Professional Documents
Culture Documents
Elements of System of Quality Control: Although the nature and extent of the
One of the recognized objectives of the accountancy profession is to attain the system of quality control developed by CPA firms vary from one firm to another, a
highest levels of performance. To achieve this objective, there is a need for assurance system of quality control must have the following elements:
that all professional services provided by CPAs are carried out to the highest quality or 1. Leadership responsibilities for quality within the firm – The CPA firm
standards of performance. Reasonable assurance of meeting such need is provided should establish policies and procedures that:
through a system of quality control. Promote an internal culture based on recognition that quality is essential
in the performance of the engagements
A system of quality control refers to quality control policies and procedures Require CPA firm’s leader (CEO/ managing board of partners or its
adopted by CPA firms that are designed to provide reasonable assurance that the firm equivalent), to assume ultimate responsibility for the firm’s system of
and its personnel comply with professional standards and regulatory and legal quality control.
requirements and that reports issued by the firm or engagement partners are 2. Ethical requirements, including independence –
appropriate in the circumstances. The CPA firm should establish policies and procedures to provide
reasonable assurance that the firm and its personnel comply with relevant
System of Quality Control in an Audit Engagement: Policies and ethical requirements (including independence):
procedures to provide reasonable assurance that all audits are conducted in 3. Acceptance and continuance of client relationships and specific
accordance with PSAs and that audit reports issued are appropriate in the engagements – The CPA firm should establish policies and procedures to
circumstances provide reasonable assurance that the CPA firm will only undertake or continue
relationships and engagements where it:
QC policies vs. QC procedures: a. Has considered the client’s integrity
a. Quality control policies – are the objectives and goals to be achieved b. Is competent to perform the engagement and has the capabilities, time
b. Quality control procedures – are steps/procedures to be taken to: and resources to do so; and
accomplish the policies adopted, or c. Can comply with ethical requirements
implement and monitor compliance with those policies 4. Human resources – The CPA firm should establish policies and procedures
to provide reasonable assurance that it has sufficient personnel with the
Mandatory requirement for CPA firms to establish SQC: Under Philippine capabilities, competence, and commitment to ethical principles necessary to
Standard on Quality Control 1 (PSQC 1) CPA firms are required to establish and perform the engagement.
implement a system of quality control. 5. Engagement performance – The CPA firm should establish policies and
procedures to provide reasonable assurance that engagements are
Nature and Extent of a System of Quality Control: The nature and extent of the performed in accordance with professional standards and regulatory and
SQC developed by CPA firms vary from firm to firm due to various factors such as:
legal requirements, and that the firm or engagement partner issue reports To ensure that CPAs work to the highest standards, the government thru the
that are appropriate in the circumstances. Professional Regulatory Board of Accountancy (BOA) has required all CPA
6. Monitoring – The CPA firm should establish policies and procedures to firms and individual CPAs in public practice to obtain a certificate of
provide reasonable assurance that quality control are relevant, adequate and accreditation to practice public accountancy. Such certificate is valid for three
operating effectively and complied with in practice and should include an (3) years and can be renewed after complying with the requirements of the
ongoing consideration and evaluation of the firm’s system of quality control, BOA.
including a periodic inspection of a selection of completed engagements. As a condition to the renewal of the certificate of accreditation to practice
public accountancy, the BOA requires individual CPAs and CPA firms to
The purpose of monitoring compliance with quality control policies and undergo a quality control review to ensure that these CPAs comply with
procedures is to provide an evaluation of: accounting and auditing standards and practices.
a. Adherence to professional standards and regulatory and legal The BOA has created a Quality Review Committee (QRC) which shall conduct
requirements; a quality review on applicants for registration to practice public accountancy.
b. Whether the quality control system has been appropriately designed and
effectively implemented; and Functions of the Quality Review Committee:
c. Whether the firm’s quality control policies and procedures have been Conducts quality review on applicants for registration, or renewal thereof, to
appropriately applied, so that reports that are issued by the firm or practice public accountancy
engagement partners are appropriate in the circumstances. Render a report on such quality review, which shall be attached to the
application for registration
The following shall also be included in the CPA firm’s SQC: Recommend to BOA revocation of registration and professional ID cards of
1. Complaints and Allegations: The firm should establish policies and CPAs for not observing the SQC requirements
procedures designed to provide it with reasonable assurance that it deals
appropriately with: Quality review – an oversight into (or study or appraisal of) the quality of audit
a. Complaints and allegations that the work performed by the firm fails of FS through a review of quality control measures established by CPA firms and
to comply with professional standards and regulatory and legal individual CPAs in public practice to ensure compliance with accounting and
requirements; and auditing standards and practices
b. Allegations of non-compliance with the firm’s system of quality
control. PRELIMINARY ENGAGEMENT ACTIVITIES
2. Documentation: The firm should establish policies and procedures (PRE-PLANNING ACTIVITIES)
requiring appropriate documentation to provide evidence of the operation
of each element of its system of quality control.
APPLICABLE STANDARDS:
Distinction between GAAS/PSA and SQC: GAAS/PSAs relate to each individual PSA 200 (Revised and Redrafted) – Overall Objectives of the
audit engagement, whereas SQC relates to all professional activities/services of the Independent Auditor and the Conduct of an Audit in
firms practice as a whole. Accordance with International Standards on Auditing
PSA 210 (Redrafted) – Agreeing the Terms of Audit
Engagements
QUALITY REVIEW COMMITTEE: PSA 300 (Redrafted) – Planning an Audit of Financial
Statements
PSA 240 (Redrafted) – The Auditor’s Responsibility to with clients whose management
Consider Fraud in an Audit of Financial Statements lacks integrity.
PSA 250 (Redrafted) – Consideration of Laws and Most of litigations involving CPAs
Regulations in an Audit of Financial Statements are due to lack of integrity of client’s
PSA 600 (Revised and Redrafted) – Special Considerations- management.
Audits of Group Financial Statements (Including the Work of Lack of management integrity usually
Component Auditors)
results to high audit risk.
PSA 610 (Redrafted) – Using the Work of Internal Auditors
Factors to consider in evaluating client’s
PSA 620 (Revised and Redrafted) – Using the Work of an
Expert integrity:
Identity, attitude and
business reputation of
Purpose of Preliminary Engagement Activities: the client (such as its
Preliminary engagement activities assist the auditor in identifying and principal owners, key
evaluating events or circumstances that may adversely affect the auditor’s management or those
ability to plan and perform the audit engagement. Such activities help ensure charge with corporate
that: governance, and
a. There are no issues with client management’s integrity that may related parties, if any)
affect the willingness to continue the engagement Nature of the client’s
b. The auditor maintains the necessary independence and ability to operations
perform the engagement Indications of an
c. There is no misunderstanding with the client as to the terms of the inappropriate limitation in
engagement the scope of work
Involvement in money
Preliminary Engagement Activities: laundering or other
criminal activities
1. Perform procedures regarding acceptance or continuance of The reasons for the
the client relationship proposed
appointment of the
Acceptance or selection procedures – in case of initial CPA firm or auditor
audit (prospective/new client) and non-
reappointment of the
a. Evaluate integrity of the client’s management previous CPA firm or
Evaluation of management integrity auditor
is necessary to avoid association
(1) Investigate/research the client’s Under the Code of Ethics for CPAs, the successor auditor
background has the responsibility to initiate communication with the
Internet searches predecessor auditor. However, the communication
Review the entity’s financial requires prior client’s permission/consent (preferably in
statements writing) to avoid violation of confidentiality principle.
Consider engaging
professionals/investigators to If the client is unwilling to agree to such
evaluate the principals communication (communication is not permitted by
associated with the prospective the client or the client limits the responses of the
client predecessor auditor), the successor auditor should:
Obtain credit ratings and reports, Consider the implications of
if necessary such refusal/limitation, and
De
(2) Inquiring from other firm personnel or
cid
third parties (such as bankers, legal
counsel/advisors, industry peers and others in e
the financial or business community who may
have knowledge regarding the client) wh
eth
(3) Communicate with prospective client’s
predecessor auditor: Matters to be inquired of er
or discussed with the predecessor or
(previous/former) auditor by the
incoming/successor auditor: not
a) Facts/information that might bear on the integrity of the prospective to
client
b) Predecessor auditor’s understanding as to the reasons for the change acc
of auditors ept
c) Any disagreement between the predecessor auditor and the client
regarding accounting principles or auditing procedures or other the
similarly significant matters en
d) Communication to management, the audit committee, and those
charged with governance regarding fraud, illegal acts by the client, and gag
matters relating to internal control. em
ent procedures, existing clients should be evaluated once a year or
upon occurrence of the following:
.
Changes in management, directors
or ownership
b. Nature of client’s business
Ot 2. Evaluate compliance with ethical requirements,
he including independence
Considering materiality throughout the audit: Also known as materiality threshold or planning materiality or
1. Planning stage overall materiality
a. To identify and assess risks of material misstatements Overall materiality is usually expressed as a % of a chosen benchmark
b. To determine the nature, timing and extent of further audit procedures (such as profit before tax, total revenues, gross profit, total expenses,
2. Testing stage (materiality levels set during audit planning are simply total equity or net asset value).
updated/revised if necessary) Profit from continuing operations is often used for profit-oriented
3. Completion stage entities except when the profit from continuing operations is volatile.
c. To evaluate the effect of uncorrected misstatements, if any, on the Relevant financial data as source of benchmarks:
financial statements and in forming the opinion in the auditor’s report Prior periods’ financial statements
Annualized interim financial statements
Documentation on materiality: Documentation should include the Period-to-date financial statements
amounts and the factors considered in their determination: Budgeted financial statements of the current year
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions, b. Materiality at assertion level – materiality level for individual or particular
account balances or disclosures, if applicable class of transactions, account balance, or disclosure where appropriate; this is
c. Performance materiality also known as tolerable misstatement
d. Any revision of materiality levels (a to c) as the audit progresses
Tolerable misstatement refers to allocated materiality to affected b. Risk of material misstatements may be greater for significant judgmental
accounts (usually statement of financial position accounts because matters such as:
they are fewer) Accounting estimates
Account balance – an individual line item in the financial Revenue recognition may be subject to differing interpretation
statements, such as cash and cash equivalents, loans and receivable, Required judgment may be subjective or complex or require assumptions
etc. about the effects of future events (for example, judgment about fair value)
Class of transactions – type of transaction processed by the client’s c. Significant risk of relating to risk of material misstatement due to fraud
accounting system, such as sales transactions and purchasing d. There are areas where special audit consideration may be necessary, for
transactions example:
Allocation may be done judgmentally or using formal quantitative
Related party transaction – a transfer of resources, services or obligations between related
approaches.
parties, regardless of whether a price is charged
Materiality at this level are lesser than the overall materiality level but
could reasonably be expected to influence the economic decisions of
The auditor shall inquire of management regarding:
financial statement users.
a. The identity of the entity’s related parties (relationships and transactions), including
changes from the prior period;
c. Performance materiality – amount or amounts set by the auditor: b. The nature of the relationships between the entity and these related parties; and
At less than materiality for the financial statements as a whole c. Whether the entity entered into any transactions with these related parties during the
At less than materiality level or levels for particular classes of transactions, period and, if so, the type and purpose of the transactions.
account balances or disclosures
Purpose of performance materiality: It provides margin to reduce
Existence of related parties and related party transactions
the possibility of undetected misstatements because:
Management’s use of going concern assumption (financial statements are
a. It reduces to an appropriately low level the probability that the
prepared based on going concern assumption but there is a significant
aggregate of uncorrected and undetected misstatements in the
doubt as to the continued existence of the entity) – the auditor shall assess
financial statements exceeds the materiality level for the
the appropriateness of management’s use of going concern assumption
financial statements as a whole
b. It reduces to an appropriately low level the probability that the
Note 2:
aggregate of uncorrected and undetected misstatements in the
particular class of transactions, account balance or disclosure
Risk assessment procedures – are audit procedures whose purposes include:
exceeds the materiality level for that particular class of
a. To obtain understanding of the entity and its environment, including the
transactions, account balance or disclosure
entity’s internal control (Note 2.1)
b. To identify risks of material misstatements, whether due to fraud or error, at
Note 1.3 – Preliminary identification of areas where there may be higher
the financial statement and assertion levels (Note 2.2)
risks of material misstatement
c. To assess risks of material misstatement (Note 2.3)
a. Risks of material misstatements may be greater for significant non-routine
d. To provide a basis for the identification and assessment of risks of material
transactions which involves:
misstatements
Greater management intervention to specify the accounting treatment
e. To provide a basis for designing and implementing responses to the assessed
Greater manual intervention for data collection and processing
risks of material misstatement
Complex calculations or accounting principles
balances, and disclosures to be expected in the financial statements.
Risk assessment procedures include (Note 2.4): Factors to consider include:
1. Inquiry of management and other firm personnel Entity’s operations
2. Analytical procedures Ownership and governance structures
3. Observation and inquiry Types of investments that the entity is making and plans to make
Entity structure (locations, subsidiaries, etc.) – complex structures
Note 2.1 – Required understanding of the entity and its environment, may give rise to risks of material misstatement
including internal control: How the entity is financed
1. Understanding of the environment – external factors: How related party transactions are identified and accounted for
a. Relevant industry’s factors – the industry in which the entity operates b. Entity’s selection and application of accounting policies – consider
may give rise to specific risks of material misstatements arising from the whether accounting policies are:
nature of the business or the degree of regulation Appropriate for the entity’s business
Examples of industry factors: Consistent with the applicable financial reporting framework, and
Industry conditions such as the competitive environment, supplier and Used in the relevant industry
customer relationships and technological developments c. Entity’s objectives and strategies, and those related business
Specific examples of industry factors: risks that may result in risks of material misstatement of the
Market and competition (including demand, capacity, and price financial statements
competition) 1. Objectives – relate to entity’s mission, vision or values statement
Cyclical or seasonal activity 2. Strategies – pertain to operational approaches by which
Product technology relating to the entity’s products management intends to achieve its objectives
Energy supply and cost 3. Business risks – risks of inability to achieve the objectives
b. Regulatory factors – include the regulatory environment The term “business risk” is broader than the risks of material
Accounting principles and industry specific practices misstatement in the financial statements. Not all business risks
Regulatory framework for a regulated industry give rise to risk of material misstatement.
Laws/legislations or regulations that significantly affect the entity’s An understanding of business risks increases the likelihood of
operations, including direct supervisory activities identifying the risks of material misstatement. However, the
Taxation auditor does not have a responsibility to identify or assess all
Legal and political environment business risks.
Government policies currently affecting the conduct of the entity’s d. Measurement and review of the entity’s financial performance
business Performance measures, whether external or internal, create pressures
Environmental requirements affecting the industry and the entity on the entity that may motivate management to take action to improve the
c. Applicable financial reporting framework business performance or to manipulate/misstate the financial statements.
d. Other external factors affecting the entity – such as general e. Internal control – The auditor shall obtain an understanding of internal
economic conditions, interest rates and availability of financing, and control relevant to the audit.
inflation or currency revaluation Internal control is designed, implemented and maintained to address
2. Entity – internal factors: identified business risks that threaten the achievement of any of the
a. Nature of the entity: An understanding of the nature of an entity entity’s objectives that concern:
enables the auditor to understand the classes of transactions, account 1. The reliability of the entity’s financial reporting;
2. The effectiveness and efficiency of its operations; and High value inventory (could be easily stolen, thus, there would
3. Its compliance with applicable laws and regulations. be an inherent risk relating to the existence assertion)
An understanding of internal control assists the auditor in identifying
types of potential misstatements and factors that affect the risks of 2. Control risk – the risk that a material misstatement, either
material misstatement, and in designing the nature, timing, and extent of individually or when aggregated with other misstatements, that
further audit procedures. could occur will not be prevented or detected and corrected on
a timely basis by the entity’s internal control
Control risk is a function of the effectiveness of the entity’s
internal control.
Note 2.2 – Identify the risks of material misstatement: Control risk is the type of risk that the management has the
Identify risks of material misstatement (inherent risk and control risk) based on most control over in the short term.
understanding the entity and its environment, including the entity’s relevant Some control risk will always exist because of the inherent
internal control. The auditor shall provide reasonable assurance of detecting limitations of any internal control system.
material misstatements, whether arising from errors or fraud.
Risk of material misstatement (inherent risk and control risk) cannot be
Risk of material misstatement (RMM) – the risk that the financial eliminated or controlled by the auditor because these are entity’s risks
statements contain a material misstatement. that exist independently of the audit of financial statements.
Detection risk is a function of the effectiveness of an auditing In summary, the auditor performs audit procedures to assess the risks of
procedure and its application by the auditor material misstatement and seeks to limit detection risk by performing
Detection risk is significantly affected by the nature, timing, and further audit procedures based on that assessment.
extent of the auditor’s substantive procedures
Detection risk is a complement of assurance provided by
substantive tests (for example, a 10% detection risk means a Summary of relationships among audit risk components:
90% assurance of detecting material misstatement) The acceptable level of detection risk for a given level of audit risk
Detection risk can be increased or decreased by the auditor by bears an inverse relationship to the risks of material misstatement at
performing substantive tests but can never be reduced to zero the assertion level. Therefore:
because of the inherent limitations in the procedures carried out, ↑ Risk of material misstatement (inherent risk and control risk), ↓
the human judgments required, and the nature of the evidence detection risk that can be accepted, and vice versa.
examined. Audit risk and detection risk move in the same direction: ↑ Audit
The auditor uses the Audit Risk Model: risk, ↑ detection risk, and vice versa
Audit Risk = Inherent risk x Control risk x Detection risk
The relationship between the risks can also be expressed
mathematically in the following formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while
detection risk is a dependent variable.
All the components of audit risk cannot be eliminated by the auditor
due to the following reasons:
a. Inherent risk – some accounts are susceptible to a material
misstatement or the risk of such misstatement is greater for
some accounts than for others
b. Control risk – due to inherent limitations of internal control
system
c. Detection risk –
Use of testing/sampling
Use of auditor’s judgment
Even when the auditor conducts 100% examination because
audit evidence is persuasive rather than conclusive in nature
The components of audit risk that can or cannot be controlled by
the auditor:
a. Inherent risk and control risk – cannot be controlled because
these are entity’s risk and exist independently of the audit
b. Detection risk – can be directly controlled (increased or
decreased) by the auditor because detection risk relates to the
auditor’s procedures and can be altered by adjusting the
nature, timing, and extent of substantive procedures