GENERALLY ACCEPTED AUDITING STANDARDS 1.
Adequate technical training and proficiency: This standard refers to
Auditing Standards:
 Popularly known as the Generally Accepted Auditing Standards (GAAS )
 The general guidelines that the auditors must follow in conducting the audit.
 The minimum standards of auditor’s performance that must be achieved on
each audit engagement
 The guidance for measuring the quality of the auditor’s performance
GAAP vs. GAAS:
 GAAP: the principles for the preparation and presentation of financial
statements that are used by the auditor as criteria in determining the
overall fairness of the financial statements; foundation of accounting
 GAAS: standards/measures/guidance that the auditors must follow
when conducting an audit; foundation of auditing
Auditing Standards vs. Auditing Procedures:
a. Definition:
 Auditing standards: the measures of the quality or minimum
standard of auditor’s performance
 Auditing procedures: the means used (or the acts to be
performed) by the auditor to attain the quality or minimum
standard of auditor’s performance
b. Basic difference: "auditing procedures" relate to acts to be
performed, whereas "auditing standards" deal with measures of audit
quality and the objectives to be achieved in an audit.
c. Relationship: Every independent audit engagement involves both
auditing standards and auditing procedures. From one engagement
to another engagement, auditing standards are applied uniformly but
auditing procedures may vary.
THE 10 GENERALLY ACCEPTED AUDITING STANDARDS (GAAS):
GENERAL STANDARDS – standards/criteria which present guidance in the
personal qualifications an auditor must possess to undertake the audit
engagement
professional competence
 Professional competence of the auditor is primarily met by having
professional education/training and practical experience in auditing
 Competence can also be acquired by the auditor through the following:
 Continuing professional development
 Consulting others if additional technical information is needed
 Coaching by more experienced staff
 Research to obtain knowledge of client business and industry
 Competence does not include warranting the infallibility of the work
performed.
2. Independence: This standard requires that the auditor must be impartial
when dealing with the client or without bias with respect to the client entity.
The auditor must be independent in fact and in appearance.
a. Independence of mind – The state of mind that permits the expression
of a conclusion without being affected by influences that compromise
professional judgment, allowing an individual to act with integrity, and
exercise objectivity and professional skepticism; this is also known as
“independence in fact” or “independence in mental attitude.”
b. Independence in appearance – The avoidance of facts and
circumstances or situations that are so significant that would lead a
reasonable and informed third party or the public to believe or conclude
that the auditor is not independent. In other words, independence in
appearance requires that activities or relationships that even suggest or
imply a possible lack of independence must be avoided by the auditor.
 Independence is often called the cornerstone of the profession
since it is necessary to add credibility to the auditor’s work.
 Auditor strives to achieve independence in appearance in
order to: maintain public confidence in the profession or to
achieve public confidence. The audit opinion and the audit report
would be of little or no value if auditor is not independent because
of absence of public confidence.
 The auditor ultimately decides whether or not he/she is
independent.
 Independence in mental attitude cannot be regulated.
  However, to encourage independence in fact and to maintain the
appearance of independence, the auditor can have no direct
financial interest in the client. “Direct” includes the auditor and
members of immediate family. “Financial interest” is ownership of
equity shares, other client financial instruments, or any other
potential financial benefit.
 In addition, there can be no material indirect financial interest such
as ownership through a mutual fund.
 To ensure independence, auditor cannot render an opinion on
statements of one year until all fees from the prior year audit have
been paid.
 To emphasize independence from management, auditor is usually
appointed by audit committee of the board of directors.
 Independence may be impaired by performing consulting services,
especially those that involve making management decisions.
3. Due professional care: This standard requires that an auditor, in fulfilling
his duties, should act diligently and carefully, exercise reasonable prudence,
and apply judgment in a conscientious manner, carefully weighing the
relevant factors before reaching a decision.
 Due professional care is often called the "average auditor"
concept. The auditor should do what the average auditor would do
and never less, including review of work performed by assistants
and maintaining an attitude of professional skepticism.
 Due professional care does not mean/imply infallibility or exercise
of error-free judgment. The auditor is not and cannot be held
responsible for losses because of errors of pure judgment.
 Exercise of due professional care in the performance of the audit
requires:
a. Observance of the standards of field work and reporting
b. Critical review of the audit work performed at every level
of supervision
c. Degree of skill commonly possessed by others in the
profession
d. Exercise of the same components of professional care as a
reasonable auditor would exercise
e. Exercise of professional skepticism
STANDARDS OF FIELD WORK – the standards / criteria for planning and
evidence-gathering
1. Adequate planning and proper supervision:
 Planning involves establishing the overall audit strategy for the
engagement and developing an audit plan. The auditor should also
supervise the work of assistants. Supervision is critical because of
assistants’ lack of experience.
 Audit programs are designed to enumerate appropriate action, and all
work of staff auditors should be reviewed by a qualified auditor. Audit
program is developed before substantive testing to ensure that
adequate planning has occurred.
2. Sufficient understanding of the entity and its environment,
including internal control:
 As part of the planning activities, the auditor is required to obtain
sufficient understanding of the entity and its environment. This
means that the auditor should obtain a more detailed knowledge of
the client's business and the environment/industry in which the entity
operates.
 A sufficient understanding of internal control is to be obtained to
plan the audit. Appropriate internal controls provide the auditor with
confidence that material misstatements will be prevented or detected
on a timely basis.
 Strong internal control implies that the auditor will require less
evidence.
 Weak internal control implies that the auditor will require more
evidence.
3. Sufficient appropriate audit evidence:
 The auditor should obtain sufficient appropriate audit evidence by
performing audit procedures to be able to draw reasonable
conclusions on which to base the opinion regarding the financial
statements under audit.
 Evidence gathering is sometimes called substantive testing. Any
testing that confirms the ending balance of an account is known
 as a test of a balance. Evidence gathered to support an account
by looking at the various transactions that have affected it during
the period is called a test of details.
 All specific audit work is performed in order to gather evidence.
 The quantity and quality of evidence to be gathered depends on
the judgment of the auditor.
 The decision as to how much evidence to be accumulated
requires professional judgment; not provided in the PSAs; the
rule is, evidence must be sufficient to afford a reasonable basis
for opinion
STANDARDS OF REPORTING – standards on auditor’s expression of audit
opinion through a medium known as the auditor’s report
1. Whether the financial statements are in accordance with
GAAP/PFRS: Conformity with GAAP/PFRS is explicit in the auditor’s
report
 Explicit statement means that the auditor should state whether or
not the financial statements subject to audit are prepared in
accordance with GAAP/PFRS.
 When an overall opinion cannot be expressed, as where the auditor
disclaims an opinion, the reasons therefore should be stated.
2. Consistent application of GAAP/PFRS: Consistency is implicit in the
auditor’s report
 If there is no material consistency as to application of GAAP/PFRS,
no statement as to consistency is required in the auditor’s report.
However, if a material inconsistency exists, auditor shall identify
such inconsistency in the auditor’s report.
In short:
 If GAAP/PFRS is consistently applied: no express
statement as to consistency is necessary because consistency is
implicit in the auditor’s report
 If GAAP/PFRS is not consistently applied: auditor shall
identify in the auditor’s report such inconsistency
3. Adequacy of informative disclosures: Adequacy of disclosure is
implicit in the auditor’s report. If informative disclosure is adequate, no
statement as to adequacy of disclosure is required in the auditor’s report.
However, if informative disclosure is inadequate, auditor must state such
inadequacy in the auditor’s report.
 If disclosure is adequate: no statement as to adequacy of
disclosure is necessary because adequacy of disclosure is
implicit in the auditor’s report
 If disclosure is inadequate: auditor must state in the audit
report such inadequacy
4. Opinion regarding the financial statements taken as a whole:
expression of audit opinion is explicit in the auditor’s report
Objective of 4th standard of reporting:
 To indicate the character of the engagement and the degree of
responsibility assumed by the auditor. This would prevent
FINANCIAL STATEMENTS users from misinterpreting the degree of
responsibility the auditor is assuming/taking.
 Reference to the expression "taken as a whole" in the fourth generally
accepted auditing standard of reporting means that the audit opinion
applies equally to a complete set of financial statements and to each
individual financial statement.
Philippine Standards on Auditing (PSAs):
 The PSAs are interpretations of GAAS, meaning, they are intended to clarify
the meaning of "generally accepted auditing standards."
 The PSAs contains basic audit principles and essential procedures together
with related guidance in the form of explanatory and other material which the
auditor should follow when conducting financial statements audit.
 Application of PSAs: PSAs apply to independent examination of
(historical) financial statements of any entity conducted for the purpose of
expressing an opinion.
 Compliance with PSA: The auditor should conduct an audit in accordance
with PSA. Compliance with PSAs means application of basic audit principles
and performance of essential audit procedures. Compliance with relevant
 PSAs is mandatory. Only in exceptional instances where departure from
relevant PSA is allowed such as when the auditor believes that the:
 Amount involved is insignificant; or
 Requirement of the PSA is impractical to perform; or
 Requirement of the PSA is impossible to perform.
NATURE OF SYSTEM OF QUALITY CONTROL:
One of the recognized objectives of the accountancy profession is to attain the
highest levels of performance. To achieve this objective, there is a need for assurance
that all professional services provided by CPAs are carried out to the highest quality or
standards of performance. Reasonable assurance of meeting such need is provided
through a system of quality control.
A system of quality control refers to quality control policies and procedures
adopted by CPA firms that are designed to provide reasonable assurance that the firm
and its personnel comply with professional standards and regulatory and legal
requirements and that reports issued by the firm or engagement partners are
appropriate in the circumstances.
System of Quality Control in an Audit Engagement: Policies and
procedures to provide reasonable assurance that all audits are conducted in
accordance with PSAs and that audit reports issued are appropriate in the
circumstances
QC policies vs. QC procedures:
a. Quality control policies – are the objectives and goals to be achieved
b. Quality control procedures – are steps/procedures to be taken to:
 accomplish the policies adopted, or
 implement and monitor compliance with those policies
Mandatory requirement for CPA firms to establish SQC: Under Philippine
Standard on Quality Control 1 (PSQC 1) CPA firms are required to establish and
implement a system of quality control.
Nature and Extent of a System of Quality Control: The nature and extent of the
SQC developed by CPA firms vary from firm to firm due to various factors such as:
a. Size of the CPA firm
b. Nature of its practice
c. Operating characteristics
d. Its organization
e. Geographical dispersion
f. Cost-benefit consideration
g. Whether it is part of a network
Elements of System of Quality Control: Although the nature and extent of the
system of quality control developed by CPA firms vary from one firm to another, a
system of quality control must have the following elements:
1. Leadership responsibilities for quality within the firm – The CPA firm
should establish policies and procedures that:
 Promote an internal culture based on recognition that quality is essential
in the performance of the engagements
 Require CPA firm’s leader (CEO/ managing board of partners or its
equivalent), to assume ultimate responsibility for the firm’s system of
quality control.
2. Ethical requirements, including independence –
 The CPA firm should establish policies and procedures to provide
reasonable assurance that the firm and its personnel comply with relevant
ethical requirements (including independence):
3. Acceptance and continuance of client relationships and specific
engagements – The CPA firm should establish policies and procedures to
provide reasonable assurance that the CPA firm will only undertake or continue
relationships and engagements where it:
a. Has considered the client’s integrity
b. Is competent to perform the engagement and has the capabilities, time
and resources to do so; and
c. Can comply with ethical requirements
4. Human resources – The CPA firm should establish policies and procedures
to provide reasonable assurance that it has sufficient personnel with the
capabilities, competence, and commitment to ethical principles necessary to
perform the engagement.
5. Engagement performance – The CPA firm should establish policies and
procedures to provide reasonable assurance that engagements are
performed in accordance with professional standards and regulatory and
 legal requirements, and that the firm or engagement partner issue reports
that are appropriate in the circumstances.
6. Monitoring – The CPA firm should establish policies and procedures to
provide reasonable assurance that quality control are relevant, adequate and
operating effectively and complied with in practice and should include an
ongoing consideration and evaluation of the firm’s system of quality control,
including a periodic inspection of a selection of completed engagements.
The purpose of monitoring compliance with quality control policies and
procedures is to provide an evaluation of:
a. Adherence to professional standards and regulatory and legal
requirements;
b. Whether the quality control system has been appropriately designed and
effectively implemented; and
c. Whether the firm’s quality control policies and procedures have been
appropriately applied, so that reports that are issued by the firm or
engagement partners are appropriate in the circumstances.
The following shall also be included in the CPA firm’s SQC:
1. Complaints and Allegations: The firm should establish policies and
procedures designed to provide it with reasonable assurance that it deals
appropriately with:
a. Complaints and allegations that the work performed by the firm fails
to comply with professional standards and regulatory and legal
requirements; and
b. Allegations of non-compliance with the firm’s system of quality
control.
2. Documentation: The firm should establish policies and procedures
requiring appropriate documentation to provide evidence of the operation
of each element of its system of quality control.
Distinction between GAAS/PSA and SQC: GAAS/PSAs relate to each individual
audit engagement, whereas SQC relates to all professional activities/services of the
firms practice as a whole.
QUALITY REVIEW COMMITTEE:
 To ensure that CPAs work to the highest standards, the government thru the
Professional Regulatory Board of Accountancy (BOA) has required all CPA
firms and individual CPAs in public practice to obtain a certificate of
accreditation to practice public accountancy. Such certificate is valid for three
(3) years and can be renewed after complying with the requirements of the
BOA.
 As a condition to the renewal of the certificate of accreditation to practice
public accountancy, the BOA requires individual CPAs and CPA firms to
undergo a quality control review to ensure that these CPAs comply with
accounting and auditing standards and practices.
 The BOA has created a Quality Review Committee (QRC) which shall conduct
a quality review on applicants for registration to practice public accountancy.
Functions of the Quality Review Committee:
 Conducts quality review on applicants for registration, or renewal thereof, to
practice public accountancy
 Render a report on such quality review, which shall be attached to the
application for registration
 Recommend to BOA revocation of registration and professional ID cards of
CPAs for not observing the SQC requirements
Quality review – an oversight into (or study or appraisal of) the quality of audit
of FS through a review of quality control measures established by CPA firms and
individual CPAs in public practice to ensure compliance with accounting and
auditing standards and practices
PRELIMINARY ENGAGEMENT ACTIVITIES
(PRE-PLANNING ACTIVITIES)
APPLICABLE STANDARDS:
 PSA 200 (Revised and Redrafted) – Overall Objectives of the
Independent Auditor and the Conduct of an Audit in
Accordance with International Standards on Auditing
 PSA 210 (Redrafted) – Agreeing the Terms of Audit
Engagements
 PSA 300 (Redrafted) – Planning an Audit of Financial
Statements
  PSA 240 (Redrafted) – The Auditor’s Responsibility to with clients whose management
Consider Fraud in an Audit of Financial Statements  lacks integrity.
 PSA 250 (Redrafted) – Consideration of Laws and  Most of litigations involving CPAs
Regulations in an Audit of Financial Statements are due to lack of integrity of client’s
 PSA 600 (Revised and Redrafted) – Special Considerations- management.

Audits of Group Financial Statements (Including the Work of  Lack of management integrity usually
Component Auditors)
 results to high audit risk.
 PSA 610 (Redrafted) – Using the Work of Internal Auditors
 Factors to consider in evaluating client’s
 PSA 620 (Revised and Redrafted) – Using the Work of an
Expert  integrity:
 Identity, attitude and
business reputation of
Purpose of Preliminary Engagement Activities: the client (such as its
Preliminary engagement activities assist the auditor in identifying and principal owners, key
evaluating events or circumstances that may adversely affect the auditor’s management or those
ability to plan and perform the audit engagement. Such activities help ensure charge with corporate
that: governance, and
a. There are no issues with client management’s integrity that may  related parties, if any)
affect the willingness to continue the engagement  Nature of the client’s
b. The auditor maintains the necessary independence and ability to operations
perform the engagement  Indications of an
c. There is no misunderstanding with the client as to the terms of the inappropriate limitation in
engagement the scope of work
 Involvement in money
Preliminary Engagement Activities: laundering or other
 criminal activities
1. Perform procedures regarding acceptance or continuance of  The reasons for the
the client relationship proposed
appointment of the
 Acceptance or selection procedures – in case of initial CPA firm or auditor
audit (prospective/new client)  and non-
reappointment of the
 a. Evaluate integrity of the client’s management previous CPA firm or
 Evaluation of management integrity auditor
is necessary to avoid association 
 (1) Investigate/research the client’s Under the Code of Ethics for CPAs, the successor auditor
background has the responsibility to initiate communication with the
  Internet searches predecessor auditor. However, the communication
 Review the entity’s financial requires prior client’s permission/consent (preferably in
 statements writing) to avoid violation of confidentiality principle.
 Consider engaging
professionals/investigators to If the client is unwilling to agree to such
evaluate the principals communication (communication is not permitted by
associated with the prospective the client or the client limits the responses of the
client  predecessor auditor), the successor auditor should:
 Obtain credit ratings and reports,  Consider the implications of
if necessary  such refusal/limitation, and
  De
(2) Inquiring from other firm personnel or
cid
third parties (such as bankers, legal
counsel/advisors, industry peers and others in e
the financial or business community who may
have knowledge regarding the client) wh
eth
(3) Communicate with prospective client’s
predecessor auditor: Matters to be inquired of er
or discussed with the predecessor or
(previous/former) auditor by the
incoming/successor auditor: not
a) Facts/information that might bear on the integrity of the prospective to
client
b) Predecessor auditor’s understanding as to the reasons for the change acc
of auditors ept
c) Any disagreement between the predecessor auditor and the client
regarding accounting principles or auditing procedures or other the
similarly significant matters en
d) Communication to management, the audit committee, and those
charged with governance regarding fraud, illegal acts by the client, and gag
matters relating to internal control. em
 ent procedures, existing clients should be evaluated once a year or
upon occurrence of the following:
.
 Changes in management, directors
 or ownership
 b.  Nature of client’s business

Ot 2. Evaluate compliance with ethical requirements,
he including independence

r a. Independence – The CPA firm or auditor shall

Co identify, evaluate and respond to any threat to
independence
nsi  The CPA firm or auditor must be
de independent of the client whose
financial statements are subject to
rat  audit.
ion  Audit opinion is not credible or of little or no
value if the auditor is not independent.
s: 
 
 Auditability of client’s financial statements –
b. Professional competence – determine if the CPA
determine whether the auditor will be able to
firm or auditor has the necessary skills and
accumulate sufficient appropriate audit
competence
evidence to render an opinion on the
financial statements by considering:  Professional accountants should not
 portray themselves as having the
a. The adequacy of accounting records
required expertise which they do not
b. Quality of internal control
possess.
 High level of public scrutiny and media
 The auditor should obtain preliminary
 interest
understanding of prospective client’s
  The financial health of the client
 business
 Ability to pay audit fees
 and industry to determine whether the auditor has the
 Continuance or retention procedures – in case of  required degree of competence.
recurring audit (or existing client)  If the auditor does not possess the
 industry expertise, he should obtain
To ensure the audit firm’s continuing compliance with
acceptance and continuance knowledge of matters that relate to the
 nature of the entity’s business and public sector entity or a not-
industry. for-profit organization);
 b. The purpose of the
c. Ability to serve the client properly – the CPA financial statements (for
firm or auditor must have capability, time and example, whether they are
resources to perform the audit prepared to meet the
common financial
Examples: information needs of a wide
 Availability of appropriately qualified range of users or the financial
 staff when the work is required information needs of specific
 The firm is able to complete the users);
engagement within the reporting • Financial statements
deadline (proximity of the deadline) prepared in
 Consider the need for expert’s accordance with a
 assistance and any conflicts of interest financial reporting
 Firm personnel have knowledge of framework designed
 relevant industries to meet the common
 The firm has sufficient personnel with financial information
the necessary capabilities and needs of a wide range
competence. of users are referred
 to as general purpose
3. Establish an understanding of the terms of the engagement financial statements.
 The CPA firm or auditor shall accept or continue • Financial statements prepared in accordance
an audit engagement only when: a. The with a financial reporting framework designed to
 preconditions for an audit are present: meet the financial information needs of specific
(1) Management has used acceptable financial users are referred to as special purpose financial
reporting framework (or suitable criteria or statements.
appropriate basis for) in the preparation of the c. The nature of the financial statements (for example,
financial statements whether the financial statements are a complete set of
Factors to consider in determining the acceptability financial statements or a single financial statement);
of the financial reporting framework: and
a. The nature of the d. Whether law or regulation prescribes the applicable
entity (for example, whether financial reporting framework.
it is a business enterprise, a
Examples of financial reporting frameworks:
  IFRSs
  PFRSs
 IPSASs – International Public Sector Accounting Standards
 Expected start and completion dates of the
(2) Management agrees to the premise that it has acknowledged and
understood its responsibilities
If the preconditions for an audit are not present, the auditor
shall not accept the proposed audit engagement, unless
acceptance is required by law or regulation. Preconditions for
an audit are within the control of the entity.
b. There is a common understanding between the auditor and
management (and, where appropriate, those charged with
governance) of the terms of the audit engagement.
Agreement on audit engagement terms:
The auditor shall agree on the terms of the audit
engagement with management or those charged with
governance, as appropriate. Such agreed terms shall be
recorded in an audit engagement letter or other suitable
form of written engagement.
 Preliminary conference: A preliminary conference with
the client is scheduled after the CPA has determined
that:

 The firm is independent
 The firm is competent to perform the audit
 The firm can serve the client properly, and
 The client’s reputation is one of integrity
The terms of engagement are usually agreed with the client during
a preliminary conference with the client, and formalized through a
signed engagement letter. During the preliminary conference, the
auditor and client agree on the following issues:
The specific services to be rendered
The cooperation and work expected to be performed
by the client’s personnel
 engagement
The possibility that the completion date may be changed
if unforeseen a udit problems arise if unforeseen audit
problems arise if adequate cooperation from client’s
 personnel is not received
The nature and limitations of the audit engagement
An estimate of the fee to be charged for the
engagement

 Engagement letter – an agreement between the CPA firm or
auditor and the client for the conduct of the audit. It is a letter
from the auditor to the client management, and when signed by
the client it serves as a formal written contract between them.

 Engagement letter documents and confirms the:
a. Auditor’s acceptance of the appointment
b. Client’s acceptance of the terms of the audit
engagement
c. Responsibilities of both the client management
and the auditor
d. Arrangements or agreed terms of the
engagement (such as the objectives and
scope of the audit, the form of any reports,
etc.)
 Importance (primary reason) of an engagement
letter: It clarifies the nature of the engagement and the
responsibilities of management and those of the auditor.
This will help in avoiding or minimizing or resolving future
misunderstandings disagreement between the auditor and
the client with respect to the engagement.

Engagement letter should be sent to the client
preferably before the start of the engagement.
 
An engagement letter is normally addressed to whoever
hired the CPA.
Form and Contents of the Engagement Letter:
The form and content of engagement letters may vary for each client.
Engagement letters should be adapted according to individual requirements
and circumstances of the engagement. Generally, engagement letters should
include reference to:
1. Principal Contents:
a. Objective and scope of the audit
of the financial statements
b. Responsibilities of the auditor
c. Responsibilities of management
d. Identification of financial
reporting framework for the
preparation of the financial
statements
e. Reference to any form and
content of any reports to be
issued by the auditor and a
statement that there may be
circumstances in which a report
may differ from its expected
form and content
2. In addition, and audit engagement letter
may make reference to, for example:
 Elaboration of the scope of the audit,
including reference to applicable
legislation, regulations, PSAs, and
ethical and other pronouncements of
professional bodies to which the auditor
 adheres.
The form of any other communication of
 results of the audit engagement
 The fact that because of the inherent
limitations of an audit, together with the
inherent limitations of internal control,
there is an unavoidable risk that some
material misstatement may not be
detected, even though the audit was
properly planned and performed in
 accordance with the PSAs
 Arrangements regarding the planning
and performance of the audit,
including the composition of the audit
 team
 Expectation that management will provide
 written representations
 The agreement of management to
make available to the auditor draft
financial statements and any
accompanying other information in time
to allow the auditor to complete the
audit in accordance with the proposed
 timetable
 The agreement of management to
inform the auditor of facts that may
affect the financial statements, of which
management may become aware during
the period from the date of the auditor’s
report to the date the financial
 statements are issued.
 Basis on which fees are computed and any
 billing arrangements
  A request for management to
acknowledge receipt of the
engagement letter and to agree to the
terms of the engagement outlined
therein
 send a new engagement letter:
3. Other arrangements, when relevant, such as:
 Involvement of other auditors and experts
 in some aspects of the audit
 Involvement of internal auditors and other
 staff of the entity
 Arrangements to be made with the
predecessor auditor, if any, in the case
of an initial audit
 Any restriction of the auditor’s liability when
 such possibility exists
 A reference to any further agreements
 between the auditor and the client
 Any obligations to provide audit working
papers to other parties
Audits of Components:
Factors to consider whether to send a separate engagement letter to the
component when the auditor of the parent company is also the auditor of its
component (subsidiary, branch or division):
1. Who appoints the auditor of the component
2. Whether a separate auditor’s report is to be
issued on the component
3. Legal requirements in relation to audit
appointments
4. The extent of any work performed by other
auditors
5. Degree of ownership by parent, and
6. Degree of independence of the component’s
management from the parent entity
Audit Engagement in Recurring Audits:
1. The auditor may decide not to send a new engagement letter or
other written agreement each period.
2. The following factors may make it appropriate to
a. Revision of the terms of audit engagement
because:
 Any revised or special terms of the
 engagement
 A recent change of senior
management or those charged with
 governance
  A significant change in ownership
 A significant change in nature or size
 of the client’s business
 A change in legal or regulatory
 requirements
 A change in the financial reporting
framework adopted in the
preparation the financial statements
 A change in other reporting
 requirements
b. Reminder to the client of the existing terms
of the engagement
 Any indication that the client
misunderstands the objective and
scope of the audit.
Audit procedures when the client requests for a change in
engagement:
1. Consider the appropriateness of reasons for the
engagement
 2. If there is a reasonable justification for the change – stop
the original engagement and agree on the new terms of
engagement. And then proceed with the new engagement
 To avoid confusing the users of the new report, do
 not mention the following in the new report:
a. The original engagement
b. Any procedures that may have been
performed in the original engagement
(except where
the engagement is changed to an engagement to undertake
agreed- upon procedures and thus the reference to the
procedures performed is a normal part of the report)
3. If there is no reasonable justification – refuse the client’s
request, and continue to perform the original engagement
and issue the original report
 If the auditor is not permitted to continue the
original engagement, the auditor should withdraw
from the engagement and consider reportorial
responsibilities to the BOD or shareholders of the
client.
Whether or not to accept a change in engagement:
 Change in the terms of the audit engagement: The auditor shall
not agree where there is no justification/basis for the change in the
terms of the audit engagement.
Reasonable basis includes:
a. A change in circumstances affecting the entity’s requirements
For example, the client's bank required an audit before
committing to a loan, but the client subsequently acquired
alternative financing.
b. A the client asks for the engagement to be changed to a revie w
misunderstanding as
to the nature of the
service originally
requested Not a
reasonable basis:
Change that relates to information that is incorrect, incomplete
or otherwise unsatisfactory.For example, the entity asks for
the audit engagement to be changed to a review engagement
to avoid a qualified opinion or disclaimer of opinion.
 Change to a lower level assurance engagement: The
auditor shall not agree where there is no justification/basis
 for the change to a lower level assurance engagement.
1. The auditor should agree if there is reasonable basis,
such as:
a. A change in circumstances affecting the entity’s requirements
or need for the service
For example, the client's bank required an audit before
committing to a loan, but the client subsequently acquired
alternative financing.
b. A misunderstanding as to the nature of an audit or related service
originally requested
c. A restriction on the scope of the engagement, whether imposed by
management or caused by circumstances
If there is a reasonable change, no reference of the same shall
be included in the report.
2. Not agree if there is no reasonable justification – if the change
relates to incorrect, incomplete or otherwise unsatisfactory
information.
For example, in an audit engagement, the auditor is unable to
obtain sufficient appropriate audit evidence regarding receivables and
engagement to avoid a qualified audit opinion or a disclaimer of
opinion.
 Withdraw from the engagement – if the auditor is unable to agree
to the change and is not permitted/allowed to continue the original
engagement because of his disagreement
AUDIT PLANNING
Audit Planning:
Audit planning involves establishing the overall audit strategy for the
engagement and developing an audit plan, in order to reduce audit risk to an
acceptably low level
Objective of the auditor in planning the audit: So that the audit will be
performed in an effective manner
Who are involved in planning the audit: Engagement partner and other
key members of the engagement team (because of their experience and insight
to enhance the effectiveness and efficiency of the planning process)
Benefits/Importance of adequate audit planning:
 Appropriate attention is devoted to important areas of the audit
 Potential problems are identified and resolved on a timely basis
 The audit is performed in an effective and efficient manner
 The audit engagement is properly organized, staffed and managed
 The audit is completed expeditiously
 Assists in the selection of engagement team members with appropriate levels
of capabilities and competence to respond to anticipated risks
 Assists in the proper assignment of work or proper utilization of assistants
 Facilitates the direction and supervision and the review of work
 Assists in coordination of work done by auditors of components and experts
 Proper utilization of experience gained from previous years’ engagements and
other assignments
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative
process that often begins shortly after (or in connection with) the completion of the
previous audit and continues until the completion of the current audit engagement.
In other words, planning is a continuous function that last throughout the audit.
Factors that affect the nature and extent of audit planning:
The nature and extent of planning activities will vary according to the following
factors:
a. The size and complexity of the entity – big companies and companies
with more complex operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement
– for example, expansion of operation because of diversification
c. The auditor’s previous experience with and understanding of the
entity – more work is required to obtain information regarding a new client
than for an existing client
 Initial audit requires more audit time because the auditor has no previous
knowledge or is unfamiliar with the client’s business, industry and internal
control which need to be carefully studied.
 Recurring audit requires lesser audit time because of auditor’s previous
knowledge of the entity and its industry
Whether the audit is initial or recurring, the purpose and objective of
audit planning are the same. It is the nature and extent of audit
planning that varies. For example, in case of initial audit the auditor
may need to expand the planning activities because he does not
ordinarily have the previous experience with the entity that is
considered when planning recurring audit engagements. Additional
considerations in initial audit engagements are necessary such as the
need for the auditor to review the predecessor’s working papers and
to perform audit procedures regarding opening balances.
d. The composition and size of the audit team
Planning stage of audit – the time before fieldwork starts, when the auditor is
gathering information about the client and its environment and designing overall audit
strategy and audit plan
Effect of timing of appointment of auditor on audit planning:
 The earlier the auditor is appointed, the more efficient the audit plan and
performance can be. Thus, early appointment of the auditor allows the auditor
to plan a more efficient audit.
 It is acceptable for an auditor to accept an audit engagement near or after
year-end. However, the auditor should consider whether late appointment will
pose limitations on the audit that may lead to a qualified opinion or a disclaimer
of opinion, and should discuss such concerns with the client.

PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT:
In order to reduce audit risk to an acceptably low level (Note 3), the auditor
shall:
1. Establish an overall audit strategy that sets the scope, timing and direction
for the audit, and that guides the development of the more detailed audit plan
(Note 1)
2. Develop an audit plan that addresses the various matters identified in the
overall audit strategy
Audit plan includes a description of:
a. The nature, timing and extent of planned risk assessment procedures
(Note 2)
b. The nature, timing and extent of planned further audit procedures (at the
assertion level) – to be performed during testing stage
Further audit procedures include:
(1) Tests of controls – tests of the operating effectiveness of internal
control
(2) Substantive tests/procedures – include tests of details and analytical
procedures
c. Other planned audit procedures (that are required to be carried out to
comply with PSAs)
AUDIT PLANNING ALSO INVOLVES:
1. Modifying (updating) the overall audit strategy and the audit plan as
necessary during the course of the audit
Revision is necessary because of:
 Unexpected events
 Changes in conditions
 Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit plan
are not necessarily discrete and or sequential processes, but are closely
inter-related since changes in one may result in consequential changes to
the other.
2. Planning the nature, timing and extent of direction, supervision of
the engagement team members and the review of their work
The nature, timing and extent of direction, supervision of audit
engagement team members and review of their work depend on the
following factors:
a. Size and complexity of the entity – Audits of small entities
requires lesser (or even no) direction, supervision, and review of
the work of assistants
b. Area of audit – Difficult aspects of audit demand increased
direction, supervision, and a more detailed review of work of
assistants.
c. Risks of material misstatement – As the assessed risk of material
misstatement increases, a given area of the audit, the auditor
ordinarily increases the extent and timeliness of direction,
supervision and review
d. Capabilities and competence of personnel performing the audit
work.
3. Other planning considerations:
 The auditor should consider the work of experts and other
independent auditors
a. Considering the work of an expert – An expert is a person or
firm possessing special skill, knowledge and experience in a particular
field or discipline other than accounting and auditing.
Examples of work of experts include:
 Valuation of certain assets (such as precious stones, works
of arts, real estate, plant and machinery)
 Valuation of financial instruments
 Actuarial valuation
 Determination of quantities or physical condition of assets
such as minerals stored in stockpiles, underground mineral
and petroleum reserves, and the remaining useful life of
plant and machinery
 Measurement of % of completion on contracts in progress
 Legal opinions concerning interpretations of statute and
regulations and contracts such as legal documents or legal
title to property
 When determining the need for an expert, the auditor would
consider:
a. The materiality of the financial statement item being
considered
b. The risk of misstatement
c. The quality and quantity of other audit evidence available
b. Considering the work of other independent auditors –
applicable when a component of the entity is to be audited by other
independent auditor
 Discussing planned audit procedures with client management:
 Discussion is allowed to facilitate the conduct and management of the
audit engagement (for example, to coordinate some of the planned
audit procedures with the work of the client’s personnel)
 Discussion should not compromise the effectiveness of the audit (audit
procedures should not be too predictable)
 Audit engagement team discussions :
 The members of the engagement team should discuss the
susceptibility of the entity’s financial statements to material
misstatements.
 Communication between audit team members is necessary at all
stages of the engagement to ensure all matters are appropriately
considered.
 The objective of audit team discussions is to:
 Share insights based on their knowledge of the entity;
 Exchange information about business risks;
 Gain a better understanding of the potential for material
misstatements (especially for the audit areas assigned to them);
 Consider the susceptibility of the entity’s financial statements to
material misstatement due to fraud;
 Consider application of the applicable financial reporting
framework to the entity’s facts and circumstances; and
 Understand how the results of the audit procedures performed
may affect other aspects of the audit including the decisions
about the nature, timing, and extent of further audit procedures.
 Members of the engagement team have an ongoing responsibility to
discuss:
 Their understanding of the entity to be audited;
 The business risks to which the entity is subject;
 Application of the applicable financial reporting framework; and
 The susceptibility of the financial statements to material
misstatements, including fraud.
4. Developing the audit program:
The auditor should prepare an audit program.
 An audit program is a listing of audit procedures (tests of
controls and/or substantive tests) that the auditor will perform
to gather sufficient appropriate evidence.
 It sets out in detail the nature, timing and extent of planned
audit procedures required to implement the overall audit plan.
 It is a set of instructions to assistants involved in the audit and
as a means to control and record the proper execution of work
 It provides a proof that the audit was adequately planned
 It is a basic tool used by the auditor to control the audit work
and review the progress of the audit.
 The form and content of audit program may vary for each
particular engagement.
 The auditor may use standard audit programs or audit
completion checklists but should appropriately tailor to suit the
circumstances on particular engagement.
 An audit program at the beginning of the audit process is
temporary because a complete audit program for an
engagement generally should be developed after evaluation
of internal control.
Time budget – an estimate of time that will be spent in executing
audit procedures listed in the audit program that provides a basis for
estimating audit fees and assists the auditor in assessing the efficiency
of the assistants
5. The auditor should document the planning activities:
Documentation of the following serves as a record/evidence of the proper
planning and performance of the audit procedures:
a. The overall audit strategy – documentation or record of the key
decisions
b. The audit plan (including the audit program) – documentation of the
planned nature, timing and extent of audit procedures
c. Record of:
  Any significant changes made to the overall audit strategy and the
audit plan during the audit
 Resulting changes to the planned nature, timing and extent of
audit procedures
 Final overall audit strategy and audit plan
 Appropriate response to the significant changes occurring during
the audit
The following shall also be documented:
a. Discussion among the engagement team
b. Key elements of the understanding of the entity, its environment,
including internal control
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has
obtained an understanding
Note 1:
Establishing the overall audit strategy involves:
a. Identifying the characteristics of the engagement that define its scope
Examples:
 Financial reporting framework (Ex. PFRS)
 Industry specific reporting requirements (Reports required by industry
regulators)
 Expected coverage of the audit (Ex. Locations and number of
components of the entity to be included in the audit)
 Nature of the control relationships between a parent and its components
(this affects how the group is to consolidated)
 Extent to which components are audited by other auditors
 Nature of business segments to be audited (this may require the need
for specialized knowledge)
 Reporting currency to be used (may involve foreign currency translation)
 The need for a statutory audit of standalone financial statements in
addition to an audit for consolidation purposes
 Availability of the work of internal auditors and the extent of the
auditor’s reliance on such work (Note 1.1)
 The entity’s use of service organizations
 Expected use of audit evidence obtained in previous audits (in case of
recurring audit), for example, audit evidence related to risk assessment
procedures and tests of controls
 The effect of information technology (IT) on the audit procedures
 Coordination of audit work with reviews of interim financial information
 Availability of client personnel and data
b. Ascertaining the reporting objectives of the engagement to plan the timing of
the audit and the nature of the communications required
Examples:
 Deadlines or timetable for interim and final reporting
 Organization of meeting with the management to discuss the nature,
timing and extent of the audit work
 Discussion with management regarding the expected type and timing of
reports to be issued and other communications, both oral and written,
including the auditor’s report, management letter and communications
to those charged with governance
 Discussion with management regarding the expected communication
and status of audit work throughout the engagement
 Communication with auditors of components
 Expected nature and timing of communications among engagement tem
members
 Any other expected communications with third parties
c. Considering the factors that are significant in directing the engagement team’s
efforts
Examples:
 Determining the appropriate materiality levels (Note 1.2)
 Preliminary identification of areas where there may be higher risks of
material misstatement (Note 1.3)
 The impact of assessed risk of material misstatement at the overall
financial statement level on direction, supervision and review
 The manner in which professional skepticism is emphasized to
engagement team members
 Management commitment to a sound internal control
 Volume of transactions, which may determine whether it is more efficient
for the auditor to rely on internal control
 Importance attached to internal control throughout the entity to the
successful operation of the business
  Significant business developments affecting the entity (such as changes
in information technology, changes in key management, acquisitions,
mergers and divestments)
 Significant industry developments (such as changes in industry
regulations and new reporting requirements)
 Significant changes in financial reporting framework (such as changes in
accounting standards)
 Other significant relevant developments (such as changes in the legal
environment affecting the entity)
d. Considering the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by
the engagement partner for the entity is relevant, and
Examples:
 Results of previous audit regarding evaluation of internal control,
identified weaknesses and action taken to address them
 The discussion of matters that may affect the audit with firm personnel
responsible for performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform
the engagement.
Examples:
 Selection of the engagement team
 Assignment of audit work to team members (experienced team members
are assigned to areas where there may be higher risks of material
misstatement
 Engagement budgeting (more audit time is set aside for areas where
there may be higher risks of material misstatement)
Benefits of developing the overall audit strategy:
Establishing the overall audit strategy assists the auditor in determining the
following:
a. The resources to deploy for specific audit areas
For example:
 Use of experienced team members for high risk areas
 Involvement of experts on complex matters
b. The amount of resources to allocate to specific audit areas
For example:
Number of team members assigned to observe the inventory count at
material locations
 Extent of review of other auditors’ work in the case of group audits
 Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
 Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
 When to hold team briefing and debriefing meetings
 How engagement partner and manager reviews are expected to take place
(for example, on-site or off-site)
 Whether to complete engagement quality control reviews
Note 1.1 – Considering the work of internal auditing/ auditors
 The external auditor should consider the work of internal auditing in order to
minimize audit costs.
 The auditor should obtain a sufficient understanding of the internal audit
function because the work performed by internal auditors may be a factor in
determining the nature, timing, and extent of external auditor’s procedures.
 Internal auditing can affect the scope of the external auditor’s audit of financial
statements by decreasing the auditor’s need to perform detailed tests.
 The tasks that could be delegated to the internal audit staff include preparation
of schedules. The auditor has sole responsibility for the audit opinion
expressed, and that responsibility is not reduced by any use made of internal
auditing.
Considering the work of internal auditing involves two important phases:
1. Making a preliminary assessment of internal auditing – important criteria
in assessment of internal auditor’s:
a. Technical competence – personal qualifications and experience as
internal auditors
b. Objectivity / organizational status – organizational level to which the
internal auditor report the results of his work
c. Due professional care – proper planning, supervision and
documentation of internal auditor’s work
d. Scope of function – nature and extent of internal auditing
assignments performed
2. Evaluating and testing the work of internal auditing
Note 1.2 – Determining the appropriate materiality levels
The auditor shall determine materiality and performance materiality when
planning the audit.
Concept of materiality:
 Materiality is the amount (threshold or cut-off point) at which
judgment of informed decision makers based on the financial
statement may be altered (changed or influenced).
 An item or information is material if its omission or misstatement could
influence the economic decisions of users taken on the basis of the
financial statements.
 In determining appropriate level of materiality, the auditor uses
professional judgment using his perception of the needs of reasonable
users of the financial statements.
Uses of materiality in planning the audit:
a. To determine the nature, timing and extent of risk assessment
procedures
b. To identify and assess risk of material misstatement, and
c. To determine the nature, timing and extent of further audit procedures
Considering materiality throughout the audit:
1. Planning stage
a. To identify and assess risks of material misstatements
b. To determine the nature, timing and extent of further audit procedures
2. Testing stage (materiality levels set during audit planning are simply
updated/revised if necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the
financial statements and in forming the opinion in the auditor’s report
Documentation on materiality: Documentation should include the
amounts and the factors considered in their determination:
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions,
account balances or disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses
Qualitative and quantitative considerations:
Materiality should address qualitative and quantitative considerations. In
some cases, misstatements of relatively small amounts could have a material
effect on the financial statements. For example, an illegal payment of an
otherwise immaterial amount or failure to comply with a regulatory
requirement may be material if there is a reasonable possibility of such
payment or failure leading to a material contingent liability, a material loss of
assets, or a material loss of revenue.
Inverse relationship between materiality and audit
procedures/evidence:
 More evidence will be required for a low peso amount of materiality than
for a high peso amount.
 The lower the tolerable misstatement, the more extensive the required
audit procedures.
Materiality levels:
a. Materiality at financial statement as a whole – it is the smallest
aggregate level that could misstate/distort any of the financial statements
 Also known as materiality threshold or planning materiality or
overall materiality
 Overall materiality is usually expressed as a % of a chosen benchmark
(such as profit before tax, total revenues, gross profit, total expenses,
total equity or net asset value).
 Profit from continuing operations is often used for profit-oriented
entities except when the profit from continuing operations is volatile.
 Relevant financial data as source of benchmarks:
 Prior periods’ financial statements
 Annualized interim financial statements
 Period-to-date financial statements
 Budgeted financial statements of the current year
b. Materiality at assertion level – materiality level for individual or particular
class of transactions, account balance, or disclosure where appropriate; this is
also known as tolerable misstatement
  Tolerable misstatement refers to allocated materiality to affected b. Risk of material misstatements may be greater for significant judgmental
accounts (usually statement of financial position accounts because matters such as:
they are fewer)  Accounting estimates
 Account balance – an individual line item in the financial  Revenue recognition may be subject to differing interpretation
statements, such as cash and cash equivalents, loans and receivable,  Required judgment may be subjective or complex or require assumptions
etc. about the effects of future events (for example, judgment about fair value)
 Class of transactions – type of transaction processed by the client’s c. Significant risk of relating to risk of material misstatement due to fraud
accounting system, such as sales transactions and purchasing d. There are areas where special audit consideration may be necessary, for
transactions example:
 Allocation may be done judgmentally or using formal quantitative
Related party transaction – a transfer of resources, services or obligations between related
approaches.
parties, regardless of whether a price is charged
 Materiality at this level are lesser than the overall materiality level but
could reasonably be expected to influence the economic decisions of
The auditor shall inquire of management regarding:
financial statement users.
a. The identity of the entity’s related parties (relationships and transactions), including
changes from the prior period;
c. Performance materiality – amount or amounts set by the auditor: b. The nature of the relationships between the entity and these related parties; and
 At less than materiality for the financial statements as a whole c. Whether the entity entered into any transactions with these related parties during the
 At less than materiality level or levels for particular classes of transactions, period and, if so, the type and purpose of the transactions.
account balances or disclosures
Purpose of performance materiality: It provides margin to reduce
 Existence of related parties and related party transactions
the possibility of undetected misstatements because:
 Management’s use of going concern assumption (financial statements are
a. It reduces to an appropriately low level the probability that the
prepared based on going concern assumption but there is a significant
aggregate of uncorrected and undetected misstatements in the
doubt as to the continued existence of the entity) – the auditor shall assess
financial statements exceeds the materiality level for the
the appropriateness of management’s use of going concern assumption
financial statements as a whole
b. It reduces to an appropriately low level the probability that the
Note 2:
aggregate of uncorrected and undetected misstatements in the
particular class of transactions, account balance or disclosure
Risk assessment procedures – are audit procedures whose purposes include:
exceeds the materiality level for that particular class of
a. To obtain understanding of the entity and its environment, including the
transactions, account balance or disclosure
entity’s internal control (Note 2.1)
b. To identify risks of material misstatements, whether due to fraud or error, at
Note 1.3 – Preliminary identification of areas where there may be higher
the financial statement and assertion levels (Note 2.2)
risks of material misstatement
c. To assess risks of material misstatement (Note 2.3)
a. Risks of material misstatements may be greater for significant non-routine
d. To provide a basis for the identification and assessment of risks of material
transactions which involves:
misstatements
 Greater management intervention to specify the accounting treatment
e. To provide a basis for designing and implementing responses to the assessed
 Greater manual intervention for data collection and processing
risks of material misstatement
 Complex calculations or accounting principles

Risk assessment procedures include (Note 2.4):
1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Note 2.1 – Required understanding of the entity and its environment,
including internal control:
1. Understanding of the environment – external factors:
a. Relevant industry’s factors – the industry in which the entity operates
may give rise to specific risks of material misstatements arising from the
nature of the business or the degree of regulation
Examples of industry factors:
 Industry conditions such as the competitive environment, supplier and
customer relationships and technological developments
Specific examples of industry factors:
 Market and competition (including demand, capacity, and price
competition)
 Cyclical or seasonal activity
 Product technology relating to the entity’s products
 Energy supply and cost
b. Regulatory factors – include the regulatory environment
 Accounting principles and industry specific practices
 Regulatory framework for a regulated industry
 Laws/legislations or regulations that significantly affect the entity’s
operations, including direct supervisory activities
 Taxation
 Legal and political environment
 Government policies currently affecting the conduct of the entity’s
business
 Environmental requirements affecting the industry and the entity
c. Applicable financial reporting framework
d. Other external factors affecting the entity – such as general
economic conditions, interest rates and availability of financing, and
inflation or currency revaluation
2. Entity – internal factors:
a. Nature of the entity: An understanding of the nature of an entity
enables the auditor to understand the classes of transactions, account
balances, and disclosures to be expected in the financial statements.
Factors to consider include:
 Entity’s operations
 Ownership and governance structures
 Types of investments that the entity is making and plans to make
 Entity structure (locations, subsidiaries, etc.) – complex structures
may give rise to risks of material misstatement
 How the entity is financed
 How related party transactions are identified and accounted for
b. Entity’s selection and application of accounting policies – consider
whether accounting policies are:
 Appropriate for the entity’s business
 Consistent with the applicable financial reporting framework, and
 Used in the relevant industry
c. Entity’s objectives and strategies, and those related business
risks that may result in risks of material misstatement of the
financial statements
1. Objectives – relate to entity’s mission, vision or values statement
2. Strategies – pertain to operational approaches by which
management intends to achieve its objectives
3. Business risks – risks of inability to achieve the objectives
 The term “business risk” is broader than the risks of material
misstatement in the financial statements. Not all business risks
give rise to risk of material misstatement.
 An understanding of business risks increases the likelihood of
identifying the risks of material misstatement. However, the
auditor does not have a responsibility to identify or assess all
business risks.
d. Measurement and review of the entity’s financial performance
Performance measures, whether external or internal, create pressures
on the entity that may motivate management to take action to improve the
business performance or to manipulate/misstate the financial statements.
e. Internal control – The auditor shall obtain an understanding of internal
control relevant to the audit.
Internal control is designed, implemented and maintained to address
identified business risks that threaten the achievement of any of the
entity’s objectives that concern:
1. The reliability of the entity’s financial reporting;
 2. The effectiveness and efficiency of its operations; and
3. Its compliance with applicable laws and regulations.
An understanding of internal control assists the auditor in identifying
types of potential misstatements and factors that affect the risks of
material misstatement, and in designing the nature, timing, and extent of
further audit procedures.
Note 2.2 – Identify the risks of material misstatement:
 Identify risks of material misstatement (inherent risk and control risk) based on
understanding the entity and its environment, including the entity’s relevant
internal control. The auditor shall provide reasonable assurance of detecting
material misstatements, whether arising from errors or fraud.
Risk of material misstatement (RMM) – the risk that the financial
statements contain a material misstatement.
Components of RMM:
The risks of material misstatement are a combination of inherent risk
and control risk:
1. Inherent risk – the susceptibility of an assertion to a
misstatement that could be material, either individually or when
aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
Inherent risk may also be described as follows:
 The concept of inherent risk recognizes that the risk of
misstatement is greater for some assertions than for others.
 Inherent risk is the risk that financial statements are likely
to be materially misstated.
Examples of inherent risk:
 Cash is more susceptible to theft than an inventory of coal
 Complex calculations are more likely to be misstated than
simple calculations
 Estimation transactions, especially if they involve accounting
estimates that are subject to significant measurement
uncertainty
 High value inventory (could be easily stolen, thus, there would
be an inherent risk relating to the existence assertion)
2. Control risk – the risk that a material misstatement, either
individually or when aggregated with other misstatements, that
could occur will not be prevented or detected and corrected on
a timely basis by the entity’s internal control
 Control risk is a function of the effectiveness of the entity’s
internal control.
 Control risk is the type of risk that the management has the
most control over in the short term.
 Some control risk will always exist because of the inherent
limitations of any internal control system.
Risk of material misstatement (inherent risk and control risk) cannot be
eliminated or controlled by the auditor because these are entity’s risks
that exist independently of the audit of financial statements.
Causes of misstatements of the financial statements:
1. Errors – refer to mistakes or unintentional misstatements or
omissions of amounts or disclosures in the financial statements.
Examples:
 Mistakes in gathering or processing data from which FS are
prepared
 Incorrect accounting estimate arising from oversight or
misinterpretation of facts
 Mistake in applying accounting principles
2. Fraud – intentional misstatements or omissions of amounts or
disclosures in the financial statements
The term “fraud” refers to an intentional act by one or more
individuals among management, those charged with governance,
employees or third parties, involving the use of deception to obtain
an unjust or illegal advantage.
The factor that distinguishes fraud from error is whether the
underlying action is intentional or unintentional.
Two types of Fraud:
a. Fraudulent financial reporting (or management fraud) –
intentional misstatements committed by members of management
or those charged with governance or oversight to render financial
statements misleading to deceive users of the financial statements
The most serious types of fraud usually involve management.
This results from the fact that management is primarily responsible
for the design and implementation of internal control in the first
place.
Fraudulent financial reporting may be accomplished by:
 Manipulation, falsification, or alteration of accounting records
or related supporting documents
 Misrepresentation in, or intentional omission from, the FS of
events/transactions or other significant information
 Intentional misapplication of accounting principles
Examples of techniques used by management are:
 Recording fictitious journal entries
 Using inappropriate assumptions in accounting estimate
 Untimely recognition in the FS of events and transactions
 Concealing, or not disclosing, facts that could affect the
amounts recorded in the FS
Manipulation of financial statements occurs when a higher or
lower level of earnings is reported than that which actually
occurred. It could also take the form of omissions (failure to
disclose certain matters) or false statements in the notes and/or
other disclosures. The motive may be to raise finances, reach a
bonus threshold, inflate the value of the business or simply
minimize taxes.
b. Misappropriation of assets (employee fraud or defalcation)
– theft of assets and is often perpetrated by non-management
employees. Examples:
 Misappropriating collections on accounts receivable
 Stealing inventory
 Colluding with a competitor by disclosing technological data in
return for payment
 Payments to fictitious employees or vendors
 Using the entity’s assets as collateral for a personal loan
The most popular ways to manipulate financial statements involves
journal entries and accounting estimates because if manipulation is
discovered management can easily deny involvement. A bias in
estimates can be attributed to excessive conservatism or optimism. An
unsupported journal entry, if discovered, can be characterized as a
simple mistake. This differs from strategies such as falsified records
that, if discovered by the auditor, would be quite difficult for
management to deny.
Fraud Risk Factors:
Fraud risk factors – conditions that could heighten an auditor’s
concern about risk of material misstatements because they provide clues or
red flags to the existence of fraud
1. Incentives/pressures – reasons to commit fraud. A pressure is
often generated by immediate needs (such as having significant
personal debts or meeting an analyst’s or bank’s expectations for
profit) that are difficult to share with others.
Examples:
 Management is under pressure to reduce earnings to minimize
taxes
 Management is under pressure to inflate earnings to secure
bank financing
 Meeting analyst’s or bank’s expectations for profit
 Inflating the purchase price of the business
 Meeting the threshold for a performance bonus
 Having significant personal debts or poor credit
 Trying to cover financial losses
 Being greedy or involved in gambling, drugs, and/or affairs
 Being under undue peer or family pressure to succeed
 Living beyond one’s means
Other situations or characteristics, not necessarily financial in
nature, include:
  Enjoying the challenge of beating the system
 Fearing personal loss of pride, position or status such as when
a company is doing poorly
 Being dissatisfied with a job or wanting revenge against an
employer
 Being emotionally unstable
Some of these pressures can easily be identified (such as
performance incentive plans). Others are more difficult to identify
(such as family or peer pressure, living beyond one’s means or
having a gambling problem).
2. Opportunity (whether perceived or real) – Opportunity pertains
to an individual’s perception that he can commit fraud and that it
will not be detected. Potential perpetrators who think they might
be detected and charged with a criminal offense would not likely to
commit fraud. A poor corporate culture and a lack of adequate
internal control procedures can often create the confidence that a
fraud could go undetected.
Opportunity often emanates from:
 Poor corporate culture
 Where a person feels they can take advantage of the trust
placed in him or her
 Knowledge of specific control weakness
3. Attitudes/rationalizations – fraud involves some rationalization
to commit fraud or the belief that a crime has not been committed.
For example:
 Some individuals possess an attitude or character to knowingly
and intentionally commit a dishonest act
 Being dissatisfied with pay
 Feeling underappreciated (such as not getting an expected
promotion)
Degree of assurance between detection of material fraud and
material errors:
1. Fraud is harder to detect than errors: Reasons:
a. Fraud may involve sophisticated and carefully organized
schemes designed to conceal it.
b. Fraud may be accompanied by collusion.
2. Management fraud vs. employee fraud – the risk of not
detecting a material misstatement resulting from management
fraud is greater than for employee fraud
Reasons:
 Management has the most opportunity to commit fraud, while
employees need to exploit weakness in internal control in order
to commit fraud.
 Management has the ability to override or bypass an existing
effective internal control.
 Management can influence the preparation and presentation of
financial statements.
Conditions and events that may indicate risks of material
misstatement:
The following are examples of conditions and events that may indicate
the existence of risks of material misstatement. The examples provided
cover a broad range of conditions and events; however, not all conditions
and events are relevant to every audit engagement and the list of examples
is not necessarily complete.
 Operations in regions that are economically unstable, for example,
countries with significant currency devaluation or highly inflationary
economies.
 Operations exposed to volatile markets, for example, futures
trading.
 Operations that are subject to high degree of complex regulation.
 Going concern and liquidity issues including loss of significant
customers.
 Constraints on the availability of capital and credit.
 Changes in the industry in which the entity operates.
 Changes in the supply chain.
 Developing or offering new products or services, or moving into
new lines of business.
 Expanding into new locations.
  Changes in the entity such as large acquisitions or reorganizations
or other unusual events.
 Entities or business segments likely to be sold.
 Existence of complex alliances and joint ventures.
 Use of off-balance-sheet finance, special-purpose entities, and
other complex financing arrangements.
 Significant transactions with related parties.
 Lack of personnel with appropriate accounting and financial
reporting skills.
 Changes in key personnel including departure of key executives.
 Weaknesses in internal control, especially those not addressed by
management.
 Inconsistencies between the entity’s IT strategy and its business
strategies.
 Changes in the IT environment.
 Installation of significant new IT systems related to financial
reporting.
 Inquiries into the entity’s operations or financial results by
regulatory or government bodies.
 Past misstatements, history of errors or a significant amount of
adjustments at period end.
 Significant amount of non-routine or non-systematic transactions
including intercompany transactions and large revenue transactions
at period end.
 Transactions that are recorded based on management’s intent, for
example, debt refinancing, assets to be sold and classification of
marketable securities.
 Application of new accounting pronouncements.
 Accounting measurements that involve complex processes.
 Events or transactions that involve significant measurement
uncertainty, including accounting estimates.
 Pending litigation and contingent liabilities, for example, sales
warranties, financial guarantees and environmental remediation
Considering compliance with laws and regulations:
 Non-compliance refers to acts of omission or commission by the
entity being audited, either intentional or unintentional, which are
contrary to the prevailing laws or regulations.
 The auditor should consider compliance with laws and regulations
since noncompliance by the entity with laws and regulations may
materially affect the financial statements. However, an audit
cannot be expected to detect noncompliance with all laws and
regulations.
 Noncompliance is sometimes described as violations of law or
regulations or illegal acts.
 Common examples of non-compliance:
 Violation of tax laws and environmental laws
 Occupational safety and health
 Inside trading of securities
 Result of non-compliance with laws and regulations:
 Fines/penalties
 Damages
 Threat of expropriation of assets
 Enforced discontinuation of operations
 Litigation
 Auditor’s responsibility in detecting non-compliance is limited to
material direct-effect noncompliance or illegal act. (Reason:
Generally, the further removed non-compliance is from the events
and transactions that are ordinarily reflected in financial
statements, the less likely the auditor is to become aware of or to
recognize non-compliance.
 Responsibility for the compliance with laws and regulations rests
with management. This responsibility includes prevention and
detection (and correction) of noncompliance with laws and
regulations.
Indications that noncompliance may have occurred:
 The entity is under investigation by government departments
 Payment of fines or penalties.
 Payments for unspecified services or loans to consultants, related
parties, employees or government employees.
 Sales commissions or agent's fees that appear excessive in relation
to those ordinarily paid by the entity or in its industry or to the
services actually received.
 Purchasing at prices significantly above or below market price.
  Unusual payments in cash, purchases in the form of cashiers'
checks payable to bearer or transfers to numbered bank accounts.
 Unusual transactions with companies registered in tax havens.
 Payments for goods or services made other than to the country
from which the goods or services originated.
 Payments without proper exchange control documentation.
 Existence of an accounting system with inadequate audit trail or
sufficient evidence.
 Unauthorized transactions or improperly recorded transactions
 Media comment
Note 2.3 – Assess the identified risks of material misstatement:
Factors to consider whether a risk is significant:
 Whether the risk is a risk of fraud
 Whether the risk is related to recent significant economic accounting or
other developments and, therefore, requires specific attention
 Complexity of transactions
 Whether the risk involves significant transactions with related parties
 The degree of subjectivity in the measurement of financial information
related to the risk, especially those involving uncertainty
 Whether the risk involves significant transactions that are outside the
normal course of business for the entity, or that otherwise appear to be
unusual
Significant risk – an identified and assessed risk of material
misstatement that, in the auditor’s judgment, requires special audit
consideration
Significant risks often relate to:
a. Non-routine transactions – unusual (in size or nature) and
infrequent transactions
b. Judgmental matters – such as those involving accounting
estimates for which there is significant measurement uncertainty
Note 2.4 – Risk assessment procedures include:
1. Inquires of management and others within the entity that is likely to
assist the auditor in identifying risk of material misstatement due to
fraud or error
For example, inquiries of management, audit committee, board of
directors, internal auditors, in-house legal counsel, and other client personnel
2. Analytical procedures
 Analytical procedures – evaluations of financial information made by a
study of plausible relationships among both financial and nonfinancial data
 Purpose of preliminary analytical procedures:
a. To identify areas that may represent specific risks such as the
existence of unusual transactions or events, and amounts, ratios, and
trends that may assist the auditor in identifying risks of material
misstatements that the auditor may need to investigate further
b. To enhance the auditor’s understanding of the entity’s business and
transactions to help plan the nature, timing, and extent of substantive
auditing procedures that will be used to gather audit evidence
 Analytical procedures performed during audit planning is known as
preliminary analytical procedures
 Analytical procedures involve:
a. Analysis of significant ratios and trends or the study of plausible
relationships among both financial and non-financial data
b. Investigation of fluctuations and relationships that are inconsistent
with other relevant information or deviate significantly from predicted
amounts by:
 Inquiries of management
 Corroboration of management responses, and
 Applying other appropriate audit procedures
Basic premise underlying the use of analytical procedures:
The basic premise underlying the use of analytical procedures is that
plausible relationships among data may reasonably expected to exist and
continue (predictable) in the absence of known conditions to the contrary.
The relationship among data should be both:
a. Plausible – there is a clear cause and effect relationship among
data
 b. Predictable – reasonably expected to exist and continue in the
absence of known conditions to the contrary
Generalizations in assessing the predictability of the accounts:
 Income statements accounts are more predictable than balance
sheet accounts.
 Accounts that are not subject to management discretion are
generally predictable.
 Relationships in a stable environment are more predictable that
those in a dynamic or unstable environment.
Main purpose of analytical procedures: To assess the overall
reasonableness of account balances and transactions
Specific purpose/focus/objective of analytical procedures in the
three stages of audit:
1. In the planning stage – performed as risk assessment
procedures (required/mandatory) to obtain an understanding of
the entity and its environment
Objective/purpose/focus during planning stage:
 To enhance the auditor’s understanding of the entity’s
business and transactions to help plan the nature, timing, and
extent of substantive auditing procedures that will be used to
gather audit evidence.
 To identify areas that may represent specific risks (such as
unusual transactions and events or abnormal/significant
fluctuations in amounts, ratios, or trends) that the auditor may
need to investigate further
2. In testing stage – as substantive procedures when their
application is, based on the auditors judgment, more effective and
efficient than test of details (not required)
Objective/purpose/focus during testing stage:
 To obtain audit evidence to confirm individual account
balances
3. In the overall review or completion stage – As an overall
review of the financial statements (required)
Objective/purpose/focus:
 To identify a previously unrecognized risk of material
misstatement (unusual fluctuations that were not identified in
the planning and testing phases of the audit)
 To confirm conclusions reached with respect to the fairness of
the financial statements
3. Observation and inspection – these include:
 Observation of entity activities and operations
 Inspection of documents (such as business plans and strategies, records,
and internal control manuals)
 Inspection of reports prepared by management (such as quarterly
management reports) and those charged with governance (such as
minutes of board of directors’ meetings)
 Visit or tour of entity’s premise/facilities
Note 3 – Reducing audit risk to an acceptably low level
To reduce audit risk to acceptably low level the auditor shall:
a. Assess the risks of material misstatement (inherent and control risk); and
b. Limit detection risk. This may be achieved by performing procedures that
respond to the assessed risks of material misstatement at the financial
statements, class of transactions, account balance and assertion levels.
Steps in assessing Audit Risk:
1. Set the desired level of Audit Risk
Audit risk – the risk that the auditor gives an inappropriate audit opinion
when the financial statements are materially misstated; it is the risk that the
auditor may unknowingly fail to modify appropriately the opinion on financial
statements that are materially misstated
2. Assess the level of Inherent Risk (such as low, medium, or high) – for
example, low level if likelihood of misstatement is low
 Inherent risk – the susceptibility of an assertion to a misstatement
that could be material, either individually or when aggregated with other
misstatements, assuming there are no related controls to mitigate such
risks
 Sources of assessment include knowledge of entity and its environment
and preliminary analytical procedures.
3. Assess the level of Control Risk (such as low, medium, or high) – for
example, low control risk if internal control is effective, or high control risk
if internal control is not effective
 Control risk – the risk that a material misstatement, either individually
or when aggregated with other misstatements, that could occur will not
be prevented or detected and corrected on a timely basis by the entity’s
internal control
 Sources of assessment include knowledge of internal control and
observation and inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control
risks. If the combined assessment of inherent risk and control risk is
high, the auditor should:
 Place more emphasis on obtaining external evidence
 Reduce reliance on internal evidence
 Design more effective substantive procedures
4. Determine the acceptable level of detection risk: The acceptable level of
detection risk depends on the assessed level of inherent and control risk
(inverse relationship)
 Detection risk – the risk that the auditor will not detect such a material
misstatement that exists/occurs in an assertion
 Detection risk is a function of the effectiveness of an auditing
procedure and its application by the auditor
 Detection risk is significantly affected by the nature, timing, and
extent of the auditor’s substantive procedures
 Detection risk is a complement of assurance provided by
substantive tests (for example, a 10% detection risk means a
90% assurance of detecting material misstatement)
 Detection risk can be increased or decreased by the auditor by
performing substantive tests but can never be reduced to zero
because of the inherent limitations in the procedures carried out,
the human judgments required, and the nature of the evidence
examined.
 The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
Acceptable level of Audit risk
Detection risk = Inherent risk x
Control risk
5. Design audit substantive tests
 Auditor’s reaction to level of detection risk:
a. Lower acceptable level of detection risk – higher assurance
are to be provided by substantive tests by changing any or
combination of the following:
 Nature – performing more effective substantive procedures
 Timing – performing substantive procedures at year-end
rather than at interim dates (decreases detection risk by
reducing the risk for the period subsequent to the performance
of those tests)
 Extent – increasing the extent of substantive tests by using
larger sample size
b. Higher acceptable level of detection risk – low assurance are
to be provided by substantive tests by changing any or combination
of the following:
 Nature – performing less effective substantive procedures
 Timing – performing substantive procedures at interim dates
 Extent – decreasing the extent of substantive tests using
smaller sample size
In summary, the auditor performs audit procedures to assess the risks of
material misstatement and seeks to limit detection risk by performing
further audit procedures based on that assessment.
Summary of relationships among audit risk components:
 The acceptable level of detection risk for a given level of audit risk
bears an inverse relationship to the risks of material misstatement at
the assertion level. Therefore:
↑ Risk of material misstatement (inherent risk and control risk), ↓
detection risk that can be accepted, and vice versa.
 Audit risk and detection risk move in the same direction: ↑ Audit
risk, ↑ detection risk, and vice versa
 The relationship between the risks can also be expressed
mathematically in the following formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while
detection risk is a dependent variable.
 All the components of audit risk cannot be eliminated by the auditor
due to the following reasons:
a. Inherent risk – some accounts are susceptible to a material
misstatement or the risk of such misstatement is greater for
some accounts than for others
b. Control risk – due to inherent limitations of internal control
system
c. Detection risk –
 Use of testing/sampling
 Use of auditor’s judgment
 Even when the auditor conducts 100% examination because
audit evidence is persuasive rather than conclusive in nature
 The components of audit risk that can or cannot be controlled by
the auditor:
a. Inherent risk and control risk – cannot be controlled because
these are entity’s risk and exist independently of the audit
b. Detection risk – can be directly controlled (increased or
decreased) by the auditor because detection risk relates to the
auditor’s procedures and can be altered by adjusting the
nature, timing, and extent of substantive procedures

The relationship between materiality and audit risk:

 There is an inverse relationship between materiality and the level
of audit risk – ↑ materiality level, ↓ audit risk and vice versa.
 Materiality is directly related to the acceptable level of detection
risk.
 It would lead to most audit work if both audit risk and materiality
levels are low.