Chapter 4: Audit process – Accepting an
Information that might bear on the
Engagemnet
AUDIT PROCESS: ACCEPTING AN ENGAGEMENT
PSA 210: Agreeing the terms of audit
engagements
AUDIT PROCESS: 7 steps: PACE CIP
1. Pre-engagement
2. Audit planning
3. Consideration of internal controls
4. Evidence gathering
5. Completing the audit
6. Issuance of the audit report
7. Post audit responsibilities
FLOWCHART: PPUPI, ICDA
1. Pre-engagement
2. Plan the audit
a. Assess inherent risk
3. Understand and test internal control
b. Assess control risk
4. Perform substantive tests
c. Establish detection risk
5. Issue audit report
d. Evaluate overall audit risk
PRE-ENGAGEMENT: CEP
1. Client acceptance or continuance (Pre-
acceptance procedures)
2. Establishing engagement terms and
preparation of engagement letter
3. Preplanning: UDE
a. Updating understanding of existing
client or gaining deeper understanding
of new client
b. Determining the audit engagement team
requirements
c. Ensuring the independence of the audit
team members and the audit firm
AUDIT PROCESS: PRE-ENGAGEMENT (6 PROCEDURES
BEFORE ACCEPTING AN ENGAGEMENT): OIE EIA
1. Obtain preliminary knowledge of the
company’s business and industry.
a. Industry in which the client operates
b. Nature and competence of its management
c. Internal controls
d. Current financial performance
e. Reporting requirements and deadlines
f. Any recent developments
2. Identify any threats to the firm’s
independence and objectivity.
3. Evaluate the firm’s ability to serve the
client.
4. Evaluate auditability.
5. Investigate the integrity of client’s
management through inquiry.
 Inquiry from predecessor auditor: RID
1. Reasons for change in auditors
2.
integrity of management
3. Disagreements between predecessor
auditor and management (on
accounting principles, auditing
procedures, etc.)
6. Agree on the terms of engagement and
prepare an engagement letter.
FLOWCHART OF COMMUNICATION BETWEEN SUCESSOR
AND PREDECESSOR AUDITOR
Successor
initiates
communication
Obtains permission from
prospective client to
inquire of predecessor
Client
response?
Considers rejecting
prospective client
Inquiries of predecessor as to (a)
integrity of management (b)
disagreements with management
(c) reasons for change
Full Considers effect of limited
response
response?
Significant
effect?
Adverse Considers rejecting
prospective client
response?
Accepts prospective
client
6 QUALITY CONTROL POLICIES TO BE ADOPTED IN
ACCEPTING CLIENTS
1. Professional requirements – personnel in
the firm are to adhere to the principles of
independence, integrity, objectivity,
confidentiality and professional behavior
(General Standards #2,3)
2. Skills and competence – firm is to be
staffed by personnel who have attained and
maintained the technical standards and
professional competence required to enable
them to fulfill their responsibilities with
due care (General Standards #1)
3. Assignment – audit work is to be assigned
to personnel who have the degree of
technical training and proficiency required
in the circumstances (General standards #1)
4. Delegation – sufficient direction,
supervision and review of work at all
levels to provide reasonable assurance that
work performed meets appropriate standards
of quality (Standards of Fieldwork #1)
5. Consultation – whenever necessary,
consultation within or outside the firm is
to occur with thoe who have appropriate
expertise
6. Acceptance and retention of clients – an ASSERTIONS ABOUT CLASSES OF TRANSACTIONS AND
evaluation of prospective clients and EVENTS: OCACC
review, on an on-going basis, of existing 1. Occurrence
clients is to be conducted 2. Completeness
3. Accuracy – amount
4. Cutoff – correct accounting period
16 PRINCIPAL CONTENTS OF THE AUDIT ENGAGEMENT 5. Classification – proper accounts
LETTER: OMSF TUAE RDB AAA RR
1. Objective of the audit ASSERTIONS ABOUT ACCOUNT BALANCES AT PERIOD-
2. Management’s responsibility for the END: ERCV
financial statements 1. Existence
3. Scope of the audit – reference to 2. Rights and obligations – assets and
legislations, regulations or pronouncements liabilities
of professional bodies 3. Completeness
4. Form of any reports or other communication 4. Valuation and allocation – appropriate
of results of the engagement amounts; adjustments are appropriately
5. Fact that because of the test nature and recorded
other inherent limitations of an audit,
together with the inherent limitations of ASSERTIONS ABOUT PRESENTATION AND DISCLOSURE:
any accounting and internal control system, OCCA
there is an unavoidable risk that even some 1. Occurrence and rights & obligations
material misstatement may remain 2. Completeness
undiscovered 3. Classification and understandability –
6. Unrestricted access to whatever records, appropriately presented and described
documentation an other information 4. Accuracy and valuation – disclosed fairly
requested in connection with the audit and at appropriate amounts
7. Arrangement regarding audit planning
8. Expectation of receiving written
confirmation concerning representations
made in connection with the audit
9. Request from the client to confirm the
terms of the engagement acknowledging
receipt of the engagement letter or by
affixing signature on the letter
10. Description of any other letters or reports
the auditor expects to issue to the client
11. Basis on which fees are computed and
billing arrangements
12. Arrangements concerning the involvement of
other auditors and experts in some aspects
of the audit
13. Arrangements concerning the involvement of
internal auditors and other client staff
14. Arrangements to be made with the
predecessor auditor, if any, in case of an
initial audit
15. Restrictions of the auditor’s liability
when such possibility exists
16. Reference to any further agreements between
the auditor and the client

FINANCIAL STATEMENT ASSERTIONS

3 CATEGORIES OF FINANCIAL STATEMENT ASSERTIONS

1. Assertions about classes of transactions
and events for the period under audit
2. Assertions about account balances at period
end
3. Assertions about presentation and
disclosure
Chapter 5: Audit Planning
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
PSA 300 – Planning an Audit of Financial
Statements
PSA 315 – Identifying and Assessing the Risks
of Material Misstatements Through
Understanding the Entity and its Environment
4 GENERAL STEPS IN AUDIT PLANNING: UUDA
1. Understanding the entity and its
environment
2. Understanding the internal controls
3. Developing overall audit risk
4. Audit risk and materiality
OBTAINING UNDERSTANDING OF THE CLIENT’S
BUSINESS AND INDUSTRY
 Analysis of the client’s business and
industry assists the auditor in:
1. Directing the auditor’s attention
towards areas suggesting intentional
misstatements by management
2. Helps in identifying factors that may
lead the auditor to question the
ability of the entity to continue as a
going concern
3. Facilitates identification of complex
transaction areas contributing to
higher probabilities of recording
errors
11 DETAILED STEPS IN THE GENERAL PLANNING OF
AUDIT ENGAEMENT: OCA ERAI CDCP
1. Obtain understanding of client’s business
and industry
2. Conduct preliminary analytical procedures
3. Establish materiality and audit risk
4. Assess business risks
5. Review internal control for strategy
purposes
6. Assess the possibility for errors, fraud
and illegal acts
7. Identify related parties and related party
transactions
8. Consider other planning issues:
a. Work of internal auditors
b. Work of another auditors
c. Work of experts
9. Develop overall audit strategy
10. Consider additional value-added services
11. Prepare engagement planning memorandum
OBTAINING UNDERSTANDING OF CLIENTS BUSINESS
AND INDUSTRY:
 Obtain an overall understanding of: CIO NM
1. Client
2. Industry
3. Operations
4. Nature of business
5. Methods used to process transactions
8 PROCEDURES FOR OBTAINING UNDERSTANDING OF
CLIENT’S BUSINESS: RISC TRCC
1. Reviewing documents:
a. Correspondence files
b. Working papers
c. Permanent files Prior
d. Financial statements years
e. Auditor’s reports
2. Inquiring from client management about
current developments affecting the entity
3. Reading the client’s current year financial
statements
4. Considering the impact of recently issued
accounting and auditing pronouncements on
the audit
5. Touring the client’s facilities
6. Reading minutes of meeting of shareholders
and the board of directors
7. Considering economic conditions and
governmental regulations that may affect
the client
8. Consulting industry trade publications and
individuals knowledgeable about the
industry and its business
ANALYTICAL PROCEDURES
PSA 300 – Planning an Audit of Financial
Statements
DEFINITION: PRELIMINARY ANALYTICAL PROCEDURES
 Analytical procedures – evaluations of
financial information made by a study of
plausible relationships among both
financial and nonfinancial data
3 PURPOSES OF ANALYTICAL PROCEDURES: RSO
1. As risk assessment procedures – to obtain
understanding of the entity and its
environment
2. As substantive test procedures – when their
application is, based on the auditor’s
judgment, more effective and efficient than
tests of details in reducing the risk of
material misstatements
3. As an overall review of the financial
statements – at the completion stage of the
audit engagement
2 PURPOSES OF ANALYTICAL PROCEDURES IN
PLANNING STAGE: AA
1. Assists the auditor in understanding the
business
2. Allows the auditor to identify areas of
potential risk, thereby assisting the
determination of the nature, timing and
extent of audit procedures
3 TYPES OF ANALYTICAL PROCEDURES IN PLANNING
STAGE: SRC
1. Simple comparisons – comparisons of current
balances in the FS with balances of prior
periods and budgeted amounts
2. Ratio analysis – computation of ratios and
percentage relationships for comparison
with prior periods, budgeted amounts and
industry average
3. Common-size statements – each account is
expressed as a percentage of total sales
(IS), total assets, liabilities and equity
(SFP) for comparison with other companies
or between time periods
a. Trend statements
b. Time-series analysis
Ratio analysis example:
AUDIT RISK
PSA 315: Identifying and assessing the risks
of material misstatement through understanding
the entity and its environment
DEFINITION OF AUDIT RISK
 Audit risk – risk that the auditor would
express an inappropriate audit opinion when
the FS are materially misstated
a. Reasonable assurance – implies some
risk that a material misstatement could
present the FS and the auditor will
fail to detect it
b. Auditor – decides what level of audit
risk he is willing to accept and plans
the audit to achieve that level of
audit risk
c. Auditor should perform the audit to
reduce audit risk to a “sufficiently
low level” that is appropriate for
expressing an opinion on the FS
b. The less the risk that the auditor will
issue inappropriate report (less
overall audit risk)
3 COMPONENTS OF AUDIT RISK: ICD
1. Inherent risk - susceptibility of an
account balance or class of transactions to
material misstatement, individually or when
aggregated with misstatements in other
accounts, assuming that there were no
related internal controls
2. Control risk - a material misstatement,
that could occur in an account balance or
class of transactions, will not be
prevented or detected and corrected on a
timely basis by the client's accounting and
internal control systems
o Inherent and control risk – “auditee
risk”; functions of the client and its
environment and auditor has little
control
3. Detection risk - auditor's substantive
procedures will not detect a material
misstatement that exists in an account
balance or class of transactions,
individually or when aggregated with
misstatements in other balances or classes
o Detection risk – “auditor risk”; can be
controlled by the auditor through the
scope of audit procedures
INHERENT LIMITATIONS

LEVEL OF AUDIT RISK

 The auditor controls the level of audit
risk by
a. Effectiveness of the audit work
b. Extent of the audit work
c. Scope of the auditor’s test procedures
(nature, timing and extent) AUDIT RISK MODEL
 The more effective and extensive the audit
work AR = IR × CR × DR
a. The less the risk that misstatement
will go undetected (less detection AR = Audit risk (the risk that the auditor may
risk) fail to modify the opinion on materially
misstated FS)
IR = Inherent risk (the susceptibility of an
assertion to material misstatement assuming no
related controls)
CR = Control risk (the risk that material
misstatement that could occur in an assertion
will not be prevented or detected on a timely
basis by the internal controls)
DR = Detection risk (the risk that the auditor
will not detect a material misstatement that
exists in an assertion)

RELATIONSHIP BETWEEN MATERIALITY AND AUDIT

RISK
 Inverse relationship
o The higher the materiality level, the
lower the audit risk
o Considered in determining the scope
(nature, timing and extent) of audit
procedures
 Example: If the auditor considers P100,000
to be material for the financial
statements, a certain amount of time and
effort must be spent gathering evidence on
the individual accounts. On the other hand,
if that materiality threshold is lowered to
P50,000, additional time and effort must be
expended in gathering the necessary
evidence. The reason is that it is more
difficult to find a small error than a
large error.
EFFECT OF MATERIALITY ON AUDIT RISK AND AUDIT
PROCEDURES
 Inverse relationship of materiality to
audit risk and extent of audit procedures
RISK ASSESSMENT PROCEDURES: IAO
1. Inquiries of management and of others
within the entity who may have information
that is likely to assist in identifying
risks of material misstatement due to fraud
or error
2. Analytical procedures
3. Observation and inspection
BUSINESS RISK
 Business risk - risk resulting from
significant conditions, events,
circumstances, actions or inactions that
could adversely affect an entity’s ability
to achieve its objectives and execute its
strategies, or from the setting of
inappropriate objectives and strategies
o Example: risks arise from the
development of a new product because
the product may fail or because flaws
in the product may result in lawsuits
or damage to the company’s reputation.
 Auditors need to identify business risks
and understand the potential misstatement
that may result.
o Example: A client selling goods in a
declining industry with a shrinking
customer base faces pressure to
maintain historical profit margins,
which increases the risk of
misstatement associated with the
valuation of receivables.
MATERIALITY
PSA 320 – Materiality in planning and
performing an audit
NATURE OF FINANCIAL STATEMENT AUDIT
 The auditor can provide only reasonable
assurance that all material misstatements
would be detected.
o There is no assurance that immaterial
misstatements will be detected.
MATERIALITY
 Materiality – an information is material if
its omission or misstatement could
influence the economic decision of users
taken on the basis of the financial
statements
o It depends on the size or nature of the
item (the error judged in the
particular circumstance of its omission
or misstatement).
o It provides a threshold or cutoff point
(qualitative), rather than being a
primary qualitative characteristic of
useful financial information
 Consideration of materiality is what the
auditor perceives as the view of a
reasonable person who is relying on the FS.
3 STEPS IN APPLYING MATERIALITY ON AN AUDIT:
EDE
1. Establishing a preliminary judgment about
materiality.
a. Maximum amount by which the auditor
believes the FS could be misstated and
still not affect the decisions of
reasonable users
b. Quantitative factors – establish a
base(s) that, when multiplied by a
percentage factor, determines the
initial quantitative judgement about
materiality; e.g., total assets, total
revenues, net income, gross profit
2. Determine tolerable misstatement.
a. Tolerable misstatement – amount of
planning materiality that is allocated
to an account or class of transactions.
1. Account balances – individual line
item on the FS (e.g., accounts
receivable, inventory)
2. Class of transactions – type of
transaction processed by the
accounting system (e.g., sales,
purchase)
b. Qualitative factors – that may affect
establishing preliminary judgment about
materiality
1. Material misstatements in prior
years
2. Potential for fraud or noncompliance
with laws and regulations
3. Small amounts that may affect the
trend in earnings
4. Small amounts that may cause entity
to miss forecasted earnings
c. Purpose – to plan the scope of audit
procedures for the individual account
balance or class of transaction
3. Estimate likely misstatement and compare
totals to the preliminary judgment about
materiality.
a. Aggregation – the auditor aggregates
misstatements from each account or
class of transactions and compare with
overall materiality
INTERNAL CONTROL IN A FINANCIAL STATEMENT
AUDIT
PSA 260: Communication with those charged with
governance
PSA 265: Communicating deficiencies in
internal control with those charged with
governance and management
AUDITOR’S RESPONSIBILITIES FOR INTERNAL
CONTROL: ODA PD
1. Obtaining an understanding of the client’s
internal controls
a. Definition of internal control
b. Concept of internal control
c. Components of internal control
2. Document the understanding of accounting
and internal control systems
3. Assess the level of control risks
a. Identifying specific controls that will
be relied upon.
b. Performing tests of controls.
c. Performing substantive procedures.
d. Concluding on the achieved level of
control risk.
4. Perform test of controls.
a. Inquiry
b. Inspection
c. Observation
d. Reperformance
5. Document the assessed level of control
risks
OBTAINING AN UNDERSTANDING OF CLIENT’S
INTERNAL CONTROL (STEP 1)
 The auditor should obtain sufficient
understanding of each component of internal
control over financial reporting to:
1. Identify the types of potential
misstatement
2. Assess the factors that affect the risk
of material misstatement
3. Design further audit procedures
 Definition of internal control
o Internal control - process designed and
effected by those charged with
governance, management and other
personnel to provide reasonable
assurance about the achievement of the
entity's objectives with regard to
reliability of financial reporting
effectiveness and efficiency of
operations compliance with applicable
laws and regulation
o Internal control over the safeguarding
of asset against unauthorized
acquisition, use, or disposition is
also important.
o Internal control is designed to provide
accountability of those entrusted to
run the enterprise by the stakeholders.
 4 Concepts of internal control: PEED
1. Internal control is a process –
designed to accomplish the
organization’s objective
2. Internal control is effected by those
charged with governance, management or
other personnel – creating and
reinforcing a structure and a tone for
controls in the organization
3. Internal control can be expected to
provide reasonable assurance of
achieving the entity’s objectives.
o Limitations:
a. Cost of internal controls should
not exceed benefits.
b. Most internal controls are direct
toward routine transactions.
4. Internal control is designed to achieve
the entity’s objectives.
o Objectives: REC
1. Reliability of financial reporting
2. Effectiveness and efficiency of
operations
3. Compliance with applicable laws
and regulations.
 5 Components of internal control: CRI CM
1. Control environment - refers to the
overall governance of the organization,
it sets the tone of an organization,
influencing the control consciousness
of its people
o It is the foundation for
effective internal control,
providing discipline and
structure
o It includes the attitudes,
awareness, policies and actions
of management and those charged
with governance concerning the
importance of internal control in
the entity
o It includes the organization’s
corporate culture, its ethics,
the quality of its people and how
the organization is controlled
 Factors affecting the control
environmen: IMA CPA
1. Integrity and ethical values -
sound integrity and ethical
values, particularly of top
management, are developed and set
the standard of conduct for
financial reporting
2. Commitment to financial reporting
competencies – the company
retains individuals competent in
financial reporting and related
oversight roles
3. Participation of those charged
with governance – the board of
directors understands and
exercises oversight
 responsibility related to
financial reporting and related
internal control
4. Management’s philosophy and
operating style - should support
achieving effective internal
control over financial reporting
5. Organizational structure
a. Sets the tone – philosophy
and operating style emphasize
high-quality and transparent
financial reporting
b. Articulates objectives –
management establishes and
clearly articulates financial
reporting objectives,
including those related to
internal control over
financial reporting
c. Selects accounting principles
and oversees estimates –
management follows a
disciplined, objective
process in selecting
accounting principles and
developing accounting
estimates
6. Organizational structure –
supports effective internal
control over financial reporting
7. Assessment of authority and
responsibility – management and
employees are assigned
appropriate levels of authority
and responsibility to facilitate
effective internal control over
financial reporting
8. Human resource policies and
practices – HR policies and
practices, including compensation
programs, are designed and
implemented to facilitate
effective internal control over
financial reporting
2. Risk assessment process – process of
identifying and responding to business
risks and the results thereof
o Includes how management
identifies risks relevant to the
preparation of FS:
a. Fairly presented in
accordance with applicable
framework
b. Assesses the likelihood of
occurrence of risks
c. Decides upon actions to
manage risks
3. Information and communication systems
o Management must communicate its
policies effectively, as well as
receive upward information.
o Communication – involves
providing an understanding of
individual roles and
responsibilities pertaining to
internal control over financial
reporting
o Accounting system - records
established to initiate, record,
process and report the entity's
transactions and maintain
accountability for assets,
liabilities and equity
4. Control activities - policies and
procedures that help ensure that
management directives are carried out
o Control activities are designed
to prevent or detect errors.
o These ensure that necessary
actions are taken to address
risks to achievement of the
entity's objectives.
o Examples of control activities:
a. Performance reviews
b. Information processing
c. Physical controls to
safeguard assets
d. Segregation of duties
5. Monitoring - process to assess the
quality of internal control performance
over time
o It involves assessing the design
and operation of controls on a
timely basis and taking necessary
corrective actions
o Management should monitor the
operations of controls to provide
assurance that all five
components (including the
monitoring function itself)
continue to operate effectively.
DOCUMENTING THE UNDERSTANDING OF INTERNAL
CONTROLS (STEP 2)
 Commonly-used form of Documentations: NFI
1. Narrative description
o Documented in a memorandum
o Most appropriate when the entity has
a simple internal control system
2. Flowcharts
o Diagramatic representation or
picture of the entity’s accounting
system
o Outlines the configuration of the
system in terms of functions,
documents, processes and reports
3. Internal control questionnaires
o Contains questions about the
important factors of 5 internal
control components.
 o Generally used for entities with
relatively complex internal control
system
ASSESSING THE LEVEL OF CONTROL RISKS (STEP 3)
 Assessing control risk – process of
evaluating the effectiveness of an entity's
internal control in preventing or detecting
material misstatements in the financial
statements
 Preliminary assessment of control risk
level
a. Maximum/high level
o High control risk (maximum level)
o Client's internal controls are not
effective
o Auditor has no reliance in controls
o Auditor adopts substantive strategy
(substantive tests)
b. Low/less than high level
o Low control risk (below maximum or
less than high level)
o Client's internal controls are
effective
o Auditor puts reliance in internal
controls
o Auditor adopts reliance strategy
(tests of control)
PERFORMING TESTS OF CONTROL (STEP 4)
 Tests of control are performed to obtain
evidence about:
a. Design of the accounting and internal
control systems
b. Operation of the internal controls
throughout the period
 For below maximum or less than high level
(low control risks):
1. Identify specific controls that will be
relied upon
o Identify controls that are likely to
prevent or detect material
misstatement in the FS.
o Identify controls that could have
pervasive effect on many assertions.
2. Obtain evidence about the design and
operation of internal controls: IIO WR
a. Inquiry of appropriate client
personnel
b. Inspection of documents, reports or
electronic files indicating the
performance of the controls
c. Observation of the application of
controls
d. Walkthrough - tracing of
transactions from its origination to
its inclusion in the FS
e. Reperformance of the application of
the control by the auditor
DOCUMENT THE ASSESED LEVEL OF CONTROL RISKS
 Control and document the achieved level of
control risks.
 Determine the assessed level of control
risk and acceptable level of detection
risk.
 Inverse relationship between detection risk
and the combined level of inherent and
control risk.
IR x CR x DR = AR
o H x H x L = Low
o L x L x H = Low
o H x L x H = Low
 The level of detection risk is used to
determine the nature, timing and extent of
substantive tests.
o For low detection risks, perform more
extensive substantive tests (Inverse).
 The assessed level of control risk will
determine the acceptable level of detection
risk.