software
Factors to consider in using CAAT
1. Degree of technical competence in CIS
2. Availability of CAAT and appropriate computer facilities
3. Impracticability of manual tests
4. Effectiveness and efficiency
5. Timing of tests
Controlling the CAAT application

Procedures to control the use of AUDIT SOFTWARE may include:
1. Participating in the design and testing of computer programs
2. Checking the coding of the program
3. Requesting the clients CIS personnel to review the operating system
instructions
4. Running the audit software on small test files before running them on main
data files
5. Ensuring that the correct files were used
6. Obtaining evidence that the audit software functioned as planned
7. Establishing appropriate security measures to safeguard against
manipulations of the entitys data files
43
Procedures to control the use of TEST DATA may include:
1. Controlling the sequence of submission of test data where it spans several
processing cycles
2. Performing test runs
3. Predicting the results of test data
4. Confirming that the current version of the program was used
5. Obtaining reasonable assurance that the programs used to process the test
data were used by the entity throughout the applicable audit period
Manila
AUDITING THEORY CPA

REVIEW
COMPLETING THE AUDIT
The procedures to wrap-up an audit engagement are:

1. Review for related party transactions
2. Review for subsequent events
3. Make inquiries of a clients legal counsel
4. Search for unrecorded liabilities
5. Perform final review stage analytical procedures
6. Review adequacy of disclosures using a disclosure checklist that list all
specific disclosures required by GAAP and the SEC, if appropriate
7. Review of working papers
8. Form an opinion
RELATED PARTY TRANSACTIONS

Identifying transactions with related parties
The following procedures may identify material transactions with known related
parties or indicate the existence of previously unknown related parties:
1. Provide personnel performing all segments of the audit with the names of
known related parties
2. Review the minutes of meetings of the board of directors and committees
3. Review filings with SEC and other regulatory agencies
4. Review conflict-of-interest statements obtained from the clients management
5. Review business transacted with major customers, suppliers, borrowers, and
lenders for indications of undisclosed relationships
6. Consider whether unrecognized transactions are occurring, such as receiving
or providing accounting, management, or other services at no charge
7. Review accounting records for large, unusual, or nonrecurring transactions or
balances, especially those near the end of the period
8. Review invoices from law firms
9. Review confirmations of loan receivable and payable for guarantees.
Examining identified related party transaction

1. Obtain an understanding of the business purpose of the transaction
2. Examine invoices, executed copies of agreements, contracts, and other
documents
3. Determine whether the transaction has been approved by the board of
directors or other officials
4. Test for reasonableness the compilation of amounts to be disclosed or
considered for disclosure
5. Arrange for the audits of intercompany balances to be performed as of
concurrent dates, even the fiscal years differ, and for the examination of the
specified, important, and representative related party transactions by the
auditor for each of the parties with appropriate exchange of relevant
information
6. Inspect or confirm and obtain satisfaction concerning the transferability and
value of the collateral
EVENTS AFTER THE BALANCE SHEET DATE (subsequent events)

(Based on PSA 560 subsequent events)
44
1. Events after the balance sheet date are those events, both favorable and
unfavorable, that occur between the balance sheet date and the date when
the financial statements are authorized for issue
2. The following procedures are typically performed at or near the completion of
the fieldwork to detect subsequent events:
a. Read the latest available interim financial statements and compare
them with the financial statements being reported on
b. Read the available minutes of the meetings of stockholders,
directors, and appropriate committees
c. Assemble pertinent findings resulting from inquiries of legal counsel
and other auditing procedures for litigation, claims, and
assessments
d. Obtain a letter of representation from management
3. When the auditor becomes aware of events which materially affect the
financial statements, the auditor should consider whether such events are
properly accounted for and adequately disclosed in the financial statements
INQUIRIES OF CLIENTS LEGAL COUNSEL

1. The auditor is required to communicate directly with a clients attorney about
liabilities arising from litigations, claims, and assessments
2. A list of legal issues should be prepared by the clients management, rather
than the clients attorney. This information is sent by the auditor to the
auditor to the attorney, requesting information about:
a. Pending or threatened litigation, claims, and assessments
b. Unasserted claims and assessments
3. The client should request the attorney to furnish the following information for
all pending or threatened litigation, claims, and assessments, and to
comment on differences between the attorneys and managements views:
a. A description of the nature of the matter, progress to date, and
action that client intends to take
b. An evaluation of the likelihood of an unfavorable outcome and an
estimate, if one can be made, of the amount or range of potential
loss
c. A statement that managements list of pending or threatened
claims is complete, or identification of any omissions
4. The attorneys refusal to reply to the audit inquiry is a SCOPE LIMITATION that
may affect the audit report
5. In the case of unasserted claims which the client has not disclosed, the
lawyer is not required to note them in his or her reply to the auditor.
However, the lawyer is generally required to inform the client of the omission
and to consider withdrawing if the client fails to inform the auditor
MANAGEMENT REPRESENTATION LETTER

(BASED ON PSA 560 MANAGEMENT REPRESENTATIONS)
1. The representation letter
a. Confirms the oral representations given by management to the
auditor and reduces the possibility of misunderstanding between
the client and the auditor
b. Reminds management of its primary responsibility for the financial
statements
c. Addressed to the auditor
d. Dated as of the audit report date
e. Signed by the CEO and the CFO
f. Not a substitute for the application of other necessary auditing
procedures
2. If management refuses to provide a representation that the auditor considers
necessary, this constitutes a scope limitation and the auditor should express
a qualified opinion or a disclaimer of opinion
3. Written representations requested from management may be limited to
matters that are considered either individually or collectively material to the
financial statements
EXAMPLE OF A MANAGEMENT REPRESENTATION LETTER

(ENTITY LETTERHEAD)
(TO AUDITOR) (DATE)
45
The representation letter is provided in connection with your audit of the financial
statements of ABC Company for the year ended December 31, 20X1 for the purpose of
expressing an opinion as to whether the financial statements present fairly, in all material
aspects, the financial position of ABC Company as of December 31, 20X1 and of the results
of its operations and its cash flows for the year time ended in accordance with (indicate
relevant financial reporting framework).
We acknowledge our responsibility for the fair presentation of the financial statements in
accordance with (indicate relevant financial reporting framework).
We confirm to the best of our knowledge and belief, the following representations:
Include here representations relevant to the entity. Such representations may include:
There have been no irregularities involving management or employees who have a
significant role in the accounting and internal control systems or that could have a
material effect on the financial statements
We have made available to you all the books of account and supporting
documentation and all minutes of meetings and shareholders and BOD (namely
those held on (dates) respectively)
We confirm the completeness of the information provided regarding the
identification of related parties
The financial statements are free of material misstatements, including omissions
The company has complied with all aspects of contractual agreements that could
have a material effect on the financial statements in the event of noncompliance.
There has been no noncompliance with requirements of regulatory authorities that
could have a material effect on the financial statements in the event of
noncompliance.
We have no plans or intentions that may affect or alter the carrying value or
classification of asset and liabilities reflected in the financial statement
(no plans regarding the inventory abandonment or no inventory were stated in an
amount in excess of net realizable value)
Indicate that there are no events subsequent to period which require adjustments
in the statements
Indicate that the claim is settled in a specific amount and there are no other
litigations are expected to be received
Indicate that there are no formal or informal compensating balance arrangements
with any of the cash, except those that are disclosed
Indicate that you have recorded material regarding the capital per se
______________________
(Senior Executive Officer)
______________________
(Senior Financial Officer)
EVALUATION OF GOING CONCERN STATUS

(BASED ON PSA 570 GOING CONCERN)
1. The auditor should evaluate if the entity is going to continue as a going
concern
2. The auditor should consider:
The process followed
Assumptions that are being based on
Managements plans for future action
3. When doubting events with regards to its going concern assumption, the
auditor should:
Review the plans of the management
Gather sufficient evidence that indicates a company will not be able to
carry out the business anymore, consider the effect of any plans and
other mitigating factors
Seek written representations from the management regarding its
future plans
4. Events and conditions that may cast doubt about the going concern
assumption:
FINANCIAL
Net (current) liability position
Fixed-term borrowings approaching maturity without realistic prospects
of renewal or repayment
Financial debtors indications of withdrawal
Negative operating cash flows
46
Adverse key financial ratios
Substantial operating loss or deterioration of assets
Arrears of dividends
Inability to pay creditors on time
Inability to comply with loan terms and agreements
Conversion of cash to credit when in delivery
Inability to obtain financing for essential investments
OPERATING
Loss of key management personnel without replacement
Loss of major franchise, supplier etc.
Labor and shortages of important supplies
OTHER
Non compliance with capital or other statutory requirements
Pending legal or regulatory proceedings against the entity
Changes in the legislation or government policy that may affect the
entity
WRITING A MANAGEMENT LETTER

1. Reasons:
a. To encourage a better relationship between the auditor and the
management
b. To suggest additional tax and management services that the
auditor can provide
2. This letter is OPTIONAL and it helps the client operate its business effectively
3. There is no standard format for writing this letter.
Manila
AUDITING THEORY CPA

REVIEW
THE AUDITORS REPORT ON FINANCIAL STATEMENTS
(Based on PSA 700 revised The Independent Auditors Report
On a Complete Set of General Purpose Financial Statements)
INDEPENDENT AUDITORS REPORT
[Appropriate addressee]
Report on the financial statements

[This subheading is unnecessary in circumstances when the second subheading
Report on Other Legal and Regulatory Requirements is not applicable.
We have audited the accompanying financial statements of ABC Company which

comprise a balance sheet as at date December 31, 20X1, and the income
statement, statement of changes in equity and cash flow statement for the year
ended, and a summary of significant accounting policies and other explanatory
notes.
Managements responsibility for the financial statements

Management is responsible for the preparation and fair presentation of these
financial statements in accordance with the Philippine Financial Reporting
Standards. This responsibility includes: designing, maintaining and implementing
internal control relevant to the preparation and fair presentation of financial
statements that are free from material misstatements, whether due to fraud or
error; selecting and applying appropriate accounting policies; and making
accounting estimates that are reasonable in circumstances.
Auditors responsibility
Our responsibility is to express an opinion on these financial statements based on
our audit. We conducted our audit in accordance with Philippine Standards on
Auditing. Those standards require that we comply with ethical requirements and
plan and perform the audit to obtain reasonable assurance whether the financial
statements are free from material misstatement. An audit involves performing
47
procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend upon the auditors judgment,
including the assessment of the risks of material misstatements on the financial
statements whether due to fraud or error. In making those risk assessments; the
auditor considers internal control relevant to the entitys preparation and fair
presentation of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an opinion
on the effectiveness of the internal control of the entity. An audit also includes
evaluating the appropriateness of the accounting policies used and the
reasonableness of accounting estimates made by the management, as well as
evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements fairly, in all material respects, the financial
position of ABC Company as of December 31, 20X1, and of its financial performance
and its cash flows for the year then ended in accordance with the Philippine
Financial Reporting Standards.
Report on other legal and regulatory requirements

[Form and content of this section of the auditors report will vary depending on the
nature of the auditors other reporting responsibilities]
[Auditors signature]
[Date of Auditors report]
[Auditors address]
MODIFICATIONS TO THE INDEPENDENT AUDITORS REPORT (BASED

ON PSA 701)
Matters that do not affect the auditors opinion
You may add an emphasis of matter paragraph to the report to
highlight a matter affecting the financial statements which is included
in the note of the financial statements that more extensively discuss
the matter
The paragraph would preferably be included after the opinion
paragraph but before the section on any other reporting
responsibilities, if any.
Emphasis of matter paragraph is used to highlight the existence of:
Material uncertainty relating to the event or condition that may
cast significant doubt on the entitys ability to continue as a
going concern; or
Significant uncertainty (other than a going concern problem),
the resolution of which is dependent upon future events and
which may affect the financial statements
Emphasis of matter paragraph to report on matters other than those
affecting the financial statements. For example, if an amendment to
other information in a document containing audited financial
statements is necessary and the entity refuses to make an amendment
Example of an emphasis of matter paragraph relating to a going concern

problem:
Without qualifying our opinion, we draw attention to Note X in the financial

statements which indicates that the Company incurred a net loss of P_____ during
the year ended December 31,20X1 and, as of date, the companys current liabilities
exceeded its total assets by P_____. These conditions, along with other matters, as
set forth in Note X, indicate the existence of a material uncertainty which may cast
significant doubt about the Companys ability to continue as a going concern.
Matters that affect the auditors opinion
48
If the following circumstances exists that the auditor may not be able
to conclude an unqualified judgment and the effect of the matter is or
may be material to the financial statements:
There is a limitation on the scope of the auditors work.
could lead to a qualified opinion or a disclaimer of opinion
A disagreement with the management regarding the
acceptability of the accounting policies selected the method
of their application on the adequacy of financial statement
disclosures. Could lead to a qualified opinion or an adverse of
opinion.
Qualified opinion
Should be expressed when the auditor concludes that the unqualified
opinion cannot be expressed but that the effect of any disagreement
with management, or limitation on scope is not so material and
pervasive as to require an adverse opinion or a disclaimer of opinion.
A qualified opinion should be expressed as being except for the
effects of the matter to which the qualification relates.
Adverse opinion
Should be expressed when the effect of the disagreement is so
material and pervasive to the financial statements that the auditor
concludes that a qualification of the report is not adequate to disclose
the misleading or incomplete nature of the financial statements.
Disclaimer of Opinion
Should be expressed when the possible effect of a limitation on the
scope is so material and pervasive that the auditor has not been able
to obtain sufficient appropriate audit evidence and accordingly is
unable to express an opinion on the financial statements.
REPORT MODIFICATIONS
Limitation on scope
ILLUSTRATIVE EXAMPLES OF MODIFIED REPORTS
1. LIMITATION ON SCOPE QUALIFIED OPINION

We have audited (remaining words are the same as in the introductory
page)
Management is responsible for (same as illustrated in the managements

responsibility paragraph)
Our responsibility is to express an opinion on these financial statements based

on our audit. Except as discussed in the following paragraph, we conducted
our audit in accordance with (auditors responsibility paragraph)
We did not observe the counting of the physical inventories as of December

31, 20X1, since that date was prior to the time we were initially engaged as
auditors for the company. Owing to the nature of the companys records, we
were unable to satisfy ourselves as to inventory quantities by other audit
procedures.
In our opinion, except for the effects of such adjustments, if any, as might
have been determined to be necessary had we been able to satisfy ourselves
as to physical inventory quantities, the financial statements fairly presents, in
all material respects (opinion paragraph)
2. LIMITATION ON SCOPE DISCLAIMER OF OPINION

We were engaged to audit the accompanying financial statements of ABC
Company, which comprise the balance sheet date as of December 31, 20X1,
49
and the income statements, statement of changes in equity and cash flow
statement for the year ended, and a summary of significant accounting
policies and other explanatory notes.

(Omit the sentence stating the responsibility of the auditor)
(The paragraph discussing the scope of the audit would either be omitted or
amended according to the circumstances)
(Add a paragraph describing the scope limitation as follows:
We were not able to observe all physical inventories and confirm accounts
receivables due to limitations placed on the scope of our work by the
company)
Because of the significance of the matters discussed in the preceding

paragraph, we do not express an opinion on the financial statements.
3. DISAGREEMENT ON ACCOUNTING POLICIES INAPPROPRIATE

ACCOUNTING METHOD
QUALIFIED OPINION
page)


As discussed in the Note X to the financial statements, no depreciation has

been provided in the financial statements which practice, in our opinion, is not
in accordance in PFRS. The provision for the year ended December 31, 20X1,
should be xxx based on the straight-line method of depreciation using annual
rates of 5% for the building and 20% for the equipment. Accordingly, the fixed
assets should be reducedby accumulated depreciation of xxx and the loss for
the year and accumulated deficit should be increased by xxx and xxx,
respectively.
In our opinion, except for the effects of such adjustments, if any, as might
have been determined to be necessary had we been able to satisfy ourselves
as to physical inventory quantities, the financial statements fairly presents, in
all material respects (opinion paragraph)
4. DISAGREEMENT ON ACCOUNTING POLICIES INADEQUATE
DISCLOSURES
QUALIFIED OPINION
page)


On January 31,20X2, the Company issued debentures in the amount of for

the purpose of financing plant expansion. The debenture agreement restricts
the payment of future cash dividends to earnings after December 31,19X1,
which restrictions was not disclosed in the companys financial statements.
Disclosure of this is required by the PAS 1, Presentation of financial
statements.
In our opinion, except for the omission of the information included in the
preceding paragraph, the financial statements present fairly, in all material
respects (opinion paragraph)
50
5. DISAGREEMENT ON ACCOUNTING POLICIES INADEQUATE
DISCLOSURE
ADVERSE OPINION
page)


(Paragraph(s) discussing the disagreement)
In our opinion, because of the effects of the matters discussed in the

preceding paragraph(s), the financial statements do not present fairly, in all
material respects, the financial position of ABC Company as of December
31,19X1, and of its financial performance and its cash flows for the year then
ended in accordance with PFRS (Opinion paragraph)
SUBSEQUENT EVENTS (BASED ON PSA 560)

1. The auditor should consider the effect of subsequent events on the
financial statements and on auditors report.
Events occurring up to the date of the auditors report

2. The auditor should perform procedures designed to obtain sufficient
appropriate audit evidence that all events up to date of the auditors
report that may require adjustment of, or disclosure in, the financial
statements have been identified.
3. When the auditor becomes aware of events which materially affect the
financial statements, the auditor should consider whether such events
are properly accounted for and adequately disclosed in the financial
statements.
Facts discovered after the date of the auditors report but before
the financial statements are issued
4. During the period from the date of the auditors report to the date the
financial statements are issued:
o The responsibility to inform the auditor of facts which may affect
the financial statements rests with management
o When the auditor becomes aware of the facts that will materially
affect the financial statements, the auditor should:
Consider whether the financial statements needed
amendment
Discuss the matter with the management
Take the action appropriate in the circumstances
5. When the management amends the financial statements, the auditor
would carry out the procedures necessary in the circumstances and
would provide management with a new report on the amended
financial statements
6. The new auditors report would be dated not earlier than the date the
amended financial statements are signed or approved and,
accordingly, the procedures to identify subsequent events would be
extended to the date of the new auditors report
7. When management does not amend the financial statements but the
auditor believes they need to be amended and the auditors report has
not been released to the entity, the auditor should express a qualified
opinion or an adverse opinion.
Facts discovered after the financial statements have been issued

8. After the financial statements have been issued, the auditor has no
obligation to make any inquiry regarding such financial statements.
51
9. When, after the financial statements have been issued, the auditor
becomes aware of a fact which existed at the date of the auditors
report and which, if known at date, may have caused the auditor to
modify the auditors report, the auditor should:
o Consider whether the financial statements need revision
o Discuss the matter with management
o Take the appropriate action in the circumstances
10. When management revises the financial statements, the auditor
would:
o Carry out the audit procedures necessary in the circumstances
o Review the steps taken by management to ensure that anyone in
receipt of the previously issued financial statements together
with the auditors report thereon is informed of the situation.
o Issue a new report on the revised financial statements:
Include an emphasis of a matter paragraph.
Would be dated earlier than the date the revised financial
statements are approved
The auditor is permitted to restrict the audit procedures
regarding the revised financial statements to effects of the
subsequent event that necessitated the revision.
11. It may not be necessary to revise the financial statements and
issue a new auditors report when issue of the financial statements for
the following period is imminent, provided appropriate disclosures are
to be made in such statements
USING THE WORK OF ANOTHER AUDITOR (BASED ON PSA 600)

1. The principal auditor is the auditor with responsibility for reporting on
the financial statements of an entity when those financial statements
include financial information of one or more components audited by
another auditor
2. The auditor should consider whether the auditors own participation is
sufficient to be able to act as principal auditor. The following would be
considered:
o The materiality of the portion of the financial statements which
the principal auditor audits
o The principal auditors degree of knowledge regarding the
business of the components
o The risk of material misstatements in the financial statements of
the components audited by the other auditor
o The performance of additional procedures as set out in PSA 600
regarding the components audited by other auditor resulting in
the principal auditor having significant participation in such audit
3. When planning to use the work of another auditor, the principal auditor
should:
o Consider the professional competence of the other auditor in the
context of specific assignment
o Perform procedures to obtain sufficient appropriate audit
evidence that the work of the other auditor is adequate for the
principal auditors purposes in the context of the specific
assignment
o Consider the significant findings of the other auditor
4. Reporting conclusions
o When the principal auditor concludes that the work of the other
cannot be used and the principal auditor has not been able to
perform sufficient additional procedures regarding financial
information of the component audited by the other auditor, the
principal auditor should express a qualified or a disclaimer of
opinion because of a scope of limitation.
o If the auditor issues or intend to issue, a modified auditors
report, the principal auditor would consider whether the subject
52
of modification is of such a nature and significance, in relation to
the financial statements of the entity on which the principal
auditor is reporting that a modification on the principal auditors
report is required.
5. Division of responsibility
o When the principal auditor bases the audit opinion on the
financial statements taken as a whole solely upon the report of
another auditor regarding the audit of one or more components,
the principal auditors report should state this fact clearly and
should indicate the magnitude of the portion of the financial
statements audited by the other auditor.
COMPARATIVES (BASED ON PSA 710)

1. Two broad financial reporting frameworks for comparatives:
CORRESPONDING FIGURES
o For the prior periods, these are an integral part of the current
period financial statements and have to be read in conjunction
with the amounts and other disclosures relating to the current
period.
o These are not presented as complete financial statements
capable of standing alone
o The auditor should obtain sufficient appropriate audit evidence
that the corresponding figures meet the requirements of GAAP in
the Philippine
o The auditor should assess whether:
Accounting policies used for the corresponding figures are
consistent with those of the current period or whether
appropriate adjustments and/or disclosures have been
made
Corresponding figures agree with the amounts and other
disclosures presented in prior period or whether
appropriate adjustments and/or disclosures have been
made
COMPARATIVE FINANCIAL STATEMENTS
These comparative financial statements for the prior period(s) are
considered separate financial statements.
These are presented for comparison with the financial statements of
the current period, but do not form part of the current period financial
statements
The auditor should obtain sufficient appropriate evidence that the
comparative financial statements meet the requirements of GAAP in
the Philippines
The auditor should assess whether:
o Accounting policies of the prior period are consistent with those
of the current period or whether appropriate adjustments and/or
disclosures have been made
o Prior period figures presented agree with the amounts and other
disclosures presented in the prior period or whether appropriate
judgments and disclosures have been made
REPORTING CORRESPONDING FIGURES

1. The comparatives are not specifically identified in the audit report
because the auditors opinion is on the current period financial
statements as a whole, including the corresponding figures
2. When the auditors report on the prior period, as previously issued,
included an opinion other than unqualified and the matter which gave
rise to the modification is:
53
a. Unresolved, and results in modification of the auditors report
regarding the current figures period, the auditors report should
also be modified regarding the corresponding figures
b. Unresolved, but does not result in a modification of the auditors
report regarding the current period figures, the auditors report
should also be modified regarding the corresponding figures
c. Resolved, and properly dealt with in the financial statements, the
current period report does not ordinarily refer to the previous
modification. However, if the matter is material to the current
period, the auditor may include an emphasis of the matter
paragraph dealing with the situation
3. When the incoming auditor decides to refer to the predecessor

auditors report, the incoming auditors report should indicate:
a. That the financial statements of the prior period were audited by
another auditor
b. Type of report issued by the predecessor auditor and, if the
report was modified, the reasons therefore;
c. Date of that report
4. When the prior period financial statements were not audited, the
incoming auditor should state that the corresponding figures are
unaudited.
5. If the incoming auditor identifies that the corresponding figures are
materially misstated, the auditor should request management to revise
the corresponding figures or if management refuses to do so,
appropriately modify the report
REPORTING COMPARATIVE FINANCIAL STATEMENTS

CONTINUING AUDITOR
1. The auditor may express adverse or qualified opinion, disclaim an
opinion, or include an emphasis of paragraph with respect to one or
more financial statements for one or more period, while issuing a
different report on the other financial statements
2. When finding the connectivity of the prior period financial statements
with the current financial statements, if the opinion on such prior
period is different from the opinion previously expressed, the auditor
should disclose the substantive reasons for the different opinion in an
emphasis of matter paragraph
INCOMING AUDITOR
When the financial statements of the prior period were audited by another
auditor,
The predecessor auditor may reissue the audit report on the prior
period with the incoming auditor only reporting on the current period;
or
The incoming auditors report should state that the prior period was
audited by another auditor and the incoming auditors report should
indicate:
o That the financial statements of the prior period was audited by
another auditor
o The type of report issued by the predecessor auditor, and if the
report was modified, the reasons; therefore
o Date of the report
PRIOR PERIOD FINANCIAL STATEMENTS NOT AUDITED

1. When the prior financial statements were not audited, the incoming
auditor should state in the auditors report that the comprehensive
financial statements are unaudited
54
2. If the prior period financial statements were materially misstated, the
auditor should request management to revise the prior years figures
or if management refuses to do so, appropriately modify the report
OTHER INFORMATION IN DOCUMENTS CONTAINING AUDITED

FINANCIAL STATEMENTS (BASED ON PSA 720)
1. An entity ordinarily issues on an annual basis a document which

includes its audited financial statements together with the auditors
report thereon, also called annual report.
Material inconsistencies
2. This exists when the other information contradicts information
contained in the audited financial statements
3. If, on reading the other information, the auditor identifies material
inconsistency, the auditor should determine whether the financial
statements need to be amended
If the amendment is necessary and the entity refuses to make
an amendment, the auditor should express a qualified or
adverse opinion
If the amendment is necessary and the entity refuses to make
an amendment, the auditor should consider including in the
auditor auditors report an emphasis of matter paragraph.
Material misstatements of facts

4. A Material misstatements of fact in other information exists when such
information, not related to matters appearing in the audited financial
statements, is incorrectly stated or presented
5. If the auditor becomes aware that there is a misstatement of fact, the
auditor should discuss the matter with the entitys management
6. When the auditor still considers there is an apparent misstatement of
fact in the other information which management refuses to correct, the
auditor should consider taking appropriate action such as notifying
those persons ultimately responsible for the overall direction of the
entity in writing of the auditors concern regarding the other
information and obtaining legal advice
THE AUDITORS REPORT ON SPECIAL PURPOSE AUDOT

ENGAGEMENTS
(BASED ON PSA 800)
1. Special purpose audit engagements include:
a. Financial statements prepared in accordance with a
comprehensive basis of accounting other than GAAP in the
Philippines
b. Specified accounts, elements of accounts, or terms in a financial
statement
c. Compliance with contractual agreements
d. Summarized financial statements
2. The auditor should assess and review the conclusions drawn from the
audit evidenced obtained during the special purpose audit
engagement as the basis for an expression of opinion. The report
should contain a clear written expression of opinion
3. Before undertaking a special purpose audit engagement, the auditor
should ensure there is agreement with the client as to the exact nature
of the engagement and the form and content of the report to be issued
4. The auditors report on a special purpose audit engagement, except for
a report on summarized financial statements, should include the
following basic elements, ordinarily in the following layout:
Title
Addressee
Opening or introductory paragraph
55
o Identification of the financial information audited
o A statement of the responsibility of the entitys
management and the responsibility of the auditor
A scope paragraph
o Reference to the PSAs applicable to special purpose audit
engagements
o Description of the work the auditor performed
Opinion paragraph containing an expression of opinion on the
financial information
Date of the report
Auditors address
Auditors signature
Reports on an other comprehensive basis of accounting financial

statements
1. The report should include a statement that indicates the basis of
accounting used or should refer to the note to the financial statements
giving that information
2. The opinion should state whether the financial statements are
prepared, in all material aspects, in accordance with the identified
basis of accounting
3. If the financial statements are not suitably titled or the basis of
accounting is not adequately disclosed, the auditor should issue an
appropriately modified report
Reports on a component financial statement

1. This type of engagement may be undertaken as a separate
engagement or in conjunction with an audit of the entitys financial
statements
2. The auditors report on a component of financial statements should
include a statement that indicates the basis accounting in accordance
with which the component is presented or refers to an agreement that
specifies the basis. The opinion should state whether the component is
prepared, in all material aspects, in accordance with the identified
basis of accounting.
3. When an adverse opinion or disclaimer of opinion on the entire
financial statements has been expressed, the auditor should report
components of the financial statements only if those components are
not so extensive as to constitute a major portion of the financial
statements. To do otherwise may overshadow the report on the entitre
financial statements.
Reports on a compliance with contractual agreements

1. Engagements to express an opinion as to an entitys compliance with
contractual agreements should be undertaken only when the overall
aspects of compliance relate to accounting and financial matters within
the scope of the auditors professional competence
2. The report should state whether, in the auditors opinion, the entity has
complied with the particular provisions of the agreement
Reports on summarized financial statements

1. Unless the auditor has expressed an audit opinion on the financial
statements from which the summarized financial statements are
derived, the auditor should not report the summarized financial
statements
2. Summarized financial statements should be appropriately titled to
identify the audited financial statements from which they have been
derived.
3. Summarized financial statements do not contain all the information
required by the financial reporting framework used for annual audited
56
financial statements. Consequently, wording such as present fairly, in
all material respects, is not used
4. The following elements in an auditors report:
a. Title
b. Addressee
c. An identification of the audited financial statements from the
summarized financial statements were derived
d. A reference to the date of the audit report on the unabridged
financial statement and the type of opinion given in that report
e. An opinion as to whether the information in the summarized
financial statements is consistent with the audited financial
statements from which it is derived
f. A statements, or reference to te note within the summarized
financial statements, which indicates that for a better
understanding of an entitys financial performance and position
and of the scope of the audit performed, the summarized
financial statements should be read n conjunction with the
unabridged financial statements and the audit report thereon
g. Date of the report
h. Auditors address
i. Auditors signature
Manila
AUDITING THEORY
CPA REVIEW
REPORTS OTHER ASSURANCE AND RELATED SERVICES
ENGAGEMENTS TO REVIEW FINANCIAL STATEMENTS

(Based on PSRE 2400)
1. The objective of a review of financial statements is to enable an auditor

to state whether, on the basis of procedures which do not provide all the
evidence that would be required in an audit, anything has come to the
auditors attention that causes the auditor to believe that the financial
statements are not prepared, in all material respects, in accordance with
Philippine Financial Reporting Standards (negative assurance).
2. For the purpose of expressing negative assurance in the review report,

the auditor should obtain sufficient appropriate audit evidence primarily
through inquiry and analytical procedures to be able to draw
conclusions.
3. A review engagement provides a moderate level of assurance that

the information subject to review is free of material misstatement. This is
expressed in the form of negative assurance.
4. In planning a review of financial statements, the auditor should obtain or

update the knowledge of the business including consideration of the
entitys organization, accounting systems, operating characteristics and
the nature of its assets, liabilities, revenues, and expenses.
5. Procedures for the review of financial statements will ordinarily include:

Obtaining an understanding of the entitys business and the industry
in which I operates.
Inquiries concerning the entitys
Accounting principles and practices.
Procedures for recording, classifying, and summarizing transactions, and
accumulating information for disclosures.
57
Actions taken at meeting of stockholders, the board of directors, and
committees.
Analytical procedures designed to identify relationships and
individual items that appear unusual. Examples:
Comparison of the financial statements with those from prior periods.
Comparison of the statements with anticipated results, such as previously
prepared budgets or forecasts.
Study of the relationships of elements of the financial statements that are
expected to form a predictable pattern.
Reading the financial statements to consider, on the basis of
information coming to the auditors attention, whether the financial
statements appear to conform to basis of accounting indicated.
Obtaining reports from other auditors, if any if considered
necessary, who have been engaged to audit or review the financial
statements of components of the entity.
Inquiries of persons having responsibility for financial and accounting
matters concerning, for example:
Whether all transactions have been recorded.
Whether the financial statements have been prepared in accordance with
the basis of accounting indicated.
Changes in the entitys business activities and accounting principles and
practices.
Matters as to which questions have arisen in the course of applying the
foregoing procedures.
Obtaining written representations from managements when considered
appropriate.
6. If the auditor has reason to believe that the information subject to review
may be materially misstated, the auditor should carry out additional or
more extensive procedures as are necessary to be able to express
negative assurance or to confirm that a modified report is required.
EXAMPLE OF AN UNQUALIFIED REVIEW REPORT
We have reviewed the accompanying balance sheet of AAA Company at December 31, 19XX, and the related
statements of income, changes in equity and cash flows for the year then ended. These financial statements are the
responsibility of the Companys management. Our responsibility is to issue a report on these financial statements
based on our review.
We conducted our review in accordance with the Philippines Standards on Review Engagements 2400. This
Standard requires that we plan and perform the review to obtain moderate assurance as to whether the financial
statements are free of material misstatement. A review is limited primarily to inquiries of company personnel and
analytical procedures applied to financial data and thus provide less assurance than an audit. We have not performed
an audit an accordingly, we do not express an audit opinion.
Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial
statements are not presented fairly, in all material respects in accordance with Philippine Financial Reporting
Standards.
ENGAGEMENTS TO PERFORM AGRRED-UPON PROCEDURES

REGARDING FINANCIAL INFORMATION (Based on PSRS 4400)
1. An engagement to perform agreed-upon procedures may involve the

auditor in performing certain procedures concerning:
Individual items of financial data (for example, accounts payable, accounts
receivable, purchases from related parties and sales and profits of a segment of an
entity).
A financial statement (for example, a balance sheet).
A complete set of financial statements.
2. The objective of an agreed-upon procedures engagement is for the
auditor to carry out procedures of an audit nature to which the auditor
and the entity and any appropriate third parties have agreed and to
report on factual findings.
58
3. As the auditor simply provides a report of the factual findings of agreed-
upon procedures, no assurance is expressed. Users of the report
assess for themselves the procedures and findings reported by the
auditor and draw their own conclusions from the auditors work.
4. The report is restricted to those parties that have agreed to

procedures to be performed since others, unaware of the reasons for the
procedures, may misinterpret the results.
5. Independence is not a requirement for an agreed-upon procedures

engagement.
REPORTING
6. The report on an agreed-upon procedures engagement needs to describe

the purpose and the agreed-upon procedures of the engagement in
sufficient detail to enable the reader to understand the nature and the
extent of the work performed.
7. The report of factual findings should contain:

Title;
Addressee (ordinarily the client who engaged the auditor to perform the agreed-
upon procedures);
Identification of specific financial or non-financial information to which the agreed-
upon procedures have been applied;
A statement that the procedures performed was those agreed upon with the
recipient;
A statement that the engagement was performed in accordance with the Philippine
Standard on Related Services applicable to agreed upon procedures engagements;
A statement that the auditor is not independent of the entity if such is the case;
Identification of the purpose for which the agreed-upon procedures were performed;
A listing of the specific procedures performed;
A description of the auditors factual findings including sufficient details of errors and
exceptions found;
A statement that the procedures performed does not constitute either an audit or a
review and, as such, no assurance is expressed;
A statement that had the auditor performed additional procedures, an audit or a
review, other matters might have come to light that would have been reported;
A statement that the report is restricted to those parties that have agreed to the
procedures to be performed;
A statement (when applicable) that report relates only to the elements, accounts,
items, or financial and non-financial information specified and that it does not
extend to the entitys financial statements taken as a whole;
Date of the report;
Auditors address; and
Auditors signature.
ENGAGEMENTS TO COMPLETE FINANCIAL INFORMATION (Based on

PSRS 4410)
1. A compilation engagement would ordinarily include the preparation of

financial statements (which may or may not be a complete set of
financial statements) but may also include the collection, classification,
and summarization o other financial information.
2. The objective of a compilation engagement is for the accountant to use

accounting expertise, as opposed to auditing expertise, to collect, classify
and summarize financial information.
3. The procedures employed are not designed and do not enable the
accountant to express any assurance on the financial information.
59
4. Independence is not a requirement for a compilation engagement.
However, where the accountant is not independent, a statement to that
effect would be made in the accountants report.
5. The accountant should obtain a general knowledge of the business and

operations of the entity and should be familiar with the accounting
principles and practices of the industry in which the entity operates and
with the form and content of the financial information that is appropriate
in the circumstances.
6. The accountant is not ordinarily required to:

Make any inquiries of management to assess the reliability and
completeness of the information provided;
Assess internal controls;
Verify any matters;
Verify any explanations.
If the accountant becomes aware that information supplied by

management is incorrect, incomplete, or otherwise unsatisfactory, the
accountant should consider performing the above procedures and
request management to provide additional information.
If management refuses to provide additional information, the accountant

should withdraw from the engagement, informing the entity of the
reasons for the withdrawal.
7. The accountant should read the compiled information and consider

whether it appears to be appropriate in form and free from obvious
material misstatements.
8. The accountant should obtain an acknowledgement from management

of its responsibility for the appropriate presentation of the financial
information and of its approval of the financial information.
9. The financial information compiled by the accountant should contain a

reference such as Unaudited, Compiled without Audit or Review, or
Refer to the Compilation report on each page of the financial
information or on the front of the complete set of financial statements.
Example of a report on an engagement to compile financial

statements
On the basis of information provided by the management we have compiled, in accordance with the Philippine
Standard on Related Services applicable to compilation engagements, the balance sheet of XXX Company as of
December 31, 19XX and statements of income, changes in equity and cash flows for the year then ended.
Management is responsible for these financial statements. We have not audited or reviewed these financial
statements and accordingly express no assurance thereon.
THE EXAMINATION OF PROSPECTIVE FINANCIAL INFORMATION

(Based on PSAE 3400)
1. PROSPECTIVE FINANCIAL INFORMATION means financial

information based on assumptions about events that may occur in the
future and possible actions by an entity. It can be in the form of a
forecast, a projection, or a combination of both, for example, a one year
forecast plus a five year projection.
2. A FORECAST means prospective financial information prepared on the

basis of assumptions as to future events which management expects to
60
take place and the actions management expects to take as of the date
the information is prepared (best-estimate assumptions).
3. A PROJECTION means prospective financial information prepared on

the basis of:
Hypothetical assumptions about future events and management actions
which are not necessarily expected to take place, such as when some
entities are in a start-up phase or are considering a major change in the
nature of operations; or
A mixture of best-estimate and hypothetical assumptions.
4. Prospective financial information can include financial statement or one

or more elements of financial statements and may be prepared:
As an internal management tool, for example, to assist in evaluating a
possible capital investment; or
For distribution to third parties.
5. Management is responsible for the preparation and presentation of the

prospective financial information, including the identification and
disclosure of the assumptions on which it is based.
6. In an engagement to examine prospective financial information, the

auditor should obtain sufficient appropriate evidence as to whether:
Managements best-estimate assumptions on which the prospective

financial information is based are not unreasonable and, in the case of
hypothetical assumptions, such assumptions are consistent with the
purpose of the information.
The prospective financial information is properly presented and all
material assumptions are adequately disclosed, including a clear
indication as to whether they are best-estimate assumptions or
hypothetical assumptions; and
The prospective financial information is prepared on a consistent basis
with historical financial statements, using appropriate accounting
principles.
7. The auditor should not express any opinion as to whether the results
shown in the prospective financial information will be achieved.
8. When reporting on the reasonableness of managements assumptions,

the auditor provides only a moderate level of assurance.
9. The auditor should not accept, or should withdraw from, an engagement

when the assumptions are clearly unrealistic or when the auditor believes
that the prospective financial information will be inappropriate for its
intended use.
10. The auditor should obtain written representations from management

regarding the intended use of the prospective financial information, the
completeness of significant management assumptions and
managements acceptance of its responsibility for the prospective
financial information.
Example of an unmodified report on a forecast
We have examined the forecast (include name of the entity, the period covered by the forecast and provide suitable
identification, such as by reference to page numbers or by identifying the individual statements) in accordance with
Philippine Standard on Assurance Engagements applicable to the examination of prospective financial information.
Management is responsible for the forecast including the assumptions set out in Note X on which it is based.
Based on our examination of the evidence supporting the assumptions the assumptions, nothing has come to our
attention which causes us to believe that these assumptions do not provide a reasonable basis for the forecast.
61
Further, in our opinion the forecast is properly prepared on the basis of the assumptions and is presented in
accordance with Philippine Financial Reporting Standards.
Actual results are likely to be different from the forecast since anticipated events frequently do not occur as expected
and the variation may be material.
Example of an unmodified report on a projection
We have learned the projection (include name of the entity, the period covered by the forecast and provide suitable
identification, such as by reference to page numbers or by identifying the individual statements) in accordance with
Philippine Standard on Assurance Engagements applicable to the examination of prospective financial information.
Management is responsible for the projection including the assumptions set out in Note X on which it is based.
This projection has been prepared for (describe purpose). As the entity is in a start-up phase the projection has been
prepared using a set of assumptions that include hypothetical assumptions about future events and managements
actions that are not necessarily expected to occur. Consequently, readers are cautioned that this projection may not
be appropriate for purposes other than that described above.
Based on our examination of the evidence supporting the assumptions, nothing has come to our attention which
causes us t believe that these assumptions do not provide a reasonable basis for the projection, assuming that (state
or refer to the hypothetical assumptions). Further, in our opinion the projection is properly prepared on the basis of
the assumptions and is presented in accordance with Philippine Financial Reporting Standards.
Even if the events anticipated under the hypothetical assumptions described above occur, actual results are still
likely to be different from the projection since other anticipated events frequently do not occur as expected and the
variation may be material.
When the auditor believes that the presentation and disclosure of the
prospective information is not adequate, the auditor should express a qualified
or adverse opinion or withdraw from the engagement as appropriate.
When the auditor believes that one or more significant assumptions do not
provide a reasonable basis for the prospective financial information, the auditor
should either express an adverse opinion or withdraw from the engagement as
appropriate.
When the examination is affected by conditions that preclude application of one

or more procedures considered necessary in the circumstances, the auditor
should either withdraw from the engagement or disclaim the opinion describe
the scope limitation in the report on the prospective financial information.

Manila
AUDITING THEORY CPA

REVIEW
CODE OF PROFESSIONAL ETHICS FOR CPAs
Code of Ethics for Professional Accountants in the Philippines
is based on the International Code of Ethics for professional accountants

developed by the International Federation of Accountants.
Is mandatory for all CPAs and is applicable to professional services
performed in the Philippines on or after January 1, 2004.
Is divided into three parts:
Part A - applies to all professional accountants unless otherwise specified
Part B - applies only to those professional accountants in public practice
62
Part C - applies to employed professional accountants, and may also
apply, in appropriate circumstances, to accountants employed in
public practice
CPAs should observe the following FUNDAMENTAL PRINCIPLES:

1. Integrity
2. Objectivity
3. Professional competence and due care
4. Confidentiality
5. Professional behavior
6. Technical standards
RULES APPLICABLE TO ALL PROFESSIONAL ACCOUNTANTS

1. INTEGRITY AND OBJECTIVITY
a. Integrity implies not merely honesty but fair dealing and
truthfulness. The principle of objectivity imposes the obligation on
all professional accountants to be fair, intellectually honest, and free
of conflicts of interest.
b. Professional accountants should neither accept nor offer gifts or
entertainment which might reasonably be believed to have a
significant and improper influence on their professional judgment or
those with whom they deal.
2. PROFESSIONAL COMPETENCE may be divided into two separate phases

a. Attainment of professional competence- requires initially a high
standard of general education followed by specific education, training,
and examination in professionally relevant subjects and a period of
work experience.
b. Maintenance of professional competence requires a continuing
awareness of development in the accountancy profession including
relevant national and international pronouncements on accounting,
auditing, and other relevant regulations and statutory requirements
3. CONFIDENTIALITY
a. Professional accountants have an obligation to respect the
confidentiality of information about a clients or employers affairs
acquired in the course of professional services.
b. The duty of confidentiality continues even after the end of the
relationship between the professional accountant and the client or
employer.
4. TAX PRACTICE
a. The professional accountant should ensure that the client or the
employer are aware of the limitations attaching to tax advice and
services so that they do not misinterpret an expression of opinion as
an assertion of fact.
b. A professional accountant should not be associated with any return or
communication in which there is reason to believe that it:
1. Contains a false or misleading statement;
2. Contains statements or information furnished recklessly or without
any real knowledge of whether they are true or false; or
3. Omits or obscure information required to be submitted and such
omission or obscurity would mislead the revenue authorities.
c. When a professional accountant learns of a material error or omission
in a tax return of a prior year, or the failure to file a required tax return,
he/she has a responsibility to:
1. Promptly advise the client or employer of the error or omission and
recommend that disclosure be made to the revenue authorities.
2. If the client or employer does not correct the error, he/she:
63
a. Should inform the client or the employer that it is possible to act
for them in connection with that return or other related
information submitted to the authorities; and
b. Should consider whether continued association with the client or
employer in any capacity is consistent with professional
responsibilities.
5. CROSS BORDER ACTIVITIES
When a professional accountant performs services in a country other than

the home country and differences on specific matters exist between
ethical requirements of the two countries, the following provisions should
be applied:
1. When the ethical requirements of the country in which the services are
being performed are LESS STRICT than the Philippine Code of Ethics,
then our code should be applied.
2. When the ethical requirements of the country in which the services are
being performed are STRICTER than our code, then the ethical
requirements in the country where services are being performed
should be applied.
3. When the ethical requirements of the Philippines are mandatory for
services performed outside the Philippines and are stricter than that
set out in (1) and (2) above, then the ethical requirements of the
Philippines should be applied.
6. PUBLICITY
In the marketing and promotion of themselves and their work,

professional accountants should:
a. Not use means which brings the profession into disrepute.
b. Not make exaggerated claims for the services they are able to offer,
the qualifications they possess, or experience they have gained; and
c. Not denigrate the work of other accountants.
RULES APPLICABLE TO PROFESSIONAL ACCOUNTANTS IN PUBLIC

PRACTICE
INDEPENDENCE
a. Independence requires:
1. Independence of mind The state of mind that permits the
provision of an opinion without being affected by influences that
compromise professional judgment, allowing an individual to act
with integrity, and exercise objectivity and professional skepticism.
2. Independence in appearance The avoidance of facts and
circumstances that are so significant that a reasonable and
informed third party, having knowledge of all relevant information,
including safeguards applied, would reasonably conclude a firms, or
a member of the assurance teams integrity, objectivity or
professional skepticism had been compromised.
b. Members of assurance teams, firms, and network firms should identify
THREATS to independence, evaluate the significance of those threats,
and, if the threats are other than clearly insignificant, identify and
apply SAFEGUARDS to eliminate the threats or reduce them to
acceptable level, such that independence of mind and independence in
appearance are not compromised. In situations when no safeguards
are available to reduce the threat to an acceptable level. The only
possible actions are to:
1. Eliminate the activities or interest creating the threat; or
2. Refuse to accept or continue the assurance engagement.
64
INDEPENDENCE REQUIREMENTS IN ASSURANCE ENGAGEMENTS
a. For assurance engagements provided to an audit client, the member of the
assurance team, the firm and network firms are required to be independent
of the client
b. For assurance engagements provided to clients that are not audit clients,
when the report is not expressly restricted for use by identified users, the
members of the assurance team and firm are required to be independent of
the client
c. For assurance engagements provided to clients that are not audit clients,
when the assurance report is expressly restricted for use by identified users,
the members of the assurance team are required to be independent of the
client. N addition, the firm should not have a material direct or indirect
financial interest in the client
Network firm an entity under common control, ownership or management with

the firm or any entity that a reasonable and informed third party having knowledge
of all relevant information would reasonably conclude as being part of the firm
nationally or internationally
Financial interest an interest in equity or other security, debenture, loan or

other debt instrument of an entity including rights and obligations to acquire such
an interest and derivatives directly related to such interest
Direct financial interest a financial interest:

1. Owned directly by and under the control of an individual or entity; or
2. Beneficially owned through a collective investment vehicle, estate, trust or
other intermediary over which the individual or entity has control
Indirect financial interest a financial interest beneficially owned through a
collective investment vehicle, estate, trust or other intermediary over which the
individual or entity has no control
THREATS TO INDEPENDENCE
1. SELF-INTEREST THREAT
Occurs when a firm or a member of the assurance team could benefit from a
financial interest in, or other self-interest conflict with, an assurance client.
Examples:
a. A direct financial interest or material indirect financial interest in an
assurance client
b. A loan or guarantee to or from an assurance client or any of its directors
or officers
c. Undue dependence on total fees from an assurance client
d. Concern about the possibility of losing the engagement
e. Having a close business relationship with an assurance client
f. Potential employment with an assurance client
g. Contingent fees relating to assurance engagements
2. SELF-REVIEWTHREAT
Occurs when:
a. Any product or judgment of a previous assurance engagement or non-
assurance engagement needs to be reevaluated in reaching conclusions
on the assurance engagement or;
b. When a member of the assurance team was previously a director or officer
of the assurance client, or was an employee in a position to exert direct
and significant influence over the subject matter of the assurance
engagement
3. ADVOCACY THREAT
Occurs when a firm, or a member of the assurance team, promotes, or may
be perceived to promote, an assurance clients position or opinion to the
point that objectivity may, or may be perceived to be compromised
4. FAMILIARITY THREAT
Occurs when, by virtue of a close relationship with an assurance client, its
directors, officers or employees, a firm or a member of the assurance team
becomes too sympathetic to the clients interests.
65
5. INTIMIDATION THREAT
Occurs when a member of the assurance team may be deterred from acting
objectively and exercising professional skepticism by threats, actual or
perceived, from the directors, officers or employees of an assurance client
SAFEGUARDS
1. When the threats are identified, other than those that are clearly
insignificant, appropriate safeguards should be identified and applied to
eliminate the threats or reduce them to an acceptable level. This decision
should be documented
2. When the safeguards are available are insufficient to eliminate the threats to
independence or to reduce them to an acceptable level, or when a firm
chooses not to eliminate the activities or interest creating the threat, the only
course of action available will be the refusal to perform, or withdrawal from,
the assurance engagement
CATEGORIES OF SAFEGUARDS
1. Safeguards created by the profession, legislation or regulation
2. Safeguards within the assurance client
3. Safeguards within the firms own systems and procedures
Safeguards created by the profession, legislation or regulation include:

a. Educational, training and experience requirements for entry into the
profession
b. Continuing education requirements
c. Professional standards and monitoring and disciplinary processes
d. External review of a firms quality control systems; and
e. Legislation governing the independence requirements of the firm
Safeguards within the assurance client include the following:

a. When the assurance clients management appoints the firm, persons other
than management ratify or approve the appointment
b. The assurance client has competent employees to make managerial
decisions
c. Policies and procedures that emphasize the assurance clients commitment to
fair financial reporting
d. Internal procedures that ensure objective choices in commissioning non-
assurance engagements; and
e. A corporate governance structure, such as an audit committee, that provides
appropriate oversight and communications regarding a firms services
Safeguards within the firms own systems and procedures may include
FIRMWIDE safeguards such as the following:
a. Firm leadership that stresses the importance of independence and the
expectation that members of assurance teams will act in the public interest
b. Policies and procedures to implement and monitor quality control of
assurance engagements
c. Documented independence policies
d. Internal policies and procedures to monitor compliance with firm policies and
procedures as they relate to independence
e. Policies and procedures that will enable the identification of interests or
relationships between the firm or members of the assurance team and
assurance client
f. Policies and procedures to monitor and, if necessary, mange the reliance on
revenue received from a single assurance client
g. Using different partners and teams with separate reporting lines for the
provision of non-assurance service to an assurance client
h. Policies and procedures to prohibit individuals who are not members of the
assurance team from influencing the outcome of the assurance engagement
i. Timely communication of a firms policies and procedures, and any changes
thereto, to all partners and professional staff, including appropriate training
and education thereon
j. Designating a member of senior management as responsible for overseeing
the adequate functioning of the safeguarding system
k. Means of advising partners and professional staff of those assurance clients
and related entities from which they must be independent
l. A disciplinary mechanism to promote compliance with policies and
procedures; and
66
m. Policies and procedures to empower staff to communicate to senior levels
within the firm any issue of independence and objectivity that concerns them;
this includes informing staff of the procedures open to them
Safeguards within the firms own systems and procedures may include
ENGAGEMENT SPECIFIC safeguards such as the following:
a. Involving an additional professional accountant to review the work done or
otherwise advise as necessary. This individual could be someone from outside
the firm or network firm, or someone with the firm or network firm who was
not otherwise associated with the assurance team
b. Consulting a third party, such as a committee of independent directors, a
professional regulatory body or another professional accountant
c. Rotation of senior personnel
d. Discussing independence issues with the audit committee or others charged
with governance,
e. Disclosing to audit committee, or others charged with governance, the nature
of services provided and extent of fees charged
f. Policies and procedures to ensure members of the assurance team do not
make, or assume responsibility for, management decisions for the assurance
client
g. Involving another firm to perform or re-perform part of the assurance
engagement
h. Involving another firm to re-perform the non-assurance service to the extent
necessary to enable to take responsibility for that service; and
i. Removing an individual from the assurance team, when that individuals
financial interest or relationships create a threat to independence
ENGAGEMENT PERIOD
1. The members of the assurance team and the firm should be independent of
the assurance client during the period of the assurance engagement
2. The period of the engagement is expected to recur, the period of the
assurance services and ends when the assurance report is issued, except
when the assurance engagements is of a recurring nature
3. If the assurance engagement s expected to recur, the period of the assurance
engagement ends with the notification by either party that the professional
relationship has terminated or the issuance of the final assurance report,
whichever is later
4. In the case of an audit engagement, the engagement period includes the
period covered by the financial statements reported on by the firm
5. When an entity becomes an audit client during or after the period covered by
the financial statements that the firm will report on, the firm should consider
whether any thretas to independence may be created by:
a. Financial or business relationships with the audit client during or after
the period covered by the financial statements, but prior to the
acceptance of the audit engagement; or
b. Previous services provided to the audit client
Similarly, in the case of an assurance engagement that is not an audit

engagement, the firm should consider whether any financial or business
relationships or previous services may create threats to independence.
67

CPAR Auditing Theory

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CPAR Auditing Theory

Uploaded by

Copyright:

Available Formats

CPAR Reviewers

CPA REVIEW SCHOOL OF THE PHILIPPINES

PREFACE TO PHILIPPINE STANDARDS ON QUALITY CONTROL, AUDITING,

The Authority Attaching to Philippine Standards Issued by the AASC

The Authority Attaching to Practice Statements Issued by the AASC

PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS

TWO TYPES OF ASSURANCE ENGAGEMENT

SCOPE OF THE FRAMEWORK

ELEMENTS OF AN ASSUARANCE ENGAGEMENT

OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL

ENGAGEMENTS TO REVIEW FINANCIAL STATEMENTS

ENGAGEMENTS TO PERFORM AGREED-UPON PROCEDURES REGARDING

ENGAGEMENTS TO COMPILE FINANCIAL INFORMATION

AUDITING THEORY CPA

PSQC1 QUALITY CONTROL FOR FIRMS THAT PERFORM

PSA 220 (Revised)

PSA 210 [AMENDED BY THE PSA 700 (REVISED)]

CPA REVIEW SCHOOL OF THE PHILIPPINES

AUDITING THEORY CPA

PSA 300 (Rev.) PLANNING AN AUDIT OF FINANCIAL

PSA 300 (Rev.)

1. Planning an audit involves:

Preliminary Engagement Activities

4. The establishment of the overall audit strategy involves:

7. The audit plan includes:

Changes to Planning Decisions during the Course of the Audit

Direction, Supervision and Review

The size and complexity of the entity;

Communications with Those Charged with Governance and Management

Additional Considerations in Initial Audit Engagements

2. The auditor uses the understanding of internal control to:

3. Internal control consists of the following components:

1.) The control environment.

Elements of control environment:

The auditor should obtain an understanding of the entitys risk assessment

The auditor should obtain an understanding of the information system,

The classes of transactions in the entitys operations that is significant to

The procedures, within both IT and manual systems, by which those

The related accounting records, whether electronic or manual, supporting

The financial reporting process used to prepare the entitys financial

Monitoring of controls involves assessing the design and operation of

4. Obtaining an understanding of internal control involves:

a) Evaluating the design of a control; and

ASSESSING THE RISKS OF MAERIAL MISSTATEMENT

CPA REVIEW SCHOOL OF THE PHILIPPINES

AUDITING THEORY CPA

Audit Procedures Responsive to Risks of Material Misstatement at the

The nature of further audit procedures refers to their:

Extent includes the quantity of a specific audit procedure to be performed.

2. Tests of the operating effectiveness of controls are performed only on

Evaluating the sufficiency and appropriateness of audit evidence obtained

CPA REVIEW SCHOOL OF THE PHILIPPINES

AUDITING THEORY CPA

PSA 320 AUDIT MATERIALITY (amended by PSA 240 [Revised 2005])

AUDITING THEORY CPA

PSA 500(REVISED) AUDIT EVIDENCE

Sufficient appropriate evidence

The use of assertions in obtaining audit evidence

c. Assertions about presentation and disclosure:

Audit procedures for obtaining audit evidence

Examples of audit procedures

Attendance at Physical Inventory Counting

1. When inventory is material to the financial statements, the auditor should